VARIoT IoT vulnerabilities database
| VAR-201605-0411 | CVE-2016-1404 | Cisco UCS Invicta Appliance and Invicta Operates on a scaling system Cisco UCS Invicta Vulnerabilities that can break cryptographic protection mechanisms |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504. Cisco UCS Invicta Software is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks.
This issue is being tracked by Cisco Bug ID CSCur85504
| VAR-201605-0618 | No CVE | OMRON CP1W-C1F41 Module HTTP Service Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
OMRON CP1H-XA40DT-D is a compact PLC produced by Japan's Omron Corporation and is widely used in manufacturing. CP1W-C1F41 is the Ethernet module of CP1H-XA40DT-D PLC.
There is a denial of service vulnerability in the HTTP protocol of the CP1W-C1F41 module. After the client establishes a link with port 80 of CP1W-C1F41 and sends an exception string ":" to it (note: there is a space after the colon), it can cause the HTTP service of CP1W-C1F41 to be abnormal and port 80 can no longer be accessed. The PLC needs to be restarted manually before HTTP service can recover
| VAR-201605-0620 | No CVE | Yushi encoder weak password in the background |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Weak password on Yushi camera, allowing initial password login
| VAR-201605-0621 | No CVE | Yushi NVR Login with default password |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Yushi NVR Weak password exists, allowing initial password login
| VAR-201605-0619 | No CVE | Weak password in Yushi video surveillance system background |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Weak password on Yushi camera, allowing initial password login
| VAR-201606-0382 | CVE-2016-4448 | libxml2 Format string vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Libxml2 is prone to a remote format-string vulnerability.
An attacker may exploit this issue to cause a denial-of-service condition. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed. Libxml2 is a C language-based function library for parsing XML documents developed by the GNOME project team. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: libxml2 security update
Advisory ID: RHSA-2016:1292-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2016:1292
Issue date: 2016-06-23
CVE Names: CVE-2016-1762 CVE-2016-1833 CVE-2016-1834
CVE-2016-1835 CVE-2016-1836 CVE-2016-1837
CVE-2016-1838 CVE-2016-1839 CVE-2016-1840
CVE-2016-3627 CVE-2016-3705 CVE-2016-4447
CVE-2016-4448 CVE-2016-4449
=====================================================================
1. Summary:
An update for libxml2 is now available for Red Hat Enterprise Linux 6 and
Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The libxml2 library is a development toolbox providing the implementation
of various XML standards.
Security Fix(es):
A heap-based buffer overflow flaw was found in the way libxml2 parsed
certain crafted XML input. A remote attacker could provide a specially
crafted XML file that, when opened in an application linked against
libxml2, would cause the application to crash or execute arbitrary code
with the permissions of the user running the application. (CVE-2016-1834,
CVE-2016-1840)
Multiple denial of service flaws were found in libxml2. A remote attacker
could provide a specially crafted XML file that, when processed by an
application using libxml2, could cause that application to crash.
(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,
CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447,
CVE-2016-4448, CVE-2016-4449)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all applications linked to the libxml2
library must be restarted, or the system rebooted.
5. Bugs fixed (https://bugzilla.redhat.com/):
1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode
1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file
1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar
1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName
1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs
1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral
1338700 - CVE-2016-4448 libxml2: Format string vulnerability
1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content
1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey
1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString
1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal
1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup
1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat
1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar
6. Package List:
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
libxml2-2.7.6-21.el6_8.1.src.rpm
x86_64:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
libxml2-2.7.6-21.el6_8.1.src.rpm
i386:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-python-2.7.6-21.el6_8.1.i686.rpm
ppc64:
libxml2-2.7.6-21.el6_8.1.ppc.rpm
libxml2-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.ppc.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-devel-2.7.6-21.el6_8.1.ppc.rpm
libxml2-devel-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-python-2.7.6-21.el6_8.1.ppc64.rpm
s390x:
libxml2-2.7.6-21.el6_8.1.s390.rpm
libxml2-2.7.6-21.el6_8.1.s390x.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.s390.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm
libxml2-devel-2.7.6-21.el6_8.1.s390.rpm
libxml2-devel-2.7.6-21.el6_8.1.s390x.rpm
libxml2-python-2.7.6-21.el6_8.1.s390x.rpm
x86_64:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-static-2.7.6-21.el6_8.1.i686.rpm
ppc64:
libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-static-2.7.6-21.el6_8.1.ppc64.rpm
s390x:
libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm
libxml2-static-2.7.6-21.el6_8.1.s390x.rpm
x86_64:
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
libxml2-2.7.6-21.el6_8.1.src.rpm
i386:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-python-2.7.6-21.el6_8.1.i686.rpm
x86_64:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-static-2.7.6-21.el6_8.1.i686.rpm
x86_64:
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
ppc64:
libxml2-2.9.1-6.el7_2.3.ppc.rpm
libxml2-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-devel-2.9.1-6.el7_2.3.ppc.rpm
libxml2-devel-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-python-2.9.1-6.el7_2.3.ppc64.rpm
ppc64le:
libxml2-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-devel-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-python-2.9.1-6.el7_2.3.ppc64le.rpm
s390x:
libxml2-2.9.1-6.el7_2.3.s390.rpm
libxml2-2.9.1-6.el7_2.3.s390x.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm
libxml2-devel-2.9.1-6.el7_2.3.s390.rpm
libxml2-devel-2.9.1-6.el7_2.3.s390x.rpm
libxml2-python-2.9.1-6.el7_2.3.s390x.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-static-2.9.1-6.el7_2.3.ppc.rpm
libxml2-static-2.9.1-6.el7_2.3.ppc64.rpm
ppc64le:
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-static-2.9.1-6.el7_2.3.ppc64le.rpm
s390x:
libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm
libxml2-static-2.9.1-6.el7_2.3.s390.rpm
libxml2-static-2.9.1-6.el7_2.3.s390x.rpm
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1762
https://access.redhat.com/security/cve/CVE-2016-1833
https://access.redhat.com/security/cve/CVE-2016-1834
https://access.redhat.com/security/cve/CVE-2016-1835
https://access.redhat.com/security/cve/CVE-2016-1836
https://access.redhat.com/security/cve/CVE-2016-1837
https://access.redhat.com/security/cve/CVE-2016-1838
https://access.redhat.com/security/cve/CVE-2016-1839
https://access.redhat.com/security/cve/CVE-2016-1840
https://access.redhat.com/security/cve/CVE-2016-3627
https://access.redhat.com/security/cve/CVE-2016-3705
https://access.redhat.com/security/cve/CVE-2016-4447
https://access.redhat.com/security/cve/CVE-2016-4448
https://access.redhat.com/security/cve/CVE-2016-4449
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXa8B8XlSAg2UNWIIRAh9ZAJ99xgPhOaIopIxmynm+vlDcmw4jFACeLvTm
ZsVLEgJAF0Zt6xZVzqvVW7U=
=fREV
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-07-18-2 iOS 9.3.3
iOS 9.3.3 is now available and addresses the following:
Calendar
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted calendar invite may cause a device to
unexpectedly restart
Description: A null pointer dereference was addressed through
improved memory handling.
