-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:193
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : xerces-j2
Date : October 1, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
A resource consumption issue was found in the way Xerces-J handled
XML declarations. A remote attacker could use an XML document with
a specially crafted declaration using a long pseudo-attribute name
that, when parsed by an application using Xerces-J, would cause that
application to use an excessive amount of CPU (CVE-2013-4002).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
https://rhn.redhat.com/errata/RHSA-2014-1319.