-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:108
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xerces-j2
Date : June 13, 2011
Affected: 2009.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in xerces-j2:
Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE)
in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update
20, and in other products, allows remote attackers to cause a denial
of service (infinite loop and application hang) via malformed XML
input, as demonstrated by the Codenomicon XML fuzzing framework
(CVE-2009-2625).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
37cb066faf70adc13f94dde20a432baa
2009.0/i586/xerces-j2-2.9.0-9.1mdv2009.0.i586.rpm
d4eae4a3c3598d4a8aa937e06a666a4c
2009.0/i586/xerces-j2-demo-2.9.0-9.1mdv2009.0.i586.rpm
726068ab70043a5ffec264a74584bbd1
2009.0/i586/xerces-j2-javadoc-apis-2.9.0-9.1mdv2009.0.i586.rpm
ebea985ed82f10cba85c7dc63ebe3292
2009.0/i586/xerces-j2-javadoc-impl-2.9.0-9.1mdv2009.0.i586.rpm
88990006a3d52f94bf1d92cba4974dfd
2009.0/i586/xerces-j2-javadoc-other-2.9.0-9.1mdv2009.0.i586.rpm
c43bddc774e3740943a09ec7c944c90d
2009.0/i586/xerces-j2-javadoc-xni-2.9.0-9.1mdv2009.0.i586.rpm
45259a83b9e785c45c36ad3af81e7c1a
2009.0/i586/xerces-j2-scripts-2.9.0-9.1mdv2009.0.i586.rpm
ddf57cd31d55064c33889faf9e9f74b8
2009.0/SRPMS/xerces-j2-2.9.0-9.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
cf0fe4b70ed214ea14b466edf8981edb
2009.0/x86_64/xerces-j2-2.9.0-9.1mdv2009.0.x86_64.rpm
5e4b68b38f554355d423838f991cf642
2009.0/x86_64/xerces-j2-demo-2.9.0-9.1mdv2009.0.x86_64.rpm
f81effc463e3da1f758b5f2b578956fd
2009.0/x86_64/xerces-j2-javadoc-apis-2.9.0-9.1mdv2009.0.x86_64.rpm
c0483b80fb2b2ec4e72113c0440ae795
2009.0/x86_64/xerces-j2-javadoc-impl-2.9.0-9.1mdv2009.0.x86_64.rpm
48df56989967e0594d38d43c6c880a1f
2009.0/x86_64/xerces-j2-javadoc-other-2.9.0-9.1mdv2009.0.x86_64.rpm
c2767225bb3a6017ca0e9e3b23ab70f6
2009.0/x86_64/xerces-j2-javadoc-xni-2.9.0-9.1mdv2009.0.x86_64.rpm
f94f0123950744968da229f46d592770
2009.0/x86_64/xerces-j2-scripts-2.9.0-9.1mdv2009.0.x86_64.rpm
ddf57cd31d55064c33889faf9e9f74b8
2009.0/SRPMS/xerces-j2-2.9.0-9.1mdv2009.0.src.rpm
Mandriva Linux 2010.1:
e5ad74cbbc7031d129612b6c295314f6
2010.1/i586/xerces-j2-2.9.0-12.1mdv2010.2.i586.rpm
36f1d2dc0ad0eaf65f3caf681a786b1c
2010.1/i586/xerces-j2-demo-2.9.0-12.1mdv2010.2.i586.rpm
8d3011a0fa4096193fc3a9b55f48cb62
2010.1/i586/xerces-j2-javadoc-apis-2.9.0-12.1mdv2010.2.i586.rpm
21959c92a02a399eaedc680ba94a852b
2010.1/i586/xerces-j2-javadoc-impl-2.9.0-12.1mdv2010.2.i586.rpm
a3bf0c3fea849df6c75549b92bb2fc69
2010.1/i586/xerces-j2-javadoc-other-2.9.0-12.1mdv2010.2.i586.rpm
38736a69978ea27e8c86697b605de2bb
2010.1/i586/xerces-j2-javadoc-xni-2.9.0-12.1mdv2010.2.i586.rpm