CVE-2016-4592 : Mikhail
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may disclose image data from
another website
Description: A timing issue existed in the processing of SVG.
CVE-2016-4587 : Apple
WebKit JavaScript Bindings
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to script
execution in the context of a non-HTTP service
Description: A cross-protocol cross-site scripting (XPXSS) issue
existed in Safari when submitting forms to non-HTTP services
compatible with HTTP/0.9. This issue was addressed by disabling
scripts and plugins on resources loaded over HTTP/0.9.
CVE-2016-4651 : Obscure
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-site scripting issue existed in Safari URL
redirection.
CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions,
Inc.
CVE-2016-4584 : Chris Vienneau
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update
2016-004
OS X El Capitan v10.11.6 and Security Update 2016-004 is now
available and addresses the following:
apache_mod_php
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple issues existed in PHP versions prior to
5.5.36. These were addressed by updating PHP to version 5.5.36.
CVE-2016-4650
Audio
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro
Audio
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to determine kernel memory layout
Description: An out-of-bounds read was addressed through improved
input validation.
CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro
Audio
Available for: OS X El Capitan v10.11 and later
Impact: Parsing a maliciously crafted audio file may lead to the
disclosure of user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-4646 : Steven Seeley of Source Incite working with Trend
Micro's Zero Day Initiative
Audio
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to cause a system denial of service
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro
bsdiff
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow existed in bspatch. This issue was
addressed through improved bounds checking.
CVE-2014-9862 : an anonymous researcher
CFNetwork
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to view sensitive user information
Description: A permissions issue existed in the handling of web
browser cookies. This issue was addressed through improved
restrictions.
CVE-2016-4645 : Abhinav Bansal of Zscaler Inc.
CoreGraphics
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com
/vulnerability-reports)
CoreGraphics
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to elevate privileges
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend
Micro's Zero Day Initiative
FaceTime
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
cause a relayed call to continue transmitting audio while appearing
as if the call terminated
Description: User interface inconsistencies existed in the handling
of relayed calls. These issues were addressed through improved
FaceTime display logic.
CVE-2016-4635 : Martin Vigo
Graphics Drivers
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved input validation.
CVE-2016-4634 : Stefan Esser of SektionEins
ImageIO
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to cause a denial of service
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2016-4632 : Evgeny Sidorov of Yandex
ImageIO
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com
/vulnerability-reports)
ImageIO
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com
/vulnerability-reports)
CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com
/vulnerability-reports)
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and later
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4633 : an anonymous researcher
IOHIDFamily
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4626 : Stefan Esser of SektionEins
IOSurface
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A use-after-free was addressed through improved memory
management.
CVE-2016-4625 : Ian Beer of Google Project Zero
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-1863 : Ian Beer of Google Project Zero
CVE-2016-1864 : Ju Zhu of Trend Micro
CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to cause a system denial of service
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab
(@keen_lab), Tencent
libc++abi
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
root privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4621 : an anonymous researcher
libexpat
Available for: OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-0718 : Gustavo Grieco
LibreSSL
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple issues existed in LibreSSL before 2.2.7. These
were addressed by updating LibreSSL to version 2.2.7.
CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand,
Ian Beer of Google Project Zero
CVE-2016-2109 : Brian Carpenter
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: An access issue existed in the parsing of maliciously
crafted XML files. This issue was addressed through improved input
validation.
CVE-2016-4449 : Kostya Serebryany
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Multiple vulnerabilities in libxml2
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-4448 : Apple
CVE-2016-4483 : Gustavo Grieco
CVE-2016-4614 : Nick Wellnhofe
CVE-2016-4615 : Nick Wellnhofer
CVE-2016-4616 : Michael Paddon
CVE-2016-4619 : Hanno Boeck
libxslt
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Multiple vulnerabilities in libxslt
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-1684 : Nicolas GrA(c)goire
CVE-2016-4607 : Nick Wellnhofer
CVE-2016-4608 : Nicolas GrA(c)goire
CVE-2016-4609 : Nick Wellnhofer
CVE-2016-4610 : Nick Wellnhofer
CVE-2016-4612 : Nicolas GrA(c)goire
Login Window
Available for: OS X El Capitan v10.11 and later
Impact: A malicious application may be able to execute arbitrary
code leading to compromise of user information
Description: A memory corruption issue was addressed through
improved input validation.
CVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend
Micro's Zero Day Initiative
Login Window
Available for: OS X El Capitan v10.11 and later
Impact: A malicious application may be able to execute arbitrary
code leading to the compromise of user information
Description: A type confusion issue was addressed through improved
memory handling.
CVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend
Micro's Zero Day Initiative
Login Window
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to cause a denial of service
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend
Micro's Zero Day Initiative
Login Window
Available for: OS X El Capitan v10.11 and later
Impact: A malicious application may be able to gain root privileges
Description: A type confusion issue was addressed through improved
memory handling.
CVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend
Micro's Zero Day Initiative
OpenSSL
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8.
CVE-2016-2105 : Guido Vranken
CVE-2016-2106 : Guido Vranken
CVE-2016-2107 : Juraj Somorovsky
CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero
CVE-2016-2109 : Brian Carpenter
CVE-2016-2176 : Guido Vranken
QuickTime
Available for: OS X El Capitan v10.11 and later
Impact: Processing a maliciously crafted FlashPix Bitmap Image may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab
CVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab
CVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab
CVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab
QuickTime
Available for: OS X El Capitan v10.11 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through
improved input validation.
CVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab
QuickTime
Available for: OS X El Capitan v10.11 and later
Impact: Processing a maliciously crafted SGI file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through
improved input validation.
CVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab
QuickTime
Available for: OS X El Capitan v10.11 and later
Impact: Processing a maliciously crafted Photoshop document may lead
to unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved input validation.
CVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab
Safari Login AutoFill
Available for: OS X El Capitan v10.11 and later
Impact: A user's password may be visible on screen
Description: An issue existed in Safari's password auto-fill. This
issue was addressed through improved matching of form fields.
CVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD
Sandbox Profiles
Available for: OS X El Capitan v10.11 and later
Impact: A local application may be able to access the process list
Description: An access issue existed with privileged API calls. This
issue was addressed through additional restrictions.
CVE-2016-4594 : Stefan Esser of SektionEins
Note: OS X El Capitan 10.11.6 includes the security content of Safari
9.1.2. For further details see https://support.apple.com/kb/HT206900
OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y
+cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy
pSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV
xj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u
wevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN
ZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k
ah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk
mmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC
JM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc
55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs
xPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5
YozOGPQFmX0OviWCQsX6
=ng+m
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05194709
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05194709
Version: 1
HPSBGN03628 rev.1 - HPE IceWall Federation Agent using libXML2 library,
Remote Denial of Service (DoS), Unauthorized Modification, Unauthorized
Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2016-07-07
Last Updated: 2016-07-07
Potential Security Impact: Remote Denial of Service (DoS), Unauthorized
Disclosure of Information, Unauthorized Modification
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY
Security vulnerabilities in the libXML2 library could potentially impact HPE
IceWall Federation Agent resulting in Remote Denial of Service (DoS), or
unauthorized modification, or unauthorized disclosure of information.
References:
- CVE-2016-4447: Remote Denial of Service (DoS)
- CVE-2016-4448: Remote unauthorized disclosure of information,
unauthorized modification, Denial of Service (DoS)
- CVE-2016-4449: Remote unauthorized disclosure of information, Denial of
Service (DoS)
- PSRT110164
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- IceWall Federation Agent Version 3.0 (RHEL 6/7) using libXML2
BACKGROUND
CVSS Base Metrics
=================
Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-4447
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-4448
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE-2016-4449
7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
5.8 (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI
d=emr_na-c01345499
RESOLUTION
HPE recommends applying the latest OS vendor security patches for libXML2 to
resolve the vulnerabilities in the libXML2 library.
HISTORY
Version:1 (rev.1) - 7 July 2016 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported
product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners. Description:
This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a
replacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2016-1762,
CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,
CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,
CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)
* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,
CVE-2016-7141)
* This update fixes two flaws in httpd. (CVE-2016-4459,
CVE-2016-8612)
* A buffer overflow flaw when concatenating virtual host names and URIs was
fixed in mod_jk. (CVE-2016-6808)
* A memory leak flaw was fixed in expat. Upstream acknowledges Stephen Henson (OpenSSL development team)
as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),
Hanno BAPck, and David Benjamin (Google) as the original reporters of
CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,
CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj
Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom
(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv
University), and Nadia Heninger (University of Pennsylvania) as the
original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as
the original reporter of CVE-2016-0705.
See the corresponding CVE pages linked to in the References section for
more information about each of the flaws listed in this advisory. Solution:
The References section of this erratum contains a download link (you must
log in to download the update). Before applying the update, back up your
existing Red Hat JBoss Web Server installation (including all applications
and configuration files).
After installing the updated packages, the httpd daemon will be restarted
automatically. JIRA issues fixed (https://issues.jboss.org/):
JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]
JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service
6
| VAR-201606-0395 | CVE-2016-4447 | libxml2 of parser.c of xmlParseElementDecl Service disruption in functions (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. Libxml2 is prone to a remote denial-of-service vulnerability.
An attacker may exploit this issue to cause a denial-of-service condition. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: libxml2 security update
Advisory ID: RHSA-2016:1292-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2016:1292
Issue date: 2016-06-23
CVE Names: CVE-2016-1762 CVE-2016-1833 CVE-2016-1834
CVE-2016-1835 CVE-2016-1836 CVE-2016-1837
CVE-2016-1838 CVE-2016-1839 CVE-2016-1840
CVE-2016-3627 CVE-2016-3705 CVE-2016-4447
CVE-2016-4448 CVE-2016-4449
=====================================================================
1. Summary:
An update for libxml2 is now available for Red Hat Enterprise Linux 6 and
Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The libxml2 library is a development toolbox providing the implementation
of various XML standards.
Security Fix(es):
A heap-based buffer overflow flaw was found in the way libxml2 parsed
certain crafted XML input. (CVE-2016-1834,
CVE-2016-1840)
Multiple denial of service flaws were found in libxml2.
