[SECURITY] Fedora 20 Update: xerces-j2-2.11.0-17.fc20

updates at fedoraproject.org updates at fedoraproject.org
Thu Sep 25 10:44:24 UTC 2014

Fedora Update Notification
2014-09-11 00:05:24

Name        : xerces-j2
Product     : Fedora 20
Version     : 2.11.0
Release     : 17.fc20
URL         : http://xerces.apache.org/xerces2-j/
Summary     : Java XML parser
Description :
Welcome to the future! Xerces2 is the next generation of high performance,
fully compliant XML parsers in the Apache Xerces family. This new version of
Xerces introduces the Xerces Native Interface (XNI), a complete framework for
building parser components and configurations that is extremely modular and
easy to program.

The Apache Xerces2 parser is the reference implementation of XNI but other
parser components, configurations, and parsers can be written using the Xerces
Native Interface. For complete design and implementation documents, refer to
the XNI Manual.

Xerces2 is a fully conforming XML Schema processor. For more information,
refer to the XML Schema page.

Xerces2 also provides a complete implementation of the Document Object Model
Level 3 Core and Load/Save W3C Recommendations and provides a complete
implementation of the XML Inclusions (XInclude) W3C Recommendation. It also
provides support for OASIS XML Catalogs v1.1.

Xerces2 is able to parse documents written according to the XML 1.1
Recommendation, except that it does not yet provide an option to enable
normalization checking as described in section 2.13 of this specification. It
also handles name spaces according to the XML Namespaces 1.1 Recommendation,
and will correctly serialize XML 1.1 documents if the DOM level 3 load/save
APIs are in use.

Update Information:

Security fix for CVE-2013-4002

* Wed Sep 10 2014 Mat Booth <mat.booth at redhat.com> - 2.11.0-17
- Add patch for CVE-2013-4002, rhbz #1140031
- Fix ownership of javadoc directory

  [ 1 ] Bug #1019176 - CVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP, 8017298)

This update can be installed with the "yum" update program.  Use
su -c 'yum update xerces-j2' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list