-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-2154: Apache Santuario XML Security for C++ contains a stack overflow during XPointer evaluation Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security for C++ library versions prior to V1.7.1 Description: A stack overflow, possibly leading to arbitrary code execution, exists in the processing of malformed XPointer expressions in the XML Signature Reference processing code. An attacker could use this to exploit an application performing signature verification if the application does not block the evaluation of such references prior to performing the verification step. The exploit would occur prior to the actual verification of the signature, so does not require authenticated content. Mitigation: Applications that do not otherwise prevent the evaluation of XPointer expressions during signature verification and are using library versions older than V1.7.1 should upgrade as soon as possible. Distributors of older versions should apply the patches from this subversion revision: http://svn.apache.org/viewvc?view=revision&revision=r1493959 The first chunk of the patch to DSIGReference.cpp is the relevant portion. Credit: This issue was reported by James Forshaw, Context Information Security References: http://santuario.apache.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Darwin) iQIcBAEBCgAGBQJRv9OYAAoJEDeLhFQCJ3li8IgP/1kbxVPOdSXDqx4ER9oBU877 7Z8XwGw3vL1CUoyt1AWlElqJpgrUMP723fcLWJa3sfXiY6Pnp/+dxfiaoUCAa+OJ qJS2/TUmc/1EwGc+hawvCJlItuKb7aOHhdPlOX3KuriTHnqnigTXkpF0n5oUd7Md e0+XOIFcTpoudUUEfdiigBtJHBxv8Jfq3dvjCOD2aOpRCreEBEinykdxdXWX2onw Ugj7b+FxH/d4eVSYS1vuIxLAVqJpgN4AlVV7kNzyp0ivPE3NgKYb946Kq5YNkYN3 Xj3uq+VW7NxWMzWn/Gl5GEgPGNdzTPVZ80dy/bOIw4dDUtA362axfO24I+Lmrobx 2/JhgeovwCbIrbeMVZOtWeSYoRFSFtf9WxKDVi+9a+53UtZOWCNhky48D9iU2OuA fxEAeTmDH+Dx23w/bXezwI0X4l2hItBHd4+V59BP7p/90Vu3iBw9jez8lzQXWJ8G hzUyxCdGN0hB3K+1pOesKTmD1zdy8u3L/FUz91gbB7ciivmvzsx5a5zB3BLzWSJF 3jgAwWaay4DZdL4YmCW3khr5xa05nR0LUqlS3xpTukrWfPqLdjJzBfeeDWWxMGib N5dPaf+DMB9Q5TmLXb6j3tsEfCS+xqky+ryqsS8rGrrIcL1zW9HAlG+QELAC/t6q bVctGmNMu7i+o9xXqUJ0 =7xZa -----END PGP SIGNATURE-----