(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,
CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447,
CVE-2016-4448, CVE-2016-4449)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all applications linked to the libxml2
library must be restarted, or the system rebooted.
5. Bugs fixed (https://bugzilla.redhat.com/):
1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode
1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file
1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar
1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName
1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs
1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral
1338700 - CVE-2016-4448 libxml2: Format string vulnerability
1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content
1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey
1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString
1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal
1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup
1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat
1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar
6. Package List:
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
libxml2-2.7.6-21.el6_8.1.src.rpm
x86_64:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
libxml2-2.7.6-21.el6_8.1.src.rpm
i386:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-python-2.7.6-21.el6_8.1.i686.rpm
ppc64:
libxml2-2.7.6-21.el6_8.1.ppc.rpm
libxml2-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.ppc.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-devel-2.7.6-21.el6_8.1.ppc.rpm
libxml2-devel-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-python-2.7.6-21.el6_8.1.ppc64.rpm
s390x:
libxml2-2.7.6-21.el6_8.1.s390.rpm
libxml2-2.7.6-21.el6_8.1.s390x.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.s390.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm
libxml2-devel-2.7.6-21.el6_8.1.s390.rpm
libxml2-devel-2.7.6-21.el6_8.1.s390x.rpm
libxml2-python-2.7.6-21.el6_8.1.s390x.rpm
x86_64:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-static-2.7.6-21.el6_8.1.i686.rpm
ppc64:
libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-static-2.7.6-21.el6_8.1.ppc64.rpm
s390x:
libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm
libxml2-static-2.7.6-21.el6_8.1.s390x.rpm
x86_64:
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
libxml2-2.7.6-21.el6_8.1.src.rpm
i386:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-python-2.7.6-21.el6_8.1.i686.rpm
x86_64:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-static-2.7.6-21.el6_8.1.i686.rpm
x86_64:
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
ppc64:
libxml2-2.9.1-6.el7_2.3.ppc.rpm
libxml2-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-devel-2.9.1-6.el7_2.3.ppc.rpm
libxml2-devel-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-python-2.9.1-6.el7_2.3.ppc64.rpm
ppc64le:
libxml2-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-devel-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-python-2.9.1-6.el7_2.3.ppc64le.rpm
s390x:
libxml2-2.9.1-6.el7_2.3.s390.rpm
libxml2-2.9.1-6.el7_2.3.s390x.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm
libxml2-devel-2.9.1-6.el7_2.3.s390.rpm
libxml2-devel-2.9.1-6.el7_2.3.s390x.rpm
libxml2-python-2.9.1-6.el7_2.3.s390x.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-static-2.9.1-6.el7_2.3.ppc.rpm
libxml2-static-2.9.1-6.el7_2.3.ppc64.rpm
ppc64le:
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-static-2.9.1-6.el7_2.3.ppc64le.rpm
s390x:
libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm
libxml2-static-2.9.1-6.el7_2.3.s390.rpm
libxml2-static-2.9.1-6.el7_2.3.s390x.rpm
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1762
https://access.redhat.com/security/cve/CVE-2016-1833
https://access.redhat.com/security/cve/CVE-2016-1834
https://access.redhat.com/security/cve/CVE-2016-1835
https://access.redhat.com/security/cve/CVE-2016-1836
https://access.redhat.com/security/cve/CVE-2016-1837
https://access.redhat.com/security/cve/CVE-2016-1838
https://access.redhat.com/security/cve/CVE-2016-1839
https://access.redhat.com/security/cve/CVE-2016-1840
https://access.redhat.com/security/cve/CVE-2016-3627
https://access.redhat.com/security/cve/CVE-2016-3705
https://access.redhat.com/security/cve/CVE-2016-4447
https://access.redhat.com/security/cve/CVE-2016-4448
https://access.redhat.com/security/cve/CVE-2016-4449
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXa8B8XlSAg2UNWIIRAh9ZAJ99xgPhOaIopIxmynm+vlDcmw4jFACeLvTm
ZsVLEgJAF0Zt6xZVzqvVW7U=
=fREV
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <5755B7E3.5040103@canonical.com>
Subject: [USN-2994-1] libxml2 vulnerabilities
============================================================================
Ubuntu Security Notice USN-2994-1
June 06, 2016
libxml2 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in libxml2. (CVE-2015-8806, CVE-2016-2073,
CVE-2016-3627, CVE-2016-3705, CVE-2016-4447)
It was discovered that libxml2 incorrectly handled certain malformed
documents.
(CVE-2016-1762, CVE-2016-1834)
Mateusz Jurczyk discovered that libxml2 incorrectly handled certain
malformed documents. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839)
Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain
malformed documents. (CVE-2016-1835, CVE-2016-1837)
Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain
malformed documents. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and
Ubuntu 16.04 LTS. (CVE-2016-1836)
Kostya Serebryany discovered that libxml2 incorrectly handled certain
malformed documents. (CVE-2016-1840)
It was discovered that libxml2 would load certain XML external entities. (CVE-2016-4449)
Gustavo Grieco discovered that libxml2 incorrectly handled certain
malformed documents. (CVE-2016-4483)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libxml2 2.9.3+dfsg1-1ubuntu0.1
Ubuntu 15.10:
libxml2 2.9.2+zdfsg1-4ubuntu0.4
Ubuntu 14.04 LTS:
libxml2 2.9.1+dfsg1-3ubuntu4.8
Ubuntu 12.04 LTS:
libxml2 2.7.8.dfsg-5.1ubuntu4.15
After a standard system update you need to reboot your computer to make
all the necessary changes.
For the stable distribution (jessie), these problems have been fixed in
version 2.9.1+dfsg1-5+deb8u2. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-07-18-2 iOS 9.3.3
iOS 9.3.3 is now available and addresses the following:
Calendar
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted calendar invite may cause a device to
unexpectedly restart
Description: A null pointer dereference was addressed through
improved memory handling.
CVE-2016-4592 : Mikhail
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may disclose image data from
another website
Description: A timing issue existed in the processing of SVG.
CVE-2016-4587 : Apple
WebKit JavaScript Bindings
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to script
execution in the context of a non-HTTP service
Description: A cross-protocol cross-site scripting (XPXSS) issue
existed in Safari when submitting forms to non-HTTP services
compatible with HTTP/0.9. This issue was addressed by disabling
scripts and plugins on resources loaded over HTTP/0.9.
CVE-2016-4651 : Obscure
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-site scripting issue existed in Safari URL
redirection.
CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions,
Inc.
CVE-2016-4584 : Chris Vienneau
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update
2016-004
OS X El Capitan v10.11.6 and Security Update 2016-004 is now
available and addresses the following:
apache_mod_php
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple issues existed in PHP versions prior to
5.5.36. These were addressed by updating PHP to version 5.5.36.
CVE-2016-4650
Audio
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro
Audio
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to determine kernel memory layout
Description: An out-of-bounds read was addressed through improved
input validation.
CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro
Audio
Available for: OS X El Capitan v10.11 and later
Impact: Parsing a maliciously crafted audio file may lead to the
disclosure of user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-4646 : Steven Seeley of Source Incite working with Trend
Micro's Zero Day Initiative
Audio
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to cause a system denial of service
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro
bsdiff
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow existed in bspatch. This issue was
addressed through improved bounds checking.
CVE-2014-9862 : an anonymous researcher
CFNetwork
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to view sensitive user information
Description: A permissions issue existed in the handling of web
browser cookies. This issue was addressed through improved
restrictions.
CVE-2016-4645 : Abhinav Bansal of Zscaler Inc.
CoreGraphics
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com
/vulnerability-reports)
CoreGraphics
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to elevate privileges
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend
Micro's Zero Day Initiative
FaceTime
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
cause a relayed call to continue transmitting audio while appearing
as if the call terminated
Description: User interface inconsistencies existed in the handling
of relayed calls. These issues were addressed through improved
FaceTime display logic.
CVE-2016-4635 : Martin Vigo
Graphics Drivers
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved input validation.
CVE-2016-4634 : Stefan Esser of SektionEins
ImageIO
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to cause a denial of service
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2016-4632 : Evgeny Sidorov of Yandex
ImageIO
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com
/vulnerability-reports)
ImageIO
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com
/vulnerability-reports)
CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com
/vulnerability-reports)
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and later
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4633 : an anonymous researcher
IOHIDFamily
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4626 : Stefan Esser of SektionEins
IOSurface
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A use-after-free was addressed through improved memory
management.
CVE-2016-4625 : Ian Beer of Google Project Zero
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-1863 : Ian Beer of Google Project Zero
CVE-2016-1864 : Ju Zhu of Trend Micro
CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to cause a system denial of service
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab
(@keen_lab), Tencent
libc++abi
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
root privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4621 : an anonymous researcher
libexpat
Available for: OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-0718 : Gustavo Grieco
LibreSSL
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple issues existed in LibreSSL before 2.2.7. These
were addressed by updating LibreSSL to version 2.2.7.
CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand,
Ian Beer of Google Project Zero
CVE-2016-2109 : Brian Carpenter
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: An access issue existed in the parsing of maliciously
crafted XML files. This issue was addressed through improved input
validation.
CVE-2016-4449 : Kostya Serebryany
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Multiple vulnerabilities in libxml2
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-4448 : Apple
CVE-2016-4483 : Gustavo Grieco
CVE-2016-4614 : Nick Wellnhofe
CVE-2016-4615 : Nick Wellnhofer
CVE-2016-4616 : Michael Paddon
CVE-2016-4619 : Hanno Boeck
libxslt
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Multiple vulnerabilities in libxslt
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-1684 : Nicolas GrA(c)goire
CVE-2016-4607 : Nick Wellnhofer
CVE-2016-4608 : Nicolas GrA(c)goire
CVE-2016-4609 : Nick Wellnhofer
CVE-2016-4610 : Nick Wellnhofer
CVE-2016-4612 : Nicolas GrA(c)goire
Login Window
Available for: OS X El Capitan v10.11 and later
Impact: A malicious application may be able to execute arbitrary
code leading to compromise of user information
Description: A memory corruption issue was addressed through
improved input validation.
CVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend
Micro's Zero Day Initiative
Login Window
Available for: OS X El Capitan v10.11 and later
Impact: A malicious application may be able to execute arbitrary
code leading to the compromise of user information
Description: A type confusion issue was addressed through improved
memory handling.
CVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend
Micro's Zero Day Initiative
Login Window
Available for: OS X El Capitan v10.11 and later
Impact: A local user may be able to cause a denial of service
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend
Micro's Zero Day Initiative
Login Window
Available for: OS X El Capitan v10.11 and later
Impact: A malicious application may be able to gain root privileges
Description: A type confusion issue was addressed through improved
memory handling.
CVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend
Micro's Zero Day Initiative
OpenSSL
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8.
CVE-2016-2105 : Guido Vranken
CVE-2016-2106 : Guido Vranken
CVE-2016-2107 : Juraj Somorovsky
CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero
CVE-2016-2109 : Brian Carpenter
CVE-2016-2176 : Guido Vranken
QuickTime
Available for: OS X El Capitan v10.11 and later
Impact: Processing a maliciously crafted FlashPix Bitmap Image may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab
CVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab
CVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab
CVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab
QuickTime
Available for: OS X El Capitan v10.11 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through
improved input validation.
CVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab
QuickTime
Available for: OS X El Capitan v10.11 and later
Impact: Processing a maliciously crafted SGI file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through
improved input validation.
CVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab
QuickTime
Available for: OS X El Capitan v10.11 and later
Impact: Processing a maliciously crafted Photoshop document may lead
to unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved input validation.
CVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab
Safari Login AutoFill
Available for: OS X El Capitan v10.11 and later
Impact: A user's password may be visible on screen
Description: An issue existed in Safari's password auto-fill. This
issue was addressed through improved matching of form fields.
CVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD
Sandbox Profiles
Available for: OS X El Capitan v10.11 and later
Impact: A local application may be able to access the process list
Description: An access issue existed with privileged API calls. This
issue was addressed through additional restrictions.
CVE-2016-4594 : Stefan Esser of SektionEins
Note: OS X El Capitan 10.11.6 includes the security content of Safari
9.1.2. For further details see https://support.apple.com/kb/HT206900
OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y
+cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy
pSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV
xj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u
wevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN
ZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k
ah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk
mmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC
JM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc
55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs
xPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5
YozOGPQFmX0OviWCQsX6
=ng+m
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05194709
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05194709
Version: 1
HPSBGN03628 rev.1 - HPE IceWall Federation Agent using libXML2 library,
Remote Denial of Service (DoS), Unauthorized Modification, Unauthorized
Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2016-07-07
Last Updated: 2016-07-07
Potential Security Impact: Remote Denial of Service (DoS), Unauthorized
Disclosure of Information, Unauthorized Modification
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY
Security vulnerabilities in the libXML2 library could potentially impact HPE
IceWall Federation Agent resulting in Remote Denial of Service (DoS), or
unauthorized modification, or unauthorized disclosure of information.
References:
- CVE-2016-4447: Remote Denial of Service (DoS)
- CVE-2016-4448: Remote unauthorized disclosure of information,
unauthorized modification, Denial of Service (DoS)
- CVE-2016-4449: Remote unauthorized disclosure of information, Denial of
Service (DoS)
- PSRT110164
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- IceWall Federation Agent Version 3.0 (RHEL 6/7) using libXML2
BACKGROUND
CVSS Base Metrics
=================
Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-4447
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-4448
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE-2016-4449
7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
5.8 (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI
d=emr_na-c01345499
RESOLUTION
HPE recommends applying the latest OS vendor security patches for libXML2 to
resolve the vulnerabilities in the libXML2 library.
HISTORY
Version:1 (rev.1) - 7 July 2016 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported
product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners. Description:
This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a
replacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2016-1762,
CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,
CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,
CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)
* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,
CVE-2016-7141)
* This update fixes two flaws in httpd. (CVE-2016-4459,
CVE-2016-8612)
* A buffer overflow flaw when concatenating virtual host names and URIs was
fixed in mod_jk. (CVE-2016-6808)
* A memory leak flaw was fixed in expat. Upstream acknowledges Stephen Henson (OpenSSL development team)
as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),
Hanno BAPck, and David Benjamin (Google) as the original reporters of
CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,
CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj
Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom
(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv
University), and Nadia Heninger (University of Pennsylvania) as the
original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as
the original reporter of CVE-2016-0705.
See the corresponding CVE pages linked to in the References section for
more information about each of the flaws listed in this advisory. Solution:
The References section of this erratum contains a download link (you must
log in to download the update). Before applying the update, back up your
existing Red Hat JBoss Web Server installation (including all applications
and configuration files).
After installing the updated packages, the httpd daemon will be restarted
automatically. JIRA issues fixed (https://issues.jboss.org/):
JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]
JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service
6.
CVE-2016-4594 : Stefan Esser of SektionEins
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About"
| VAR-201605-0412 | CVE-2016-1406 | Cisco Prime Infrastructure and Evolved Programmable Network Manager of API Web In the interface RBAC Vulnerabilities that can be bypassed |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409. Vendors have confirmed this vulnerability Bug ID CSCuy12409 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlCrafted by remotely authenticated users JSON Through the data, RBAC Limitations can be circumvented, important information can be obtained, and as a result, privileges can be obtained.
An attacker can exploit this issue to gain elevated privileges on an affected device.
This issue is being tracked by Cisco Bug ID's CSCuy12409 and CSCuy12511. PI is a set of wireless management solutions through Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS) technologies; EPNM is a set of network management solutions
| VAR-201704-0463 | CVE-2014-8572 | plural Huawei Service disruption in product software (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Huawei AC6605 with software V200R001C00; AC6605 with software V200R002C00; ACU with software V200R001C00; ACU with software V200R002C00; S2300, S3300, S2700, S3700 with software V100R006C05 and earlier versions; S5300, S5700, S6300, S6700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions; S7700, S9300, S9300E, S9700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions could allow remote attackers to send a special SSH packet to the VRP device to cause a denial of service. plural Huawei Product software includes VRP Special to device SSH Packets are sent and service operation is interrupted (DoS) There are vulnerabilities that are put into a state.By a remote attacker, VRP Special to device SSH Packets are sent and service operation is interrupted (DoS) There is a possibility of being put into a state. HuaweiAC6605 is a wireless access controller product from China's Huawei company. A security vulnerability exists in the SSH module of several Huawei products. The vulnerability is caused by the lack of valid verification of a domain in the message content when the program processes the message. This vulnerability could be exploited by an attacker to cause a device service interruption using the VRP platform. The following products and versions are affected: Huawei AC6605 V200R001C00 Version, AC6605 V200R002C00 Version, ACU V200R001C00 Version, V200R002C00 Version, S2300/ S3300/S2700/ S3700 V100R006C05 and previous versions, S5300/ S5700/S6300/ S6700 V100R006 Version, V200R001 Version, V200R002 Version, V200R003, V200R005C00SPC300 and earlier versions, S7700/S9300/S9300E/S9700 V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions
| VAR-201605-0268 | CVE-2016-4782 | Android Run on Lenovo SHAREit Vulnerability in |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack.". Lenovo SHAREit (Eggplant Express) on Android is a set of file sharing software based on the Android platform of China Lenovo (Lenovo). There is a security vulnerability in Lenovo SHAREit versions earlier than 3.5.98_ww based on platforms earlier than Android 4.2
| VAR-201606-0128 | CVE-2016-5232 | Huawei Mate8 Vulnerable to buffer overflow |
CVSS V2: 7.1 CVSS V3: 5.5 Severity: MEDIUM |
Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (system crash) via a crafted app. HuaweiMate8 is a smartphone product from Huawei in China. A buffer overflow vulnerability exists in HuaweiMate8. Huawei Mate8 is prone to a local denial-of-service vulnerability.
A local attacker can exploit this issue to cause a denial-of-service condition. The following versions are affected: Huawei Mate8 before NXT-AL10C00B182, before NXT-CL00C92B182, before NXT-DL00C17B182, before NXT-TL00C01B182
| VAR-201605-0207 | CVE-2016-3680 | Huawei Mate 8 of Wi-Fi Driver Buffer Overflow Vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03020. Huawei Mate 8 of Wi-Fi The driver contains a buffer overflow vulnerability. HuaweiMate8 is a smartphone product from China's Huawei company. A buffer overflow vulnerability exists in HuaweiMate8 that caused the program to fail to perform parameter checking. The vulnerability could be exploited by an attacker to entice a user to install a malicious application to send specific parameters to the Wi-Fi driver, resulting in a system reboot or elevated user rights. Huawei Mate 8 is prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input.
Local attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The following versions are affected: Huawei Mate 8 versions prior to NXT-AL10C00B182, versions prior to NXT-CL00C92B182, versions prior to NXT-DL00C17B182, versions prior to NXT-TL00C01B182
| VAR-201606-0129 | CVE-2016-5233 | Huawei Mate 8 Vulnerability in obtaining information on subscriber signal strength in smartphone software |
CVSS V2: 4.3 CVSS V3: 3.7 Severity: LOW |
Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base stations to obtain sensitive subscriber signal strength information via vectors involving improper security status verification, aka HWPSIRT-2015-12007. HuaweiMate8 is a smartphone product from China's Huawei company. There is a security vulnerability in HuaweiMate8. Huawei Mate 8 is prone to an information-disclosure vulnerability. The following versions are affected: Huawei Mate 8 before NXT-AL10C00B182, before NXT-CL00C92B182, before NXT-DL00C17B182, before NXT-TL00C01B182
| VAR-201605-0208 | CVE-2016-3681 | Huawei Mate 8 Buffer Overflow Vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03021. Huawei Mate 8 of Wi-Fi The driver contains a buffer overflow vulnerability. Vendors have confirmed this vulnerability HWPSIRT-2016-03021 It is released as.Denial of service operations through a specially crafted application by an attacker ( crash ) It may be put into a state or it may be authorized. HuaweiMate8 is a smartphone product from China's Huawei company. A buffer overflow vulnerability exists in HuaweiMate8 that caused the program to fail to perform parameter checking. An attacker could use this vulnerability to spoof a user to install a malicious application to send specific parameters to the Wi-Fi driver, resulting in a system reboot or user privilege escalation. Huawei Mate 8 is prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input.
Local attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The following versions are affected: Huawei Mate 8 versions prior to NXT-AL10C00B182, versions prior to NXT-CL00C92B182, versions prior to NXT-DL00C17B182, versions prior to NXT-TL00C01B182
| VAR-201605-0269 | CVE-2016-4783 | Android Run on Lenovo SHAREit Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS).". Lenovo ShareIT for Android is prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in an unsuspecting user's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Lenovo SHAREit (Eggplant Express) on Android is a set of file sharing software based on the Android platform of China Lenovo (Lenovo)
| VAR-201606-0115 | CVE-2016-3703 | Red Hat OpenShift Enterprise In Web Browser localStorage of API Credential access vulnerability |
CVSS V2: 3.5 CVSS V3: 5.3 Severity: MEDIUM |
Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party access_token Through Web Browser localStorage of API Credentials may be accessed. Red Hat OpenShift is a platform-as-a-service (PaaS) cloud computing platform that builds, tests, deploys, and runs applications. OpenShift Enterprise is an open source private cloud version. Red Hat OpenShift Enterprise is prone to a security-bypass vulnerability.
Successful exploits may allow an attackers to bypass certain intended security restrictions and perform unauthorized actions, which may aid in launching further attacks. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat OpenShift Enterprise 3.2 security update
Advisory ID: RHSA-2016:1094-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2016:1094
Issue date: 2016-05-19
CVE Names: CVE-2016-3703 CVE-2016-3708 CVE-2016-3738
=====================================================================
1. In addition, all images have been rebuilt
on the new RHEL 7.2.4 base image.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2.
Security Fix(es):
* A vulnerability was found in the STI build process in OpenShift
Enterprise. Access to STI builds was not properly restricted, allowing an
attacker to use STI builds to access the Docker socket and escalate their
privileges. (CVE-2016-3703)
* A flaw was found in OpenShift Enterprise when multi-tenant SDN is enabled
and a build is run within a namespace that would normally be isolated from
pods in other namespaces. If an s2i build is run in such an environment the
container being built can access network resources on pods that should not
be available to it.
This update includes the following images:
openshift3/ose:v3.2.0.44-2
openshift3/ose-deployer:v3.2.0.44-2
openshift3/ose-docker-builder:v3.2.0.44-2
openshift3/ose-docker-registry:v3.2.0.44-2
openshift3/ose-f5-router:v3.2.0.44-2
openshift3/ose-haproxy-router:v3.2.0.44-2
openshift3/ose-keepalived-ipfailover:v3.2.0.44-2
openshift3/ose-pod:v3.2.0.44-2
openshift3/ose-recycler:v3.2.0.44-2
openshift3/ose-sti-builder:v3.2.0.44-2
openshift3/jenkins-1-rhel7:1.642-32
openshift3/logging-auth-proxy:3.2.0-4
openshift3/logging-deployment:3.2.0-9
openshift3/logging-elasticsearch:3.2.0-8
openshift3/logging-fluentd:3.2.0-8
openshift3/logging-kibana:3.2.0-4
openshift3/metrics-deployer:3.2.0-6
openshift3/metrics-heapster:3.2.0-6
openshift3/mongodb-24-rhel7:2.4-28
openshift3/mysql-55-rhel7:5.5-26
openshift3/nodejs-010-rhel7:0.10-35
openshift3/node:v3.2.0.44-2
openshift3/openvswitch:v3.2.0.44-2
openshift3/perl-516-rhel7:5.16-38
openshift3/php-55-rhel7:5.5-35
openshift3/postgresql-92-rhel7:9.2-25
openshift3/python-33-rhel7:3.3-35
openshift3/ruby-20-rhel7:2.0-35
aep3_beta/aep:v3.2.0.44-2
aep3_beta/aep-deployer:v3.2.0.44-2
aep3_beta/aep-docker-registry:v3.2.0.44-2
aep3_beta/aep-f5-router:v3.2.0.44-2
aep3_beta/aep-haproxy-router:v3.2.0.44-2
aep3_beta/aep-keepalived-ipfailover:v3.2.0.44-2
aep3_beta/aep-pod:v3.2.0.44-2
aep3_beta/aep-recycler:v3.2.0.44-2
aep3_beta/logging-auth-proxy:3.2.0-4
aep3_beta/logging-deployment:3.2.0-9
aep3_beta/logging-elasticsearch:3.2.0-8
aep3_beta/logging-fluentd:3.2.0-8
aep3_beta/logging-kibana:3.2.0-4
aep3_beta/metrics-deployer:3.2.0-6
aep3_beta/metrics-heapster:3.2.0-6
aep3_beta/node:v3.2.0.44-2
aep3_beta/openvswitch:v3.2.0.44-2
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1306011 - Deployer pods incorrectly using the host entry from openshiftLoopbackKubeconfig
1318974 - Creating pods on OSE with awsElasticBlockStore only assigns devices /dev/xvdb - /dev/xvdp to openshift node
1324996 - JSON message fields are getting overwritten
1329044 - console.dev-preview-int.openshift.com setting of memory limit confusing
1330233 - CVE-2016-3703 OpenShift Enterprise 3: Untrusted content loaded via the API proxy can access web console credentials on the same domain
1330364 - Should update the role name in the prompt on the web console
1331229 - CVE-2016-3708 OpenShiftEnterprise 3: s2i builds implicitly perform docker builds
1333168 - Node.js images crash with DEV_MODE=true
1333461 - CVE-2016-3738 origin: pod update allows docker socket access via build-pod
6. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-3703
https://access.redhat.com/security/cve/CVE-2016-3708
https://access.redhat.com/security/cve/CVE-2016-3738
https://access.redhat.com/security/updates/classification/#important
8.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXPkiKXlSAg2UNWIIRAsa4AKDBVV9n5rX0BrQhspq/Kd1wNoTr8wCguVmp
9WTmxUn/XuRDJFzqxtZpCVI=
=n+fK
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201605-0271 | CVE-2016-4785 | Siemens SIPROTEC 4 and SIPROTEC Compact Run on device EN100 Ethernet Vulnerability in module where important information is obtained |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain a limited amount of device memory content if network access was obtained. This vulnerability only affects EN100 Ethernet module included in SIPROTEC4 and SIPROTEC Compact devices. SiemensSIPROTEC4 is a multi-function relay series; SIPROTECCompact is a microcomputer protection device. An information disclosure vulnerability exists in the integrated web server of SIPROTEC4 and SIPROTECCompact. EN100 Ethernet Modules for Reyrolle is prone to the following security vulnerabilities: :
1. Multiple information-disclosure vulnerabilities
2. A denial-of-service vulnerability
3. Multiple authentication-bypass vulnerabilities
An attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions actions, gain unauthorized access, or bypass certain security restrictions and cause a denial-of-service condition. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface. EN100 is one of the multi-format encoder modules
| VAR-201605-0351 | CVE-2016-4505 | Resource Data Management Intuitive 650 TDB Controller Device arbitrary password change vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors. ResourceDataManagementIntuitive650TDBController is a network communication connection device. The ResourceDataManagementIntuitive650TDBController has a security vulnerability that allows a remote attacker to exploit the vulnerability to change the passwords of other users and increase privileges. A privilege-escalation vulnerability
2. A cross-site request-forgery vulnerability
An attacker can exploit these issues to gain elevated privileges on the affected device or to perform unauthorized actions in the context of the affected application
| VAR-201605-0352 | CVE-2016-4506 | Resource Data Management Intuitive 650 TDB Controller Cross-Site Request Forgery Vulnerability |
CVSS V2: 6.0 CVSS V3: 8.0 Severity: HIGH |
Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users. ResourceDataManagementIntuitive650TDBController is a network communication connection device. A privilege-escalation vulnerability
2. A cross-site request-forgery vulnerability
An attacker can exploit these issues to gain elevated privileges on the affected device or to perform unauthorized actions in the context of the affected application
| VAR-201606-0194 | CVE-2016-1211 | Epoch Web Mailing List Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.31 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Web Mailing List provided by Epoch Ltd. contains a cross-site scripting vulnerability (CWE-79). Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the logged in user's web browser. EpochWebMailingList is a set of network contacts from Japan Epoch.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks