The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Apache Xerces C++, Python libexpat: denial of service via DTD

Synthesis of the vulnerability 

An attacker can create an XML DTD containing nested parentheses, in order to generate an infinite loop in Apache Xerces C++ or Python libexpat.
Impacted software: Xerces-C++, Fedora, Mandriva Linux, openSUSE, SLES, Unix (platform) ~ not comprehensive.
Severity of this computer vulnerability: 2/4.
Creation date: 10/08/2009.
Références of this announce: BID-35986, BID-35988, CVE-2009-1885, FEDORA-2009-8305, FEDORA-2009-8332, FEDORA-2009-8345, FEDORA-2009-8350, FICORA #245608, MDVSA-2009:223, MDVSA-2009:223-1, SUSE-SR:2009:014, VIGILANCE-VUL-8926.

Description of the vulnerability 

The Apache Xerces C++ and Python libexpat products manage XML DTD (Document Type Definition). They share the same vulnerability.

A DTD for example contains:
  <!ELEMENT name (#PCDATA)>
However, when there are several nested parentheses, an infinite loop occurs in Apache Xerces C++ or Python libexpat.

An attacker can therefore create a malicious XML DTD, in order to generate a denial of service in applications using Apache Xerces C++ or Python libexpat.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat alert impacts software or systems such as Xerces-C++, Fedora, Mandriva Linux, openSUSE, SLES, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this weakness announce is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer weakness bulletin.

Solutions for this threat 

Apache Xerces C++: patch for DTD.
A patch is available:
  http://svn.apache.org/viewvc?view=rev&revision=781488

Fedora: new xerces packages.
New packages are available:
  xerces-c27-2.7.0-8.fc10
  xerces-c-2.8.0-5.fc10
  xerces-c27-2.7.0-8.fc11
  xerces-c-2.8.0-5.fc11

Mandriva 2008.0: new xerces-c packages.
New packages are available:
  xerces-c-2.7.0-5.1mdv2008.0

Mandriva: new xerces-c packages.
New packages are available:
Mandriva Linux 2008.1:
  xerces-c-2.7.0-7.1mdv2008.1
Mandriva Linux 2009.0:
  xerces-c-2.7.0-7.1mdv2009.0
  xerces-c-2.8.0-2.1mdv2009.0
Mandriva Linux 2009.1:
  xerces-c-2.8.0-2.1mdv2009.1
Mandriva Enterprise Server 5:
  xerces-c-2.7.0-7.1mdvmes5
  xerces-c-2.8.0-2.1mdvmes5

SUSE: new packages (01/09/2009).
New packages are available.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerability bulletins. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.