ID

VAR-201208-0343

CVE

CVE-2012-2870

TITLE

Google Chrome Used in libxslt Service disruption in (DoS) Vulnerabilities

DESCRIPTION

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. (1) libxslt/pattern.c of xsltCompileLocationPathPattern function (2) libxslt/functions.c of xsltGenerateIdFunction function. A vulnerability exists in libxslt 1.1.26 and earlier versions using Google Chrome prior to 21.0.1180.89 due to improper memory management. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libxslt security update Advisory ID: RHSA-2012:1265-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1265.html Issue date: 2012-09-13 CVE Names: CVE-2011-1202 CVE-2011-3970 CVE-2012-2825 CVE-2012-2870 CVE-2012-2871 ===================================================================== 1. Summary: Updated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202) All libxslt users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libxslt must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 684386 - CVE-2011-1202 libxslt: Heap address leak in XLST 788826 - CVE-2011-3970 libxslt: Out-of-bounds read when parsing certain patterns 835982 - CVE-2012-2825 libxslt: DoS when reading unexpected DTD nodes in XSLT 852935 - CVE-2012-2871 libxslt: Heap-buffer overflow caused by bad cast in XSL transforms 852937 - CVE-2012-2870 libxslt: Use-after-free when processing an invalid XPath expression 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxslt-1.1.17-4.el5_8.3.src.rpm i386: libxslt-1.1.17-4.el5_8.3.i386.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-python-1.1.17-4.el5_8.3.i386.rpm x86_64: libxslt-1.1.17-4.el5_8.3.i386.rpm libxslt-1.1.17-4.el5_8.3.x86_64.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.x86_64.rpm libxslt-python-1.1.17-4.el5_8.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxslt-1.1.17-4.el5_8.3.src.rpm i386: libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-devel-1.1.17-4.el5_8.3.i386.rpm x86_64: libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.x86_64.rpm libxslt-devel-1.1.17-4.el5_8.3.i386.rpm libxslt-devel-1.1.17-4.el5_8.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libxslt-1.1.17-4.el5_8.3.src.rpm i386: libxslt-1.1.17-4.el5_8.3.i386.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-devel-1.1.17-4.el5_8.3.i386.rpm libxslt-python-1.1.17-4.el5_8.3.i386.rpm ia64: libxslt-1.1.17-4.el5_8.3.i386.rpm libxslt-1.1.17-4.el5_8.3.ia64.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.ia64.rpm libxslt-devel-1.1.17-4.el5_8.3.ia64.rpm libxslt-python-1.1.17-4.el5_8.3.ia64.rpm ppc: libxslt-1.1.17-4.el5_8.3.ppc.rpm libxslt-1.1.17-4.el5_8.3.ppc64.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.ppc.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.ppc64.rpm libxslt-devel-1.1.17-4.el5_8.3.ppc.rpm libxslt-devel-1.1.17-4.el5_8.3.ppc64.rpm libxslt-python-1.1.17-4.el5_8.3.ppc.rpm s390x: libxslt-1.1.17-4.el5_8.3.s390.rpm libxslt-1.1.17-4.el5_8.3.s390x.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.s390.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.s390x.rpm libxslt-devel-1.1.17-4.el5_8.3.s390.rpm libxslt-devel-1.1.17-4.el5_8.3.s390x.rpm libxslt-python-1.1.17-4.el5_8.3.s390x.rpm x86_64: libxslt-1.1.17-4.el5_8.3.i386.rpm libxslt-1.1.17-4.el5_8.3.x86_64.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.x86_64.rpm libxslt-devel-1.1.17-4.el5_8.3.i386.rpm libxslt-devel-1.1.17-4.el5_8.3.x86_64.rpm libxslt-python-1.1.17-4.el5_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm i386: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm x86_64: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-1.1.26-2.el6_3.1.x86_64.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm i386: libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm libxslt-python-1.1.26-2.el6_3.1.i686.rpm x86_64: libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm x86_64: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-1.1.26-2.el6_3.1.x86_64.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm x86_64: libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm i386: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm ppc64: libxslt-1.1.26-2.el6_3.1.ppc.rpm libxslt-1.1.26-2.el6_3.1.ppc64.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.ppc.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.ppc64.rpm libxslt-devel-1.1.26-2.el6_3.1.ppc.rpm libxslt-devel-1.1.26-2.el6_3.1.ppc64.rpm s390x: libxslt-1.1.26-2.el6_3.1.s390.rpm libxslt-1.1.26-2.el6_3.1.s390x.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.s390.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.s390x.rpm libxslt-devel-1.1.26-2.el6_3.1.s390.rpm libxslt-devel-1.1.26-2.el6_3.1.s390x.rpm x86_64: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-1.1.26-2.el6_3.1.x86_64.