Red Hat Product Errata RHSA-2009:1615 - Security Advisory

Issued:: 2009-11-30
Updated:: 2009-11-30

RHSA-2009:1615 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: xerces-j2 security update

Type/Severity

Security Advisory: Moderate

Topic

Updated xerces-j2 packages that fix a security issue are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The xerces-j2 packages provide the Apache Xerces2 Java Parser, a
high-performance XML parser. A Document Type Definition (DTD) defines the
legal syntax (and also which elements can be used) for certain types of
files, such as XML files.

A flaw was found in the way the Apache Xerces2 Java Parser processed the
SYSTEM identifier in DTDs. A remote attacker could provide a
specially-crafted XML file, which once parsed by an application using the
Apache Xerces2 Java Parser, would lead to a denial of service (application
hang due to excessive CPU use). (CVE-2009-2625)

Users should upgrade to these updated packages, which contain a backported
patch to correct this issue. Applications using the Apache Xerces2 Java
Parser must be restarted for this update to take effect.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server - Extended Update Support 5.4 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 5.4 ia64
Red Hat Enterprise Linux Server - Extended Update Support 5.4 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.4 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.4 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 512921 - CVE-2009-2625 OpenJDK: XML parsing Denial-Of-Service (6845701)

CVEs

CVE-2009-2625

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
xerces-j2-2.7.1-7jpp.2.el5_4.2.src.rpm	SHA-256: cc07b6b8dbbefb8636a46f2661366c2b5a1e1fffd76982f826e4177cb013457a
x86_64
xerces-j2-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: d2da3981f75613368630ed2843f130b8f3e60067130f4f3c1b859b773a2805e9
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: 64dd8311d3870ee021de317d60b6221a4a9ed37c3fbecffee278b49ee208f00a
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: 1ef4c4e42decdd4b35756d3cb953178535619aa8d58b303c346c286d234e8f70
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: 4528a03de826be4648ef3b26be6c48ec47c66b418c6e4f2a0bdc77991d58474b
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: f9791ea5070ff690ea5078e9c5bfd38393e2e94b1ddc2137adcc39b518b7fd90
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: 4009d8c69b4a358fbfdc3170cbe7dffb1578a82768cdd11ee964aa7ab6f1cef0
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: a9fffd53d1f3eb4a281e443340d62ebc864a1ccb462d31fd7f84985ded5944d1
ia64
xerces-j2-2.7.1-7jpp.2.el5_4.2.ia64.rpm	SHA-256: ee75a331a922bb24885534d6e66ada52d91a5d30c2913a4c53def353e7533780
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.ia64.rpm	SHA-256: a213dbfd95c907c288b0c60e8b08ce83303bf667c25b7c58f3b893889ca00ca2
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.ia64.rpm	SHA-256: 0dc157a4bf99fc42c2a7d08dac3560b838f2d5892a711dee3952e714fd3c6380
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.ia64.rpm	SHA-256: e073ee49439ed8727fc761cc3f3a8dfe4571817ac8b09c363edfa82334f6df2c
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.ia64.rpm	SHA-256: f46680d0f8a37bde90ba1f3e14be09a67842a34817ba2526bbae28359a29d8e5
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.ia64.rpm	SHA-256: aa32d174a16186694e12176508473802f719ac20784bbe93f50381362212d88b
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.ia64.rpm	SHA-256: 80d08773c964c995df70b11775fcde6c0471f567c2cc08f343d2c909a889ee5b
i386
xerces-j2-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: e2dbdf786b797adf660319edae886133a9e8f295b71670304e0e3cef18190c15
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: 1061a2f5a951a6cd7b10bd5740682a95f9aab4d7b2d642d7504d00af76347678
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: 81c004167307fb44683206c732c1bd4e5c90e1b0a7fd1271b5679f4a51ee7c98
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: f7ce099f91b64a831930023d48bcf13a6d815f5ff3e964caa840cec7f4bbe0dc
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: 5ae40522fbba157b0427b31d6096de71a7a26cdea8c886146a809df245cd8e84
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: 183fb6d66437c0e2c70caa0fdc7bf72b0aa3a9e151fe442487052f12f64e49b1
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: 22baa9e9d43f3a5deeaaadef433f83a2a61d930bc26f4c48afa71362277a6933

Red Hat Enterprise Linux Workstation 5

SRPM
xerces-j2-2.7.1-7jpp.2.el5_4.2.src.rpm	SHA-256: cc07b6b8dbbefb8636a46f2661366c2b5a1e1fffd76982f826e4177cb013457a
x86_64
xerces-j2-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: d2da3981f75613368630ed2843f130b8f3e60067130f4f3c1b859b773a2805e9
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: 64dd8311d3870ee021de317d60b6221a4a9ed37c3fbecffee278b49ee208f00a
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: 1ef4c4e42decdd4b35756d3cb953178535619aa8d58b303c346c286d234e8f70
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: 4528a03de826be4648ef3b26be6c48ec47c66b418c6e4f2a0bdc77991d58474b
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: f9791ea5070ff690ea5078e9c5bfd38393e2e94b1ddc2137adcc39b518b7fd90
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: 4009d8c69b4a358fbfdc3170cbe7dffb1578a82768cdd11ee964aa7ab6f1cef0
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: a9fffd53d1f3eb4a281e443340d62ebc864a1ccb462d31fd7f84985ded5944d1
i386
xerces-j2-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: e2dbdf786b797adf660319edae886133a9e8f295b71670304e0e3cef18190c15
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: 1061a2f5a951a6cd7b10bd5740682a95f9aab4d7b2d642d7504d00af76347678
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: 81c004167307fb44683206c732c1bd4e5c90e1b0a7fd1271b5679f4a51ee7c98
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: f7ce099f91b64a831930023d48bcf13a6d815f5ff3e964caa840cec7f4bbe0dc
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: 5ae40522fbba157b0427b31d6096de71a7a26cdea8c886146a809df245cd8e84
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: 183fb6d66437c0e2c70caa0fdc7bf72b0aa3a9e151fe442487052f12f64e49b1
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: 22baa9e9d43f3a5deeaaadef433f83a2a61d930bc26f4c48afa71362277a6933

Red Hat Enterprise Linux Desktop 5

SRPM
xerces-j2-2.7.1-7jpp.2.el5_4.2.src.rpm	SHA-256: cc07b6b8dbbefb8636a46f2661366c2b5a1e1fffd76982f826e4177cb013457a
x86_64
xerces-j2-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: d2da3981f75613368630ed2843f130b8f3e60067130f4f3c1b859b773a2805e9
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: a9fffd53d1f3eb4a281e443340d62ebc864a1ccb462d31fd7f84985ded5944d1
i386
xerces-j2-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: e2dbdf786b797adf660319edae886133a9e8f295b71670304e0e3cef18190c15
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: 22baa9e9d43f3a5deeaaadef433f83a2a61d930bc26f4c48afa71362277a6933

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
xerces-j2-2.7.1-7jpp.2.el5_4.2.src.rpm	SHA-256: cc07b6b8dbbefb8636a46f2661366c2b5a1e1fffd76982f826e4177cb013457a
s390x
xerces-j2-2.7.1-7jpp.2.el5_4.2.s390x.rpm	SHA-256: 2cb38b2a3dfffa402599677a1e0964c24e6f8f7015b11d0c8e327e6533392be1
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.s390x.rpm	SHA-256: 0e3cc15c6c8733c7dea534701e766e4faca614ace1f53e774bc8478a22e23fde
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.s390x.rpm	SHA-256: 1d3dff0ebdb63b73c52c033eca850038e828d4d3cb20fe502c205e5ad08f2101
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.s390x.rpm	SHA-256: 012f6cc8529b45cf150fa2c618811604e04f28bf189cfe8b353ad29cf706fdcf
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.s390x.rpm	SHA-256: 31c9f34a84ae0feaaee2a126029f8df050e14d7f5b9c64b33a0ffd17e097ae25
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.s390x.rpm	SHA-256: 5b3bfbf5601d59831870fef01c28f20ae7291d143cb15f4880e2db8923852888
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.s390x.rpm	SHA-256: 4da42bd0346b005ae5b9ba2011f3ae52ad404de0c3e0ed69156e5f552cb86037

