An update for xerces-j2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1625 Final 1.0 1.0 2022-04-29 Initial 2022-04-29 2022-04-29 openEuler SA Tool V1.0 2022-04-29 xerces-j2 security update An update for xerces-j2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. Welcome to the future! Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program. The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual. Xerces 2 is a fully conforming XML Schema processor. For more information, refer to the XML Schema page. Xerces 2 also provides a partial implementation of Document Object Model Level 3 Core, Load and Save and Abstract Schemas [deprecated] Working Drafts. For more information, refer to the DOM Level 3 Implementation page. Security Fix(es): There s a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.(CVE-2022-23437) An update for xerces-j2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium xerces-j2 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1625 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-23437 https://nvd.nist.gov/vuln/detail/CVE-2022-23437 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS xerces-j2-2.12.2-1.oe1.src.rpm xerces-j2-2.12.2-1.oe1.src.rpm xerces-j2-2.12.2-1.oe1.src.rpm xerces-j2-2.12.2-1.oe2203.src.rpm xerces-j2-2.12.2-1.oe1.noarch.rpm xerces-j2-help-2.12.2-1.oe1.noarch.rpm xerces-j2-2.12.2-1.oe1.noarch.rpm xerces-j2-help-2.12.2-1.oe1.noarch.rpm xerces-j2-2.12.2-1.oe1.noarch.rpm xerces-j2-help-2.12.2-1.oe1.noarch.rpm xerces-j2-2.12.2-1.oe2203.noarch.rpm xerces-j2-help-2.12.2-1.oe2203.noarch.rpm There s a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions. 2022-04-29 CVE-2022-23437 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H xerces-j2 security update 2022-04-29 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1625