var-201605-0467
Vulnerability from variot
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code and bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 9.3.2, watchOS 2.2.1, Mac OS X 10.11.5, and tvOS 9.2.1 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: libxml2 security update Advisory ID: RHSA-2016:1292-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1292 Issue date: 2016-06-23 CVE Names: CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 =====================================================================
- Summary:
An update for libxml2 is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The libxml2 library is a development toolbox providing the implementation of various XML standards. (CVE-2016-1834, CVE-2016-1840)
Multiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all applications linked to the libxml2 library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode 1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file 1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar 1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName 1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs 1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral 1338700 - CVE-2016-4448 libxml2: Format string vulnerability 1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content 1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey 1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString 1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal 1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup 1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat 1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar
- Package List:
Red Hat Enterprise Linux HPC Node (v. 6):
Source: libxml2-2.7.6-21.el6_8.1.src.rpm
x86_64: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-2.7.6-21.el6_8.1.x86_64.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: libxml2-2.7.6-21.el6_8.1.src.rpm
i386: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-python-2.7.6-21.el6_8.1.i686.rpm
ppc64: libxml2-2.7.6-21.el6_8.1.ppc.rpm libxml2-2.7.6-21.el6_8.1.ppc64.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.ppc.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm libxml2-devel-2.7.6-21.el6_8.1.ppc.rpm libxml2-devel-2.7.6-21.el6_8.1.ppc64.rpm libxml2-python-2.7.6-21.el6_8.1.ppc64.rpm
s390x: libxml2-2.7.6-21.el6_8.1.s390.rpm libxml2-2.7.6-21.el6_8.1.s390x.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.s390.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm libxml2-devel-2.7.6-21.el6_8.1.s390.rpm libxml2-devel-2.7.6-21.el6_8.1.s390x.rpm libxml2-python-2.7.6-21.el6_8.1.s390x.rpm
x86_64: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-2.7.6-21.el6_8.1.x86_64.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-static-2.7.6-21.el6_8.1.i686.rpm
ppc64: libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm libxml2-static-2.7.6-21.el6_8.1.ppc64.rpm
s390x: libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm libxml2-static-2.7.6-21.el6_8.1.s390x.rpm
x86_64: libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: libxml2-2.7.6-21.el6_8.1.src.rpm
i386: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-python-2.7.6-21.el6_8.1.i686.rpm
x86_64: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-2.7.6-21.el6_8.1.x86_64.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-static-2.7.6-21.el6_8.1.i686.rpm
x86_64: libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64: libxml2-2.9.1-6.el7_2.3.i686.rpm libxml2-2.9.1-6.el7_2.3.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.3.i686.rpm libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64: libxml2-2.9.1-6.el7_2.3.i686.rpm libxml2-2.9.1-6.el7_2.3.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.3.i686.rpm libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: libxml2-2.9.1-6.el7_2.3.src.rpm
ppc64: libxml2-2.9.1-6.el7_2.3.ppc.rpm libxml2-2.9.1-6.el7_2.3.ppc64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm libxml2-devel-2.9.1-6.el7_2.3.ppc.rpm libxml2-devel-2.9.1-6.el7_2.3.ppc64.rpm libxml2-python-2.9.1-6.el7_2.3.ppc64.rpm
ppc64le: libxml2-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-devel-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-python-2.9.1-6.el7_2.3.ppc64le.rpm
s390x: libxml2-2.9.1-6.el7_2.3.s390.rpm libxml2-2.9.1-6.el7_2.3.s390x.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm libxml2-devel-2.9.1-6.el7_2.3.s390.rpm libxml2-devel-2.9.1-6.el7_2.3.s390x.rpm libxml2-python-2.9.1-6.el7_2.3.s390x.rpm
x86_64: libxml2-2.9.1-6.el7_2.3.i686.rpm libxml2-2.9.1-6.el7_2.3.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.3.i686.rpm libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm libxml2-static-2.9.1-6.el7_2.3.ppc.rpm libxml2-static-2.9.1-6.el7_2.3.ppc64.rpm
ppc64le: libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-static-2.9.1-6.el7_2.3.ppc64le.rpm
s390x: libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm libxml2-static-2.9.1-6.el7_2.3.s390.rpm libxml2-static-2.9.1-6.el7_2.3.s390x.rpm
x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64: libxml2-2.9.1-6.el7_2.3.i686.rpm libxml2-2.9.1-6.el7_2.3.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.3.i686.rpm libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-1762 https://access.redhat.com/security/cve/CVE-2016-1833 https://access.redhat.com/security/cve/CVE-2016-1834 https://access.redhat.com/security/cve/CVE-2016-1835 https://access.redhat.com/security/cve/CVE-2016-1836 https://access.redhat.com/security/cve/CVE-2016-1837 https://access.redhat.com/security/cve/CVE-2016-1838 https://access.redhat.com/security/cve/CVE-2016-1839 https://access.redhat.com/security/cve/CVE-2016-1840 https://access.redhat.com/security/cve/CVE-2016-3627 https://access.redhat.com/security/cve/CVE-2016-3705 https://access.redhat.com/security/cve/CVE-2016-4447 https://access.redhat.com/security/cve/CVE-2016-4448 https://access.redhat.com/security/cve/CVE-2016-4449 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXa8B8XlSAg2UNWIIRAh9ZAJ99xgPhOaIopIxmynm+vlDcmw4jFACeLvTm ZsVLEgJAF0Zt6xZVzqvVW7U= =fREV -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-05-16-2 iOS 9.3.2
iOS 9.3.2 is now available and addresses the following:
Accessibility Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to determine kernel memory layout Description: A buffer overflow was addressed through improved size validation. CVE-ID CVE-2016-1790 : Rapelly Akhil
