Skip to navigation

Security Advisory Moderate: xerces-j2 security update

Advisory: RHSA-2009:1615-1
Type: Security Advisory
Severity: Moderate
Issued on: 2009-11-30
Last updated on: 2009-11-30
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.4.z server)
CVEs (cve.mitre.org): CVE-2009-2625

Details

Updated xerces-j2 packages that fix a security issue are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The xerces-j2 packages provide the Apache Xerces2 Java Parser, a
high-performance XML parser. A Document Type Definition (DTD) defines the
legal syntax (and also which elements can be used) for certain types of
files, such as XML files.

A flaw was found in the way the Apache Xerces2 Java Parser processed the
SYSTEM identifier in DTDs. A remote attacker could provide a
specially-crafted XML file, which once parsed by an application using the
Apache Xerces2 Java Parser, would lead to a denial of service (application
hang due to excessive CPU use). (CVE-2009-2625)

Users should upgrade to these updated packages, which contain a backported
patch to correct this issue. Applications using the Apache Xerces2 Java
Parser must be restarted for this update to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
xerces-j2-2.7.1-7jpp.2.el5_4.2.src.rpm     MD5: 8b548250a2b8d64e4d107a0be11a915a
SHA-256: cc07b6b8dbbefb8636a46f2661366c2b5a1e1fffd76982f826e4177cb013457a
 
IA-32:
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: c9ca472ed008f2a0411fdb41e5d0d2c7
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: 88c16dc15b83251e7ecae50eeba9f828
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: 5fc9539d79d3bdda9aef41247561949b
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: a3f9ae6dffcef080681be56411565986
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: 16f590c3cf557061c1e71c5ea3cf6f3c
 
x86_64:
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: 32879271b49795003a97ccf250f69d5c
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: 8cabca42e0a0ad4cfd0ce66095ac01cd
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: d6572ede50b7c7971a3638e596de340e
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: e7ff41668811d83c8186fdd623b1988d
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: 7a6d423909a69bb54166021ce44915ea
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
xerces-j2-2.7.1-7jpp.2.el5_4.2.src.rpm     MD5: 8b548250a2b8d64e4d107a0be11a915a
SHA-256: cc07b6b8dbbefb8636a46f2661366c2b5a1e1fffd76982f826e4177cb013457a
 
IA-32:
xerces-j2-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: 7d4162277e657e5d45b86c33d2342754
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: c9ca472ed008f2a0411fdb41e5d0d2c7
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: 88c16dc15b83251e7ecae50eeba9f828
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: 5fc9539d79d3bdda9aef41247561949b
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: a3f9ae6dffcef080681be56411565986
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: 16f590c3cf557061c1e71c5ea3cf6f3c
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: 4d23fd2f79ca69cbe150d6b77d1571a2
 
IA-64:
xerces-j2-2.7.1-7jpp.2.el5_4.2.ia64.rpm     MD5: 42b2b72586953b56a0e4f580adaed3c6
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.ia64.rpm     MD5: 777a41d37b231783387298e29c2e78c9
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.ia64.rpm     MD5: c716dc70cf2e4fec6d0c43c0614acb43
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.ia64.rpm     MD5: 194afb7412efd878390aea9598b8fe26
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.ia64.rpm     MD5: 3edce4e722946e7eef85347ac49eefda
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.ia64.rpm     MD5: c6fd10bb7cd2b11a0cd68180c45f61ef
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.ia64.rpm     MD5: a2ccc653c3abab5c25375bfccd386f47
 
PPC:
xerces-j2-2.7.1-7jpp.2.el5_4.2.ppc.rpm     MD5: 7eb89da8102efe87192a496b15d43baa
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.ppc.rpm     MD5: 04b1b9bf176673bc6c106358ccb95c18
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.ppc.rpm     MD5: 1c0d76cf70ac07171f8c073372567757
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.ppc.rpm     MD5: 153dc1a5719e09bfb07c976408716d63
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.ppc.rpm     MD5: 82bd01c95aac840044d1e1706394eb55
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.ppc.rpm     MD5: f9134c9ef36146a4c44163c16c4da9e8
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.ppc.rpm     MD5: de1ee6b3f2862bd0f340007e09d9307d
 
s390x:
xerces-j2-2.7.1-7jpp.2.el5_4.2.s390x.rpm     MD5: a6d1978811f221d74143f61b711922d4
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.s390x.rpm     MD5: 3d60315787967eb0b8168f04ee6e75ca
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.s390x.rpm     MD5: 75ae8e71a08aa359ad924381842baa00
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.s390x.rpm     MD5: 3edff58a6541783634b9067010149acd
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.s390x.rpm     MD5: f65de7baf926a6a0b7c2724eeef66146
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.s390x.rpm     MD5: 89022d983ccdf66c35635a47ed51aee8
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.s390x.rpm     MD5: df42504905e08407d0078d1af4ef219e
 
x86_64:
xerces-j2-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: d2c709ecfdc58cc203eb6bdcc8f50b3e
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: 32879271b49795003a97ccf250f69d5c
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: 8cabca42e0a0ad4cfd0ce66095ac01cd
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: d6572ede50b7c7971a3638e596de340e
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: e7ff41668811d83c8186fdd623b1988d
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: 7a6d423909a69bb54166021ce44915ea
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: 2356ae724ab5ea10cc0802f0af038b80
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
xerces-j2-2.7.1-7jpp.2.el5_4.2.src.rpm     MD5: 8b548250a2b8d64e4d107a0be11a915a
SHA-256: cc07b6b8dbbefb8636a46f2661366c2b5a1e1fffd76982f826e4177cb013457a
 
IA-32:
xerces-j2-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: 7d4162277e657e5d45b86c33d2342754
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: 4d23fd2f79ca69cbe150d6b77d1571a2
 
x86_64:
xerces-j2-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: d2c709ecfdc58cc203eb6bdcc8f50b3e
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: 2356ae724ab5ea10cc0802f0af038b80
 
Red Hat Enterprise Linux EUS (v. 5.4.z server)

SRPMS:
xerces-j2-2.7.1-7jpp.2.el5_4.2.src.rpm     MD5: 8b548250a2b8d64e4d107a0be11a915a
SHA-256: cc07b6b8dbbefb8636a46f2661366c2b5a1e1fffd76982f826e4177cb013457a
 
IA-32:
xerces-j2-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: 7d4162277e657e5d45b86c33d2342754
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: c9ca472ed008f2a0411fdb41e5d0d2c7
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: 88c16dc15b83251e7ecae50eeba9f828
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: 5fc9539d79d3bdda9aef41247561949b
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: a3f9ae6dffcef080681be56411565986
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: 16f590c3cf557061c1e71c5ea3cf6f3c
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.i386.rpm     MD5: 4d23fd2f79ca69cbe150d6b77d1571a2
 
IA-64:
xerces-j2-2.7.1-7jpp.2.el5_4.2.ia64.rpm     MD5: 42b2b72586953b56a0e4f580adaed3c6
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.ia64.rpm     MD5: 777a41d37b231783387298e29c2e78c9
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.ia64.rpm     MD5: c716dc70cf2e4fec6d0c43c0614acb43
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.ia64.rpm     MD5: 194afb7412efd878390aea9598b8fe26
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.ia64.rpm     MD5: 3edce4e722946e7eef85347ac49eefda
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.ia64.rpm     MD5: c6fd10bb7cd2b11a0cd68180c45f61ef
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.ia64.rpm     MD5: a2ccc653c3abab5c25375bfccd386f47
 
PPC:
xerces-j2-2.7.1-7jpp.2.el5_4.2.ppc.rpm     MD5: 7eb89da8102efe87192a496b15d43baa
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.ppc.rpm     MD5: 04b1b9bf176673bc6c106358ccb95c18
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.ppc.rpm     MD5: 1c0d76cf70ac07171f8c073372567757
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.ppc.rpm     MD5: 153dc1a5719e09bfb07c976408716d63
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.ppc.rpm     MD5: 82bd01c95aac840044d1e1706394eb55
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.ppc.rpm     MD5: f9134c9ef36146a4c44163c16c4da9e8
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.ppc.rpm     MD5: de1ee6b3f2862bd0f340007e09d9307d
 
s390x:
xerces-j2-2.7.1-7jpp.2.el5_4.2.s390x.rpm     MD5: a6d1978811f221d74143f61b711922d4
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.s390x.rpm     MD5: 3d60315787967eb0b8168f04ee6e75ca
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.s390x.rpm     MD5: 75ae8e71a08aa359ad924381842baa00
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.s390x.rpm     MD5: 3edff58a6541783634b9067010149acd
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.s390x.rpm     MD5: f65de7baf926a6a0b7c2724eeef66146
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.s390x.rpm     MD5: 89022d983ccdf66c35635a47ed51aee8
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.s390x.rpm     MD5: df42504905e08407d0078d1af4ef219e
 
x86_64:
xerces-j2-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: d2c709ecfdc58cc203eb6bdcc8f50b3e
xerces-j2-demo-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: 32879271b49795003a97ccf250f69d5c
xerces-j2-javadoc-apis-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: 8cabca42e0a0ad4cfd0ce66095ac01cd
xerces-j2-javadoc-impl-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: d6572ede50b7c7971a3638e596de340e
xerces-j2-javadoc-other-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: e7ff41668811d83c8186fdd623b1988d
xerces-j2-javadoc-xni-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: 7a6d423909a69bb54166021ce44915ea
xerces-j2-scripts-2.7.1-7jpp.2.el5_4.2.x86_64.rpm     MD5: 2356ae724ab5ea10cc0802f0af038b80
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

512921 - CVE-2009-2625 OpenJDK: XML parsing Denial-Of-Service (6845701)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/