[ MDVSA-2014:193 ] xerces-j2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:193
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : xerces-j2
 Date    : October 1, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A resource consumption issue was found in the way Xerces-J handled
 XML declarations. A remote attacker could use an XML document with
 a specially crafted declaration using a long pseudo-attribute name
 that, when parsed by an application using Xerces-J, would cause that
 application to use an excessive amount of CPU (CVE-2013-4002).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
 https://rhn.redhat.com/errata/RHSA-2014-1319.

Leave a Reply