71eb274ae0b1e3b8d311c825c07c583d
2010.1/i586/xerces-j2-scripts-2.9.0-12.1mdv2010.2.i586.rpm
aa76ab8c436a2deea87042e948ee9b87
2010.1/SRPMS/xerces-j2-2.9.0-12.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
b10c8ed786180fcc564c913e81407d39
2010.1/x86_64/xerces-j2-2.9.0-12.1mdv2010.2.x86_64.rpm
ddee966d3283e3ee881de32045705844
2010.1/x86_64/xerces-j2-demo-2.9.0-12.1mdv2010.2.x86_64.rpm
10faa110174a57e84b917df59d7354d9
2010.1/x86_64/xerces-j2-javadoc-apis-2.9.0-12.1mdv2010.2.x86_64.rpm
f337e9478e4e7981b8fc5711bce6c374
2010.1/x86_64/xerces-j2-javadoc-impl-2.9.0-12.1mdv2010.2.x86_64.rpm
853857a2fa3423bfe570683130a04a30
2010.1/x86_64/xerces-j2-javadoc-other-2.9.0-12.1mdv2010.2.x86_64.rpm
464aa2803e1d2c6379ab1c4efde16458
2010.1/x86_64/xerces-j2-javadoc-xni-2.9.0-12.1mdv2010.2.x86_64.rpm
753a920e14066f0947e86eb3c58dc3b0
2010.1/x86_64/xerces-j2-scripts-2.9.0-12.1mdv2010.2.x86_64.rpm
aa76ab8c436a2deea87042e948ee9b87
2010.1/SRPMS/xerces-j2-2.9.0-12.1mdv2010.2.src.rpm
Mandriva Enterprise Server 5:
2d77d8eee7520a75d32006b0a6593b9a
mes5/i586/xerces-j2-2.9.0-9.1mdvmes5.2.i586.rpm
498fa9165c65a49a91c2f554412ba08d
mes5/i586/xerces-j2-demo-2.9.0-9.1mdvmes5.2.i586.rpm
1355593b2b99758401b7402fe4665c14
mes5/i586/xerces-j2-javadoc-apis-2.9.0-9.1mdvmes5.2.i586.rpm
024c4cc368b002a3c8e5e2093b71e3ff
mes5/i586/xerces-j2-javadoc-impl-2.9.0-9.1mdvmes5.2.i586.rpm
a35340802b118ca125976d040dbef05a
mes5/i586/xerces-j2-javadoc-other-2.9.0-9.1mdvmes5.2.i586.rpm
05d9e1cae5c2ea4d36f6947efc351769
mes5/i586/xerces-j2-javadoc-xni-2.9.0-9.1mdvmes5.2.i586.rpm
f461ae2ab3e94c21961a1e1b848576a4
mes5/i586/xerces-j2-scripts-2.9.0-9.1mdvmes5.2.i586.rpm
a9991784656b7edd311cfbf57f27295c
mes5/SRPMS/xerces-j2-2.9.0-9.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
380c338fa0a80984f1d0086005896b8b
mes5/x86_64/xerces-j2-2.9.0-9.1mdvmes5.2.x86_64.rpm
815b14cc6277587cd9690aedfb23e52d
mes5/x86_64/xerces-j2-demo-2.9.0-9.1mdvmes5.2.x86_64.rpm
745dd35db3c5ec94420ba33d31605115
mes5/x86_64/xerces-j2-javadoc-apis-2.9.0-9.1mdvmes5.2.x86_64.rpm
97f1be73c86d6e1057512840875ebe3d
mes5/x86_64/xerces-j2-javadoc-impl-2.9.0-9.1mdvmes5.2.x86_64.rpm
3a6f08eb04c7f04dba7bba0af9728fe9
mes5/x86_64/xerces-j2-javadoc-other-2.9.0-9.1mdvmes5.2.x86_64.rpm
990027b4eeed11ac8689534e2721f789
mes5/x86_64/xerces-j2-javadoc-xni-2.9.0-9.1mdvmes5.2.x86_64.rpm
a1601357c9d02a3cdc0d884c641fa207
mes5/x86_64/xerces-j2-scripts-2.9.0-9.1mdvmes5.2.x86_64.rpm
a9991784656b7edd311cfbf57f27295c
mes5/SRPMS/xerces-j2-2.9.0-9.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFN9fgnmqjQ0CJFipgRAmspAJ0Ylvf3cIGVxgWJThqUjCCElt52QgCeJKRh
TzRhRpoAIyy00Twg1G8t8Mk=
=0/P6
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke