The xerces-j2 packages provide the Apache Xerces2 Java Parser, ahigh-performance XML parser. A Document Type Definition (DTD) defines thelegal syntax (and also which elements can be used) for certain types offiles, such as XML files.A flaw was found in the way the Apache Xerces2 Java Parser processed theSYSTEM identifier in DTDs. A remote attacker could provide aspecially-crafted XML file, which once parsed by an application using theApache Xerces2 Java Parser, would lead to a denial of service (applicationhang due to excessive CPU use). (CVE-2009-2625)Users should upgrade to these updated packages, which contain a backportedpatch to correct this issue. Applications using the Apache Xerces2 JavaParser must be restarted for this update to take effect.