Details of VAR-201604-0129

ID

VAR-201604-0129

CVE

CVE-2016-3961

TITLE

Xen and Linux Kernel Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-002112

DESCRIPTION

Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. Xen is an open source virtual machine monitor product. Xen's PV virtual machine has a security vulnerability when enabling hugetlbfs support, allowing an attacker to exploit this vulnerability to trigger an infinite loop of error pages for a denial of service attack. Xen is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the kernel, resulting in a denial-of-service condition. ========================================================================== Ubuntu Security Notice USN-3002-1 June 10, 2016 linux-lts-wily vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in the kernel. Software Description: - linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty Details: Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583) Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004) Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187) Hector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program. (CVE-2016-3672) Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951) It was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955) Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. (CVE-2016-3961) Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485) Kangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486) Jann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565) It was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash). (CVE-2016-4581) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: linux-image-4.2.0-38-generic 4.2.0-38.45~14.04.1 linux-image-4.2.0-38-generic-lpae 4.2.0-38.45~14.04.1 linux-image-4.2.0-38-lowlatency 4.2.0-38.45~14.04.1 linux-image-4.2.0-38-powerpc-e500mc 4.2.0-38.45~14.04.1 linux-image-4.2.0-38-powerpc-smp 4.2.0-38.45~14.04.1 linux-image-4.2.0-38-powerpc64-emb 4.2.0-38.45~14.04.1 linux-image-4.2.0-38-powerpc64-smp 4.2.0-38.45~14.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: http://www.ubuntu.com/usn/usn-3002-1 CVE-2015-4004, CVE-2016-1583, CVE-2016-2117, CVE-2016-2187, CVE-2016-3672, CVE-2016-3951, CVE-2016-3955, CVE-2016-3961, CVE-2016-4485, CVE-2016-4486, CVE-2016-4565, CVE-2016-4581 Package Information: https://launchpad.net/ubuntu/+source/linux-lts-wily/4.2.0-38.45~14.04.1 . This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that the compression handling code in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel did not properly check for an integer overflow. (CVE-2014-9904) Kirill A. References: http://www.ubuntu.com/usn/usn-3127-1 CVE-2014-9904, CVE-2015-3288, CVE-2016-3961, CVE-2016-7042 Package Information: https://launchpad.net/ubuntu/+source/linux/3.13.0-101.148 --w/VI3ydZO+RcZ3Ux -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJYJZIfAAoJEC8Jno0AXoH0insP/jaaUxVzufGQH9ssk/AaERQY mV60G8AmRGNR7bhU6yT3d1ia/NgsB5a0aZZ/mXBM0O5bwFo2958Vc8QPrZPqMFWh aC/xgP/ahn+CMJLpGdlUSDX75QVlOwAjszKVFo4DmFGiNbOMabW55ApdI1/fYnWP qr9Ag3eJH393HSquBMha+pRJBbQ+sr1KO/WjnTsuFJy5YqU2h/g3LypM+F5AHgbr gOXkWKpWJd+v1EP/uI+/MuoNigKfOs8r00Nbv8gNN8v/txGI/kSx2fCn4/aYQIwY 6WcOeONFsiriqYfSAZRPONWeCu5Huawc1y9Zs06ksy/vvZoNH/6dSvUyE5SI+T7m clMYC54ZEwkwmIu73bi+V8Ceodl+wtDl053Ekw8DGHrSj6I5O4BYH/kn1eRBDrdm AWe9KrchnfVTIOeb0H0S8Nb1XT4TcYFhY9JaQYCGQ2VKhGudKLJnwa0Hp1/uG8lr BWK4lp7FYIZztbsVR1vgcAwLmsb9D8PGm96qvrzunw3U2aQCtWU/QGMqwcMPgnVG hWE8o/l8GvZ5Ca5hj3tuMRT0pkzsN2jJbMQaJfNRbopoqopffpccdxOBCWvBuCDN T0bHGA+OO7o0OYms1nSPE/COopTBOyYRtYLVh3XIG93pGqK6XbZT8Ze9swmrktPj i+0yvWd0c7yq7dhf1if9 =07Pv -----END PGP SIGNATURE----- --w/VI3ydZO+RcZ3Ux--

Trust: 3.06

sources: NVD: CVE-2016-3961 // JVNDB: JVNDB-2016-002112 // CNVD: CNVD-2016-02390 // BID: 86068 // VULMON: CVE-2016-3961 // PACKETSTORM: 138261 // PACKETSTORM: 137419 // PACKETSTORM: 138270 // PACKETSTORM: 137417 // PACKETSTORM: 139673 // PACKETSTORM: 139678

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-02390

AFFECTED PRODUCTS

vendor:	xen	model:	xen	scope:	lte	version:	4.5.3	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	15.10	Trust: 1.0
vendor:	xen	model:	xen	scope:	lte	version:	4.5.x	Trust: 0.8
vendor:	xen	model:	pv	scope:	-	version:	-	Trust: 0.6
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3

sources: CNVD: CNVD-2016-02390 // BID: 86068 // JVNDB: JVNDB-2016-002112 // NVD: CVE-2016-3961

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-3961
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-3961
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-02390
value:	LOW
Trust: 0.6
VULMON:	CVE-2016-3961
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-3961
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2016-02390
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2016-3961
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-02390 // VULMON: CVE-2016-3961 // JVNDB: JVNDB-2016-002112 // NVD: CVE-2016-3961

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2016-002112 // NVD: CVE-2016-3961

THREAT TYPE

local

Trust: 0.4

sources: PACKETSTORM: 138261 // PACKETSTORM: 138270 // PACKETSTORM: 139673 // PACKETSTORM: 139678

TYPE

arbitrary

Trust: 0.4

sources: PACKETSTORM: 138261 // PACKETSTORM: 137419 // PACKETSTORM: 138270 // PACKETSTORM: 137417

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002112

PATCH

title:	xsa174.patch	url:	http://xenbits.xen.org/xsa/xsa174.patch	Trust: 0.8
title:	XSA-174	url:	http://xenbits.xen.org/xsa/advisory-174.html	Trust: 0.8
title:	Patch for XenPV Virtual Machine Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/74420	Trust: 0.6
title:	Red Hat: CVE-2016-3961	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-3961	Trust: 0.1
title:	Ubuntu Security Notice: linux vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3127-1	Trust: 0.1
title:	Ubuntu Security Notice: linux-lts-trusty vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3127-2	Trust: 0.1
title:	Ubuntu Security Notice: linux-ti-omap4 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3050-1	Trust: 0.1
title:	Ubuntu Security Notice: linux vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3049-1	Trust: 0.1
title:	Brocade Security Advisories: BSA-2017-204	url:	https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories&qid=426d0c0eff7642baadbe130aeadad5b8	Trust: 0.1
title:	Ubuntu Security Notice: linux vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3006-1	Trust: 0.1
title:	Ubuntu Security Notice: linux-lts-xenial vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3005-1	Trust: 0.1
title:	Ubuntu Security Notice: linux-raspi2 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3007-1	Trust: 0.1
title:	Ubuntu Security Notice: linux vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3003-1	Trust: 0.1
title:	Ubuntu Security Notice: linux-lts-vivid vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3001-1	Trust: 0.1
title:	Ubuntu Security Notice: linux-lts-wily vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3002-1	Trust: 0.1
title:	Ubuntu Security Notice: linux-raspi2 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3004-1	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2016-703	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-703	Trust: 0.1
title:	Debian Security Advisories: DSA-3607-1 linux -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=130ea7817d6c997c442bd2ad39a2da75	Trust: 0.1

sources: CNVD: CNVD-2016-02390 // VULMON: CVE-2016-3961 // JVNDB: JVNDB-2016-002112

EXTERNAL IDS

db:	NVD	id:	CVE-2016-3961	Trust: 3.4
db:	BID	id:	86068	Trust: 1.4
db:	SECTRACK	id:	1035569	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-002112	Trust: 0.8
db:	OPENWALL	id:	OSS-SECURITY/2016/04/14/2	Trust: 0.6
db:	CNVD	id:	CNVD-2016-02390	Trust: 0.6
db:	VULMON	id:	CVE-2016-3961	Trust: 0.1
db:	PACKETSTORM	id:	138261	Trust: 0.1
db:	PACKETSTORM	id:	137419	Trust: 0.1
db:	PACKETSTORM	id:	138270	Trust: 0.1
db:	PACKETSTORM	id:	137417	Trust: 0.1
db:	PACKETSTORM	id:	139673	Trust: 0.1
db:	PACKETSTORM	id:	139678	Trust: 0.1

sources: CNVD: CNVD-2016-02390 // VULMON: CVE-2016-3961 // BID: 86068 // PACKETSTORM: 138261 // PACKETSTORM: 137419 // PACKETSTORM: 138270 // PACKETSTORM: 137417 // PACKETSTORM: 139673 // PACKETSTORM: 139678 // JVNDB: JVNDB-2016-002112 // NVD: CVE-2016-3961

