ID

VAR-201511-0037


CVE

CVE-2015-7942


TITLE

libxml2 of parser.c Inside xmlParseConditionalSections Service disruption in functions (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-005979

DESCRIPTION

The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. Libxml2 is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application; denying service to legitimate users. Due to the nature of this issue, code-execution may be possible but this has not been confirmed. Libxml2 2.9.2 and prior are vulnerable. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-03-21-3 tvOS 9.2 tvOS 9.2 is now available and addresses the following: FontParser Available for: Apple TV (4th generation) Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI) HTTPProtocol Available for: Apple TV (4th generation) Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659 IOHIDFamily Available for: Apple TV (4th generation) Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) Kernel Available for: Apple TV (4th generation) Impact: An application may be able to bypass code signing Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed through improved permission validation. CVE-ID CVE-2016-1751 : Eric Monti of Square Mobile Security Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero Kernel Available for: Apple TV (4th generation) Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG libxml2 Available for: Apple TV (4th generation) Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1762 Security Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab TrueTypeScaler Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI) WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1783 : Mihai Parparita of Google WebKit History Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A resource exhaustion issue was addressed through improved input validation. CVE-ID CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of 无声信息技术PKAV Team (PKAV.net) Wi-Fi Available for: Apple TV (4th generation) Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software.". To check the current version of software, select "Settings -> General -> About". Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for Red Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942, CVE-2015-8035, CVE-2015-8710, CVE-2015-7941, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317) * A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346) * A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351) * It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714) * A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763) * A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. (CVE-2015-0209) * It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345) * It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/): JWS-271 - User submitted session ID JWS-272 - User submitted session ID JWS-276 - Welcome File processing refactoring - CVE-2015-5345 low JWS-277 - Welcome File processing refactoring - CVE-2015-5345 low JWS-303 - Avoid useless session creation for manager webapps - CVE-2015-5351 moderate JWS-304 - Restrict another manager servlet - CVE-2016-0706 low JWS-349 - Session serialization safety - CVE-2016-0714 moderate JWS-350 - Protect ResourceLinkFactory.setGlobalContext() - CVE-2016-0763 moderate 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04944172 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04944172 Version: 1 HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager running libXML2, Remote or Local Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. References: - CVE-2015-5312 - CVE-2015-7497 - CVE-2015-7498 - CVE-2015-7499 - CVE-2015-7500 - CVE-2015-7941 - CVE-2015-7942 - CVE-2015-8241 - CVE-2015-8242 - CVE-2015-8317 - PSRT110015 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - IceWall File Manager 3.0 - IceWall Federation Agent 3.0 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2015-5312 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2015-7497 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-7498 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-7499 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-7500 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-7941 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-7942 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-8241 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2015-8242 (AV:N/AC:M/Au:N/C:P/I:N/A:P) 5.8 CVE-2015-8317 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HPE recommends applying the latest OS vendor security patches for libXML2 to resolve the vulnerabilities in the libXML2 library. Please note that the HP IceWall product is only available in Japan. HISTORY Version:1 (rev.1) - 22 January 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libxml2: Multiple vulnerabilities Date: January 16, 2017 Bugs: #564776, #566374, #572878, #573820, #577998, #582538, #582540, #583888, #589816, #597112, #597114, #597116 ID: 201701-37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in libxml2, the worst of which could lead to the execution of arbitrary code. Background ========== libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxml2 < 2.9.4-r1 >= 2.9.4-r1 Description =========== Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.4-r1" References ========== [ 1 ] CVE-2015-1819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819 [ 2 ] CVE-2015-5312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5312 [ 3 ] CVE-2015-7497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7497 [ 4 ] CVE-2015-7498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7498 [ 5 ] CVE-2015-7499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7499 [ 6 ] CVE-2015-7500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7500 [ 7 ] CVE-2015-7941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7941 [ 8 ] CVE-2015-7942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7942 [ 9 ] CVE-2015-8035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8035 [ 10 ] CVE-2015-8242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8242 [ 11 ] CVE-2015-8806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8806 [ 12 ] CVE-2016-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1836 [ 13 ] CVE-2016-1838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1838 [ 14 ] CVE-2016-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1839 [ 15 ] CVE-2016-1840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1840 [ 16 ] CVE-2016-2073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2073 [ 17 ] CVE-2016-3627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3627 [ 18 ] CVE-2016-3705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3705 [ 19 ] CVE-2016-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4483 [ 20 ] CVE-2016-4658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4658 [ 21 ] CVE-2016-5131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-37 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . For the oldstable distribution (wheezy), these problems have been fixed in version 2.8.0+dfsg1-7+wheezy5. For the stable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-5+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 2.9.3+dfsg1-1 or earlier versions. For the unstable distribution (sid), these problems have been fixed in version 2.9.3+dfsg1-1 or earlier versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2015:2550-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2550.html Issue date: 2015-12-07 CVE Names: CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 ===================================================================== 1. Summary: Updated libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application. (CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957, BZ#1281955) Red Hat would like to thank the GNOME project for reporting CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242, and CVE-2015-8317. Upstream acknowledges Kostya Serebryany of Google as the original reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and CVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and CVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317. The CVE-2015-1819 issue was discovered by Florian Weimer of Red Hat Product Security. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1211278 - CVE-2015-1819 libxml2: denial of service processing a crafted XML document 1213957 - libxml2: out-of-bounds memory access when parsing an unclosed HTML comment 1274222 - CVE-2015-7941 libxml2: Out-of-bounds memory access 1276297 - CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() 1276693 - CVE-2015-5312 libxml2: CPU exhaustion when processing specially crafted XML input 1281862 - CVE-2015-7497 libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey 1281879 - CVE-2015-7498 libxml2: Heap-based buffer overflow in xmlParseXmlDecl 1281925 - CVE-2015-7499 libxml2: Heap-based buffer overflow in xmlGROW 1281930 - CVE-2015-8317 libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration 1281936 - CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar 1281943 - CVE-2015-7500 libxml2: Heap buffer overflow in xmlParseMisc 1281950 - CVE-2015-8242 libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode 1281955 - libxml2: Multiple out-of-bounds reads in xmlDictComputeFastKey.isra.2 and xmlDictAddString.isra.O 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libxml2-2.9.1-6.el7_2.2.src.rpm x86_64: libxml2-2.9.1-6.el7_2.2.i686.rpm libxml2-2.9.1-6.el7_2.2.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-python-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.2.i686.rpm libxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm libxml2-static-2.9.1-6.el7_2.2.i686.rpm libxml2-static-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libxml2-2.9.1-6.el7_2.2.src.rpm x86_64: libxml2-2.9.1-6.el7_2.2.i686.rpm libxml2-2.9.1-6.el7_2.2.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-python-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.2.i686.rpm libxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm libxml2-static-2.9.1-6.el7_2.2.i686.rpm libxml2-static-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libxml2-2.9.1-6.el7_2.2.src.rpm aarch64: libxml2-2.9.1-6.el7_2.2.aarch64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.aarch64.rpm libxml2-devel-2.9.1-6.el7_2.2.aarch64.rpm libxml2-python-2.9.1-6.el7_2.2.aarch64.rpm ppc64: libxml2-2.9.1-6.el7_2.2.ppc.rpm libxml2-2.9.1-6.el7_2.2.ppc64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.ppc64.rpm libxml2-devel-2.9.1-6.el7_2.2.ppc.rpm libxml2-devel-2.9.1-6.el7_2.2.ppc64.rpm libxml2-python-2.9.1-6.el7_2.2.ppc64.rpm ppc64le: libxml2-2.9.1-6.el7_2.2.ppc64le.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.ppc64le.rpm libxml2-devel-2.9.1-6.el7_2.2.ppc64le.rpm libxml2-python-2.9.1-6.el7_2.2.ppc64le.rpm s390x: libxml2-2.9.1-6.el7_2.2.s390.rpm libxml2-2.9.1-6.el7_2.2.s390x.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.s390x.rpm libxml2-devel-2.9.1-6.el7_2.2.s390.rpm libxml2-devel-2.9.1-6.el7_2.2.s390x.rpm libxml2-python-2.9.1-6.el7_2.2.s390x.rpm x86_64: libxml2-2.9.1-6.el7_2.2.i686.rpm libxml2-2.9.1-6.el7_2.2.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.2.i686.rpm libxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm libxml2-python-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: libxml2-debuginfo-2.9.1-6.el7_2.2.aarch64.rpm libxml2-static-2.9.1-6.el7_2.2.aarch64.rpm ppc64: libxml2-debuginfo-2.9.1-6.el7_2.2.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.ppc64.rpm libxml2-static-2.9.1-6.el7_2.2.ppc.rpm libxml2-static-2.9.1-6.el7_2.2.ppc64.rpm ppc64le: libxml2-debuginfo-2.9.1-6.el7_2.2.ppc64le.rpm libxml2-static-2.9.1-6.el7_2.2.ppc64le.rpm s390x: libxml2-debuginfo-2.9.1-6.el7_2.2.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.s390x.rpm libxml2-static-2.9.1-6.el7_2.2.s390.rpm libxml2-static-2.9.1-6.el7_2.2.s390x.rpm x86_64: libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-static-2.9.1-6.el7_2.2.i686.rpm libxml2-static-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libxml2-2.9.1-6.el7_2.2.src.rpm x86_64: libxml2-2.9.1-6.el7_2.2.i686.rpm libxml2-2.9.1-6.el7_2.2.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.2.i686.rpm libxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm libxml2-python-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-static-2.9.1-6.el7_2.2.i686.rpm libxml2-static-2.9.1-6.el7_2.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1819 https://access.redhat.com/security/cve/CVE-2015-5312 https://access.redhat.com/security/cve/CVE-2015-7497 https://access.redhat.com/security/cve/CVE-2015-7498 https://access.redhat.com/security/cve/CVE-2015-7499 https://access.redhat.com/security/cve/CVE-2015-7500 https://access.redhat.com/security/cve/CVE-2015-7941 https://access.redhat.com/security/cve/CVE-2015-7942 https://access.redhat.com/security/cve/CVE-2015-8241 https://access.redhat.com/security/cve/CVE-2015-8242 https://access.redhat.com/security/cve/CVE-2015-8317 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWZZK6XlSAg2UNWIIRAlx5AKCfIxP9TLM+V/vmQq6MVeUpjiGltgCgnOgZ IOmptwborGrgz5fLqra3STg= =bVgd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.61

sources: NVD: CVE-2015-7942 // JVNDB: JVNDB-2015-005979 // BID: 79507 // VULHUB: VHN-85903 // VULMON: CVE-2015-7942 // PACKETSTORM: 136344 // PACKETSTORM: 137101 // PACKETSTORM: 135395 // PACKETSTORM: 140533 // PACKETSTORM: 135045 // PACKETSTORM: 134655

AFFECTED PRODUCTS

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.10

Trust: 1.6

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.04

Trust: 1.6

vendor:hpmodel:icewall file managerscope:eqversion:3.0

Trust: 1.3

vendor:hpmodel:icewall federation agentscope:eqversion:3.0

Trust: 1.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.9.2

Trust: 1.3

vendor:applemodel:watchosscope:lteversion:2.1

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.11.3

Trust: 1.0

vendor:applemodel:tvosscope:lteversion:9.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:9.2.1

Trust: 1.0

vendor:canonicalmodel:ubuntuscope:eqversion:12.04 lts

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:14.04 lts

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:15.04

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:15.10

Trust: 0.8

vendor:xmlsoftmodel:libxml2scope: - version: -

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11 to 10.11.3

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.3 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.3 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.3 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:9.2 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.2 (apple watch edition)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.2 (apple watch hermes)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.2 (apple watch sport)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.2 (apple watch)

Trust: 0.8

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.10

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.7.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.6

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.211

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.6

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.50

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.13

Trust: 0.3

vendor:ibmmodel:connections docsscope:eqversion:1.0.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.6

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.32

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.0.410

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.7.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.24

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.14

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.219

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.1.0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0.1

Trust: 0.3

vendor:ibmmodel:powerkvm sp3scope:eqversion:2.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.2.0.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.2

Trust: 0.3

vendor:ibmmodel:powerkvm buildscope:neversion:2.1.165.6

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.7.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.25

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.22

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.4.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.30

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.12

Trust: 0.3

vendor:applemodel:iosscope:neversion:9.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:powerkvm buildscope:eqversion:2.1.157

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.18

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.44

Trust: 0.3

vendor:ibmmodel:connections docsscope:eqversion:1.0.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.1

Trust: 0.3

vendor:applemodel:watchosscope:neversion:2.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.28

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.9

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.2

Trust: 0.3

vendor:ibmmodel:sametime media serverscope:eqversion:9.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.14

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.24

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.14

Trust: 0.3

vendor:ibmmodel:connections docs ifixscope:neversion:1.0.6003

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.42

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.11

Trust: 0.3

vendor:ibmmodel:connections docs ifixscope:neversion:2.0002

Trust: 0.3

vendor:ibmmodel:rational systems testerscope:eqversion:3.3.0.3

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:watchscope:eqversion:0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.8

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.16

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.13

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.29

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.7

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.08

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.16

Trust: 0.3

vendor:ibmmodel:rational systems testerscope:eqversion:3.3.0.4

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.10

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.14

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.21

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.7

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.25

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.08

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.1

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:8.1.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.4

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.3

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.213

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.3

Trust: 0.3

vendor:ibmmodel:rational systems tester interim fixscope:neversion:3.3.0.7

Trust: 0.3

vendor:ibmmodel:cognos business intelligencescope:eqversion:10.2.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.2.0.413

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fixpacscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.28

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.5

Trust: 0.3

vendor:ibmmodel:powerkvm buildscope:eqversion:3.12

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.8

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.32

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.26

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.4.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.34

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.10

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.26

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.18

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.1.0.412

Trust: 0.3

vendor:ibmmodel:cognos business intelligencescope:eqversion:10.2.1.1

Trust: 0.3

vendor:applemodel:tvosscope:neversion:9.2

Trust: 0.3

vendor:applemodel:ios for developerscope:eqversion:6

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.17

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.0.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.21

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.22

Trust: 0.3

vendor:ibmmodel:connections docsscope:eqversion:1.0.4

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.31

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.218

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.20

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.10

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.0.411

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.13

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.9

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.11.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.3.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.20

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.21

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.214

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.14

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:neversion:2.9.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.5

Trust: 0.3

vendor:ibmmodel:smartcloud entry fpscope:eqversion:3.19

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.9

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.1.0.4

Trust: 0.3

vendor:ibmmodel:rational systems testerscope:eqversion:3.3.0.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.3

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.10

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fixpacscope:eqversion:3.2

Trust: 0.3

vendor:ibmmodel:rational systems testerscope:eqversion:3.3.0.7

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.5

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:64

Trust: 0.3

vendor:ibmmodel:cognos business intelligencescope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.113

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.7

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.4

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.11

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.110

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.10

Trust: 0.3

vendor:ibmmodel:connections docs ifixscope:neversion:1.0.7006

Trust: 0.3

vendor:ibmmodel:smartcloud entry fpscope:eqversion:3.110

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.30

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.23

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.21

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.3

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:applemodel:tvscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:ibmmodel:connections docsscope:eqversion:2.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.29

Trust: 0.3

vendor:ibmmodel:cognos business intelligencescope:eqversion:10.2.1

Trust: 0.3

vendor:applemodel:mac os security updatescope:neversion:x2016-0020

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.22

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:7.2.0.6

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.11

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.8

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.12

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.31

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.4

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.27

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.1.0.415

Trust: 0.3

vendor:ibmmodel:cognos business intelligencescope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:ibmmodel:cognos business intelligencescope:eqversion:10.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.11

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.4.0.4

Trust: 0.3

vendor:ibmmodel:cognos business intelligencescope:eqversion:10.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.27

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.09

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.6

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.2.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.3

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.19

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.24

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.5

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.4.01

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.13

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.09

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.15

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.9.1

Trust: 0.3

vendor:ibmmodel:connections docs ifixscope:neversion:1.0.5002

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.8

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:connections docsscope:eqversion:1.0.5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.23

Trust: 0.3

vendor:ibmmodel:rational systems testerscope:eqversion:3.3.0.5

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.8

Trust: 0.3

vendor:ibmmodel:powerkvm buildscope:eqversion:2.1.165.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.5

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.11

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.16

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.20

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.010

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3

Trust: 0.3

vendor:ibmmodel:powerkvm buildscope:eqversion:2.1.165.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.12

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.2

Trust: 0.3

vendor:ibmmodel:connections docsscope:eqversion:1.0.6

Trust: 0.3

vendor:ibmmodel:connections docsscope:eqversion:1.0.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:ibmmodel:rational systems tester interim fixscope:eqversion:3.3.0.7

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.15

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:ibmmodel:powerkvm buildscope:eqversion:2.1.165.5

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.13

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.5

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.12

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.5

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.2.0.415

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.7.4

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.17

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.11

Trust: 0.3

vendor:ibmmodel:sametime media serverscope:neversion:9.0.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.0

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.3.0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.2

Trust: 0.3

vendor:ibmmodel:connections docsscope:eqversion:1.0.5

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.7

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.7

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.4

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.11

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:7

Trust: 0.3

vendor:ibmmodel:rational systems testerscope:eqversion:3.3.0.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.3.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.1.1

Trust: 0.3

vendor:ibmmodel:powerkvm buildscope:neversion:3.13

Trust: 0.3

vendor:ibmmodel:powerkvm buildscope:eqversion:2.1.158

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.4

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.1

Trust: 0.3

sources: BID: 79507 // JVNDB: JVNDB-2015-005979 // CNNVD: CNNVD-201511-296 // NVD: CVE-2015-7942

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7942
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7942
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201511-296
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85903
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-7942
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7942
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-85903
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-85903 // VULMON: CVE-2015-7942 // JVNDB: JVNDB-2015-005979 // CNNVD: CNNVD-201511-296 // NVD: CVE-2015-7942

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-85903 // JVNDB: JVNDB-2015-005979 // NVD: CVE-2015-7942

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 135045 // PACKETSTORM: 134655 // CNNVD: CNNVD-201511-296

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201511-296

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005979

PATCH

title:APPLE-SA-2016-03-21-1 iOS 9.3url:http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

Trust: 0.8

title:APPLE-SA-2016-03-21-2 watchOS 2.2url:http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

Trust: 0.8

title:APPLE-SA-2016-03-21-3 tvOS 9.2url:http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

Trust: 0.8

title:APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002url:http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

Trust: 0.8

title:HT206167url:https://support.apple.com/en-us/HT206167

Trust: 0.8

title:HT206168url:https://support.apple.com/en-us/HT206168

Trust: 0.8

title:HT206169url:https://support.apple.com/en-us/HT206169

Trust: 0.8

title:HT206166url:https://support.apple.com/en-us/HT206166

Trust: 0.8

title:HT206166url:https://support.apple.com/ja-jp/HT206166

Trust: 0.8

title:HT206167url:https://support.apple.com/ja-jp/HT206167

Trust: 0.8

title:HT206168url:https://support.apple.com/ja-jp/HT206168

Trust: 0.8

title:HT206169url:https://support.apple.com/ja-jp/HT206169

Trust: 0.8

title:Bug 744980url:https://bugzilla.gnome.org/show_bug.cgi?id=744980

Trust: 0.8

title:Bug 756456url:https://bugzilla.gnome.org/show_bug.cgi?id=756456

Trust: 0.8

title:Another variation of overflow in Conditional sectionsurl:https://git.gnome.org/browse/libxml2/commit/?id=bd0526e66a56e75a18da8c15c4750db8f801c52d

Trust: 0.8

title:RHSA-2015:2550url:https://rhn.redhat.com/errata/RHSA-2015-2550.html

Trust: 0.8

title:RHSA-2015:2549url:https://rhn.redhat.com/errata/RHSA-2015-2549.html

Trust: 0.8

title:TLSA-2016-3url:http://www.turbolinux.co.jp/security/2016/TLSA-2016-3j.html

Trust: 0.8

title:USN-2812-1url:http://www.ubuntu.com/usn/USN-2812-1/

Trust: 0.8

title:Top Pageurl:http://xmlsoft.org/index.html

Trust: 0.8

title:v2.9.3: Nov 20 2015url:http://xmlsoft.org/news.html

Trust: 0.8

title:Libxml2 Remediation measures for denial of service vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=58780

Trust: 0.6

title:Red Hat: Moderate: libxml2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152549 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: libxml2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152550 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: libxml2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2812-1

Trust: 0.1

title:Red Hat: CVE-2015-7942url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-7942

Trust: 0.1

title:Apple: tvOS 9.2url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=ce338ecd7a3c82e55bcf20e44e532eea

Trust: 0.1

title:Debian CVElist Bug Report Logs: CVE-2015-8035: DoS with XZ compression support loopurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a019ec3e62995ba6fccfa99991a69e8e

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2015-8241: Buffer overread with XML parser in xmlNextCharurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=922e5d3f7941ba5ce004a1df5d62804d

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2015-7942: heap-buffer-overflow in xmlParseConditionalSectionsurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=b43558695a2829b2e8d380a917f49836

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2015-1819: denial of service processing a crafted XML documenturl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=d4df89c444b497f8334824cafc13f268

Trust: 0.1

title:Apple: watchOS 2.2url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0cbe3084baf2e465ecd2cc68ad686a9a

Trust: 0.1

title:Debian Security Advisories: DSA-3430-1 libxml2 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=b5464377ed0e849a889195e29c21e27c

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: out-of-bounds readurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=7cf75e4a67dc759cf112b117265731c9

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: parsing an unclosed comment can result in `Conditional jump or move depends on uninitialised value(s)` and unsafe memory accessurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=2e6915a419592c0eb35235af4b02c926

Trust: 0.1

title:Apple: iOS 9.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=3ae8bd7fcbbf51e9c7fe356687ecd0cf

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-628url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-628

Trust: 0.1

title:Apple: OS X El Capitan v10.11.4 and Security Update 2016-002url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=ef054ba76412200e34091eb91c38c281

Trust: 0.1

title:Amazon Linux 2: ALAS2-2019-1220url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1220

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=435ed9abc2fb1e74ce2a69605a01e326

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eb439566c9130adc92d21bc093204cf8

Trust: 0.1

sources: VULMON: CVE-2015-7942 // JVNDB: JVNDB-2015-005979 // CNNVD: CNNVD-201511-296

EXTERNAL IDS

db:NVDid:CVE-2015-7942

Trust: 3.5

db:BIDid:79507

Trust: 2.1

db:OPENWALLid:OSS-SECURITY/2015/10/22/8

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2015/10/22/5

Trust: 1.8

db:SECTRACKid:1034243

Trust: 1.8

db:JVNid:JVNVU97668313

Trust: 0.8

db:JVNDBid:JVNDB-2015-005979

Trust: 0.8

db:CNNVDid:CNNVD-201511-296

Trust: 0.7

db:AUSCERTid:ESB-2023.3732

Trust: 0.6

db:VULHUBid:VHN-85903

Trust: 0.1

db:VULMONid:CVE-2015-7942

Trust: 0.1

db:PACKETSTORMid:136344

Trust: 0.1

db:PACKETSTORMid:137101

Trust: 0.1

db:PACKETSTORMid:135395

Trust: 0.1

db:PACKETSTORMid:140533

Trust: 0.1

db:PACKETSTORMid:135045

Trust: 0.1

db:PACKETSTORMid:134655

Trust: 0.1

sources: VULHUB: VHN-85903 // VULMON: CVE-2015-7942 // BID: 79507 // JVNDB: JVNDB-2015-005979 // PACKETSTORM: 136344 // PACKETSTORM: 137101 // PACKETSTORM: 135395 // PACKETSTORM: 140533 // PACKETSTORM: 135045 // PACKETSTORM: 134655 // CNNVD: CNNVD-201511-296 // NVD: CVE-2015-7942

REFERENCES

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Trust: 2.1

url:https://bugzilla.gnome.org/show_bug.cgi?id=756456

Trust: 2.1

url:http://www.securityfocus.com/bid/79507

Trust: 1.9

url:https://security.gentoo.org/glsa/201701-37

Trust: 1.9

url:http://rhn.redhat.com/errata/rhsa-2015-2550.html

Trust: 1.9

url:http://rhn.redhat.com/errata/rhsa-2016-1089.html

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html

Trust: 1.8

url:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Trust: 1.8

url:http://xmlsoft.org/news.html

Trust: 1.8

url:https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8

Trust: 1.8

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04944172

Trust: 1.8

url:https://support.apple.com/ht206166

Trust: 1.8

url:https://support.apple.com/ht206167

Trust: 1.8

url:https://support.apple.com/ht206168

Trust: 1.8

url:https://support.apple.com/ht206169

Trust: 1.8

url:http://www.debian.org/security/2015/dsa-3430

Trust: 1.8

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177341.html

Trust: 1.8

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177381.html

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2015/10/22/5

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2015/10/22/8

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2015-2549.html

Trust: 1.8

url:http://www.securitytracker.com/id/1034243

Trust: 1.8

url:http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

Trust: 1.8

url:http://www.ubuntu.com/usn/usn-2812-1

Trust: 1.8

url:http://marc.info/?l=bugtraq&m=145382616617563&w=2

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7942

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97668313/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7942

