libxerces-c-3_1-3.1.4-1.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10039 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libxerces-c-3_1-3.1.4-1.3 on GA media These are all security issues fixed in the libxerces-c-3_1-3.1.4-1.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10039 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10039 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2009-1885/ SUSE CVE CVE-2009-1885 page https://www.suse.com/security/cve/CVE-2016-0729/ SUSE CVE CVE-2016-0729 page https://www.suse.com/security/cve/CVE-2016-2099/ SUSE CVE CVE-2016-2099 page https://www.suse.com/security/cve/CVE-2016-4463/ SUSE CVE CVE-2016-4463 page openSUSE Tumbleweed libxerces-c-3_1-3.1.4-1.3 libxerces-c-3_1-32bit-3.1.4-1.3 libxerces-c-devel-3.1.4-1.3 xerces-c-3.1.4-1.3 xerces-c-doc-3.1.4-1.3 libxerces-c-3_1-3.1.4-1.3 as a component of openSUSE Tumbleweed libxerces-c-3_1-32bit-3.1.4-1.3 as a component of openSUSE Tumbleweed libxerces-c-devel-3.1.4-1.3 as a component of openSUSE Tumbleweed xerces-c-3.1.4-1.3 as a component of openSUSE Tumbleweed xerces-c-doc-3.1.4-1.3 as a component of openSUSE Tumbleweed Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework. CVE-2009-1885 openSUSE Tumbleweed:libxerces-c-3_1-3.1.4-1.3 openSUSE Tumbleweed:libxerces-c-3_1-32bit-3.1.4-1.3 openSUSE Tumbleweed:libxerces-c-devel-3.1.4-1.3 openSUSE Tumbleweed:xerces-c-3.1.4-1.3 openSUSE Tumbleweed:xerces-c-doc-3.1.4-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-1885.html CVE-2009-1885 https://bugzilla.suse.com/530708 SUSE Bug 530708 Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document. CVE-2016-0729 openSUSE Tumbleweed:libxerces-c-3_1-3.1.4-1.3 openSUSE Tumbleweed:libxerces-c-3_1-32bit-3.1.4-1.3 openSUSE Tumbleweed:libxerces-c-devel-3.1.4-1.3 openSUSE Tumbleweed:xerces-c-3.1.4-1.3 openSUSE Tumbleweed:xerces-c-doc-3.1.4-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-0729.html CVE-2016-0729 https://bugzilla.suse.com/966822 SUSE Bug 966822 Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document. CVE-2016-2099 openSUSE Tumbleweed:libxerces-c-3_1-3.1.4-1.3 openSUSE Tumbleweed:libxerces-c-3_1-32bit-3.1.4-1.3 openSUSE Tumbleweed:libxerces-c-devel-3.1.4-1.3 openSUSE Tumbleweed:xerces-c-3.1.4-1.3 openSUSE Tumbleweed:xerces-c-doc-3.1.4-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2099.html CVE-2016-2099 https://bugzilla.suse.com/979208 SUSE Bug 979208 Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. CVE-2016-4463 openSUSE Tumbleweed:libxerces-c-3_1-3.1.4-1.3 openSUSE Tumbleweed:libxerces-c-3_1-32bit-3.1.4-1.3 openSUSE Tumbleweed:libxerces-c-devel-3.1.4-1.3 openSUSE Tumbleweed:xerces-c-3.1.4-1.3 openSUSE Tumbleweed:xerces-c-doc-3.1.4-1.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4463.html CVE-2016-4463 https://bugzilla.suse.com/985860 SUSE Bug 985860