CFNetwork Proxies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security
CommonCrypto Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig
CoreCapture Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative
Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero
Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro
ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire)
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved locking. CVE-ID CVE-2016-1814 : Juwei Lin of TrendMicro
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero
IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1823 : Ian Beer of Google Project Zero CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad
libc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson
libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany
libxslt Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt
MapKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)
OpenGL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A user may be unable to fully delete browsing history Description: "Clear History and Website Data" did not clear the history. The issue was addressed through improved data deletion. CVE-ID CVE-2016-1849 : Adham Ghrayeb
Siri Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may be able to use Siri to access contacts and photos from the the lock screen Description: A state management issue existed when accessing Siri results on the lock screen. This issue was addressed by disabling data detectors in Twitter results when the device is locked. CVE-ID CVE-2016-1852 : videosdebarraquito
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose data from another website Description: An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking. CVE-ID CVE-2016-1858 : an anonymous researcher
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day Initiative CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day Initiative CVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative
WebKit Canvas Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "9.3.2". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-37
https://security.gentoo.org/
Severity: Normal Title: libxml2: Multiple vulnerabilities Date: January 16, 2017 Bugs: #564776, #566374, #572878, #573820, #577998, #582538, #582540, #583888, #589816, #597112, #597114, #597116 ID: 201701-37
Synopsis
Multiple vulnerabilities have been found in libxml2, the worst of which could lead to the execution of arbitrary code.
Background
libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/libxml2 < 2.9.4-r1 >= 2.9.4-r1
Description
Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All libxml2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.4-r1"
References
[ 1 ] CVE-2015-1819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819 [ 2 ] CVE-2015-5312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5312 [ 3 ] CVE-2015-7497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7497 [ 4 ] CVE-2015-7498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7498 [ 5 ] CVE-2015-7499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7499 [ 6 ] CVE-2015-7500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7500 [ 7 ] CVE-2015-7941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7941 [ 8 ] CVE-2015-7942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7942 [ 9 ] CVE-2015-8035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8035 [ 10 ] CVE-2015-8242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8242 [ 11 ] CVE-2015-8806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8806 [ 12 ] CVE-2016-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1836 [ 13 ] CVE-2016-1838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1838 [ 14 ] CVE-2016-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1839 [ 15 ] CVE-2016-1840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1840 [ 16 ] CVE-2016-2073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2073 [ 17 ] CVE-2016-3627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3627 [ 18 ] CVE-2016-3705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3705 [ 19 ] CVE-2016-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4483 [ 20 ] CVE-2016-4658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4658 [ 21 ] CVE-2016-5131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-37
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. From: Marc Deslauriers marc.deslauriers@canonical.com Reply-To: Ubuntu Security security@ubuntu.com To: ubuntu-security-announce@lists.ubuntu.com Message-ID: 5755B7E3.5040103@canonical.com Subject: [USN-2994-1] libxml2 vulnerabilities
============================================================================ Ubuntu Security Notice USN-2994-1 June 06, 2016
libxml2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in libxml2. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447)
It was discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1762, CVE-2016-1834)
Mateusz Jurczyk discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839)
Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1835, CVE-2016-1837)
Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-1836)
Kostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1840)
It was discovered that libxml2 would load certain XML external entities. (CVE-2016-4449)
Gustavo Grieco discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-4483)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libxml2 2.9.3+dfsg1-1ubuntu0.1
Ubuntu 15.10: libxml2 2.9.2+zdfsg1-4ubuntu0.4
Ubuntu 14.04 LTS: libxml2 2.9.1+dfsg1-3ubuntu4.8
Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.15
After a standard system update you need to reboot your computer to make all the necessary changes.
For the stable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-5+deb8u2. Description:
This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6.
Security Fix(es):
-
This update fixes several flaws in OpenSSL. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)
-
This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)
-
This update fixes two flaws in httpd. (CVE-2016-4459, CVE-2016-8612)
-
A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808)
-
A memory leak flaw was fixed in expat. Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.
See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/):
JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service
6
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0467", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "watchos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "2.2.1" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.10" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "libxml2", "scope": "lt", "trust": 1.0, "vendor": "xmlsoft", "version": "2.9.4" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "web gateway", "scope": "lte", "trust": 1.0, "vendor": "mcafee", "version": "7.5.2.10" }, { "model": "web gateway", "scope": "lte", "trust": 1.0, "vendor": "mcafee", "version": "7.6.2.3" }, { "model": "tvos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "9.2.1" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "web gateway", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "7.6.0.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "web gateway", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "7.5.0.0" }, { "model": "mac os x", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "10.11.5" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "iphone os", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "9.3.2" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.5" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "12.04 lts" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "14.04 lts" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "15.10" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "16.04 lts" }, { "model": "gnu/linux", "scope": "eq", "trust": 0.8, "vendor": "debian", "version": "8.0" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.10.5" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.11 and later" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.9.5" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "9.3.2 (ipad 2 or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "9.3.2 (iphone 4s or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "9.3.2 (ipod touch first 5 after generation )" }, { "model": "tvos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "9.2.1 (apple tv first 4 generation )" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "2.2.1 (apple watch edition)" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "2.2.1 (apple watch hermes)" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "2.2.1 (apple watch sport)" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "2.2.1 (apple watch)" }, { "model": "tv", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "9.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.211" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2.0" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.3" }, { "model": "advanced secure gateway", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.6" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1.1.4" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.410" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.4" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.24" }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.7" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.7" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.3" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.219" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.10" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.3.1" }, { "model": "junos space 15.1f2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.22" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.2" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.36" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.6.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.5" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.5.2.10" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.0.1" }, { "model": "junos space 15.1r2.11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.2.2.12" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2.1" }, { "model": "authconnector", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "2.5" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.44" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2.1" }, { "model": "email gateway 7.6.2h968406", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.46" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.3" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.26" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.405" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.7" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.0.163" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.3.2" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.72" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.1" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.42" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.6" }, { "model": "ios", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "9.3.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "30" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8" }, { "model": "junos space 15.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.2.20" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.4.1.10" }, { "model": "watch", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.5.2.8" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.2.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.08" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.08" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.213" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.0" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.22" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5.2" }, { "model": "industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.404" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.413" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1" }, { "model": "smartcloud entry appliance fixpac", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.3.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.5" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.11.6" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.7.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.5" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.3" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.401" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.8" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.4.1" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1" }, { "model": "email gateway 7.6.405h1165239", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "50" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5.1.42" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.0.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.3" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.32" }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.5.2.11" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.3" }, { "model": "norman network protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.34" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.2" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.412" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5.1" }, { "model": "watchos", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "2.2.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.1" }, { "model": "junos space 15.2r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2.3" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.21" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.1" }, { "model": "smartcloud entry jre update", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.35" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.33" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.31" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.218" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0" }, { "model": "ios", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "9.3.3" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.10" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.411" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.1.8" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.3.2" }, { "model": "junos space 14.1r1.9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.214" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.1" }, { "model": "smartcloud entry fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.19" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.3.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.2.2" }, { "model": "smartcloud entry appliance fixpac", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.403" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.113" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.1" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "esignal", "scope": "eq", "trust": 0.3, "vendor": "esignal", "version": "6.0.2" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1.1" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.3" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.110" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.5" }, { "model": "junos space 16.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.2" }, { "model": "smartcloud entry fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.110" }, { "model": "proxysg", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.5" }, { "model": "mq appliance m2001", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.2" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.21" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1" }, { "model": "tv", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.3.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.6" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.4" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1" }, { "model": "mq appliance m2000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "solaris sru11.6", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "11.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.1" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.7" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.4" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.5" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.415" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.09" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2" }, { "model": "ipad", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.6" }, { "model": "security identity governance and intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.3" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.0.1" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.12" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.5" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.01" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.5" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.4.0.80" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.8" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.09" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0" }, { "model": "mac os security update", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x2016-0030" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1.1" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.6.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1.2" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.11.5" }, { "model": "smartcloud entry jre update", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.34" }, { "model": "junos space 14.1r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3" }, { "model": "ipod touch", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "40" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.3" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.010" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.2" }, { "model": "itunes", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "12.4.2" }, { "model": "smartcloud entry jre update", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.55" }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.3" }, { "model": "tvos", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "9.2.1" }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.4.1" }, { "model": "mac os security update", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x2016" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.9" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.5.2.9" }, { "model": "watchos", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "2.2.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1" }, { "model": "industrial control systems network scanner", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.2" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.55" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.400" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "1.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.5" }, { "model": "iphone", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.415" }, { "model": "proxysg", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.6" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.3" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.8" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "email gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.406-3402.103" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.3.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.7" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.6.1.7" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1" }, { "model": "email gateway 7.6.405h1157986", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.2" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.402" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0" } ], "sources": [ { "db": "BID", "id": "90691" }, { "db": "JVNDB", "id": "JVNDB-2016-002804" }, { "db": "CNNVD", "id": "CNNVD-201605-478" }, { "db": "NVD", "id": "CVE-2016-1840" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.3.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.11.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.4", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.6.2.3", "versionStartIncluding": "7.6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.5.2.10", "versionStartIncluding": "7.5.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-1840" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Marco Grassi of KeenLab, Tencent, Brandon Azad, CESG, Karl Williamson, Mateusz Jurczyk, Wei Lei and Liu Yang of Nanyang Technological University, Kostya Serebryany, Apple, Sebastian Apelt and Tongbo Luo and Bo Qu of Palo Alto Networks.", "sources": [ { "db": "BID", "id": "90691" } ], "trust": 0.3 }, "cve": "CVE-2016-1840", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-1840", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-90659", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2016-1840", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-1840", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201605-478", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-90659", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-1840", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-90659" }, { "db": "VULMON", "id": "CVE-2016-1840" }, { "db": "JVNDB", "id": "JVNDB-2016-002804" }, { "db": "CNNVD", "id": "CNNVD-201605-478" }, { "db": "NVD", "id": "CVE-2016-1840" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code and bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition. \nVersions prior to iOS 9.3.2, watchOS 2.2.1, Mac OS X 10.11.5, and tvOS 9.2.1 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. \nCVE-ID\nCVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/en-us/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: libxml2 security update\nAdvisory ID: RHSA-2016:1292-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1292\nIssue date: 2016-06-23\nCVE Names: CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 \n CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 \n CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 \n CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 \n CVE-2016-4448 CVE-2016-4449 \n=====================================================================\n\n1. Summary:\n\nAn update for libxml2 is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards. (CVE-2016-1834,\nCVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker\ncould provide a specially crafted XML file that, when processed by an\napplication using libxml2, could cause that application to crash. \n(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447,\nCVE-2016-4448, CVE-2016-4449)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all applications linked to the libxml2\nlibrary must be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode\n1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file\n1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar\n1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName\n1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs\n1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral\n1338700 - CVE-2016-4448 libxml2: Format string vulnerability\n1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content\n1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey\n1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString\n1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal\n1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup\n1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat\n1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar\n\n6. Package List:\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nlibxml2-2.7.6-21.el6_8.1.src.rpm\n\nx86_64:\nlibxml2-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-python-2.7.6-21.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-static-2.7.6-21.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nlibxml2-2.7.6-21.el6_8.1.src.rpm\n\ni386:\nlibxml2-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-python-2.7.6-21.el6_8.1.i686.rpm\n\nppc64:\nlibxml2-2.7.6-21.el6_8.1.ppc.rpm\nlibxml2-2.7.6-21.el6_8.1.ppc64.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.ppc.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.ppc.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.ppc64.rpm\nlibxml2-python-2.7.6-21.el6_8.1.ppc64.rpm\n\ns390x:\nlibxml2-2.7.6-21.el6_8.1.s390.rpm\nlibxml2-2.7.6-21.el6_8.1.s390x.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.s390.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.s390.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.s390x.rpm\nlibxml2-python-2.7.6-21.el6_8.1.s390x.rpm\n\nx86_64:\nlibxml2-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-python-2.7.6-21.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-static-2.7.6-21.el6_8.1.i686.rpm\n\nppc64:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm\nlibxml2-static-2.7.6-21.el6_8.1.ppc64.rpm\n\ns390x:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm\nlibxml2-static-2.7.6-21.el6_8.1.s390x.rpm\n\nx86_64:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-static-2.7.6-21.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nlibxml2-2.7.6-21.el6_8.1.src.rpm\n\ni386:\nlibxml2-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-python-2.7.6-21.el6_8.1.i686.rpm\n\nx86_64:\nlibxml2-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-python-2.7.6-21.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-static-2.7.6-21.el6_8.1.i686.rpm\n\nx86_64:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-static-2.7.6-21.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7_2.3.src.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-python-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-static-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-static-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7_2.3.src.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-python-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-static-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-static-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7_2.3.src.rpm\n\nppc64:\nlibxml2-2.9.1-6.el7_2.3.ppc.rpm\nlibxml2-2.9.1-6.el7_2.3.ppc64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.ppc.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.ppc64.rpm\nlibxml2-python-2.9.1-6.el7_2.3.ppc64.rpm\n\nppc64le:\nlibxml2-2.9.1-6.el7_2.3.ppc64le.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.ppc64le.rpm\nlibxml2-python-2.9.1-6.el7_2.3.ppc64le.rpm\n\ns390x:\nlibxml2-2.9.1-6.el7_2.3.s390.rpm\nlibxml2-2.9.1-6.el7_2.3.s390x.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.s390.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.s390x.rpm\nlibxml2-python-2.9.1-6.el7_2.3.s390x.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-python-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm\nlibxml2-static-2.9.1-6.el7_2.3.ppc.rpm\nlibxml2-static-2.9.1-6.el7_2.3.ppc64.rpm\n\nppc64le:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm\nlibxml2-static-2.9.1-6.el7_2.3.ppc64le.rpm\n\ns390x:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm\nlibxml2-static-2.9.1-6.el7_2.3.s390.rpm\nlibxml2-static-2.9.1-6.el7_2.3.s390x.rpm\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-static-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-static-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7_2.3.src.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-python-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-static-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-static-2.9.1-6.el7_2.3.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-1762\nhttps://access.redhat.com/security/cve/CVE-2016-1833\nhttps://access.redhat.com/security/cve/CVE-2016-1834\nhttps://access.redhat.com/security/cve/CVE-2016-1835\nhttps://access.redhat.com/security/cve/CVE-2016-1836\nhttps://access.redhat.com/security/cve/CVE-2016-1837\nhttps://access.redhat.com/security/cve/CVE-2016-1838\nhttps://access.redhat.com/security/cve/CVE-2016-1839\nhttps://access.redhat.com/security/cve/CVE-2016-1840\nhttps://access.redhat.com/security/cve/CVE-2016-3627\nhttps://access.redhat.com/security/cve/CVE-2016-3705\nhttps://access.redhat.com/security/cve/CVE-2016-4447\nhttps://access.redhat.com/security/cve/CVE-2016-4448\nhttps://access.redhat.com/security/cve/CVE-2016-4449\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXa8B8XlSAg2UNWIIRAh9ZAJ99xgPhOaIopIxmynm+vlDcmw4jFACeLvTm\nZsVLEgJAF0Zt6xZVzqvVW7U=\n=fREV\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-05-16-2 iOS 9.3.2\n\niOS 9.3.2 is now available and addresses the following:\n\nAccessibility\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An application may be able to determine kernel memory layout\nDescription: A buffer overflow was addressed through improved size\nvalidation. \nCVE-ID\nCVE-2016-1790 : Rapelly Akhil\n\nCFNetwork Proxies\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An information leak existed in the handling of HTTP and\nHTTPS requests. This issue was addressed through improved URL\nhandling. \nCVE-ID\nCVE-2016-1801 : Alex Chapman and Paul Stone of Context Information\nSecurity\n\nCommonCrypto\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: An issue existed in the handling of return values in\nCCCrypt. This issue was addressed through improved key length\nmanagement. \nCVE-ID\nCVE-2016-1802 : Klaus Rodewig\n\nCoreCapture\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working\nwith Trend Micro\u2019s Zero Day Initiative\n\nDisk Images\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local attacker may be able to read kernel memory\nDescription: A race condition was addressed through improved\nlocking. \nCVE-ID\nCVE-2016-1807 : Ian Beer of Google Project Zero\n\nDisk Images\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the parsing of\ndisk images. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of\nTrend Micro\n\nImageIO\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: A null pointer dereference was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1811 : Lander Brandt (@landaire)\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of\nTrend Micro working with Trend Micro\u0027s Zero Day Initiative\nCVE-2016-1818 : Juwei Lin of TrendMicro\nCVE-2016-1819 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An application may be able to cause a denial of service\nDescription: A null pointer dereference was addressed through\nimproved locking. \nCVE-ID\nCVE-2016-1814 : Juwei Lin of TrendMicro\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1813 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1823 : Ian Beer of Google Project Zero\nCVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab),\nTencent\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1827 : Brandon Azad\nCVE-2016-1828 : Brandon Azad\nCVE-2016-1829 : CESG\nCVE-2016-1830 : Brandon Azad\nCVE-2016-1831 : Brandon Azad\n\nlibc\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1832 : Karl Williamson\n\nlibxml2\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Processing maliciously crafted XML may lead to an unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1833 : Mateusz Jurczyk\nCVE-2016-1834 : Apple\nCVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-1838 : Mateusz Jurczyk\nCVE-2016-1839 : Mateusz Jurczyk\nCVE-2016-1840 : Kostya Serebryany\n\nlibxslt\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1841 : Sebastian Apelt\n\nMapKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: Shared links were sent with HTTP rather than HTTPS. \nThis was addressed by enabling HTTPS for shared links. \nCVE-ID\nCVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)\n\nOpenGL\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A user may be unable to fully delete browsing history\nDescription: \"Clear History and Website Data\" did not clear the\nhistory. The issue was addressed through improved data deletion. \nCVE-ID\nCVE-2016-1849 : Adham Ghrayeb\n\nSiri\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to an iOS device may be able\nto use Siri to access contacts and photos from the the lock screen\nDescription: A state management issue existed when accessing Siri\nresults on the lock screen. This issue was addressed by disabling\ndata detectors in Twitter results when the device is locked. \nCVE-ID\nCVE-2016-1852 : videosdebarraquito\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may disclose data from another\nwebsite\nDescription: An insufficient taint tracking issue in the parsing of\nsvg images was addressed through improved taint tracking. \nCVE-ID\nCVE-2016-1858 : an anonymous researcher\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1854 : Anonymous working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks\nCVE-2016-1856 : lokihardt working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of\nKeenLab, Tencent working with Trend Micro\u0027s Zero Day Initiative\n\nWebKit Canvas\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with\nTrend Micro\u0027s Zero Day Initiative\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"9.3.2\". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201701-37\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: libxml2: Multiple vulnerabilities\n Date: January 16, 2017\n Bugs: #564776, #566374, #572878, #573820, #577998, #582538,\n #582540, #583888, #589816, #597112, #597114, #597116\n ID: 201701-37\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in libxml2, the worst of which\ncould lead to the execution of arbitrary code. \n\nBackground\n==========\n\nlibxml2 is the XML (eXtended Markup Language) C parser and toolkit\ninitially developed for the Gnome project. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/libxml2 \u003c 2.9.4-r1 \u003e= 2.9.4-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in libxml2. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libxml2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/libxml2-2.9.4-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-1819\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819\n[ 2 ] CVE-2015-5312\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5312\n[ 3 ] CVE-2015-7497\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7497\n[ 4 ] CVE-2015-7498\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7498\n[ 5 ] CVE-2015-7499\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7499\n[ 6 ] CVE-2015-7500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7500\n[ 7 ] CVE-2015-7941\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7941\n[ 8 ] CVE-2015-7942\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7942\n[ 9 ] CVE-2015-8035\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8035\n[ 10 ] CVE-2015-8242\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8242\n[ 11 ] CVE-2015-8806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8806\n[ 12 ] CVE-2016-1836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1836\n[ 13 ] CVE-2016-1838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1838\n[ 14 ] CVE-2016-1839\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1839\n[ 15 ] CVE-2016-1840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1840\n[ 16 ] CVE-2016-2073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2073\n[ 17 ] CVE-2016-3627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3627\n[ 18 ] CVE-2016-3705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3705\n[ 19 ] CVE-2016-4483\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4483\n[ 20 ] CVE-2016-4658\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4658\n[ 21 ] CVE-2016-5131\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-37\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. From: Marc Deslauriers \u003cmarc.deslauriers@canonical.com\u003e\nReply-To: Ubuntu Security \u003csecurity@ubuntu.com\u003e\nTo: ubuntu-security-announce@lists.ubuntu.com\nMessage-ID: \u003c5755B7E3.5040103@canonical.com\u003e\nSubject: [USN-2994-1] libxml2 vulnerabilities\n\n\n\n\n============================================================================\nUbuntu Security Notice USN-2994-1\nJune 06, 2016\n\nlibxml2 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in libxml2. (CVE-2015-8806, CVE-2016-2073,\nCVE-2016-3627, CVE-2016-3705, CVE-2016-4447)\n\nIt was discovered that libxml2 incorrectly handled certain malformed\ndocuments. \n(CVE-2016-1762, CVE-2016-1834)\n\nMateusz Jurczyk discovered that libxml2 incorrectly handled certain\nmalformed documents. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839)\n\nWei Lei and Liu Yang discovered that libxml2 incorrectly handled certain\nmalformed documents. (CVE-2016-1835, CVE-2016-1837)\n\nWei Lei and Liu Yang discovered that libxml2 incorrectly handled certain\nmalformed documents. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and\nUbuntu 16.04 LTS. (CVE-2016-1836)\n\nKostya Serebryany discovered that libxml2 incorrectly handled certain\nmalformed documents. (CVE-2016-1840)\n\nIt was discovered that libxml2 would load certain XML external entities. (CVE-2016-4449)\n\nGustavo Grieco discovered that libxml2 incorrectly handled certain\nmalformed documents. (CVE-2016-4483)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libxml2 2.9.3+dfsg1-1ubuntu0.1\n\nUbuntu 15.10:\n libxml2 2.9.2+zdfsg1-4ubuntu0.4\n\nUbuntu 14.04 LTS:\n libxml2 2.9.1+dfsg1-3ubuntu4.8\n\nUbuntu 12.04 LTS:\n libxml2 2.7.8.dfsg-5.1ubuntu4.15\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.9.1+dfsg1-5+deb8u2. Description:\n\nThis release of Red Hat JBoss Core Services httpd 2.4.23 serves as a\nreplacement for JBoss Core Services Apache HTTP Server 2.4.6. \n\nSecurity Fix(es):\n\n* This update fixes several flaws in OpenSSL. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. Upstream acknowledges Stephen Henson (OpenSSL development team)\nas the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),\nHanno BAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,\nCVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj\nSomorovsky as the original reporter of CVE-2016-2107; Yuval Yarom\n(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv\nUniversity), and Nadia Heninger (University of Pennsylvania) as the\noriginal reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as\nthe original reporter of CVE-2016-0705. \n\nSee the corresponding CVE pages linked to in the References section for\nmore information about each of the flaws listed in this advisory. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6", "sources": [ { "db": "NVD", "id": "CVE-2016-1840" }, { "db": "JVNDB", "id": "JVNDB-2016-002804" }, { "db": "BID", "id": "90691" }, { "db": "VULHUB", "id": "VHN-90659" }, { "db": "VULMON", "id": "CVE-2016-1840" }, { "db": "PACKETSTORM", "id": "137080" }, { "db": "PACKETSTORM", "id": "137613" }, { "db": "PACKETSTORM", "id": "137076" }, { "db": "PACKETSTORM", "id": "140533" }, { "db": "PACKETSTORM", "id": "137335" }, { "db": "PACKETSTORM", "id": "137298" }, { "db": "PACKETSTORM", "id": "140182" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-1840", "trust": 3.6 }, { "db": "MCAFEE", "id": "SB10170", "trust": 2.1 }, { "db": "BID", "id": "90691", "trust": 2.1 }, { "db": "SECTRACK", "id": "1035890", "trust": 1.8 }, { "db": "TENABLE", "id": "TNS-2016-18", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU91632741", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-002804", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201605-478", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2023.3732", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2340", "trust": 0.6 }, { "db": "JUNIPER", "id": "JSA10770", "trust": 0.3 }, { "db": "VULHUB", "id": "VHN-90659", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-1840", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137080", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137613", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137076", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140533", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137335", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137298", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140182", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-90659" }, { "db": "VULMON", "id": "CVE-2016-1840" }, { "db": "BID", "id": "90691" }, { "db": "JVNDB", "id": "JVNDB-2016-002804" }, { "db": "PACKETSTORM", "id": "137080" }, { "db": "PACKETSTORM", "id": "137613" }, { "db": "PACKETSTORM", "id": "137076" }, { "db": "PACKETSTORM", "id": "140533" }, { "db": "PACKETSTORM", "id": "137335" }, { "db": "PACKETSTORM", "id": "137298" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "CNNVD", "id": "CNNVD-201605-478" }, { "db": "NVD", "id": "CVE-2016-1840" } ] }, "id": "VAR-201605-0467", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-90659" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:36:25.410000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Apple security updates", "trust": 0.8, "url": "https://support.apple.com/en-us/ht201222" }, { "title": "APPLE-SA-2016-05-16-3 watchOS 2.2.1", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00003.html" }, { "title": "APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00004.html" }, { "title": "APPLE-SA-2016-05-16-2 iOS 9.3.2", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00002.html" }, { "title": "APPLE-SA-2016-05-16-1 tvOS 9.2.1", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00001.html" }, { "title": "HT206564", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206564" }, { "title": "HT206566", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206566" }, { "title": "HT206567", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206567" }, { "title": "HT206568", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206568" }, { "title": "HT206566", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206566" }, { "title": "HT206567", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206567" }, { "title": "HT206568", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206568" }, { "title": "HT206564", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206564" }, { "title": "DSA-3593", "trust": 0.8, "url": "https://www.debian.org/security/2016/dsa-3593" }, { "title": "Bug 757711", "trust": 0.8, "url": "https://bugzilla.gnome.org/show_bug.cgi?id=757711" }, { "title": "Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup \u003chttps://bugzilla.gnome.org/show_bug.cgi?id=757711\u003e", "trust": 0.8, "url": "https://git.gnome.org/browse/libxml2/commit/?id=cbb271655cadeb8dbb258a64701d9a3a0c4835b4" }, { "title": "Oracle Linux Bulletin - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "title": "Oracle Solaris Third Party Bulletin - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" }, { "title": "Oracle VM Server for x86 Bulletin - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "title": "RHSA-2016:1292", "trust": 0.8, "url": "https://access.redhat.com/errata/rhsa-2016:1292" }, { "title": "TLSA-2016-22", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-22j.html" }, { "title": "USN-2994-1", "trust": 0.8, "url": "http://www.ubuntu.com/usn/usn-2994-1" }, { "title": "2.9.4: May 23 2016", "trust": 0.8, "url": "http://xmlsoft.org/news.html" }, { "title": "Apple iOS , watchOS , OS X El Capitan and tvOS libxml2 Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=61792" }, { "title": "Apple: watchOS 2.2.1", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ee2628a4bdc6cee776cdd4b03ea8fc3f" }, { "title": "Apple: tvOS 9.2.1", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=22a8333fe6ca4f25dfb12984728f42d0" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory" }, { "title": "Ubuntu Security Notice: libxml2 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2994-1" }, { "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2016-2073: out-of-bounds read in htmlParseNameComplex()", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e21c0505f8306f0416606e1a2ec5e18e" }, { "title": "Debian CVElist Bug Report Logs: libxml2: Heap-buffer overread in libxml2/dict.c", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1b5e8a6bfa7b3b48920376b728b6bbe2" }, { "title": "Apple: iOS 9.3.2", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=d85657e8623d63e2afdb2287247cdad6" }, { "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2016-3627: stack exhaustion in libxml2 parsing xml files in recover mode", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=7ad6e7048d3904deff82dbbe81adf528" }, { "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2016-4483", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=17d0780fd9f0deb51d01d88ca9e90fe3" }, { "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2016-3705: stack overflow before detecting invalid XML file", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ed475d816a8279c18b15a9aac8146ada" }, { "title": "Amazon Linux AMI: ALAS-2016-719", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-719" }, { "title": "Apple: OS X El Capitan v10.11.5 and Security Update 2016-003", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=3c550201b398ce302f3a9adf27215fda" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707" }, { "title": "Symantec Security Advisories: SA129 : Multiple libxml2 Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=4306b2beef409e7d3306d20a4621babf" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38" }, { "title": "Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-18" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-1840" }, { "db": "JVNDB", "id": "JVNDB-2016-002804" }, { "db": "CNNVD", "id": "CNNVD-201605-478" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-90659" }, { "db": "JVNDB", "id": "JVNDB-2016-002804" }, { "db": "NVD", "id": "CVE-2016-1840" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" }, { "trust": 2.1, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "trust": 2.1, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "trust": 2.0, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10170" }, { "trust": 1.9, "url": "https://security.gentoo.org/glsa/201701-37" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2016:1292" }, { "trust": 1.9, "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html" }, { "trust": 1.9, "url": "http://www.ubuntu.com/usn/usn-2994-1" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00001.html" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00002.html" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00003.html" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2016/may/msg00004.html" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/90691" }, { "trust": 1.8, "url": "http://xmlsoft.org/news.html" }, { "trust": 1.8, "url": "https://bugzilla.gnome.org/show_bug.cgi?id=757711" }, { "trust": 1.8, "url": "https://git.gnome.org/browse/libxml2/commit/?id=cbb271655cadeb8dbb258a64701d9a3a0c4835b4" }, { "trust": 1.8, "url": "https://support.apple.com/ht206564" }, { "trust": 1.8, "url": "https://support.apple.com/ht206566" }, { "trust": 1.8, "url": "https://support.apple.com/ht206567" }, { "trust": 1.8, "url": "https://support.apple.com/ht206568" }, { "trust": 1.8, "url": "https://www.tenable.com/security/tns-2016-18" }, { "trust": 1.8, "url": "https://www.debian.org/security/2016/dsa-3593" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1035890" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1840" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu91632741/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1840" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2340/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.3732" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3705" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3627" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762" }, { "trust": 0.3, "url": "http://www.apple.com/ios/" }, { "trust": 0.3, "url": "http://www.apple.com/accessibility/tvos/" }, { "trust": 0.3, "url": "http://www.apple.com/watchos-2/" }, { "trust": 0.3, "url": "http://www.apple.com/ipad/" }, { "trust": 0.3, "url": "http://www.apple.com/iphone/" }, { "trust": 0.3, "url": "http://www.apple.com/ipodtouch/" }, { "trust": 0.3, "url": "http://www.apple.com/macosx/" }, { "trust": 0.3, "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10770\u0026actp=rss" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024088" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024194" }, { "trust": 0.3, "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf" }, { "trust": 0.3, "url": "https://bto.bluecoat.com/security-advisory/sa129" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986974" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989043" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990750" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8806" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2073" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1823" }, { "trust": 0.2, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.2, "url": "https://gpgtools.org" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1829" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1817" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1819" }, { "trust": 0.2, "url": "https://www.linkedin.com/in/rshupak)" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1803" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1827" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1808" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1830" }, { "trust": 0.2, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1813" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1811" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1828" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1807" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1818" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1802" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1824" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1832" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1838" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1837" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1834" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-4448" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1839" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1833" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1840" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1836" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1762" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1835" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-4449" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-4447" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-3705" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-3627" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10170" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht206566" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2994-1/" }, { "trust": 0.1, "url": "https://support.apple.com/en-us/ht204641" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1847" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1842" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1841" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://www.apple.com/itunes/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1831" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1801" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1790" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5131" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1840" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1838" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3627" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4483" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1839" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2073" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7499" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1836" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8806" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7498" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7941" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8035" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5131" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5312" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7498" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7500" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7941" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1819" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7497" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8242" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4658" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7497" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libxml2/2.9.2+zdfsg1-4ubuntu0.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libxml2/2.9.3+dfsg1-1ubuntu0.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.8" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.15" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3196" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2106" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0702" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-8176" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6808" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2177" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4483" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-8612" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3185" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3194" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2105" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0286" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5420" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2178" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2108" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2012-1148" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4459" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0209" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-7141" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0799" } ], "sources": [ { "db": "VULHUB", "id": "VHN-90659" }, { "db": "VULMON", "id": "CVE-2016-1840" }, { "db": "BID", "id": "90691" }, { "db": "JVNDB", "id": "JVNDB-2016-002804" }, { "db": "PACKETSTORM", "id": "137080" }, { "db": "PACKETSTORM", "id": "137613" }, { "db": "PACKETSTORM", "id": "137076" }, { "db": "PACKETSTORM", "id": "140533" }, { "db": "PACKETSTORM", "id": "137335" }, { "db": "PACKETSTORM", "id": "137298" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "CNNVD", "id": "CNNVD-201605-478" }, { "db": "NVD", "id": "CVE-2016-1840" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-90659" }, { "db": "VULMON", "id": "CVE-2016-1840" }, { "db": "BID", "id": "90691" }, { "db": "JVNDB", "id": "JVNDB-2016-002804" }, { "db": "PACKETSTORM", "id": "137080" }, { "db": "PACKETSTORM", "id": "137613" }, { "db": "PACKETSTORM", "id": "137076" }, { "db": "PACKETSTORM", "id": "140533" }, { "db": "PACKETSTORM", "id": "137335" }, { "db": "PACKETSTORM", "id": "137298" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "CNNVD", "id": "CNNVD-201605-478" }, { "db": "NVD", "id": "CVE-2016-1840" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-05-20T00:00:00", "db": "VULHUB", "id": "VHN-90659" }, { "date": "2016-05-20T00:00:00", "db": "VULMON", "id": "CVE-2016-1840" }, { "date": "2016-05-16T00:00:00", "db": "BID", "id": "90691" }, { "date": "2016-05-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-002804" }, { "date": "2016-05-17T15:59:22", "db": "PACKETSTORM", "id": "137080" }, { "date": "2016-06-23T13:00:52", "db": "PACKETSTORM", "id": "137613" }, { "date": "2016-05-17T15:50:52", "db": "PACKETSTORM", "id": "137076" }, { "date": "2017-01-17T02:26:10", "db": "PACKETSTORM", "id": "140533" }, { "date": "2016-06-07T07:41:54", "db": "PACKETSTORM", "id": "137335" }, { "date": "2016-06-02T16:29:00", "db": "PACKETSTORM", "id": "137298" }, { "date": "2016-12-16T16:34:49", "db": "PACKETSTORM", "id": "140182" }, { "date": "2016-05-20T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-478" }, { "date": "2016-05-20T10:59:54.190000", "db": "NVD", "id": "CVE-2016-1840" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-03-25T00:00:00", "db": "VULHUB", "id": "VHN-90659" }, { "date": "2019-03-25T00:00:00", "db": "VULMON", "id": "CVE-2016-1840" }, { "date": "2017-12-19T22:37:00", "db": "BID", "id": "90691" }, { "date": "2016-11-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-002804" }, { "date": "2023-06-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-478" }, { "date": "2019-03-25T17:27:42.027000", "db": "NVD", "id": "CVE-2016-1840" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201605-478" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Apple Used in products libxml2 of xmlFAParsePosCharGroup Heap-based buffer overflow vulnerability in functions", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-002804" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201605-478" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.