The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Apache Xerces-C++: use after free via DTDScanner

Synthesis of the vulnerability 

An attacker can force the usage of a freed memory area in DTDScanner of Apache Xerces-C++, in order to trigger a denial of service, and possibly to run code.
Vulnerable products: Xerces-C++, Debian, BIG-IP Hardware, TMOS, Fedora, openSUSE, openSUSE Leap, Oracle Communications.
Severity of this weakness: 2/4.
Creation date: 10/05/2016.
Revision date: 28/06/2016.
Références of this bulletin: cpujul2018, CVE-2016-2099, DLA-467-1, DSA-3579-1, FEDORA-2016-0a061f6dd9, FEDORA-2016-7615febbd6, FEDORA-2016-84373c5f4f, FEDORA-2016-87e8468465, FEDORA-2016-9284772686, FEDORA-2016-d2d6890690, openSUSE-SU-2016:1744-1, openSUSE-SU-2016:1808-1, openSUSE-SU-2016:2232-1, SOL04253390, VIGILANCE-VUL-19566, XERCESC-2066.

Description of the vulnerability 

The Apache Xerces-C++ product calls DTDScanner from the XMLReader class, in order to analyze DTD data.

However, if an invalid character is encountered, an exception handler frees a memory area before reusing it.

An attacker can therefore force the usage of a freed memory area in DTDScanner of Apache Xerces-C++, in order to trigger a denial of service, and possibly to run code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security threat impacts software or systems such as Xerces-C++, Debian, BIG-IP Hardware, TMOS, Fedora, openSUSE, openSUSE Leap, Oracle Communications.

Our Vigil@nce team determined that the severity of this computer weakness note is medium.

The trust level is of type confirmed by the editor, with an origin of document.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer threat alert.

Solutions for this threat 

Apache Xerces-C++: patch for DTDScanner.
A patch is indicated in information sources.

Debian: new xerces-c packages.
New packages are available:
  Debian 7: xerces-c 3.1.1-3+deb7u3
  Debian 8: xerces-c 3.1.1-5.1+deb8u2

F5 BIG-IP: solution for Apache Xerces.
The solution is indicated in information sources.

Fedora: new mingw-xerces-c packages.
New packages are available:
  Fedora 24: mingw-xerces-c 3.1.4-1.fc24
  Fedora 23: mingw-xerces-c 3.1.4-1.fc23
  Fedora 22: mingw-xerces-c 3.1.4-1.fc22

Fedora: new xerces-c packages.
New packages are available:
  Fedora 24: xerces-c 3.1.4-1.fc24
  Fedora 23: xerces-c 3.1.4-1.fc23
  Fedora 22: xerces-c 3.1.4-1.fc22

openSUSE 13.2: new xerces-c packages.
New packages are available:
  openSUSE 13.2: xerces-c 3.1.4-13.9.2

openSUSE Leap 42.1: new xerces-c packages.
New packages are available:
  openSUSE Leap 42.1: xerces-c 3.1.1-19.1

openSUSE: new xerces-c packages.
New packages are available:
  openSUSE 13.2: libxerces-c-3_1 3.1.1-13.6.1, xerces-c 3.1.1-13.6.1

Oracle Communications: CPU of July 2018.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2410237.1
  https://support.oracle.com/rs?type=doc&id=2406191.1
  https://support.oracle.com/rs?type=doc&id=2410234.1
  https://support.oracle.com/rs?type=doc&id=2408211.1
  https://support.oracle.com/rs?type=doc&id=2406689.1
  https://support.oracle.com/rs?type=doc&id=2408212.1
  https://support.oracle.com/rs?type=doc&id=2410243.1
  https://support.oracle.com/rs?type=doc&id=2410198.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities patch. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.