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-7499

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-5312

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-7942

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-7500

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3732

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-8242

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-7498

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-7941

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-7497

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-8035

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-1819

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-8241

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-8317

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2015-7942

Trust: 0.3

url:http://seclists.org/oss-sec/2015/q4/127

Trust: 0.3

url:http://www.pcre.org/

Trust: 0.3

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04944172

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1023350

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1023873

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1023983

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21972720

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21975225

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21975975

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21979767

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21982607

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21985337

Trust: 0.3

url:http://aix.software.ibm.com/aix/efixes/security/libxml2_advisory2.asc

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2015-7941

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-8241

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-5312

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-7500

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-7499

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-7497

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-8242

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-8317

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-7498

Trust: 0.2

url:http://marc.info/?l=bugtraq&amp;m=145382616617563&amp;w=2

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2015:2549

Trust: 0.1

url:https://usn.ubuntu.com/2812-1/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1751

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1755

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8659

Trust: 0.1

url:https://gpgtools.org

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1753

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1750

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0801

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1784

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://support.apple.com/kb/ht1222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1740

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1752

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1950

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1762

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1775

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1754

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1783

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0802

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1748

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0763

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3/html-single/3.0.3_release_notes/index.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0706

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5345

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0714

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0209

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0714

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-0209

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8710

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0706

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=webserver&version=3.0.3

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-8035

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-8710

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-5346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-5351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-5345

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0763

Trust: 0.1

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n

Trust: 0.1

url:http://www.hpe.com/support/security_bulletin_archive

Trust: 0.1

url:http://www.hpe.com/support/subscriber_choice

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5131

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3705

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1840

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4483

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3705

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1836

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1838

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3627

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4483

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7942

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1839

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2073

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7499

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1836

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1839

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8806

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2073

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8806

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3627

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8035

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-5131

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5312

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7498

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7500

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1838

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7941

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1819

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4658

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8242

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4658

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1840

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7497

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-1819

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

sources: VULHUB: VHN-85903 // VULMON: CVE-2015-7942 // BID: 79507 // JVNDB: JVNDB-2015-005979 // PACKETSTORM: 136344 // PACKETSTORM: 137101 // PACKETSTORM: 135395 // PACKETSTORM: 140533 // PACKETSTORM: 135045 // PACKETSTORM: 134655 // CNNVD: CNNVD-201511-296 // NVD: CVE-2015-7942

CREDITS

Kostya Serebryany

Trust: 0.3

sources: BID: 79507

SOURCES

db:VULHUBid:VHN-85903
db:VULMONid:CVE-2015-7942
db:BIDid:79507
db:JVNDBid:JVNDB-2015-005979
db:PACKETSTORMid:136344
db:PACKETSTORMid:137101
db:PACKETSTORMid:135395
db:PACKETSTORMid:140533
db:PACKETSTORMid:135045
db:PACKETSTORMid:134655
db:CNNVDid:CNNVD-201511-296
db:NVDid:CVE-2015-7942

LAST UPDATE DATE

2024-11-23T20:16:34.584000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-85903date:2019-03-08T00:00:00
db:VULMONid:CVE-2015-7942date:2019-03-08T00:00:00
db:BIDid:79507date:2016-07-22T20:00:00
db:JVNDBid:JVNDB-2015-005979date:2016-03-29T00:00:00
db:CNNVDid:CNNVD-201511-296date:2023-06-30T00:00:00
db:NVDid:CVE-2015-7942date:2024-11-21T02:37:42.540

SOURCES RELEASE DATE

db:VULHUBid:VHN-85903date:2015-11-18T00:00:00
db:VULMONid:CVE-2015-7942date:2015-11-18T00:00:00
db:BIDid:79507date:2015-10-22T00:00:00
db:JVNDBid:JVNDB-2015-005979date:2015-11-20T00:00:00
db:PACKETSTORMid:136344date:2016-03-22T15:12:44
db:PACKETSTORMid:137101date:2016-05-17T23:47:44
db:PACKETSTORMid:135395date:2016-01-26T17:27:00
db:PACKETSTORMid:140533date:2017-01-17T02:26:10
db:PACKETSTORMid:135045date:2015-12-24T17:31:30
db:PACKETSTORMid:134655date:2015-12-07T16:37:21
db:CNNVDid:CNNVD-201511-296date:2015-11-19T00:00:00
db:NVDid:CVE-2015-7942date:2015-11-18T16:59:06.540