ID

VAR-201208-0344

CVE

CVE-2012-2871

TITLE

Google Chrome Security hole

DESCRIPTION

libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, execute arbitrary script code in the browser of an unsuspecting user or steal cookie-based authentication credentials; other attacks are also possible. Versions prior to Chrome 21.0.1180.89 are vulnerable. An attacker with a privileged network position may inject arbitrary contents. This issue was addressed by using an encrypted HTTPS connection to retrieve tutorials. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libxslt security update Advisory ID: RHSA-2012:1265-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1265.html Issue date: 2012-09-13 CVE Names: CVE-2011-1202 CVE-2011-3970 CVE-2012-2825 CVE-2012-2870 CVE-2012-2871 ===================================================================== 1. Summary: Updated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202) All libxslt users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libxslt must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 684386 - CVE-2011-1202 libxslt: Heap address leak in XLST 788826 - CVE-2011-3970 libxslt: Out-of-bounds read when parsing certain patterns 835982 - CVE-2012-2825 libxslt: DoS when reading unexpected DTD nodes in XSLT 852935 - CVE-2012-2871 libxslt: Heap-buffer overflow caused by bad cast in XSL transforms 852937 - CVE-2012-2870 libxslt: Use-after-free when processing an invalid XPath expression 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxslt-1.1.17-4.el5_8.3.src.rpm i386: libxslt-1.1.17-4.el5_8.3.i386.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-python-1.1.17-4.el5_8.3.i386.rpm x86_64: libxslt-1.1.17-4.el5_8.3.i386.rpm libxslt-1.1.17-4.el5_8.3.x86_64.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.x86_64.rpm libxslt-python-1.1.17-4.el5_8.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxslt-1.1.17-4.el5_8.3.src.rpm i386: libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-devel-1.1.17-4.el5_8.3.i386.rpm x86_64: libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.x86_64.rpm libxslt-devel-1.1.17-4.el5_8.3.i386.rpm libxslt-devel-1.1.17-4.el5_8.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libxslt-1.1.17-4.el5_8.3.src.rpm i386: libxslt-1.1.17-4.el5_8.3.i386.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-devel-1.1.17-4.el5_8.3.i386.rpm libxslt-python-1.1.17-4.el5_8.3.i386.rpm ia64: libxslt-1.1.17-4.el5_8.3.i386.rpm libxslt-1.1.17-4.el5_8.3.ia64.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.ia64.rpm libxslt-devel-1.1.17-4.el5_8.3.ia64.rpm libxslt-python-1.1.17-4.el5_8.3.ia64.rpm ppc: libxslt-1.1.17-4.el5_8.3.ppc.rpm libxslt-1.1.17-4.el5_8.3.ppc64.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.ppc.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.ppc64.rpm libxslt-devel-1.1.17-4.el5_8.3.ppc.rpm libxslt-devel-1.1.17-4.el5_8.3.ppc64.rpm libxslt-python-1.1.17-4.el5_8.3.ppc.rpm s390x: libxslt-1.1.17-4.el5_8.3.s390.rpm libxslt-1.1.17-4.el5_8.3.s390x.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.s390.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.s390x.rpm libxslt-devel-1.1.17-4.el5_8.3.s390.rpm libxslt-devel-1.1.17-4.el5_8.3.s390x.rpm libxslt-python-1.1.17-4.el5_8.3.s390x.rpm x86_64: libxslt-1.1.17-4.el5_8.3.i386.rpm libxslt-1.1.17-4.el5_8.3.x86_64.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.x86_64.rpm libxslt-devel-1.1.17-4.el5_8.3.i386.rpm libxslt-devel-1.1.17-4.el5_8.3.x86_64.rpm libxslt-python-1.1.17-4.el5_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm i386: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm x86_64: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-1.1.26-2.el6_3.1.x86_64.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm i386: libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm libxslt-python-1.1.26-2.el6_3.1.i686.rpm x86_64: libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm x86_64: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-1.1.26-2.el6_3.1.x86_64.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm x86_64: libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm i386: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm ppc64: libxslt-1.1.26-2.el6_3.1.ppc.rpm libxslt-1.1.26-2.el6_3.1.ppc64.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.ppc.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.ppc64.rpm libxslt-devel-1.1.26-2.el6_3.1.ppc.rpm libxslt-devel-1.1.26-2.el6_3.1.ppc64.rpm s390x: libxslt-1.1.26-2.el6_3.1.s390.rpm libxslt-1.1.26-2.el6_3.1.s390x.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.s390.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.s390x.rpm libxslt-devel-1.1.26-2.el6_3.1.s390.rpm libxslt-devel-1.1.26-2.el6_3.1.s390x.rpm x86_64: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-1.1.26-2.el6_3.1.x86_64.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm i386: libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-python-1.1.26-2.el6_3.1.i686.rpm ppc64: libxslt-debuginfo-1.1.26-2.el6_3.1.ppc64.rpm libxslt-python-1.1.26-2.el6_3.1.ppc64.rpm s390x: libxslt-debuginfo-1.1.26-2.el6_3.1.s390x.rpm libxslt-python-1.1.26-2.el6_3.1.s390x.rpm x86_64: libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm i386: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm x86_64: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-1.1.26-2.el6_3.1.x86_64.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm i386: libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-python-1.1.26-2.el6_3.1.i686.rpm x86_64: libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1202.html https://www.redhat.com/security/data/cve/CVE-2011-3970.html https://www.redhat.com/security/data/cve/CVE-2012-2825.html https://www.redhat.com/security/data/cve/CVE-2012-2870.html https://www.redhat.com/security/data/cve/CVE-2012-2871.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQUh7JXlSAg2UNWIIRAsJmAJ9pVP2vkhEuIh3hhi9lyVfa/cnCmwCgtTiS bhFgk6Ez9OXi3ibu0HSzdxg= =c8UZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-1595-1 October 04, 2012 libxslt vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Applications using libxslt could be made to crash or run programs as your login if they processed a specially crafted file. Software Description: - libxslt: XSLT processing library Details: Chris Evans discovered that libxslt incorrectly handled generate-id XPath functions. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could obtain potentially sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2011-1202) It was discovered that libxslt incorrectly parsed certain patterns. (CVE-2011-3970) Nicholas Gregoire discovered that libxslt incorrectly handled unexpected DTD nodes. (CVE-2012-2825) Nicholas Gregoire discovered that libxslt incorrectly managed memory. (CVE-2012-2870) Nicholas Gregoire discovered that libxslt incorrectly handled certain transforms. (CVE-2012-2871) Cris Neckar discovered that libxslt incorrectly managed memory. (CVE-2012-2893) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libxslt1.1 1.1.26-8ubuntu1.2 Ubuntu 11.10: libxslt1.1 1.1.26-7ubuntu0.1 Ubuntu 11.04: libxslt1.1 1.1.26-6ubuntu0.1 Ubuntu 10.04 LTS: libxslt1.1 1.1.26-1ubuntu1.1 Ubuntu 8.04 LTS: libxslt1.1 1.1.22-1ubuntu1.3 In general, a standard system update will make all the necessary changes. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2893 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 6dd46f422fb2826ec50a583deff25ea2 mbs1/x86_64/lib64xslt1-1.1.26-6.20120127.2.mbs1.x86_64.rpm 97dbebeb234859c9fb70b42221d0e01c mbs1/x86_64/lib64xslt-devel-1.1.26-6.20120127.2.mbs1.x86_64.rpm d89b5da4a9297a89975734dd7642200b mbs1/x86_64/python-libxslt-1.1.26-6.20120127.2.mbs1.x86_64.rpm 9f73eb409a80608836f86a2c3e2d3be9 mbs1/x86_64/xsltproc-1.1.26-6.20120127.2.mbs1.x86_64.rpm 95136df2e944a787dc25d07a364f2729 mbs1/SRPMS/libxslt-1.1.26-6.20120127.2.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. Background ========== libxml2 is the XML C parser and toolkit developed for the Gnome project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxml2 < 2.9.1-r1 >= 2.9.1-r1 Description =========== Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.1-r1" References ========== [ 1 ] CVE-2012-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2871 [ 2 ] CVE-2012-5134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5134 [ 3 ] CVE-2013-0338 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338 [ 4 ] CVE-2013-1664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664 [ 5 ] CVE-2013-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969 [ 6 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201311-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-20-1 Apple TV 6.0 Apple TV 6.0 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1025 : Felix Groebert of the Google Security Team Apple TV Available for: Apple TV 2nd generation and later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Sorenson encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update added the involved sub-CA certificate to OS X's list of untrusted certificates. CVE-ID CVE-2013-5134 Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker who has arbitrary code execution on a device may be able to persist code execution across reboots Description: Multiple buffer overflows existed in dyld's openSharedCacheFile() function. These issues were addressed through improved bounds checking. CVE-ID CVE-2013-3950 : Stefan Esser Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1026 : Felix Groebert of the Google Security Team Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious local application could cause an unexpected system termination Description: A null pointer dereference existed in IOCatalogue. The issue was addressed through additional type checking. CVE-ID CVE-2013-5138 : Will Estes Apple TV Available for: Apple TV 2nd generation and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: An out of bounds array access existed in the IOSerialFamily driver. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-5139 : @dent1zt Apple TV Available for: Apple TV 2nd generation and later Impact: A remote attacker can cause a device to unexpectedly restart Description: Sending an invalid packet fragment to a device can cause a kernel assert to trigger, leading to a device restart. The issue was addressed through additional validation of packet fragments. CVE-ID CVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous researcher working with CERT-FI, Antti LevomAki and Lauri Virtanen of Vulnerability Analysis Group, Stonesoft Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker on a local network can cause a denial of service Description: An attacker on a local network can send specially crafted IPv6 ICMP packets and cause high CPU load. The issue was addressed by rate limiting ICMP packets before verifying their checksum. CVE-ID CVE-2011-2391 : Marc Heuse Apple TV Available for: Apple TV 2nd generation and later Impact: Kernel stack memory may be disclosed to local users Description: An information disclosure issue existed in the msgctl and segctl APIs. This issue was addressed by initializing data structures returned from the kernel. CVE-ID CVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc Apple TV Available for: Apple TV 2nd generation and later Impact: Unprivileged processes could get access to the contents of kernel memory which could lead to privilege escalation Description: An information disclosure issue existed in the mach_port_space_info API. This issue was addressed by initializing the iin_collision field in structures returned from the kernel. CVE-ID CVE-2013-3953 : Stefan Esser Apple TV Available for: Apple TV 2nd generation and later Impact: Unprivileged processes may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A memory corruption issue existed in the handling of arguments to the posix_spawn API. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-3954 : Stefan Esser Apple TV Available for: Apple TV 2nd generation and later Impact: An unauthorized process may modify the set of loaded kernel extensions Description: An issue existed in kextd's handling of IPC messages from unauthenticated senders. This issue was addressed by adding additional authorization checks. CVE-ID CVE-2013-5145 : "Rainbow PRISM" Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0. CVE-ID CVE-2011-3102 : Juri Aedla CVE-2012-0841 CVE-2012-2807 : Juri Aedla CVE-2012-5134 : Google Chrome Security Team (Juri Aedla) Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28. CVE-ID CVE-2012-2825 : Nicolas Gregoire CVE-2012-2870 : Nicolas Gregoire CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas Gregoire Apple TV Available for: Apple TV 2nd generation and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-0879 : Atte Kettunen of OUSPG CVE-2013-0991 : Jay Civelli of the Chromium development community CVE-2013-0992 : Google Chrome Security Team (Martin Barbella) CVE-2013-0993 : Google Chrome Security Team (Inferno) CVE-2013-0994 : David German of Google CVE-2013-0995 : Google Chrome Security Team (Inferno) CVE-2013-0996 : Google Chrome Security Team (Inferno) CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative CVE-2013-0998 : pa_kt working with HP's Zero Day Initiative CVE-2013-0999 : pa_kt working with HP's Zero Day Initiative CVE-2013-1000 : Fermin J. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About"

AFFECTED PRODUCTS