ID

VAR-201207-0370

CVE

CVE-2012-1148

TITLE

Expat library Memory leak vulnerability

DESCRIPTION

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. The Expat library is prone to multiple denial-of-service vulnerabilities because it fails to properly handle crafted XML data. Exploiting these issues allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable XML parsing library. Expat versions prior to 2.1.0 are vulnerable. Expat is a C language-based XML parser library developed by American software developer Jim Clark, which uses a stream-oriented parser. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008 OS X El Capitan 10.11.2 and Security Update 2015-008 is now available and addresses the following: apache_mod_php Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.29, the most serious of which may have led to remote code execution. These were addressed by updating PHP to version 5.5.30. CVE-ID CVE-2015-7803 CVE-2015-7804 AppSandbox Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may maintain access to Contacts after having access revoked Description: An issue existed in the sandbox's handling of hard links. This issue was addressed through improved hardening of the app sandbox. CVE-ID CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt Bluetooth Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the Bluetooth HCI interface. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7108 : Ian Beer of Google Project Zero CFNetwork HTTPProtocol Available for: OS X El Capitan v10.11 and v10.11.1 Impact: An attacker with a privileged network position may be able to bypass HSTS Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and Muneaki Nishimura (nishimunea) Compression Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An uninitialized memory access issue existed in zlib. This issue was addressed through improved memory initialization and additional validation of zlib streams. CVE-ID CVE-2015-7054 : j00ru Configuration Profiles Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local attacker may be able to install a configuration profile without admin privileges Description: An issue existed when installing configuration profiles. This issue was addressed through improved authorization checks. CVE-ID CVE-2015-7062 : David Mulder of Dell Software CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team CoreMedia Playback Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of malformed media files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7074 : Apple CVE-2015-7075 Disk Images Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7110 : Ian Beer of Google Project Zero EFI Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed in the kernel loader. This was addressed through improved environment sanitization. CVE-ID CVE-2015-7063 : Apple File Bookmark Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A path validation issue existed in app scoped bookmarks. This was addressed through improved environment sanitization. CVE-ID CVE-2015-7071 : Apple Hypervisor Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A use after free issue existed in the handling of VM objects. This issue was addressed through improved memory management. CVE-ID CVE-2015-7078 : Ian Beer of Google Project Zero iBooks Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: An XML external entity reference issue existed with iBook parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard) ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in ImageIO. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7053 : Apple Intel Graphics Driver Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A null pointer dereference issue was addressed through improved input validation. CVE-ID CVE-2015-7076 : Juwei Lin of TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D Intel Graphics Driver Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the Intel Graphics Driver. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7106 : Ian Beer of Google Project Zero, Juwei Lin of TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D Intel Graphics Driver Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the Intel Graphics Driver. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7077 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7109 : Juwei Lin of TrendMicro IOHIDFamily Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily API. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7111 : beist and ABH of BoB CVE-2015-7112 : Ian Beer of Google Project Zero IOKit SCSI Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference existed in the handling of a certain userclient type. This issue was addressed through improved validation. CVE-ID CVE-2015-7068 : Ian Beer of Google Project Zero IOThunderboltFamily Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference existed in IOThunderboltFamily's handling of certain userclient types. This issue was addressed through improved validation of IOThunderboltFamily contexts. CVE-ID CVE-2015-7067 : Juwei Lin of TrendMicro Kernel Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local application may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-ID CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7043 : Tarjei Mandt (@kernelpool) Kernel Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7083 : Ian Beer of Google Project Zero CVE-2015-7084 : Ian Beer of Google Project Zero Kernel Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: An issue existed in the parsing of mach messages. This issue was addressed through improved validation of mach messages. CVE-ID CVE-2015-7047 : Ian Beer of Google Project Zero kext tools Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A validation issue existed during the loading of kernel extensions. This issue was addressed through additional verification. CVE-ID CVE-2015-7052 : Apple Keychain Access Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to masquerade as the Keychain Server. Description: An issue existed in how Keychain Access interacted with Keychain Agent. This issue was resolved by removing legacy functionality. CVE-ID CVE-2015-7045 : Luyi Xing and XiaoFeng Wang of Indiana University Bloomington, Xiaolong Bai of Indiana University Bloomington and Tsinghua University, Tongxin Li of Peking University, Kai Chen of Indiana University Bloomington and Institute of Information Engineering, Xiaojing Liao of Georgia Institute of Technology, Shi- Min Hu of Tsinghua University, and Xinhui Han of Peking University libarchive Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of archives. This issue was addressed through improved memory handling. CVE-ID CVE-2011-2895 : @practicalswift libc Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: Multiple buffer overflows existed in the C standard library. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7038 CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM) libexpat Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Multiple vulnerabilities in expat Description: Multiple vulnerabilities existed in expat version prior to 2.1.0. CVE-ID CVE-2012-0876 : Vincent Danen CVE-2012-1147 : Kurt Seifried CVE-2012-1148 : Kurt Seifried libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in the parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological University OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in OpenGL. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7064 : Apple CVE-2015-7065 : Apple CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks OpenLDAP Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A remote unauthenticated client may be able to cause a denial of service Description: An input validation issue existed in OpenLDAP. This issue was addressed through improved input validation. CVE-ID CVE-2015-6908 OpenSSH Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 CVE-2015-5334 QuickLook Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7107 Sandbox Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application with root privileges may be able to bypass kernel address space layout randomization Description: An insufficient privilege separation issue existed in xnu. This issue was addressed by improved authorization checks. CVE-ID CVE-2015-7046 : Apple Security Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling SSL handshakes. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7073 : Benoit Foucher of ZeroC, Inc. Security Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the ASN.1 decoder. These issues were addressed through improved input validation CVE-ID CVE-2015-7059 : David Keeler of Mozilla CVE-2015-7060 : Tyson Smith of Mozilla CVE-2015-7061 : Ryan Sleevi of Google Security Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may gain access to a user's Keychain items Description: An issue existed in the validation of access control lists for keychain items. This issue was addressed through improved access control list checks. CVE-ID CVE-2015-7058 System Integrity Protection Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application with root privileges may be able to execute arbitrary code with system privileges Description: A privilege issue existed in handling union mounts. This issue was addressed by improved authorization checks. CVE-ID CVE-2015-7044 : MacDefender Installation note: Security Update 2015-008 is recommended for all users and improves the security of OS X. After installing this update, the QuickTime 7 web browser plug-in will no longer be enabled by default. Learn what to do if you still need this legacy plug-in. https://support.apple.com/en-us/HT205081 OS X El Capitan v10.11.2 includes the security content of Safari 9.0.2: https://support.apple.com/en-us/HT205639 OS X El Capitan 10.11.2 and Security Update 2015-008 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWZzzVAAoJEBcWfLTuOo7tQsMQAIBHD6EQQmEBqEqNqszdNS4j PE0wrKpgJUe79i5bUVXF3e8bK41+QGQzouceIaKK/r0aizEmUFbgvKG0BFCYacjn +XiDt0V4Itnf2VVvcjodEjVM8Os1BVl0G4tsrXfqJNJ8UmzqQfSFZZ0l+/yQW0rQ jtGYuBIezeWJ/2aA2l5qC89KgiWjmN9YzwpBUx3+02maWIJaKKIvUZy4b7xbQ4fz 0AKMHHh8u/xoPjAIpgXEpYuXM9XILabXkex3m5fp5roBipyimto/OomSsv/CuM5g OjMLz1ZL/dPf7yGaxSD+cTfdKJStTsm89VRWuE9MfAgWdFqjH8CpM9CT4nxX1Q8s Ima2Vk7R+VbyOJksB2fygBtfqBmIjX+fwm52WxhW0B5HabfKMbPjoBKLGIcPsH36 Num/gxdQ+0eswLLUzzorq3Qm2ptxoY6t/ceRAm0HE497+1+YVAKETwTbQTaBZqlB BhDfxk85wYfi7uuKJUH5NPP6j7sXrkJvMAuPJOXcY0QLhyxb96oD6yWaYGWjOGEY Z9zphs8o57l6YW1DWjvVNbZOon05bjIrepzkq6F9Q3TzCGTRgYL5BEAlgaREIZVx rfmFZHP3xM60SIHRKPiiADXo4dg6TvDJ6h8n+L/6OTdylxUf6bxQdoO5cmBhny1T gvIdn3N1k8hWpmYDjxZd =Yi/n -----END PGP SIGNATURE----- . Content-Disposition: inline ============================================================================ Ubuntu Security Notice USN-1527-2 September 10, 2012 xmlrpc-c vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: XML-RPC for C and C++ could be made to cause a denial of service by consuming excessive CPU and memory resources. This update provides the corresponding updates for XML-RPC for C and C++. Both issues described in the original advisory affected XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04, 11.10 and 12.04 LTS. Original advisory details: It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libxmlrpc-core-c3 1.16.33-3.1ubuntu5.1 Ubuntu 11.10: libxmlrpc-core-c3-0 1.16.32-0ubuntu4.1 Ubuntu 11.04: libxmlrpc-core-c3-0 1.16.32-0ubuntu3.1 Ubuntu 10.04 LTS: libxmlrpc-core-c3 1.06.27-1ubuntu7.1 After a standard system upgrade you need to restart any applications linked against XML-RPC for C and C++ to effect the necessary changes. For the stable distribution (squeeze), this problem has been fixed in version 2.0.1-7+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 2.1.0~beta3-1. For the unstable distribution (sid), this problem has been fixed in version 2.1.0~beta3-1. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 210b60280a0baf8e08634e0ea6a3bab9 2010.1/i586/expat-2.0.1-12.1mdv2010.2.i586.rpm 0b657867100b109cbf90a05d2262bec7 2010.1/i586/libexpat1-2.0.1-12.1mdv2010.2.i586.rpm 0bd180a7b4f4d93df5b74f66e2c85e74 2010.1/i586/libexpat1-devel-2.0.1-12.1mdv2010.2.i586.rpm 9f063d0589f638e047de6a5266e6ac84 2010.1/SRPMS/expat-2.0.1-12.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: ced30873d989d1511e828037b4f68d4d 2010.1/x86_64/expat-2.0.1-12.1mdv2010.2.x86_64.rpm ebd7d687082377e65c818f8ba780b66d 2010.1/x86_64/lib64expat1-2.0.1-12.1mdv2010.2.x86_64.rpm fd8bef44ccdadeaf14966b44733883fe 2010.1/x86_64/lib64expat1-devel-2.0.1-12.1mdv2010.2.x86_64.rpm 9f063d0589f638e047de6a5266e6ac84 2010.1/SRPMS/expat-2.0.1-12.1mdv2010.2.src.rpm Mandriva Linux 2011: 6c8bdc44eed2cebf483d4041d57f5eea 2011/i586/expat-2.0.1-15.1-mdv2011.0.i586.rpm 8211eeb028a563dcbedda7d1726035bb 2011/i586/libexpat1-2.0.1-15.1-mdv2011.0.i586.rpm c6c9685891ae405ff6181b6899ee10ce 2011/i586/libexpat-devel-2.0.1-15.1-mdv2011.0.i586.rpm 7afd883dae4a17201128de1485cf949c 2011/i586/libexpat-static-devel-2.0.1-15.1-mdv2011.0.i586.rpm 4be73538c443ced014373c7e364daac5 2011/SRPMS/expat-2.0.1-15.1.src.rpm Mandriva Linux 2011/X86_64: 7e84ec2183f6ba903779b00f914e3813 2011/x86_64/expat-2.0.1-15.1-mdv2011.0.x86_64.rpm d7c0853983ce8d2dc2b0b9740924acd7 2011/x86_64/lib64expat1-2.0.1-15.1-mdv2011.0.x86_64.rpm ecca4f586885b53d2a0ca39a8985f561 2011/x86_64/lib64expat-devel-2.0.1-15.1-mdv2011.0.x86_64.rpm f87f9aecd51f1f20508dc6f6ad5f02e6 2011/x86_64/lib64expat-static-devel-2.0.1-15.1-mdv2011.0.x86_64.rpm 4be73538c443ced014373c7e364daac5 2011/SRPMS/expat-2.0.1-15.1.src.rpm Mandriva Enterprise Server 5: 9618c2dceec06fcb04655e2adb9f8d9d mes5/i586/expat-2.0.1-7.4mdvmes5.2.i586.rpm a0b4d2e3b545f6d63cef9476da3cc72f mes5/i586/libexpat1-2.0.1-7.4mdvmes5.2.i586.rpm 95ec804d1758d0a7628abd42bf3e54e5 mes5/i586/libexpat1-devel-2.0.1-7.4mdvmes5.2.i586.rpm 01271afe453d63599a6951f7dbc83197 mes5/SRPMS/expat-2.0.1-7.4mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 4781b62e289cae964e8a7c540d2387c9 mes5/x86_64/expat-2.0.1-7.4mdvmes5.2.x86_64.rpm aee65480dd6cc31f957c3b17771babf6 mes5/x86_64/lib64expat1-2.0.1-7.4mdvmes5.2.x86_64.rpm ddbc81b65a6969e17900bbbc842cc8e4 mes5/x86_64/lib64expat1-devel-2.0.1-7.4mdvmes5.2.x86_64.rpm 01271afe453d63599a6951f7dbc83197 mes5/SRPMS/expat-2.0.1-7.4mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release Advisory ID: RHSA-2016:2957-01 Product: Red Hat JBoss Core Services Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2957.html Issue date: 2016-12-15 CVE Names: CVE-2012-1148 CVE-2014-3523 CVE-2014-8176 CVE-2015-0209 CVE-2015-0286 CVE-2015-3185 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3216 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0799 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2177 CVE-2016-2178 CVE-2016-2842 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 CVE-2016-4459 CVE-2016-4483 CVE-2016-5419 CVE-2016-5420 CVE-2016-6808 CVE-2016-7141 CVE-2016-8612 ===================================================================== 1. Summary: Red Hat JBoss Core Services httpd 2.4.23 is now available from the Red Hat Customer Portal for Solaris and Microsoft Windows systems. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. Security Fix(es): * This update fixes several flaws in OpenSSL. (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842) * This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483) * This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141) * This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185) * This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612) * A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808) * A memory leak flaw was fixed in expat. (CVE-2012-1148) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842. The CVE-2016-4459 issue was discovered by Robert Bost (Red Hat). Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705. See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). After installing the updated packages, the httpd daemon will be restarted automatically. 4. Bugs fixed (https://bugzilla.redhat.com/): 801648 - CVE-2012-1148 expat: Memory leak in poolGrow 1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service 1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import 1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp() 1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression 1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation 1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file 1332820 - CVE-2016-4483 libxml2: out-of-bounds read 1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar 1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName 1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs 1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral 1338700 - CVE-2016-4448 libxml2: Format string vulnerability 1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content 1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey 1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString 1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal 1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup 1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat 1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass 1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert 1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates 1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI 1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error 5. JIRA issues fixed (https://issues.jboss.org/): JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service 6. References: https://access.redhat.com/security/cve/CVE-2012-1148 https://access.redhat.com/security/cve/CVE-2014-3523 https://access.redhat.com/security/cve/CVE-2014-8176 https://access.redhat.com/security/cve/CVE-2015-0209 https://access.redhat.com/security/cve/CVE-2015-0286 https://access.redhat.com/security/cve/CVE-2015-3185 https://access.redhat.com/security/cve/CVE-2015-3194 https://access.redhat.com/security/cve/CVE-2015-3195 https://access.redhat.com/security/cve/CVE-2015-3196 https://access.redhat.com/security/cve/CVE-2015-3216 https://access.redhat.com/security/cve/CVE-2016-0702 https://access.redhat.com/security/cve/CVE-2016-0705 https://access.redhat.com/security/cve/CVE-2016-0797 https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-1762 https://access.redhat.com/security/cve/CVE-2016-1833 https://access.redhat.com/security/cve/CVE-2016-1834 https://access.redhat.com/security/cve/CVE-2016-1835 https://access.redhat.com/security/cve/CVE-2016-1836 https://access.redhat.com/security/cve/CVE-2016-1837 https://access.redhat.com/security/cve/CVE-2016-1838 https://access.redhat.com/security/cve/CVE-2016-1839 https://access.redhat.com/security/cve/CVE-2016-1840 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/cve/CVE-2016-3627 https://access.redhat.com/security/cve/CVE-2016-3705 https://access.redhat.com/security/cve/CVE-2016-4447 https://access.redhat.com/security/cve/CVE-2016-4448 https://access.redhat.com/security/cve/CVE-2016-4449 https://access.redhat.com/security/cve/CVE-2016-4459 https://access.redhat.com/security/cve/CVE-2016-4483 https://access.redhat.com/security/cve/CVE-2016-5419 https://access.redhat.com/security/cve/CVE-2016-5420 https://access.redhat.com/security/cve/CVE-2016-6808 https://access.redhat.com/security/cve/CVE-2016-7141 https://access.redhat.com/security/cve/CVE-2016-8612 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=distributions&version=2.4.23 https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYUxXtXlSAg2UNWIIRAm8yAKCDdIPhumydPcD3R7BVWXFnyHP/ZwCeJtAh OqjNSGx5/peirmVPrdVKUYE= =TZLU -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

The vendor reported these issues.

SOURCES

LAST UPDATE DATE

2026-02-05T14:08:18.720000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE