ID

VAR-201505-0337


CVE

CVE-2014-8146


TITLE

ICU Project ICU4C library contains multiple overflow vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#602540

DESCRIPTION

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. ICU Project ICU4C library, versions 52 through 54, contains a heap-based buffer overflow and an integer overflow. There is a security vulnerability in the 'resolveImplicitLevels' function in the common/ubidi.c file of the Unicode Bidirectional Algorithm implementation in the ICU4C version prior to ICU 55.1. The vulnerability stems from the fact that the program does not properly orientate and track isolated text fragments. ============================================================================ Ubuntu Security Notice USN-2605-1 May 11, 2015 icu vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.10 - Ubuntu 14.04 LTS Summary: ICU could be made to crash or run programs as your login if it processed specially crafted data. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: libicu52 52.1-8ubuntu0.1 Ubuntu 14.10: libicu52 52.1-6ubuntu0.3 Ubuntu 14.04 LTS: libicu52 52.1-3ubuntu0.3 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2605-1 CVE-2014-8146, CVE-2014-8147 Package Information: https://launchpad.net/ubuntu/+source/icu/52.1-8ubuntu0.1 https://launchpad.net/ubuntu/+source/icu/52.1-6ubuntu0.3 https://launchpad.net/ubuntu/+source/icu/52.1-3ubuntu0.3 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3323-1 security@debian.org https://www.debian.org/security/ Laszlo Boszormenyi August 01, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icu CVE ID : CVE-2014-6585 CVE-2014-8146 CVE-2014-8147 CVE-2015-4760 Debian Bug : 778511 784773 Several vulnerabilities were discovered in the International Components for Unicode (ICU) library. CVE-2015-4760 The Layout Engine was missing multiple boundary checks. These could lead to buffer overflows and memory corruption. Additionally, it was discovered that the patch applied to ICU in DSA-3187-1 for CVE-2014-6585 was incomplete, possibly leading to an invalid memory access. This could allow remote attackers to disclose portion of private memory via crafted font files. For the oldstable distribution (wheezy), these problems have been fixed in version 4.8.1.1-12+deb7u3. For the stable distribution (jessie), these problems have been fixed in version 52.1-8+deb8u2. For the testing distribution (stretch), these problems have been fixed in version 52.1-10. For the unstable distribution (sid), these problems have been fixed in version 52.1-10. We recommend that you upgrade your icu packages. CVE-ID CVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore EFI Available for: Mac OS X v10.6.8 and later Impact: A malicious Apple Ethernet Thunderbolt adapter may be able to affect firmware flashing Description: Apple Ethernet Thunderbolt adapters could modify the host firmware if connected during an EFI update. CVE-ID CVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare Finder Available for: Mac OS X v10.6.8 and later Impact: The "Secure Empty Trash" feature may not securely delete files placed in the Trash Description: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. CVE-ID CVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. The issue is addressed by no longer offering Mail Drop when sending an encrypted e-mail. CVE-ID CVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron, Eric E. Lawrence, Apple Security Available for: Mac OS X v10.6.8 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. CVE-ID CVE-2015-5894 : Hannes Oud of kWallet GmbH Security Available for: Mac OS X v10.6.8 and later Impact: A remote server may prompt for a certificate before identifying itself Description: Secure Transport accepted the CertificateRequest message before the ServerKeyExchange message. CVE-ID CVE-2015-3785 : Dan Bastone of Gotham Digital Science Terminal Available for: Mac OS X v10.6.8 and later Impact: Maliciously crafted text could mislead the user in Terminal Description: Terminal did not handle bidirectional override characters in the same way when displaying text and when selecting text. CVE-ID CVE-2015-5854 : Jonas Magazinius of Assured AB Note: OS X El Capitan 10.11 includes the security content of Safari 9: https://support.apple.com/kb/HT205265. CVE-ID CVE-2015-5522 : Fernando Munoz of NULLGroup.com CVE-2015-5523 : Fernando Munoz of NULLGroup.com Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-16-1 iOS 9 iOS 9 is now available and addresses the following: Apple Pay Available for: iPhone 6, iPad mini 3, and iPad Air 2 Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: The transaction log functionality was enabled in certain configurations. This issue was addressed by removing the transaction log functionality. CVE-ID CVE-2015-5916 AppleKeyStore Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to reset failed passcode attempts with an iOS backup Description: An issue existed in resetting failed passcode attempts with a backup of the iOS device. This was addressed through improved passcode failure logic. CVE-ID CVE-2015-5850 : an anonymous researcher Application Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Clicking a malicious ITMS link may lead to a denial of service in an enterprise-signed application Description: An issue existed with installation through ITMS links. This was addressed through additional installation verification. CVE-ID CVE-2015-5856 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of FireEye, Inc. Audio Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A memory corruption issue existed in the handling of audio files. This issue issue was addressed through improved memory handling. CVE-ID CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.: Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea Certificate Trust Policy Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT204132. CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may read cache data from Apple apps Description: Cache data was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the cache data with a key protected by the hardware UID and the user's passcode. CVE-ID CVE-2015-5898 : Andreas Kurtz of NESO Security Labs CFNetwork Cookies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can track a user's activity Description: A cross-domain cookie issue existed in the handling of top level domains. The issue was address through improved restrictions of cookie creation. CVE-ID CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University CFNetwork Cookies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to create unintended cookies for a website Description: WebKit would accept multiple cookies to be set in the document.cookie API. This issue was addressed through improved parsing. CVE-ID CVE-2015-3801 : Erling Ellingsen of Facebook CFNetwork FTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Malicious FTP servers may be able to cause the client to perform reconnaissance on other hosts Description: An issue existed in FTP packet handling if clients were using an FTP proxy. CVE-ID CVE-2015-5912 : Amit Klein CFNetwork HTTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted URL may be able to bypass HTTP Strict Transport Security (HSTS) and leak sensitive data Description: A URL parsing vulnerability existed in HSTS handling. This issue was addressed through improved URL parsing. CVE-ID CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University CFNetwork HTTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may be able to track users in Safari private browsing mode Description: An issue existed in the handling of HSTS state in Safari private browsing mode. This issue was addressed through improved state handling. CVE-ID CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd CFNetwork Proxies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Connecting to a malicious web proxy may set malicious cookies for a website Description: An issue existed in the handling of proxy connect responses. This issue was addressed by removing the set-cookie header while parsing the connect response. CVE-ID CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University CFNetwork SSL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: A certificate validation issue existed in NSURL when a certificate changed. This issue was addressed through improved certificate validation. CVE-ID CVE-2015-5824 : Timothy J. Wood of The Omni Group CFNetwork SSL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of RC4. An attacker could force the use of RC4, even if the server preferred better ciphers, by blocking TLS 1.0 and higher connections until CFNetwork tried SSL 3.0, which only allows RC4. This issue was addressed by removing the fallback to SSL 3.0. CoreAnimation Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: Applications could access the screen framebuffer while they were in the background. This issue was addressed with improved access control on IOSurfaces. CVE-ID CVE-2015-5880 : Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li of School of Information Systems Singapore Management University, Feng Bao and Jianying Zhou of Cryptography and Security Department Institute for Infocomm Research CoreCrypto Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to determine a private key Description: By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms. CoreText Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team Data Detectors Engine Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: Memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5829 : M1x7e1 of Safeye Team (www.safeye.org) Dev Tools Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in dyld. This was addressed through improved memory handling. CVE-ID CVE-2015-5876 : beist of grayhash dyld Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : @PanguTeam, TaiG Jailbreak Team Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in DiskImages. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5847 : Filippo Bigarella, Luca Todesco Game Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious Game Center application may be able to access a player's email address Description: An issue existed in Game Center in the handling of a player's email. This issue was addressed through improved access restrictions. CVE-ID CVE-2015-5855 : Nasser Alnasser ICU Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in ICU Description: Multiple vulnerabilities existed in ICU versions prior to 53.1.0. These issues were addressed by updating ICU to version 55.1. CVE-ID CVE-2014-8146 CVE-2015-1205 IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5834 : Cererdlong of Alibaba Mobile Security Team IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5848 : Filippo Bigarella IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5867 : moony li of Trend Micro IOKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5844 : Filippo Bigarella CVE-2015-5845 : Filippo Bigarella CVE-2015-5846 : Filippo Bigarella IOMobileFrameBuffer Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOMobileFrameBuffer. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5843 : Filippo Bigarella IOStorageFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to read kernel memory Description: A memory initialization issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5863 : Ilja van Sprundel of IOActive iTunes Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: AppleID credentials may persist in the keychain after sign out Description: An issue existed in keychain deletion. This issue was addressed through improved account cleanup. CVE-ID CVE-2015-5832 : Kasif Dekel from Check Point Software Technologies JavaScriptCore Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5791 : Apple CVE-2015-5793 : Apple CVE-2015-5814 : Apple CVE-2015-5816 : Apple CVE-2015-5822 : Mark S. Miller of Google CVE-2015-5823 : Apple Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team CVE-2015-5896 : Maxime Villard of m00nbsd CVE-2015-5903 : CESG Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may control the value of stack cookies Description: Multiple weaknesses existed in the generation of user space stack cookies. This was addressed through improved generation of stack cookies. CVE-ID CVE-2013-3951 : Stefan Esser Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local process can modify other processes without entitlement checks Description: An issue existed where root processes using the processor_set_tasks API were allowed to retrieve the task ports of other processes. This issue was addressed through added entitlement checks. CVE-ID CVE-2015-5882 : Pedro Vilaca, working from original research by Ming- chieh Pan and Sung-ting Tsai; Jonathan Levin Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to launch denial of service attacks on targeted TCP connections without knowing the correct sequence number Description: An issue existed in xnu's validation of TCP packet headers. This issues was addressed through improved TCP packet header validation. CVE-ID CVE-2015-5879 : Jonathan Looney Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a local LAN segment may disable IPv6 routing Description: An insufficient validation issue existed in handling of IPv6 router advertisements that allowed an attacker to set the hop limit to an arbitrary value. This issue was addressed by enforcing a minimum hop limit. CVE-ID CVE-2015-5869 : Dennis Spindel Ljungmark Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in XNU that led to the disclosure of kernel memory. This was addressed through improved initialization of kernel memory structures. CVE-ID CVE-2015-5842 : beist of grayhash Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to cause a system denial of service Description: An issue existed in HFS drive mounting. This was addressed by additional validation checks. CVE-ID CVE-2015-5748 : Maxime Villard of m00nbsd libc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse Corporation libpthread Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team Mail Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker can send an email that appears to come from a contact in the recipient's address book Description: An issue existed in the handling of the sender's address. This issue was addressed through improved validation. CVE-ID CVE-2015-5857 : Emre Saglam of salesforce.com Multipeer Connectivity Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to observe unprotected multipeer data Description: An issue existed in convenience initializer handling in which encryption could be actively downgraded to a non-encrypted session. This issue was addressed by changing the convenience initializer to require encryption. CVE-ID CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem NetworkExtension Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An uninitialized memory issue in the kernel led to the disclosure of kernel memory content. This issue was addressed through memory initialization. CVE-ID CVE-2015-5831 : Maxime Villard of m00nbsd OpenSSL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-0286 CVE-2015-0287 PluginKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious enterprise application can install extensions before the application has been trusted Description: An issue existed in the validation of extensions during installation. This was addressed through improved app verification. CVE-ID CVE-2015-5837 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of FireEye, Inc. removefile Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing malicious data may lead to unexpected application termination Description: An overflow fault existed in the checkint division routines. This issue was addressed with improved division routines. CVE-ID CVE-2015-5840 : an anonymous researcher Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to read Safari bookmarks on a locked iOS device without a passcode Description: Safari bookmark data was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the Safari bookmark data with a key protected by the hardware UID and the user's passcode. CVE-ID CVE-2015-5903 : Jonathan Zdziarski Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: An issue may have allowed a website to display content with a URL from a different website. This issue was addressed through improved URL handling. CVE-ID CVE-2015-5904 : Erling Ellingsen of Facebook, Lukasz Pilorz Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Navigating to a malicious website with a malformed window opener may have allowed the display of arbitrary URLs. This issue was addressed through improved handling of window openers. CVE-ID CVE-2015-5905 : Keita Haga of keitahaga.com Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Users may be tracked by malicious websites using client certificates Description: An issue existed in Safari's client certificate matching for SSL authentication. This issue was addressed through improved matching of valid client certificates. CVE-ID CVE-2015-1129 : Stefan Kraus of fluid Operations AG, Sylvain Munaut of Whatever s.a. Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Multiple user interface inconsistencies may have allowed a malicious website to display an arbitrary URL. These issues were addressed through improved URL display logic. CVE-ID CVE-2015-5764 : Antonio Sanso (@asanso) of Adobe CVE-2015-5765 : Ron Masas CVE-2015-5767 : Krystian Kloskowski via Secunia, Masato Kinugawa Safari Safe Browsing Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Navigating to the IP address of a known malicious website may not trigger a security warning Description: Safari's Safe Browsing feature did not warn users when visiting known malicious websites by their IP addresses. The issue was addressed through improved malicious site detection. Rahul M of TagsDoc Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious app may be able to intercept communication between apps Description: An issue existed that allowed a malicious app to intercept URL scheme communication between apps. This was mitigated by displaying a dialog when a URL scheme is used for the first time. CVE-ID CVE-2015-5835 : Teun van Run of FiftyTwoDegreesNorth B.V.; XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Tongxin Li of Peking University, Xiaolong Bai of Tsinghua University Siri Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen Description: When a request was made to Siri, client side restrictions were not being checked by the server. This issue was addressed through improved restriction checking. CVE-ID CVE-2015-5892 : Robert S Mozayeni, Joshua Donvito SpringBoard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device can reply to an audio message from the lock screen when message previews from the lock screen are disabled Description: A lock screen issue allowed users to reply to audio messages when message previews were disabled. This issue was addressed through improved state management. CVE-ID CVE-2015-5861 : Daniel Miedema of Meridian Apps SpringBoard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to spoof another application's dialog windows Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-ID CVE-2015-5838 : Min (Spark) Zheng, Hui Xue, Tao (Lenx) Wei, John C.S. Lui SQLite Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in SQLite v3.8.5 Description: Multiple vulnerabilities existed in SQLite v3.8.5. These issues were addressed by updating SQLite to version 3.8.10.2. CVE-ID CVE-2015-5895 tidy Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in Tidy. This issues was addressed through improved memory handling. CVE-ID CVE-2015-5522 : Fernando Munoz of NULLGroup.com CVE-2015-5523 : Fernando Munoz of NULLGroup.com WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Object references may be leaked between isolated origins on custom events, message events and pop state events Description: An object leak issue broke the isolation boundary between origins. This issue was addressed through improved isolation between origins. CVE-ID CVE-2015-5827 : Gildas WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5789 : Apple CVE-2015-5790 : Apple CVE-2015-5792 : Apple CVE-2015-5794 : Apple CVE-2015-5795 : Apple CVE-2015-5796 : Apple CVE-2015-5797 : Apple CVE-2015-5799 : Apple CVE-2015-5800 : Apple CVE-2015-5801 : Apple CVE-2015-5802 : Apple CVE-2015-5803 : Apple CVE-2015-5804 : Apple CVE-2015-5805 CVE-2015-5806 : Apple CVE-2015-5807 : Apple CVE-2015-5809 : Apple CVE-2015-5810 : Apple CVE-2015-5811 : Apple CVE-2015-5812 : Apple CVE-2015-5813 : Apple CVE-2015-5817 : Apple CVE-2015-5818 : Apple CVE-2015-5819 : Apple CVE-2015-5821 : Apple WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to unintended dialing Description: An issue existed in handling of tel://, facetime://, and facetime-audio:// URLs. This issue was addressed through improved URL handling. CVE-ID CVE-2015-5820 : Andrei Neculaesei, Guillaume Ross WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: QuickType may learn the last character of a password in a filled-in web form Description: An issue existed in WebKit's handling of password input context. This issue was addressed through improved input context handling. CVE-ID CVE-2015-5906 : Louis Romero of Google Inc. WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to redirect to a malicious domain Description: An issue existed in the handling of resource caches on sites with invalid certificates. The issue was addressed by rejecting the application cache of domains with invalid certificates. CVE-ID CVE-2015-5907 : Yaoqi Jia of National University of Singapore (NUS) WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: Safari allowed cross-origin stylesheets to be loaded with non-CSS MIME types which could be used for cross-origin data exfiltration. This issue was addressed by limiting MIME types for cross-origin stylesheets. CVE-ID CVE-2015-5826 : filedescriptor, Chris Evans WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: The Performance API may allow a malicious website to leak browsing history, network activity, and mouse movements Description: WebKit's Performance API could have allowed a malicious website to leak browsing history, network activity, and mouse movements by measuring time. This issue was addressed by limiting time resolution. CVE-ID CVE-2015-5825 : Yossi Oren et al. of Columbia University's Network Security Lab WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An issue existed with Content-Disposition headers containing type attachment. This issue was addressed by disallowing some functionality for type attachment pages. CVE-ID CVE-2015-5921 : Mickey Shkatov of the Intel(r) Advanced Threat Research Team, Daoyuan Wu of Singapore Management University, Rocky K. C. Chang of Hong Kong Polytechnic University, Lukasz Pilorz, superhei of www.knownsec.com WebKit Canvas Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose image data from another website Description: A cross-origin issue existed with "canvas" element images in WebKit. This was addressed through improved tracking of security origins. CVE-ID CVE-2015-5788 : Apple WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: WebSockets may bypass mixed content policy enforcement Description: An insufficient policy enforcement issue allowed WebSockets to load mixed content. This issue was addressed by extending mixed content policy enforcement to WebSockets. Kevin G Jones of Higher Logic Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV+avFAAoJEBcWfLTuOo7tAOsQAKVBs+YG3HuMy0mc0rnpbRtU +bjdnzwBeQE6C6Fp/SlZroyYtutnPw9QoFbUpY9Kkcer08uPap6kUAcF72fD51tG UYmIe5WvDSMWD98pKsgDGUVfGdU1h135KpSfDgoiQrZK2GAPe2xCDupD42jIPLk2 3qSyrYnVzfrCZ8uBk9j4gqoF5Ki6JSP/3Qm7hiPfhQXcMyQyIQ+2tJyQcSyGf5OM RgkmHwjIjkEb8jwwQ6h4LPMNuvqq8Kv6P4wQQeUl7RdtLJfafmFg+mV7bSmV/b28 Hk5EHQrQJ5fVl9jBFxti6aZrhrNr5yRL9yAdrpNB0rWfDN0z9emyGRrW2vli+Zv+ 0xXBZfAiNVAP53ou4gyVkLDZ+zx5lsWSADU1QWbIR2DY+WXUIN5QJ/ayFkNN9gqD WrFGHOc/l+Rq82uQi4ND0jTcYqhBG0MyooJf29orPA2tZeKvrcA4/6w12w6eJ7qA aW5J+BByErqWft42I/JT3CbnK+GBEDHnj4GAeSMHuNolPNsoH5cv0G4yKigW0zLS 81AzADTcBtKtaSD9aBAPAL6TTGUySmupF8flhHTMcpZh1MbAqo+bObMXUMvCrmST yq+5/R0gVuMN0BQ7adwI0akYApuqrNi/Mp9zT+JlU2wiSfaHm58Ugf8YAmc+sfjT rHWi1bvzskkrxRfuQ4mX =MnPh -----END PGP SIGNATURE----- . Background ========== International Components for Unicode is a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/icu < 55.1 >= 55.1 Description =========== Multiple vulnerabilities have been discovered in International Components for Unicode. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All International Components for Unicode users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/icu-55.1" References ========== [ 1 ] CVE-2014-8146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8146 [ 2 ] CVE-2014-8147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8147 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201507-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 3.15

sources: NVD: CVE-2014-8146 // CERT/CC: VU#602540 // JVNDB: JVNDB-2014-008060 // VULHUB: VHN-76091 // VULMON: CVE-2014-8146 // PACKETSTORM: 131849 // PACKETSTORM: 133618 // PACKETSTORM: 132920 // PACKETSTORM: 133803 // PACKETSTORM: 133641 // PACKETSTORM: 133616 // PACKETSTORM: 132555

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:lteversion:8.2

Trust: 1.0

vendor:applemodel:watchosscope:lteversion:1.0.1

Trust: 1.0

vendor:icumodel:international components for unicodescope:ltversion:55.1

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.10.4

Trust: 1.0

vendor:applemodel:itunesscope:lteversion:12.1.3

Trust: 1.0

vendor:debian gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:freebsdmodel: - scope: - version: -

Trust: 0.8

vendor:icumodel: - scope: - version: -

Trust: 0.8

vendor:icumodel:icuscope:ltversion:55.1

Trust: 0.8

vendor:applemodel:mac os xscope:ltversion:10.6.8 thats all 10.11

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:12.3 (windows 7 or later )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch edition)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch sport)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch)

Trust: 0.8

vendor:oraclemodel:communications applicationsscope:eqversion:of oracle communications messaging server 7.0.5

Trust: 0.8

vendor:oraclemodel:communications applicationsscope:eqversion:of oracle communications messaging server 8.0

Trust: 0.8

vendor:icumodel:international components for unicodescope:eqversion:50.1.1

Trust: 0.6

vendor:icumodel:international components for unicodescope:eqversion:49.1.2

Trust: 0.6

vendor:icumodel:international components for unicodescope:eqversion:53.1

Trust: 0.6

vendor:icumodel:international components for unicodescope:eqversion:50.1

Trust: 0.6

vendor:icumodel:international components for unicodescope:eqversion:50.1.2

Trust: 0.6

vendor:icumodel:international components for unicodescope:eqversion:49.1.1

Trust: 0.6

vendor:icumodel:international components for unicodescope:eqversion:51.1

Trust: 0.6

vendor:icumodel:international components for unicodescope:eqversion:51.2

Trust: 0.6

vendor:icumodel:international components for unicodescope:eqversion:52.1

Trust: 0.6

vendor:icumodel:international components for unicodescope:eqversion:54.1

Trust: 0.6

sources: CERT/CC: VU#602540 // JVNDB: JVNDB-2014-008060 // CNNVD: CNNVD-201505-025 // NVD: CVE-2014-8146

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8146
value: HIGH

Trust: 1.0

NVD: CVE-2014-8146
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201505-025
value: MEDIUM

Trust: 0.6

VULHUB: VHN-76091
value: HIGH

Trust: 0.1

VULMON: CVE-2014-8146
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-8146
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-76091
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-76091 // VULMON: CVE-2014-8146 // JVNDB: JVNDB-2014-008060 // CNNVD: CNNVD-201505-025 // NVD: CVE-2014-8146

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-76091 // JVNDB: JVNDB-2014-008060 // NVD: CVE-2014-8146

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-025

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201505-025

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008060

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-76091 // VULMON: CVE-2014-8146

PATCH

title:APPLE-SA-2015-09-16-1 iOS 9url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

Trust: 0.8

title:APPLE-SA-2015-09-21-1 watchOS 2url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html

Trust: 0.8

title:APPLE-SA-2015-09-16-3 iTunes 12.3url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html

Trust: 0.8

title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Trust: 0.8

title:HT205221url:https://support.apple.com/en-us/HT205221

Trust: 0.8

title:HT205212url:https://support.apple.com/en-us/HT205212

Trust: 0.8

title:HT205213url:https://support.apple.com/en-us/HT205213

Trust: 0.8

title:HT205267url:https://support.apple.com/en-us/HT205267

Trust: 0.8

title:HT205213url:https://support.apple.com/ja-jp/HT205213

Trust: 0.8

title:HT205267url:https://support.apple.com/ja-jp/HT205267

Trust: 0.8

title:HT205221url:http://support.apple.com/ja-jp/HT205221

Trust: 0.8

title:HT205212url:https://support.apple.com/ja-jp/HT205212

Trust: 0.8

title:37162url:http://bugs.icu-project.org/trac/changeset/37162

Trust: 0.8

title:Top Pageurl:http://site.icu-project.org/

Trust: 0.8

title:Oracle Critical Patch Update Advisory - October 2015url:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - October 2015 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html

Trust: 0.8

title:Oracle Solaris Third Party Bulletin - October 2015url:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Trust: 0.8

title:October 2015 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/october_2015_critical_patch_update

Trust: 0.8

title:icu4c-55_1-srcurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55870

Trust: 0.6

title:icu4c-55_1-srcurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55869

Trust: 0.6

title:Ubuntu Security Notice: icu vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2605-1

Trust: 0.1

title:Red Hat: CVE-2014-8146url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2014-8146

Trust: 0.1

title:Debian CVElist Bug Report Logs: icu: CVE-2014-8146 and CVE-2014-8147url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=737678e35d7a4195a5f52506b21f94df

Trust: 0.1

title:Debian Security Advisories: DSA-3323-1 icu -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=cee1707e2d391ce29838ceb4e6846a8a

Trust: 0.1

title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - October 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=744c19dc9f4f70ad58059bf8733ec9c1

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=92308e3c4d305e91c2eba8c9c6835e83

Trust: 0.1

title:Threatposturl:https://threatpost.com/icu-project-overflow-vulnerabilities-patched/112623/

Trust: 0.1

sources: VULMON: CVE-2014-8146 // JVNDB: JVNDB-2014-008060 // CNNVD: CNNVD-201505-025

EXTERNAL IDS

db:CERT/CCid:VU#602540

Trust: 3.4

db:NVDid:CVE-2014-8146

Trust: 3.3

db:OPENWALLid:OSS-SECURITY/2015/05/05/6

Trust: 1.8

db:BIDid:74457

Trust: 1.8

db:JVNid:JVNVU99970459

Trust: 0.8

db:JVNid:JVNVU97220341

Trust: 0.8

db:JVNid:JVNVU97322697

Trust: 0.8

db:JVNDBid:JVNDB-2014-008060

Trust: 0.8

db:CNNVDid:CNNVD-201505-025

Trust: 0.7

db:CS-HELPid:SB2022060305

Trust: 0.6

db:PACKETSTORMid:132555

Trust: 0.2

db:PACKETSTORMid:133641

Trust: 0.2

db:PACKETSTORMid:131849

Trust: 0.2

db:EXPLOIT-DBid:43887

Trust: 0.2

db:PACKETSTORMid:131763

Trust: 0.1

db:VULHUBid:VHN-76091

Trust: 0.1

db:VULMONid:CVE-2014-8146

Trust: 0.1

db:PACKETSTORMid:133618

Trust: 0.1

db:PACKETSTORMid:132920

Trust: 0.1

db:PACKETSTORMid:133803

Trust: 0.1

db:PACKETSTORMid:133616

Trust: 0.1

sources: CERT/CC: VU#602540 // VULHUB: VHN-76091 // VULMON: CVE-2014-8146 // JVNDB: JVNDB-2014-008060 // PACKETSTORM: 131849 // PACKETSTORM: 133618 // PACKETSTORM: 132920 // PACKETSTORM: 133803 // PACKETSTORM: 133641 // PACKETSTORM: 133616 // PACKETSTORM: 132555 // CNNVD: CNNVD-201505-025 // NVD: CVE-2014-8146

REFERENCES

url:https://raw.githubusercontent.com/pedrib/poc/master/generic/i-c-u-fail.txt

Trust: 2.6

url:http://www.debian.org/security/2015/dsa-3323

Trust: 2.6

url:http://www.kb.cert.org/vuls/id/602540

Trust: 2.6

url:http://www.securityfocus.com/bid/74457

Trust: 1.9

url:https://security.gentoo.org/glsa/201507-04

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00003.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00005.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html

Trust: 1.8

url:http://bugs.icu-project.org/trac/changeset/37162

Trust: 1.8

url:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Trust: 1.8

url:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Trust: 1.8

url:https://support.apple.com/ht205212

Trust: 1.8

url:https://support.apple.com/ht205213

Trust: 1.8

url:https://support.apple.com/ht205221

Trust: 1.8

url:https://support.apple.com/ht205267

Trust: 1.8

url:http://seclists.org/fulldisclosure/2015/may/14

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Trust: 1.8

url:http://openwall.com/lists/oss-security/2015/05/05/6

Trust: 1.8

url:http://site.icu-project.org/

Trust: 0.8

url:http://site.icu-project.org/download/55

Trust: 0.8

url:http://site.icu-project.org/#toc-who-uses-icu-

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/122.html

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/190.html

Trust: 0.8

url:https://svnweb.freebsd.org/ports?view=revision&revision=384614

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8146

Trust: 0.8

url:https://jvn.jp/vu/jvnvu97322697/

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97220341/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu99970459/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8146

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2014-8146

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2022060305

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2014-8147

Trust: 0.4

url:https://support.apple.com/kb/ht201222

Trust: 0.4

url:https://www.apple.com/support/security/pgp/

Trust: 0.4

url:http://gpgtools.org

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-1205

Trust: 0.3

url:https://support.apple.com/en-

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-0287

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-3951

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-8611

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-0286

Trust: 0.2

url:https://www.safeye.org)

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/2605-1/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-8146

Trust: 0.1

url:https://www.exploit-db.com/exploits/43887/

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=41307

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/icu/52.1-6ubuntu0.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/icu/52.1-8ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/icu/52.1-3ubuntu0.3

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-2605-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3733

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3741

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3736

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3687

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3730

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3688

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3190

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3686

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3748

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3749

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3738

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3744

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1152

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1157

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3746

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3742

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3731

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3734

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3740

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3743

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3747

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3735

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3737

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3745

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3739

Trust: 0.1

url:http://www.apple.com/itunes/download/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-6585

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4760

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0235

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0231

Trust: 0.1

url:http://www.apple.com/support/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8080

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-2331

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-7187

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1351

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8090

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9705

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1352

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0232

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-2301

Trust: 0.1

url:https://support.apple.com/kb/ht205265.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9427

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1855

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-2305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9425

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-7186

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3618

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0273

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-6277

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-2532

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9652

Trust: 0.1

url:https://www.tencent.com)

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5895

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5916

Trust: 0.1

url:https://support.apple.com/en-us/ht204641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5800

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5765

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5802

Trust: 0.1

url:https://www.knownsec.com

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5795

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5788

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5799

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5794

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1129

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5791

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5522

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5789

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5793

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5764

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5523

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5801

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5796

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5790

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3801

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5792

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5767

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5748

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8146

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8147

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

sources: CERT/CC: VU#602540 // VULHUB: VHN-76091 // VULMON: CVE-2014-8146 // JVNDB: JVNDB-2014-008060 // PACKETSTORM: 131849 // PACKETSTORM: 133618 // PACKETSTORM: 132920 // PACKETSTORM: 133803 // PACKETSTORM: 133641 // PACKETSTORM: 133616 // PACKETSTORM: 132555 // CNNVD: CNNVD-201505-025 // NVD: CVE-2014-8146

CREDITS

Apple

Trust: 0.4

sources: PACKETSTORM: 133618 // PACKETSTORM: 133803 // PACKETSTORM: 133641 // PACKETSTORM: 133616

SOURCES

db:CERT/CCid:VU#602540
db:VULHUBid:VHN-76091
db:VULMONid:CVE-2014-8146
db:JVNDBid:JVNDB-2014-008060
db:PACKETSTORMid:131849
db:PACKETSTORMid:133618
db:PACKETSTORMid:132920
db:PACKETSTORMid:133803
db:PACKETSTORMid:133641
db:PACKETSTORMid:133616
db:PACKETSTORMid:132555
db:CNNVDid:CNNVD-201505-025
db:NVDid:CVE-2014-8146

LAST UPDATE DATE

2024-12-25T21:07:17.260000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#602540date:2015-08-03T00:00:00
db:VULHUBid:VHN-76091date:2019-04-23T00:00:00
db:VULMONid:CVE-2014-8146date:2019-04-23T00:00:00
db:JVNDBid:JVNDB-2014-008060date:2015-11-06T00:00:00
db:CNNVDid:CNNVD-201505-025date:2022-06-06T00:00:00
db:NVDid:CVE-2014-8146date:2024-11-21T02:18:39.330

SOURCES RELEASE DATE

db:CERT/CCid:VU#602540date:2015-05-04T00:00:00
db:VULHUBid:VHN-76091date:2015-05-25T00:00:00
db:VULMONid:CVE-2014-8146date:2015-05-25T00:00:00
db:JVNDBid:JVNDB-2014-008060date:2015-05-27T00:00:00
db:PACKETSTORMid:131849date:2015-05-11T21:24:54
db:PACKETSTORMid:133618date:2015-09-19T15:35:19
db:PACKETSTORMid:132920date:2015-08-04T01:08:27
db:PACKETSTORMid:133803date:2015-10-01T16:33:47
db:PACKETSTORMid:133641date:2015-09-22T13:33:33
db:PACKETSTORMid:133616date:2015-09-19T15:18:18
db:PACKETSTORMid:132555date:2015-07-07T15:33:41
db:CNNVDid:CNNVD-201505-025date:2015-05-06T00:00:00
db:NVDid:CVE-2014-8146date:2015-05-25T22:59:00.067