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm i386: libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-python-1.1.26-2.el6_3.1.i686.rpm ppc64: libxslt-debuginfo-1.1.26-2.el6_3.1.ppc64.rpm libxslt-python-1.1.26-2.el6_3.1.ppc64.rpm s390x: libxslt-debuginfo-1.1.26-2.el6_3.1.s390x.rpm libxslt-python-1.1.26-2.el6_3.1.s390x.rpm x86_64: libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm i386: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm x86_64: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-1.1.26-2.el6_3.1.x86_64.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm i386: libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-python-1.1.26-2.el6_3.1.i686.rpm x86_64: libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1202.html https://www.redhat.com/security/data/cve/CVE-2011-3970.html https://www.redhat.com/security/data/cve/CVE-2012-2825.html https://www.redhat.com/security/data/cve/CVE-2012-2870.html https://www.redhat.com/security/data/cve/CVE-2012-2871.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQUh7JXlSAg2UNWIIRAsJmAJ9pVP2vkhEuIh3hhi9lyVfa/cnCmwCgtTiS bhFgk6Ez9OXi3ibu0HSzdxg= =c8UZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. ============================================================================ Ubuntu Security Notice USN-1595-1 October 04, 2012 libxslt vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Applications using libxslt could be made to crash or run programs as your login if they processed a specially crafted file. Software Description: - libxslt: XSLT processing library Details: Chris Evans discovered that libxslt incorrectly handled generate-id XPath functions. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could obtain potentially sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2011-1202) It was discovered that libxslt incorrectly parsed certain patterns. (CVE-2011-3970) Nicholas Gregoire discovered that libxslt incorrectly handled unexpected DTD nodes. (CVE-2012-2825) Nicholas Gregoire discovered that libxslt incorrectly managed memory. (CVE-2012-2870) Nicholas Gregoire discovered that libxslt incorrectly handled certain transforms. (CVE-2012-2871) Cris Neckar discovered that libxslt incorrectly managed memory. (CVE-2012-2893) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libxslt1.1 1.1.26-8ubuntu1.2 Ubuntu 11.10: libxslt1.1 1.1.26-7ubuntu0.1 Ubuntu 11.04: libxslt1.1 1.1.26-6ubuntu0.1 Ubuntu 10.04 LTS: libxslt1.1 1.1.26-1ubuntu1.1 Ubuntu 8.04 LTS: libxslt1.1 1.1.22-1ubuntu1.3 In general, a standard system update will make all the necessary changes. Background ========== libxslt is the XSLT C library developed for the GNOME project. XSLT is an XML language to define transformations for XML. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxslt < 1.1.28 >= 1.1.28 Description =========== Multiple vulnerabilities have been found in libxslt: * Multiple errors exist in pattern.c and functions.c (CVE-2012-2870, CVE-2012-6139). * A double-free error exists in templates.c (CVE-2012-2893). * A NULL pointer dereference in keys.c (CVE-2012-6139). * An error in handling stylesheets containing DTDs (CVE-2013-4520). Workaround ========== There is no known workaround at this time. Resolution ========== All libxslt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxslt-1.1.28" Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. References ========== [ 1 ] CVE-2012-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2870 [ 2 ] CVE-2012-2893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2893 [ 3 ] CVE-2012-6139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6139 [ 4 ] CVE-2013-4520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4520 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . For the stable distribution (squeeze), these problems have been fixed in version 1.1.26-6+squeeze2. For the unstable distribution (sid), these problems have been fixed in version 1.1.26-14. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-20-1 Apple TV 6.0 Apple TV 6.0 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1025 : Felix Groebert of the Google Security Team Apple TV Available for: Apple TV 2nd generation and later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Sorenson encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update added the involved sub-CA certificate to OS X's list of untrusted certificates. CVE-ID CVE-2013-5134 Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker who has arbitrary code execution on a device may be able to persist code execution across reboots Description: Multiple buffer overflows existed in dyld's openSharedCacheFile() function. These issues were addressed through improved bounds checking. CVE-ID CVE-2013-3950 : Stefan Esser Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1026 : Felix Groebert of the Google Security Team Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious local application could cause an unexpected system termination Description: A null pointer dereference existed in IOCatalogue. The issue was addressed through additional type checking. CVE-ID CVE-2013-5138 : Will Estes Apple TV Available for: Apple TV 2nd generation and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: An out of bounds array access existed in the IOSerialFamily driver. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-5139 : @dent1zt Apple TV Available for: Apple TV 2nd generation and later Impact: A remote attacker can cause a device to unexpectedly restart Description: Sending an invalid packet fragment to a device can cause a kernel assert to trigger, leading to a device restart. The issue was addressed through additional validation of packet fragments. CVE-ID CVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous researcher working with CERT-FI, Antti LevomAki and Lauri Virtanen of Vulnerability Analysis Group, Stonesoft Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker on a local network can cause a denial of service Description: An attacker on a local network can send specially crafted IPv6 ICMP packets and cause high CPU load. The issue was addressed by rate limiting ICMP packets before verifying their checksum. CVE-ID CVE-2011-2391 : Marc Heuse Apple TV Available for: Apple TV 2nd generation and later Impact: Kernel stack memory may be disclosed to local users Description: An information disclosure issue existed in the msgctl and segctl APIs. This issue was addressed by initializing data structures returned from the kernel. CVE-ID CVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc Apple TV Available for: Apple TV 2nd generation and later Impact: Unprivileged processes could get access to the contents of kernel memory which could lead to privilege escalation Description: An information disclosure issue existed in the mach_port_space_info API. This issue was addressed by initializing the iin_collision field in structures returned from the kernel. CVE-ID CVE-2013-3953 : Stefan Esser Apple TV Available for: Apple TV 2nd generation and later Impact: Unprivileged processes may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A memory corruption issue existed in the handling of arguments to the posix_spawn API. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-3954 : Stefan Esser Apple TV Available for: Apple TV 2nd generation and later Impact: An unauthorized process may modify the set of loaded kernel extensions Description: An issue existed in kextd's handling of IPC messages from unauthenticated senders. This issue was addressed by adding additional authorization checks. CVE-ID CVE-2013-5145 : "Rainbow PRISM" Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0. CVE-ID CVE-2011-3102 : Juri Aedla CVE-2012-0841 CVE-2012-2807 : Juri Aedla CVE-2012-5134 : Google Chrome Security Team (Juri Aedla) Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28. CVE-ID CVE-2012-2825 : Nicolas Gregoire CVE-2012-2870 : Nicolas Gregoire CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas Gregoire Apple TV Available for: Apple TV 2nd generation and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-0879 : Atte Kettunen of OUSPG CVE-2013-0991 : Jay Civelli of the Chromium development community CVE-2013-0992 : Google Chrome Security Team (Martin Barbella) CVE-2013-0993 : Google Chrome Security Team (Inferno) CVE-2013-0994 : David German of Google CVE-2013-0995 : Google Chrome Security Team (Inferno) CVE-2013-0996 : Google Chrome Security Team (Inferno) CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative CVE-2013-0998 : pa_kt working with HP's Zero Day Initiative CVE-2013-0999 : pa_kt working with HP's Zero Day Initiative CVE-2013-1000 : Fermin J. Serna of the Google Security Team CVE-2013-1001 : Ryan Humenick CVE-2013-1002 : Sergey Glazunov CVE-2013-1003 : Google Chrome Security Team (Inferno) CVE-2013-1004 : Google Chrome Security Team (Martin Barbella) CVE-2013-1005 : Google Chrome Security Team (Martin Barbella) CVE-2013-1006 : Google Chrome Security Team (Martin Barbella) CVE-2013-1007 : Google Chrome Security Team (Inferno) CVE-2013-1008 : Sergey Glazunov CVE-2013-1010 : miaubiz CVE-2013-1011 CVE-2013-1037 : Google Chrome Security Team CVE-2013-1038 : Google Chrome Security Team CVE-2013-1039 : own-hero Research working with iDefense VCP CVE-2013-1040 : Google Chrome Security Team CVE-2013-1041 : Google Chrome Security Team CVE-2013-1042 : Google Chrome Security Team CVE-2013-1043 : Google Chrome Security Team CVE-2013-1044 : Apple CVE-2013-1045 : Google Chrome Security Team CVE-2013-1046 : Google Chrome Security Team CVE-2013-1047 : miaubiz CVE-2013-2842 : Cyril Cattiaux CVE-2013-5125 : Google Chrome Security Team CVE-2013-5126 : Apple CVE-2013-5127 : Google Chrome Security Team CVE-2013-5128 : Apple Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About"

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Mandriva

SOURCES

LAST UPDATE DATE

2026-04-18T22:23:02.504000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE