Red Hat Product Errata RHSA-2011:0858 - Security Advisory

Issued:: 2011-06-08
Updated:: 2011-06-08

RHSA-2011:0858 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: xerces-j2 security update

Type/Severity

Security Advisory: Moderate

Topic

Updated xerces-j2 packages that fix one security issue are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

The xerces-j2 packages provide the Apache Xerces2 Java Parser, a
high-performance XML parser. A Document Type Definition (DTD) defines the
legal syntax (and also which elements can be used) for certain types of
files, such as XML files.

A flaw was found in the way the Apache Xerces2 Java Parser processed the
SYSTEM identifier in DTDs. A remote attacker could provide a
specially-crafted XML file, which once parsed by an application using the
Apache Xerces2 Java Parser, would lead to a denial of service (application
hang due to excessive CPU use). (CVE-2009-2625)

Users should upgrade to these updated packages, which contain a backported
patch to correct this issue. Applications using the Apache Xerces2 Java
Parser must be restarted for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 i386

Fixes

BZ - 512921 - CVE-2009-2625 OpenJDK: XML parsing Denial-Of-Service (6845701)

CVEs

CVE-2009-2625

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
xerces-j2-2.7.1-12.6.el6_0.src.rpm	SHA-256: b709a8cf22b884c893a1067d7f6fe9ca194815cfbf750b63585840021b60c9ae
x86_64
xerces-j2-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: f4f0faee4fe0d3eab54de29f770fb7af0e1a9349e71c44ba9e85d415c386a3e5
xerces-j2-debuginfo-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: c9126ffce8236e29cdb534b131c93a26f39c28857e04213f01d0ea40d9b91aa8
xerces-j2-debuginfo-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: c9126ffce8236e29cdb534b131c93a26f39c28857e04213f01d0ea40d9b91aa8
xerces-j2-demo-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 4c88b4c139ada345f42b5b716f16848a12d480f281c5f8fbb903809a3175073d
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 5250a401ac876e6c94c4c85b386a74e2ffbd6a4af2f8b94fdccf0e4ab6589ac0
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 602c851e830211b8100a2d99fbd1821036a02031fb7cb1445a0d72963a9970ad
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 0c3aa493b4d48db402abbb4789392190bf8002fef7f7839d5d86332fd359375d
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 8b7b9141e213403b85aabad8be4a79cfe9a3420e94acc74ce788234e4c045b83
xerces-j2-scripts-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: c7b26176b9ae7991a3e8a262db5c6c6250ba5814b1f983a78dd4bce31c7c804f
i386
xerces-j2-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 338080d09afda306ee656ab8d19506e5b241df7ed32cc604dd0f5889063199c6
xerces-j2-debuginfo-2.7.1-12.6.el6_0.i686.rpm	SHA-256: e96f516c8020fe357007d99e7ff8e02e0ea45644bc99a319eff905d4c61fcaf6
xerces-j2-debuginfo-2.7.1-12.6.el6_0.i686.rpm	SHA-256: e96f516c8020fe357007d99e7ff8e02e0ea45644bc99a319eff905d4c61fcaf6
xerces-j2-demo-2.7.1-12.6.el6_0.i686.rpm	SHA-256: e204f30804d72d07e15c59a1a89b3fa8da2326ea219b67bbae4ec64d48ac793a
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.i686.rpm	SHA-256: abb7205d9301b074823acd1f09bc0b1d277f7b9d524ea244d5fe2cb8ec8e455b
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 7a60e1c23b1ffc60dacb858c52e49dc553d27bc6a79fb7b23a91279659a77e86
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 0d90e561d75fcef04917d6ad66e1d28ec158f8b1a7048b9334928e0a8d6b7138
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 8e8ccd3f1edec0e262003355609ce61567b9d090e56089f162212991bc8e3bbe
xerces-j2-scripts-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 0ea52a3bd49806c77da83bbc68f4ed88d8d21dec33247cc9cbd52d52d2e69846

Red Hat Enterprise Linux Workstation 6

SRPM
xerces-j2-2.7.1-12.6.el6_0.src.rpm	SHA-256: b709a8cf22b884c893a1067d7f6fe9ca194815cfbf750b63585840021b60c9ae
x86_64
xerces-j2-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: f4f0faee4fe0d3eab54de29f770fb7af0e1a9349e71c44ba9e85d415c386a3e5
xerces-j2-debuginfo-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: c9126ffce8236e29cdb534b131c93a26f39c28857e04213f01d0ea40d9b91aa8
xerces-j2-debuginfo-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: c9126ffce8236e29cdb534b131c93a26f39c28857e04213f01d0ea40d9b91aa8
xerces-j2-demo-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 4c88b4c139ada345f42b5b716f16848a12d480f281c5f8fbb903809a3175073d
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 5250a401ac876e6c94c4c85b386a74e2ffbd6a4af2f8b94fdccf0e4ab6589ac0
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 602c851e830211b8100a2d99fbd1821036a02031fb7cb1445a0d72963a9970ad
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 0c3aa493b4d48db402abbb4789392190bf8002fef7f7839d5d86332fd359375d
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 8b7b9141e213403b85aabad8be4a79cfe9a3420e94acc74ce788234e4c045b83
xerces-j2-scripts-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: c7b26176b9ae7991a3e8a262db5c6c6250ba5814b1f983a78dd4bce31c7c804f
i386
xerces-j2-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 338080d09afda306ee656ab8d19506e5b241df7ed32cc604dd0f5889063199c6
xerces-j2-debuginfo-2.7.1-12.6.el6_0.i686.rpm	SHA-256: e96f516c8020fe357007d99e7ff8e02e0ea45644bc99a319eff905d4c61fcaf6
xerces-j2-debuginfo-2.7.1-12.6.el6_0.i686.rpm	SHA-256: e96f516c8020fe357007d99e7ff8e02e0ea45644bc99a319eff905d4c61fcaf6
xerces-j2-demo-2.7.1-12.6.el6_0.i686.rpm	SHA-256: e204f30804d72d07e15c59a1a89b3fa8da2326ea219b67bbae4ec64d48ac793a
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.i686.rpm	SHA-256: abb7205d9301b074823acd1f09bc0b1d277f7b9d524ea244d5fe2cb8ec8e455b
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 7a60e1c23b1ffc60dacb858c52e49dc553d27bc6a79fb7b23a91279659a77e86
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 0d90e561d75fcef04917d6ad66e1d28ec158f8b1a7048b9334928e0a8d6b7138
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 8e8ccd3f1edec0e262003355609ce61567b9d090e56089f162212991bc8e3bbe
xerces-j2-scripts-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 0ea52a3bd49806c77da83bbc68f4ed88d8d21dec33247cc9cbd52d52d2e69846

Red Hat Enterprise Linux Desktop 6

SRPM
xerces-j2-2.7.1-12.6.el6_0.src.rpm	SHA-256: b709a8cf22b884c893a1067d7f6fe9ca194815cfbf750b63585840021b60c9ae
x86_64
xerces-j2-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: f4f0faee4fe0d3eab54de29f770fb7af0e1a9349e71c44ba9e85d415c386a3e5
xerces-j2-debuginfo-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: c9126ffce8236e29cdb534b131c93a26f39c28857e04213f01d0ea40d9b91aa8
xerces-j2-demo-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 4c88b4c139ada345f42b5b716f16848a12d480f281c5f8fbb903809a3175073d
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 5250a401ac876e6c94c4c85b386a74e2ffbd6a4af2f8b94fdccf0e4ab6589ac0
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 602c851e830211b8100a2d99fbd1821036a02031fb7cb1445a0d72963a9970ad
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 0c3aa493b4d48db402abbb4789392190bf8002fef7f7839d5d86332fd359375d
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 8b7b9141e213403b85aabad8be4a79cfe9a3420e94acc74ce788234e4c045b83
xerces-j2-scripts-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: c7b26176b9ae7991a3e8a262db5c6c6250ba5814b1f983a78dd4bce31c7c804f
i386
xerces-j2-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 338080d09afda306ee656ab8d19506e5b241df7ed32cc604dd0f5889063199c6
xerces-j2-debuginfo-2.7.1-12.6.el6_0.i686.rpm	SHA-256: e96f516c8020fe357007d99e7ff8e02e0ea45644bc99a319eff905d4c61fcaf6
xerces-j2-demo-2.7.1-12.6.el6_0.i686.rpm	SHA-256: e204f30804d72d07e15c59a1a89b3fa8da2326ea219b67bbae4ec64d48ac793a
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.i686.rpm	SHA-256: abb7205d9301b074823acd1f09bc0b1d277f7b9d524ea244d5fe2cb8ec8e455b
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 7a60e1c23b1ffc60dacb858c52e49dc553d27bc6a79fb7b23a91279659a77e86
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 0d90e561d75fcef04917d6ad66e1d28ec158f8b1a7048b9334928e0a8d6b7138
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 8e8ccd3f1edec0e262003355609ce61567b9d090e56089f162212991bc8e3bbe
xerces-j2-scripts-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 0ea52a3bd49806c77da83bbc68f4ed88d8d21dec33247cc9cbd52d52d2e69846

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
xerces-j2-2.7.1-12.6.el6_0.src.rpm	SHA-256: b709a8cf22b884c893a1067d7f6fe9ca194815cfbf750b63585840021b60c9ae
s390x
xerces-j2-2.7.1-12.6.el6_0.s390x.rpm	SHA-256: 20828c1b3792c12c2b893c6194831f412198528abd4632d0e73b62aeb085727d
xerces-j2-debuginfo-2.7.1-12.6.el6_0.s390x.rpm	SHA-256: f080835b207d5f1d5f4097e824b6433d8169778cb174cb2fae1e0d46205702bc
xerces-j2-debuginfo-2.7.1-12.6.el6_0.s390x.rpm	SHA-256: f080835b207d5f1d5f4097e824b6433d8169778cb174cb2fae1e0d46205702bc
xerces-j2-demo-2.7.1-12.6.el6_0.s390x.rpm	SHA-256: 395ec0c12990358164c1316e49d84b65b9c3fd1487b6ba29ebd49dede2dc921d
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.s390x.rpm	SHA-256: 7f20933947bf624fa94b61897d9a182e4b427db5fefb152647d9dc089854656b
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.s390x.rpm	SHA-256: 44b82003e68f24653c7b2f43ae8aa511e4aa70c1897d13023ba2629c29b2e2f8
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.s390x.rpm	SHA-256: 495c95b9171acba4a70e5cd2ad6b8eb74bb55ab63a441beb25bdf93ee7085d5d
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.s390x.rpm	SHA-256: f770834cb2075db2b32a57e957c9b82dcf53e3b40c778f1abdf40f6232be7586
xerces-j2-scripts-2.7.1-12.6.el6_0.s390x.rpm	SHA-256: 5d465e708d2973cf985acc7ece86920bf29f132605bb83eb6865ebb4839c855e

Red Hat Enterprise Linux for Power, big endian 6

SRPM
xerces-j2-2.7.1-12.6.el6_0.src.rpm	SHA-256: b709a8cf22b884c893a1067d7f6fe9ca194815cfbf750b63585840021b60c9ae
ppc64
xerces-j2-2.7.1-12.6.el6_0.ppc64.rpm	SHA-256: 61e3663ab28963b5143a31586bfcfa9e7d126c4e424a3db3c09374b8c18ba472
xerces-j2-debuginfo-2.7.1-12.6.el6_0.ppc64.rpm	SHA-256: 25db9bad8f5f04baad4165edd29700132dd042b157c828e56af6a89fb4da9a16
xerces-j2-debuginfo-2.7.1-12.6.el6_0.ppc64.rpm	SHA-256: 25db9bad8f5f04baad4165edd29700132dd042b157c828e56af6a89fb4da9a16
xerces-j2-demo-2.7.1-12.6.el6_0.ppc64.rpm	SHA-256: 244a25213627472d549485ce7e2ae833cc66060b02c965de23b9c8d8a664ca98
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.ppc64.rpm	SHA-256: 7168c01425508e0e8e76ebfa61923f799f20073e2ab58d0ad054d14e56a54407
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.ppc64.rpm	SHA-256: 08ba3b93fbf9ef288f6037a6cfcf02c973ad22bba87f000ca0014ec867280b77
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.ppc64.rpm	SHA-256: 84503109d0d545d1c91c4d91235ca1522c744d758074907a08734b99c4374fff
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.ppc64.rpm	SHA-256: fe50579a058f30fed5b6ac9fba7b6f839a59aedf7b36b731dc6e5292a11de4db
xerces-j2-scripts-2.7.1-12.6.el6_0.ppc64.rpm	SHA-256: d5cfc9f9111c82440b434314fb6d132f2256e804b3b4565410f76290fd74762a

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
xerces-j2-2.7.1-12.6.el6_0.src.rpm	SHA-256: b709a8cf22b884c893a1067d7f6fe9ca194815cfbf750b63585840021b60c9ae
x86_64
xerces-j2-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: f4f0faee4fe0d3eab54de29f770fb7af0e1a9349e71c44ba9e85d415c386a3e5
xerces-j2-debuginfo-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: c9126ffce8236e29cdb534b131c93a26f39c28857e04213f01d0ea40d9b91aa8
xerces-j2-demo-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 4c88b4c139ada345f42b5b716f16848a12d480f281c5f8fbb903809a3175073d
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 5250a401ac876e6c94c4c85b386a74e2ffbd6a4af2f8b94fdccf0e4ab6589ac0
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 602c851e830211b8100a2d99fbd1821036a02031fb7cb1445a0d72963a9970ad
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 0c3aa493b4d48db402abbb4789392190bf8002fef7f7839d5d86332fd359375d
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 8b7b9141e213403b85aabad8be4a79cfe9a3420e94acc74ce788234e4c045b83
xerces-j2-scripts-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: c7b26176b9ae7991a3e8a262db5c6c6250ba5814b1f983a78dd4bce31c7c804f

Red Hat Enterprise Linux Server from RHUI 6

SRPM
xerces-j2-2.7.1-12.6.el6_0.src.rpm	SHA-256: b709a8cf22b884c893a1067d7f6fe9ca194815cfbf750b63585840021b60c9ae
x86_64
xerces-j2-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: f4f0faee4fe0d3eab54de29f770fb7af0e1a9349e71c44ba9e85d415c386a3e5
xerces-j2-debuginfo-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: c9126ffce8236e29cdb534b131c93a26f39c28857e04213f01d0ea40d9b91aa8
xerces-j2-debuginfo-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: c9126ffce8236e29cdb534b131c93a26f39c28857e04213f01d0ea40d9b91aa8
xerces-j2-demo-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 4c88b4c139ada345f42b5b716f16848a12d480f281c5f8fbb903809a3175073d
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 5250a401ac876e6c94c4c85b386a74e2ffbd6a4af2f8b94fdccf0e4ab6589ac0
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 602c851e830211b8100a2d99fbd1821036a02031fb7cb1445a0d72963a9970ad
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 0c3aa493b4d48db402abbb4789392190bf8002fef7f7839d5d86332fd359375d
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: 8b7b9141e213403b85aabad8be4a79cfe9a3420e94acc74ce788234e4c045b83
xerces-j2-scripts-2.7.1-12.6.el6_0.x86_64.rpm	SHA-256: c7b26176b9ae7991a3e8a262db5c6c6250ba5814b1f983a78dd4bce31c7c804f
i386
xerces-j2-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 338080d09afda306ee656ab8d19506e5b241df7ed32cc604dd0f5889063199c6
xerces-j2-debuginfo-2.7.1-12.6.el6_0.i686.rpm	SHA-256: e96f516c8020fe357007d99e7ff8e02e0ea45644bc99a319eff905d4c61fcaf6
xerces-j2-debuginfo-2.7.1-12.6.el6_0.i686.rpm	SHA-256: e96f516c8020fe357007d99e7ff8e02e0ea45644bc99a319eff905d4c61fcaf6
xerces-j2-demo-2.7.1-12.6.el6_0.i686.rpm	SHA-256: e204f30804d72d07e15c59a1a89b3fa8da2326ea219b67bbae4ec64d48ac793a
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.i686.rpm	SHA-256: abb7205d9301b074823acd1f09bc0b1d277f7b9d524ea244d5fe2cb8ec8e455b
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 7a60e1c23b1ffc60dacb858c52e49dc553d27bc6a79fb7b23a91279659a77e86
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 0d90e561d75fcef04917d6ad66e1d28ec158f8b1a7048b9334928e0a8d6b7138
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 8e8ccd3f1edec0e262003355609ce61567b9d090e56089f162212991bc8e3bbe
xerces-j2-scripts-2.7.1-12.6.el6_0.i686.rpm	SHA-256: 0ea52a3bd49806c77da83bbc68f4ed88d8d21dec33247cc9cbd52d52d2e69846

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories