[SECURITY] Fedora 21 Update: xerces-j2-2.11.0-22.fc21

updates at fedoraproject.org updates at fedoraproject.org
Tue Sep 23 05:03:54 UTC 2014


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-10617
2014-09-10 16:27:59
--------------------------------------------------------------------------------

Name        : xerces-j2
Product     : Fedora 21
Version     : 2.11.0
Release     : 22.fc21
URL         : http://xerces.apache.org/xerces2-j/
Summary     : Java XML parser
Description :
Welcome to the future! Xerces2 is the next generation of high performance,
fully compliant XML parsers in the Apache Xerces family. This new version of
Xerces introduces the Xerces Native Interface (XNI), a complete framework for
building parser components and configurations that is extremely modular and
easy to program.

The Apache Xerces2 parser is the reference implementation of XNI but other
parser components, configurations, and parsers can be written using the Xerces
Native Interface. For complete design and implementation documents, refer to
the XNI Manual.

Xerces2 is a fully conforming XML Schema processor. For more information,
refer to the XML Schema page.

Xerces2 also provides a complete implementation of the Document Object Model
Level 3 Core and Load/Save W3C Recommendations and provides a complete
implementation of the XML Inclusions (XInclude) W3C Recommendation. It also
provides support for OASIS XML Catalogs v1.1.

Xerces2 is able to parse documents written according to the XML 1.1
Recommendation, except that it does not yet provide an option to enable
normalization checking as described in section 2.13 of this specification. It
also handles name spaces according to the XML Namespaces 1.1 Recommendation,
and will correctly serialize XML 1.1 documents if the DOM level 3 load/save
APIs are in use.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2013-4002
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1019176 - CVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP, 8017298)
        https://bugzilla.redhat.com/show_bug.cgi?id=1019176
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update xerces-j2' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list