REFERENCES

url:	http://www.ubuntu.com/usn/usn-3002-1	Trust: 1.2
url:	http://www.ubuntu.com/usn/usn-3004-1	Trust: 1.2
url:	http://www.ubuntu.com/usn/usn-3049-1	Trust: 1.2
url:	http://www.ubuntu.com/usn/usn-3050-1	Trust: 1.2
url:	http://www.debian.org/security/2016/dsa-3607	Trust: 1.1
url:	http://www.securityfocus.com/bid/86068	Trust: 1.1
url:	http://www.securitytracker.com/id/1035569	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-3001-1	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-3003-1	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-3005-1	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-3006-1	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-3007-1	Trust: 1.1
url:	http://xenbits.xen.org/xsa/advisory-174.html	Trust: 1.1
url:	http://xenbits.xen.org/xsa/xsa174.patch	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3961	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3961	Trust: 0.8
url:	http://www.openwall.com/lists/oss-security/2016/04/14/2	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3961	Trust: 0.6
url:	http://www.xen.org/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3134	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4470	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5243	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3955	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2117	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4486	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4565	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4581	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3672	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4004	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4485	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1583	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2187	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3951	Trust: 0.2
url:	http://www.ubuntu.com/usn/usn-3127-1	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7042	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-9904	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3288	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2016-3961	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-3961	Trust: 0.1
url:	https://usn.ubuntu.com/3127-1/	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/3.2.0-107.148	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/4.2.0-1031.41	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1485.112	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-lts-wily/4.2.0-38.45~14.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-101.148~precise1	Trust: 0.1
url:	http://www.ubuntu.com/usn/usn-3127-2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/3.13.0-101.148	Trust: 0.1

CREDITS

Ubuntu

Trust: 0.6

sources: PACKETSTORM: 138261 // PACKETSTORM: 137419 // PACKETSTORM: 138270 // PACKETSTORM: 137417 // PACKETSTORM: 139673 // PACKETSTORM: 139678

SOURCES

db:	CNVD	id:	CNVD-2016-02390
db:	VULMON	id:	CVE-2016-3961
db:	BID	id:	86068
db:	PACKETSTORM	id:	138261
db:	PACKETSTORM	id:	137419
db:	PACKETSTORM	id:	138270
db:	PACKETSTORM	id:	137417
db:	PACKETSTORM	id:	139673
db:	PACKETSTORM	id:	139678
db:	JVNDB	id:	JVNDB-2016-002112
db:	NVD	id:	CVE-2016-3961

LAST UPDATE DATE

2025-06-26T19:50:37.529000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-02390	date:	2016-04-20T00:00:00
db:	VULMON	id:	CVE-2016-3961	date:	2016-11-28T00:00:00
db:	BID	id:	86068	date:	2016-07-05T22:42:00
db:	JVNDB	id:	JVNDB-2016-002112	date:	2016-04-20T00:00:00
db:	NVD	id:	CVE-2016-3961	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-02390	date:	2016-04-20T00:00:00
db:	VULMON	id:	CVE-2016-3961	date:	2016-04-15T00:00:00
db:	BID	id:	86068	date:	2016-04-14T00:00:00
db:	PACKETSTORM	id:	138261	date:	2016-08-10T15:28:34
db:	PACKETSTORM	id:	137419	date:	2016-06-10T06:06:00
db:	PACKETSTORM	id:	138270	date:	2016-08-10T15:31:42
db:	PACKETSTORM	id:	137417	date:	2016-06-10T06:04:00
db:	PACKETSTORM	id:	139673	date:	2016-11-11T14:29:32
db:	PACKETSTORM	id:	139678	date:	2016-11-11T14:30:23
db:	JVNDB	id:	JVNDB-2016-002112	date:	2016-04-20T00:00:00
db:	NVD	id:	CVE-2016-3961	date:	2016-04-15T14:59:14.050