ID

VAR-201211-0356

CVE

CVE-2012-5134

TITLE

Google Chrome Buffer error vulnerability

DESCRIPTION

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. An attacker with a privileged network position may inject arbitrary contents. This issue was addressed by using an encrypted HTTPS connection to retrieve tutorials. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libxml2 security update Advisory ID: RHSA-2012:1512-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1512.html Issue date: 2012-11-29 CVE Names: CVE-2012-5134 ===================================================================== 1. Summary: Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. (CVE-2012-5134) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 880466 - CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.15.el5_8.6.src.rpm i386: libxml2-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-python-2.6.26-2.1.15.el5_8.6.i386.rpm x86_64: libxml2-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-2.6.26-2.1.15.el5_8.6.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.x86_64.rpm libxml2-python-2.6.26-2.1.15.el5_8.6.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.15.el5_8.6.src.rpm i386: libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.i386.rpm x86_64: libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.x86_64.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libxml2-2.6.26-2.1.15.el5_8.6.src.rpm i386: libxml2-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-python-2.6.26-2.1.15.el5_8.6.i386.rpm ia64: libxml2-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-2.6.26-2.1.15.el5_8.6.ia64.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.ia64.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.ia64.rpm libxml2-python-2.6.26-2.1.15.el5_8.6.ia64.rpm ppc: libxml2-2.6.26-2.1.15.el5_8.6.ppc.rpm libxml2-2.6.26-2.1.15.el5_8.6.ppc64.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.ppc.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.ppc64.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.ppc.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.ppc64.rpm libxml2-python-2.6.26-2.1.15.el5_8.6.ppc.rpm s390x: libxml2-2.6.26-2.1.15.el5_8.6.s390.rpm libxml2-2.6.26-2.1.15.el5_8.6.s390x.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.s390.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.s390x.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.s390.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.s390x.rpm libxml2-python-2.6.26-2.1.15.el5_8.6.s390x.rpm x86_64: libxml2-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-2.6.26-2.1.15.el5_8.6.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.x86_64.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.x86_64.rpm libxml2-python-2.6.26-2.1.15.el5_8.6.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxml2-2.7.6-8.el6_3.4.src.rpm i386: libxml2-2.7.6-8.el6_3.4.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-python-2.7.6-8.el6_3.4.i686.rpm x86_64: libxml2-2.7.6-8.el6_3.4.i686.rpm libxml2-2.7.6-8.el6_3.4.x86_64.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.x86_64.rpm libxml2-python-2.7.6-8.el6_3.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxml2-2.7.6-8.el6_3.4.src.rpm i386: libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-devel-2.7.6-8.el6_3.4.i686.rpm libxml2-static-2.7.6-8.el6_3.4.i686.rpm x86_64: libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.x86_64.rpm libxml2-devel-2.7.6-8.el6_3.4.i686.rpm libxml2-devel-2.7.6-8.el6_3.4.x86_64.rpm libxml2-static-2.7.6-8.el6_3.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxml2-2.7.6-8.el6_3.4.src.rpm x86_64: libxml2-2.7.6-8.el6_3.4.i686.rpm libxml2-2.7.6-8.el6_3.4.x86_64.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.x86_64.rpm libxml2-python-2.7.6-8.el6_3.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxml2-2.7.6-8.el6_3.4.src.rpm x86_64: libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.x86_64.rpm libxml2-devel-2.7.6-8.el6_3.4.i686.rpm libxml2-devel-2.7.6-8.el6_3.4.x86_64.rpm libxml2-static-2.7.6-8.el6_3.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxml2-2.7.6-8.el6_3.4.src.rpm i386: libxml2-2.7.6-8.el6_3.4.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-devel-2.7.6-8.el6_3.4.i686.rpm libxml2-python-2.7.6-8.el6_3.4.i686.rpm ppc64: libxml2-2.7.6-8.el6_3.4.ppc.rpm libxml2-2.7.6-8.el6_3.4.ppc64.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.ppc.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.ppc64.rpm libxml2-devel-2.7.6-8.el6_3.4.ppc.rpm libxml2-devel-2.7.6-8.el6_3.4.ppc64.rpm libxml2-python-2.7.6-8.el6_3.4.ppc64.rpm s390x: libxml2-2.7.6-8.el6_3.4.s390.rpm libxml2-2.7.6-8.el6_3.4.s390x.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.s390.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.s390x.rpm libxml2-devel-2.7.6-8.el6_3.4.s390.rpm libxml2-devel-2.7.6-8.el6_3.4.s390x.rpm libxml2-python-2.7.6-8.el6_3.4.s390x.rpm x86_64: libxml2-2.7.6-8.el6_3.4.i686.rpm libxml2-2.7.6-8.el6_3.4.x86_64.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.x86_64.rpm libxml2-devel-2.7.6-8.el6_3.4.i686.rpm libxml2-devel-2.7.6-8.el6_3.4.x86_64.rpm libxml2-python-2.7.6-8.el6_3.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxml2-2.7.6-8.el6_3.4.src.rpm i386: libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-static-2.7.6-8.el6_3.4.i686.rpm ppc64: libxml2-debuginfo-2.7.6-8.el6_3.4.ppc64.rpm libxml2-static-2.7.6-8.el6_3.4.ppc64.rpm s390x: libxml2-debuginfo-2.7.6-8.el6_3.4.s390x.rpm libxml2-static-2.7.6-8.el6_3.4.s390x.rpm x86_64: libxml2-debuginfo-2.7.6-8.el6_3.4.x86_64.rpm libxml2-static-2.7.6-8.el6_3.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxml2-2.7.6-8.el6_3.4.src.rpm i386: libxml2-2.7.6-8.el6_3.4.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-devel-2.7.6-8.el6_3.4.i686.rpm libxml2-python-2.7.6-8.el6_3.4.i686.rpm x86_64: libxml2-2.7.6-8.el6_3.4.i686.rpm libxml2-2.7.6-8.el6_3.4.x86_64.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.x86_64.rpm libxml2-devel-2.7.6-8.el6_3.4.i686.rpm libxml2-devel-2.7.6-8.el6_3.4.x86_64.rpm libxml2-python-2.7.6-8.el6_3.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxml2-2.7.6-8.el6_3.4.src.rpm i386: libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-static-2.7.6-8.el6_3.4.i686.rpm x86_64: libxml2-debuginfo-2.7.6-8.el6_3.4.x86_64.rpm libxml2-static-2.7.6-8.el6_3.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5134.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQt66YXlSAg2UNWIIRAuFIAJ9txGFdpvgJfC/sBrUnpgHgntZmRwCeOyyH uM4okdoImE0phDpHIiSGSqg= =iW2h -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/libxml2-2.8.0-i486-2_slack14.0.txz: Rebuilt. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libxml2-2.6.32-i486-3_slack12.1.tgz Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libxml2-2.6.32-i486-4_slack12.2.tgz Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libxml2-2.7.3-i486-5_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libxml2-2.7.3-x86_64-5_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libxml2-2.7.6-i486-3_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libxml2-2.7.6-x86_64-3_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libxml2-2.7.8-i486-5_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libxml2-2.7.8-x86_64-5_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libxml2-2.8.0-i486-2_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libxml2-2.8.0-x86_64-2_slack14.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libxml2-2.8.0-i486-2.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libxml2-2.8.0-x86_64-2.txz MD5 signatures: +-------------+ Slackware 12.1 package: 4b8f8073e5ab0e468368aac52031e133 libxml2-2.6.32-i486-3_slack12.1.tgz Slackware 12.2 package: a38284d735b51156b6a0c2aad4a0b0b6 libxml2-2.6.32-i486-4_slack12.2.tgz Slackware 13.0 package: de8fa68b968b05115f06fd1a6c8c874d libxml2-2.7.3-i486-5_slack13.0.txz Slackware x86_64 13.0 package: ff17bc7c4513ad04192ecc351f390d2e libxml2-2.7.3-x86_64-5_slack13.0.txz Slackware 13.1 package: 82340fb2bd9eb47336c072dc0f801589 libxml2-2.7.6-i486-3_slack13.1.txz Slackware x86_64 13.1 package: 1e37ae374658bedbaa62aee52d960e6d libxml2-2.7.6-x86_64-3_slack13.1.txz Slackware 13.37 package: a2c3792fbf110ad3d05fd347deff3958 libxml2-2.7.8-i486-5_slack13.37.txz Slackware x86_64 13.37 package: 817ab99eff08314862f48c33703f572f libxml2-2.7.8-x86_64-5_slack13.37.txz Slackware 14.0 package: b407f6c6e488375e9d7775c1b8eb7231 libxml2-2.8.0-i486-2_slack14.0.txz Slackware x86_64 14.0 package: b11a66b5e80391dac16d92c59a7aa111 libxml2-2.8.0-x86_64-2_slack14.0.txz Slackware -current package: dba82933cc4a5298b14ca4f085e930ce l/libxml2-2.8.0-i486-2.txz Slackware x86_64 -current package: 061c5ad8691d874a9c2a9079c312a725 l/libxml2-2.8.0-x86_64-2.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libxml2-2.8.0-i486-2_slack14.0.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Content-Disposition: inline ==========================================================================Ubuntu Security Notice USN-1656-1 December 06, 2012 libxml2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: libxml2 2.8.0+dfsg1-5ubuntu2.1 Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.3 Ubuntu 11.10: libxml2 2.7.8.dfsg-4ubuntu0.5 Ubuntu 10.04 LTS: libxml2 2.7.6.dfsg-1ubuntu1.7 Ubuntu 8.04 LTS: libxml2 2.6.31.dfsg-2ubuntu1.11 After a standard system update you need to reboot your computer to make all the necessary changes. Background ========== libxml2 is the XML C parser and toolkit developed for the Gnome project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxml2 < 2.9.1-r1 >= 2.9.1-r1 Description =========== Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.1-r1" References ========== [ 1 ] CVE-2012-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2871 [ 2 ] CVE-2012-5134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5134 [ 3 ] CVE-2013-0338 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338 [ 4 ] CVE-2013-1664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664 [ 5 ] CVE-2013-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969 [ 6 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201311-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze6. For the unstable distribution (sid), this problem has been fixed in version 2.8.0+dfsg1-7. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51437 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51437/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51437 RELEASE DATE: 2012-11-27 DISCUSS ADVISORY: http://secunia.com/advisories/51437/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51437/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51437 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) A use-after-free error exists in SVG filters. 2) An out-of-bounds read error exists in Skia. 3) An error exists within the libxml2 library. For more information see vulnerability #2: SA48000 4) A use-after-free error exists within printing. 5) A bad cast error exists within input element handling. The vulnerabilities are reported in versions prior to 23.0.1271.91. SOLUTION: Update to version 23.0.1271.91. ORIGINAL ADVISORY: http://googlechromereleases.blogspot.dk/2012/11/stable-channel-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-20-1 Apple TV 6.0 Apple TV 6.0 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1025 : Felix Groebert of the Google Security Team Apple TV Available for: Apple TV 2nd generation and later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Sorenson encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update added the involved sub-CA certificate to OS X's list of untrusted certificates. CVE-ID CVE-2013-5134 Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker who has arbitrary code execution on a device may be able to persist code execution across reboots Description: Multiple buffer overflows existed in dyld's openSharedCacheFile() function. These issues were addressed through improved bounds checking. CVE-ID CVE-2013-3950 : Stefan Esser Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1026 : Felix Groebert of the Google Security Team Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious local application could cause an unexpected system termination Description: A null pointer dereference existed in IOCatalogue. The issue was addressed through additional type checking. CVE-ID CVE-2013-5138 : Will Estes Apple TV Available for: Apple TV 2nd generation and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: An out of bounds array access existed in the IOSerialFamily driver. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-5139 : @dent1zt Apple TV Available for: Apple TV 2nd generation and later Impact: A remote attacker can cause a device to unexpectedly restart Description: Sending an invalid packet fragment to a device can cause a kernel assert to trigger, leading to a device restart. The issue was addressed through additional validation of packet fragments. CVE-ID CVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous researcher working with CERT-FI, Antti LevomAki and Lauri Virtanen of Vulnerability Analysis Group, Stonesoft Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker on a local network can cause a denial of service Description: An attacker on a local network can send specially crafted IPv6 ICMP packets and cause high CPU load. The issue was addressed by rate limiting ICMP packets before verifying their checksum. CVE-ID CVE-2011-2391 : Marc Heuse Apple TV Available for: Apple TV 2nd generation and later Impact: Kernel stack memory may be disclosed to local users Description: An information disclosure issue existed in the msgctl and segctl APIs. This issue was addressed by initializing data structures returned from the kernel. CVE-ID CVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc Apple TV Available for: Apple TV 2nd generation and later Impact: Unprivileged processes could get access to the contents of kernel memory which could lead to privilege escalation Description: An information disclosure issue existed in the mach_port_space_info API. This issue was addressed by initializing the iin_collision field in structures returned from the kernel. CVE-ID CVE-2013-3953 : Stefan Esser Apple TV Available for: Apple TV 2nd generation and later Impact: Unprivileged processes may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A memory corruption issue existed in the handling of arguments to the posix_spawn API. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-3954 : Stefan Esser Apple TV Available for: Apple TV 2nd generation and later Impact: An unauthorized process may modify the set of loaded kernel extensions Description: An issue existed in kextd's handling of IPC messages from unauthenticated senders. This issue was addressed by adding additional authorization checks. CVE-ID CVE-2013-5145 : "Rainbow PRISM" Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0. CVE-ID CVE-2011-3102 : Juri Aedla CVE-2012-0841 CVE-2012-2807 : Juri Aedla CVE-2012-5134 : Google Chrome Security Team (Juri Aedla) Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28. CVE-ID CVE-2012-2825 : Nicolas Gregoire CVE-2012-2870 : Nicolas Gregoire CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas Gregoire Apple TV Available for: Apple TV 2nd generation and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-0879 : Atte Kettunen of OUSPG CVE-2013-0991 : Jay Civelli of the Chromium development community CVE-2013-0992 : Google Chrome Security Team (Martin Barbella) CVE-2013-0993 : Google Chrome Security Team (Inferno) CVE-2013-0994 : David German of Google CVE-2013-0995 : Google Chrome Security Team (Inferno) CVE-2013-0996 : Google Chrome Security Team (Inferno) CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative CVE-2013-0998 : pa_kt working with HP's Zero Day Initiative CVE-2013-0999 : pa_kt working with HP's Zero Day Initiative CVE-2013-1000 : Fermin J. Serna of the Google Security Team CVE-2013-1001 : Ryan Humenick CVE-2013-1002 : Sergey Glazunov CVE-2013-1003 : Google Chrome Security Team (Inferno) CVE-2013-1004 : Google Chrome Security Team (Martin Barbella) CVE-2013-1005 : Google Chrome Security Team (Martin Barbella) CVE-2013-1006 : Google Chrome Security Team (Martin Barbella) CVE-2013-1007 : Google Chrome Security Team (Inferno) CVE-2013-1008 : Sergey Glazunov CVE-2013-1010 : miaubiz CVE-2013-1011 CVE-2013-1037 : Google Chrome Security Team CVE-2013-1038 : Google Chrome Security Team CVE-2013-1039 : own-hero Research working with iDefense VCP CVE-2013-1040 : Google Chrome Security Team CVE-2013-1041 : Google Chrome Security Team CVE-2013-1042 : Google Chrome Security Team CVE-2013-1043 : Google Chrome Security Team CVE-2013-1044 : Apple CVE-2013-1045 : Google Chrome Security Team CVE-2013-1046 : Google Chrome Security Team CVE-2013-1047 : miaubiz CVE-2013-2842 : Cyril Cattiaux CVE-2013-5125 : Google Chrome Security Team CVE-2013-5126 : Apple CVE-2013-5127 : Google Chrome Security Team CVE-2013-5128 : Apple Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About"

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer error

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

miaubiz, Atte Kettunen of OUSPG, and Fermin Serna of Google Security Team, Justin Drake,J??ri Aedla and Inferno of Google Chrome Security Team, Attila Sz??sz

SOURCES

LAST UPDATE DATE

2026-04-18T22:31:18.555000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE