Moderate CentOS xerces-j2 Security Update

Metadata

high
7.1
xerces-j2-2.11.0-17.el7_0.noarch.rpm, xerces-j2-2.11.0-17.el7_0.src.rpm, xerces-j2-2.7.1-12.7.el6_5.i686.rpm, xerces-j2-2.7.1-12.7.el6_5.src.rpm, xerces-j2-2.7.1-12.7.el6_5.x86_64.rpm, xerces-j2-demo-2.11.0-17.el7_0.noarch.rpm, xerces-j2-demo-2.7.1-12.7.el6_5.i686.rpm, xerces-j2-demo-2.7.1-12.7.el6_5.x86_64.rpm, xerces-j2-javadoc-2.11.0-17.el7_0.noarch.rpm, xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.i686.rpm, xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.x86_64.rpm, xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.i686.rpm, xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.x86_64.rpm, xerces-j2-javadoc-other-2.7.1-12.7.el6_5.i686.rpm, xerces-j2-javadoc-other-2.7.1-12.7.el6_5.x86_64.rpm, xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.i686.rpm, xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.x86_64.rpm, xerces-j2-scripts-2.7.1-12.7.el6_5.i686.rpm, xerces-j2-scripts-2.7.1-12.7.el6_5.x86_64.rpm
CVE-2013-4002
rhn.redhat.com, lists.centos.org, lists.centos.org
2014-09-30
2017-07-27 19:07
ALAS-2013-246
ALAS-2014-436
ALAS-2013-235
Important CentOS java-1.7.0-openjdk Update
Important CentOS java-1.6.0-openjdk Update
Critical CentOS java-1.7.0-openjdk Update
CVE-2013-4002 openjdk-6
CVE-2013-4002 openjdk-7
CVE-2013-4002
2017-04-01 19:08
2017-01-05 20:12

Description


Updated xerces-j2 packages that fix one security issue are now available
for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Apache Xerces for Java (Xerces-J) is a high performance, standards
compliant, validating XML parser written in Java. The xerces-j2 packages
provide Xerces-J version 2.

A resource consumption issue was found in the way Xerces-J handled XML
declarations. A remote attacker could use an XML document with a specially
crafted declaration using a long pseudo-attribute name that, when parsed by
an application using Xerces-J, would cause that application to use an
excessive amount of CPU. (CVE-2013-4002)

All xerces-j2 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. Applications using the
Xerces-J must be restarted for this update to take effect.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 xerces-j2 xerces-j2-2.7.1-12.7.el6_5.src.rpm
xerces-j2 xerces-j2-2.7.1-12.7.el6_5.i686.rpm
xerces-j2 xerces-j2-2.7.1-12.7.el6_5.x86_64.rpm
xerces-j2-demo xerces-j2-demo-2.7.1-12.7.el6_5.x86_64.rpm
xerces-j2-demo xerces-j2-demo-2.7.1-12.7.el6_5.i686.rpm
xerces-j2-javadoc-apis xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.x86_64.rpm
xerces-j2-javadoc-apis xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.i686.rpm
xerces-j2-javadoc-impl xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.x86_64.rpm
xerces-j2-javadoc-impl xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.i686.rpm
xerces-j2-javadoc-other xerces-j2-javadoc-other-2.7.1-12.7.el6_5.i686.rpm
xerces-j2-javadoc-other xerces-j2-javadoc-other-2.7.1-12.7.el6_5.x86_64.rpm
xerces-j2-javadoc-xni xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.i686.rpm
xerces-j2-javadoc-xni xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.x86_64.rpm
xerces-j2-scripts xerces-j2-scripts-2.7.1-12.7.el6_5.x86_64.rpm
xerces-j2-scripts xerces-j2-scripts-2.7.1-12.7.el6_5.i686.rpm
7 xerces-j2 xerces-j2-2.11.0-17.el7_0.src.rpm
xerces-j2 xerces-j2-2.11.0-17.el7_0.noarch.rpm
xerces-j2-demo xerces-j2-demo-2.11.0-17.el7_0.noarch.rpm
xerces-j2-javadoc xerces-j2-javadoc-2.11.0-17.el7_0.noarch.rpm