Red Hat Enterprise Linux for Power, big endian 5

SRPM
xerces-j2-2.7.1-7jpp.2.el5_4.2.src.rpm	SHA-256: cc07b6b8dbbefb8636a46f2661366c2b5a1e1fffd76982f826e4177cb013457a
ppc
xerces-j2-2.7.1-7jpp.2.el5_4.2.ppc.rpm	SHA-256: 8bced6e49ba0cf58ef2a2a3c544487565428f2aa70261a0b8bd4ad84960dd12c
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.ppc.rpm	SHA-256: 55d79bbdea99e942102b5c683e4ddc03c7d4dc561aa0a43d2cdf78661c6eb102
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.ppc.rpm	SHA-256: 55795913285407dcc66d3125f867e2e94bb9b9c07ddef2e0e60aa79169b9c7b0
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.ppc.rpm	SHA-256: 406f257dc023cee0b485633b53df7777ed57d33cff44d7f4e4048bff355f0116
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.ppc.rpm	SHA-256: 2e2c4143be76914be9d841419b553c128b17d54a5fe8b69f7d13ad54954b0c20
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.ppc.rpm	SHA-256: 3655cc8e1fdb57e16b030283f0cc2108053ec62c41957526d18204f752e09a2d
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.ppc.rpm	SHA-256: fb05cd16e1ab73c55412a6afbc1cdfb26272b0755c3a6b722729454e67bbe457

Red Hat Enterprise Linux Server from RHUI 5

SRPM
xerces-j2-2.7.1-7jpp.2.el5_4.2.src.rpm	SHA-256: cc07b6b8dbbefb8636a46f2661366c2b5a1e1fffd76982f826e4177cb013457a
x86_64
xerces-j2-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: d2da3981f75613368630ed2843f130b8f3e60067130f4f3c1b859b773a2805e9
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: 64dd8311d3870ee021de317d60b6221a4a9ed37c3fbecffee278b49ee208f00a
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: 1ef4c4e42decdd4b35756d3cb953178535619aa8d58b303c346c286d234e8f70
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: 4528a03de826be4648ef3b26be6c48ec47c66b418c6e4f2a0bdc77991d58474b
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: f9791ea5070ff690ea5078e9c5bfd38393e2e94b1ddc2137adcc39b518b7fd90
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: 4009d8c69b4a358fbfdc3170cbe7dffb1578a82768cdd11ee964aa7ab6f1cef0
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.x86_64.rpm	SHA-256: a9fffd53d1f3eb4a281e443340d62ebc864a1ccb462d31fd7f84985ded5944d1
i386
xerces-j2-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: e2dbdf786b797adf660319edae886133a9e8f295b71670304e0e3cef18190c15
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: 1061a2f5a951a6cd7b10bd5740682a95f9aab4d7b2d642d7504d00af76347678
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: 81c004167307fb44683206c732c1bd4e5c90e1b0a7fd1271b5679f4a51ee7c98
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: f7ce099f91b64a831930023d48bcf13a6d815f5ff3e964caa840cec7f4bbe0dc
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: 5ae40522fbba157b0427b31d6096de71a7a26cdea8c886146a809df245cd8e84
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: 183fb6d66437c0e2c70caa0fdc7bf72b0aa3a9e151fe442487052f12f64e49b1
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.i386.rpm	SHA-256: 22baa9e9d43f3a5deeaaadef433f83a2a61d930bc26f4c48afa71362277a6933

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories