Bug 966822 (CVE-2016-0729) - VUL-0: CVE-2016-0729: xerces: RCE via overflows in Apache Xerces-C
Summary: VUL-0: CVE-2016-0729: xerces: RCE via overflows in Apache Xerces-C
Status: RESOLVED FIXED
Alias: CVE-2016-0729
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv2:SUSE:CVE-2016-0729:6.0:(AV:N/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-16 09:02 UTC by Sebastian Krahmer
Modified: 2017-10-25 20:04 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 9 Swamp Workflow Management 2016-02-16 23:00:15 UTC 
bugbot adjusting priority
Comment 10 Marcus Meissner 2016-03-07 15:39:01 UTC 
is public


CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input

http://svn.apache.org/viewvc?view=revision&revision=1727978
Comment 11 Victor Pereira 2016-03-15 09:01:56 UTC 
ping! Do we have already a maintainer for this package?
Comment 14 Bernhard Wiedemann 2016-03-29 15:00:21 UTC 
This is an autogenerated message for OBS integration:
This bug (966822) was mentioned in
https://build.opensuse.org/request/show/381222 42.1 / xerces-c
https://build.opensuse.org/request/show/381243 13.2 / xerces-c
Comment 15 Bernhard Wiedemann 2016-03-30 10:00:44 UTC 
This is an autogenerated message for OBS integration:
This bug (966822) was mentioned in
https://build.opensuse.org/request/show/381546 13.2 / xerces-c
Comment 17 Swamp Workflow Management 2016-04-07 11:08:03 UTC 
openSUSE-SU-2016:0966-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 920810,966822
CVE References: CVE-2015-0252,CVE-2016-0729
Sources used:
openSUSE 13.2 (src):    xerces-c-3.1.1-13.3.1
Comment 18 Swamp Workflow Management 2016-04-13 13:08:15 UTC 
SUSE-SU-2016:1026-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 966822
CVE References: CVE-2016-0729
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    xerces-c-3.1.1-7.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    xerces-c-3.1.1-7.1
SUSE Linux Enterprise Server 12-SP1 (src):    xerces-c-3.1.1-7.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    xerces-c-3.1.1-7.1
SUSE Linux Enterprise Desktop 12 (src):    xerces-c-3.1.1-7.1
Comment 19 Swamp Workflow Management 2016-04-21 12:08:15 UTC 
openSUSE-SU-2016:1121-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 966822
CVE References: CVE-2016-0729
Sources used:
openSUSE Leap 42.1 (src):    xerces-c-3.1.1-16.1
Comment 20 Bernhard Wiedemann 2016-07-05 14:00:29 UTC 
This is an autogenerated message for OBS integration:
This bug (966822) was mentioned in
https://build.opensuse.org/request/show/406725 Factory / xerces-c
Comment 21 Marcus Meissner 2017-10-25 20:04:42 UTC 
released