The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Apache Xerces Java: denial of service via Long Attribute Names

Synthesis of the vulnerability 

An attacker can generate a fatal error via Long Attribute Names of Apache Xerces Java, in order to trigger a denial of service.
Impacted software: Xerces Java, openSUSE Leap.
Severity of this computer vulnerability: 2/4.
Creation date: 23/10/2017.
Références of this announce: openSUSE-SU-2017:2825-1, VIGILANCE-VUL-24208.

Description of the vulnerability 

An attacker can generate a fatal error via Long Attribute Names of Apache Xerces Java, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability impacts software or systems such as Xerces Java, openSUSE Leap.

Our Vigil@nce team determined that the severity of this weakness bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this weakness.

Solutions for this threat 

openSUSE Leap 42: new xerces-j2 packages.
New packages are available:
  openSUSE Leap 42.2: xerces-j2 2.8.1-6.3.1
  openSUSE Leap 42.3: xerces-j2 2.8.1-9.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computer security announces. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.