Subject: | |
From: | |
Reply To: | |
Date: | Tue, 30 Sep 2014 18:47:42 +0200 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Thanks for considering.
Andras
On Tue, 30 Sep 2014 08:51:59 -0500
Pat Riehecky <[log in to unmask]> wrote:
> Historically, SL has not included the more detailed description to try
> and cut to the heart of the security issue. Our focus being along the
> lines of "since we ship with security errata on by default, here is why
> this package is changing". We know everyone is busy and are hoping to
> get straight to the point.
>
> Putting the package background in the message is an interesting idea.
> We'll have to ponder it a bit....
>
> Thanks for the feedback!
>
> Pat
>
> On 09/30/2014 12:37 AM, Andras Horvath wrote:
> > (Sorry, sent to the wrong list).
> >
> > Hi,
> >
> > With all respect for the work, may I ask if there is any possibility to include a short description of the package's functionality in the security errata report? There was one included in the past as far as I remember. I'd find it more than practical to have it because it gives a useful info to sysadmins about which are of the system is affected. Which software layer etc.
> >
> > Of course I could run a "yum info", just thought it may be good for everyone not having to.
> >
> >
> > Andras
> >
> >
> > On Mon, 29 Sep 2014 21:37:02 +0000
> > Pat Riehecky <[log in to unmask]> wrote:
> >
> >> Synopsis: Moderate: xerces-j2 security update
> >> Advisory ID: SLSA-2014:1319-1
> >> Issue Date: 2014-09-29
> >> CVE Numbers: CVE-2013-4002
> >> --
> >>
> >> A resource consumption issue was found in the way Xerces-J handled XML
> >> declarations. A remote attacker could use an XML document with a specially
> >> crafted declaration using a long pseudo-attribute name that, when parsed
> >> by an application using Xerces-J, would cause that application to use an
> >> excessive amount of CPU. (CVE-2013-4002)
> >>
> >> Applications using the Xerces-J must be restarted for this update to take
> >> effect.
> >> --
> >>
> >> SL6
> >> x86_64
> >> xerces-j2-2.7.1-12.7.el6_5.x86_64.rpm
> >> xerces-j2-debuginfo-2.7.1-12.7.el6_5.x86_64.rpm
> >> xerces-j2-demo-2.7.1-12.7.el6_5.x86_64.rpm
> >> xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.x86_64.rpm
> >> xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.x86_64.rpm
> >> xerces-j2-javadoc-other-2.7.1-12.7.el6_5.x86_64.rpm
> >> xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.x86_64.rpm
> >> xerces-j2-scripts-2.7.1-12.7.el6_5.x86_64.rpm
> >> i386
> >> xerces-j2-2.7.1-12.7.el6_5.i686.rpm
> >> xerces-j2-debuginfo-2.7.1-12.7.el6_5.i686.rpm
> >> xerces-j2-demo-2.7.1-12.7.el6_5.i686.rpm
> >> xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.i686.rpm
> >> xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.i686.rpm
> >> xerces-j2-javadoc-other-2.7.1-12.7.el6_5.i686.rpm
> >> xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.i686.rpm
> >> xerces-j2-scripts-2.7.1-12.7.el6_5.i686.rpm
> >>
> >> - Scientific Linux Development Team
>
>
|
|
|