ID

VAR-201511-0087


CVE

CVE-2015-8035


TITLE

libxml2 of xzlib.c Inside xz_decomp Service disruption in functions (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-005980

DESCRIPTION

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. Libxml2 is prone to a denial-of-service vulnerability. Successful exploit will result in a denial-of-service condition. Libxml2 2.9.1 and prior versions are vulnerable. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. The vulnerability is caused by the program not properly checking for compression errors. Summary: Red Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise Linux 6 and 7, Solaris, and Microsoft Windows from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for Red Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References. Security Fix(es): * Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942, CVE-2015-8035, CVE-2015-8710, CVE-2015-7941, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317) * A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346) * A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351) * It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714) * A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763) * A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported. (CVE-2015-0209) * It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345) * It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706) Red Hat would like to thank the GNOME project for reporting CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242, and CVE-2015-8317. Upstream acknowledges Kostya Serebryany as the original reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and CVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and CVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). After installing the updated packages, the httpd daemon will be restarted automatically. 4. Bugs fixed (https://bugzilla.redhat.com/): 1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import 1213957 - CVE-2015-8710 libxml2: out-of-bounds memory access when parsing an unclosed HTML comment 1274222 - CVE-2015-7941 libxml2: Out-of-bounds memory access 1276297 - CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() 1276693 - CVE-2015-5312 libxml2: CPU exhaustion when processing specially crafted XML input 1277146 - CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled 1281862 - CVE-2015-7497 libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey 1281879 - CVE-2015-7498 libxml2: Heap-based buffer overflow in xmlParseXmlDecl 1281925 - CVE-2015-7499 libxml2: Heap-based buffer overflow in xmlGROW 1281930 - CVE-2015-8317 libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration 1281936 - CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar 1281943 - CVE-2015-7500 libxml2: Heap buffer overflow in xmlParseMisc 1281950 - CVE-2015-8242 libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode 1311076 - CVE-2015-5351 tomcat: CSRF token leak 1311082 - CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms 1311085 - CVE-2015-5346 tomcat: Session fixation 1311087 - CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet 1311089 - CVE-2015-5345 tomcat: directory disclosure 1311093 - CVE-2016-0763 tomcat: security manager bypass via setGlobalContext() 5. JIRA issues fixed (https://issues.jboss.org/): JWS-271 - User submitted session ID JWS-272 - User submitted session ID JWS-276 - Welcome File processing refactoring - CVE-2015-5345 low JWS-277 - Welcome File processing refactoring - CVE-2015-5345 low JWS-303 - Avoid useless session creation for manager webapps - CVE-2015-5351 moderate JWS-304 - Restrict another manager servlet - CVE-2016-0706 low JWS-349 - Session serialization safety - CVE-2016-0714 moderate JWS-350 - Protect ResourceLinkFactory.setGlobalContext() - CVE-2016-0763 moderate 6. References: https://access.redhat.com/security/cve/CVE-2015-0209 https://access.redhat.com/security/cve/CVE-2015-5312 https://access.redhat.com/security/cve/CVE-2015-5345 https://access.redhat.com/security/cve/CVE-2015-5346 https://access.redhat.com/security/cve/CVE-2015-5351 https://access.redhat.com/security/cve/CVE-2015-7497 https://access.redhat.com/security/cve/CVE-2015-7498 https://access.redhat.com/security/cve/CVE-2015-7499 https://access.redhat.com/security/cve/CVE-2015-7500 https://access.redhat.com/security/cve/CVE-2015-7941 https://access.redhat.com/security/cve/CVE-2015-7942 https://access.redhat.com/security/cve/CVE-2015-8035 https://access.redhat.com/security/cve/CVE-2015-8241 https://access.redhat.com/security/cve/CVE-2015-8242 https://access.redhat.com/security/cve/CVE-2015-8317 https://access.redhat.com/security/cve/CVE-2015-8710 https://access.redhat.com/security/cve/CVE-2016-0706 https://access.redhat.com/security/cve/CVE-2016-0714 https://access.redhat.com/security/cve/CVE-2016-0763 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.0.3_Release_Notes/index.html https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=webserver&version=3.0.3 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXO0eWXlSAg2UNWIIRAjqoAJ9kJfUdG/dzrjc6CPe+Ah1NIaqvsACfZE1q 9d1Ta2CX5a+zVXOqLprEvM0= =ByHT -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libxml2: Multiple vulnerabilities Date: January 16, 2017 Bugs: #564776, #566374, #572878, #573820, #577998, #582538, #582540, #583888, #589816, #597112, #597114, #597116 ID: 201701-37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in libxml2, the worst of which could lead to the execution of arbitrary code. Background ========== libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxml2 < 2.9.4-r1 >= 2.9.4-r1 Description =========== Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.4-r1" References ========== [ 1 ] CVE-2015-1819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819 [ 2 ] CVE-2015-5312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5312 [ 3 ] CVE-2015-7497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7497 [ 4 ] CVE-2015-7498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7498 [ 5 ] CVE-2015-7499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7499 [ 6 ] CVE-2015-7500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7500 [ 7 ] CVE-2015-7941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7941 [ 8 ] CVE-2015-7942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7942 [ 9 ] CVE-2015-8035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8035 [ 10 ] CVE-2015-8242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8242 [ 11 ] CVE-2015-8806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8806 [ 12 ] CVE-2016-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1836 [ 13 ] CVE-2016-1838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1838 [ 14 ] CVE-2016-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1839 [ 15 ] CVE-2016-1840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1840 [ 16 ] CVE-2016-2073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2073 [ 17 ] CVE-2016-3627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3627 [ 18 ] CVE-2016-3705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3705 [ 19 ] CVE-2016-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4483 [ 20 ] CVE-2016-4658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4658 [ 21 ] CVE-2016-5131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-37 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . 7) - x86_64 3. Security Fix(es): * libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131) * libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412) * libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035) * libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404) * libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258) * libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The desktop must be restarted (log out, then log back in) for this update to take effect. Bugs fixed (https://bugzilla.redhat.com/): 1277146 - CVE-2015-8035 libxml2: DoS caused by incorrect error detection during XZ decompression 1358641 - CVE-2016-5131 libxml2: Use after free triggered by XPointer paths beginning with range-to 1523128 - CVE-2017-15412 libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c 1566749 - CVE-2017-18258 libxml2: Unrestricted memory usage in xz_head() function in xzlib.c 1595985 - CVE-2018-14404 libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c 1619875 - CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression 6. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05158380 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05158380 Version: 1 HPSBMU03612 rev.1 - HPE Insight Control on Windows and Linux, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-06-01 Last Updated: 2016-06-01 Potential Security Impact: Cross-Site Request Forgery (CSRF), Remote Arbitrary Code Execution, Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Disclosure of Sensitive Information, Unauthorized Access Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified with HPE Insight Control (IC) on Windows which could be exploited remotely resulting in Denial of Service (DoS), Unauthorized Access, Cross-site scripting (XSS), Execution of Arbitrary code, Disclosure of Sensitive Information,Remote Code Execution and locally resulting in Cross-site Request Forgery (CSRF). References: CVE-2007-6750 CVE-2011-4969 CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3569 CVE-2014-3568 CVE-2014-3567 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-0205 CVE-2015-3194 CVE-2015-3195 CVE-2015-3237 CVE-2015-6565 CVE-2015-7501 CVE-2015-7547 CVE-2015-7995 CVE-2015-8035 CVE-2016-0705 CVE-2016-0728 CVE-2016-0799 CVE-2016-2015 CVE-2016-2017 CVE-2016-2018 CVE-2016-2019 CVE-2016-2020 CVE-2016-2021 CVE-2016-2022 CVE-2016-2024 CVE-2016-2030 CVE-2016-2842 PSRT110092 PSRT110093 PSRT110094 PSRT110095 PSRT110096 PSRT110138 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. System Management Homepage Prior to 7.5.5 HP Systems Insight Manager (HP SIM), Prior to 7.5.1 HP Insight Control Prior to 7.5.1 HPE Version Control Repository Manager Prior to 7.5.1 HPE Server Migration Pack Prior to 7.5.1 HP Insight Control server provisioning Prior to 7.5.1 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2007-6750 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4969 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-3194 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-3195 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-3237 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2015-6565 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2015-7501 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-7547 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-7995 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-8035 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2016-0705 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2016-0728 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2016-0799 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2016-2015 (AV:L/AC:H/Au:S/C:C/I:C/A:N) 5.5 CVE-2016-2017 (AV:N/AC:L/Au:S/C:P/I:P/A:N) 5.5 CVE-2016-2018 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2016-2019 (AV:L/AC:L/Au:M/C:C/I:C/A:N) 5.9 CVE-2016-2020 (AV:L/AC:L/Au:S/C:C/I:C/A:N) 6.2 CVE-2016-2021 (AV:L/AC:L/Au:M/C:C/I:C/A:N) 5.9 CVE-2016-2022 (AV:N/AC:H/Au:M/C:P/I:P/A:N) 3.2 CVE-2016-2024 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2016-2030 (AV:N/AC:L/Au:S/C:P/I:P/A:N) 5.5 CVE-2016-2842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HPE has released the following software updates to resolve these vulnerabilities in HPE Insight Control. The HPE Insight Control 7.5.1 Update kit applicable to HPE Insight Control 7.5.x installations is available at the following location: http://www.hpe.com/info/insightcontrol HPE has addressed these vulnerabilities for the impacted software components bundled with HPE Insight Control in the following HPE Security Bulletins: HPE Systems Insight Manager (SIM) (HPE Security Bulletin: HPSBMU03590) http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131085 HPE System Management Homepage (SMH) (HPE Security Bulletin: HPSBMU03593) http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05111017 Version Control Repository Manager (VCRM) (HPE Security Bulletin: HPSBMU03589) http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131044 HPE Server Migration Pack(SMP) (HPE Security Bulletin: HPSBMU03591) http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05130958 HPE Insight Control server provisioning (HPE Security Bulletin: HPSBMU03600) https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c05150736 HISTORY Version:1 (rev.1) - 1 June 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ============================================================================ Ubuntu Security Notice USN-2812-1 November 16, 2015 libxml2 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in libxml2. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-1819) Michal Zalewski discovered that libxml2 incorrectly handled certain XML data. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-7941) Kostya Serebryany discovered that libxml2 incorrectly handled certain XML data. (CVE-2015-7942) Gustavo Grieco discovered that libxml2 incorrectly handled certain XML data. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8035) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libxml2 2.9.2+zdfsg1-4ubuntu0.1 Ubuntu 15.04: libxml2 2.9.2+dfsg1-3ubuntu0.1 Ubuntu 14.04 LTS: libxml2 2.9.1+dfsg1-3ubuntu4.5 Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.12 After a standard system update you need to reboot your computer to make all the necessary changes. CVE-ID CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc. WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A website may be able to track sensitive user information Description: A hidden web page may be able to access device- orientation and device-motion data. This issue was addressed by suspending the availability of this data when the web view is hidden. CVE-ID CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, and Feng Hao of the School of Computing Science, Newcastle University, UK WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may reveal a user's current location Description: An issue existed in the parsing of geolocation requests. CVE-ID CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab (http://www.tencent.com) WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed through additional port validation. CVE-ID CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd. CVE-ID CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of 无声信息技术PKAV Team (PKAV.net) WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses may have allowed a malicious website to display an arbitrary URL and read cached contents of the destination origin. CVE-ID CVE-2016-1786 : ma.la of LINE Corporation WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: A caching issue existed with character encoding. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002 OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following: apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team AppleUSBNetworking Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of data from USB devices. This issue was addressed through improved input validation. CVE-ID CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path Bluetooth Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1735 : Jeonghoon Shin@A.D.D CVE-2016-1736 : beist and ABH of BoB Carbon Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2016-1737 : an anonymous researcher dyld Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context Description: A code signing verification issue existed in dyld. This issue was addressed with improved validation. CVE-ID CVE-2016-1738 : beist and ABH of BoB FontParser Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI) HTTPProtocol Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659 Intel Graphics Driver Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1743 : Piotr Bania of Cisco Talos CVE-2016-1744 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1745 : sweetchip of Grayhash IOGraphics Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad IOUSBFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition existed during the creation of new processes. This was addressed through improved state handling. CVE-ID CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-ID CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team Kernel Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero CVE-2016-1759 : lokihardt Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1758 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762 Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a JavaScript link can reveal sensitive user information Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks. CVE-ID CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox NVIDIA Graphics Drivers Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1741 : Ian Beer of Google Project Zero OpenSSH Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Connecting to a server may leak sensitive user information, such as a client's private keys Description: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client. CVE-ID CVE-2016-0777 : Qualys CVE-2016-0778 : Qualys OpenSSH Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 : Qualys CVE-2015-5334 : Qualys OpenSSL Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to cause a denial of service Description: A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh. CVE-ID CVE-2015-3195 Python Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1767 : Francis Provencher from COSIG CVE-2016-1768 : Francis Provencher from COSIG QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1769 : Francis Provencher from COSIG Reminders Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a tel link can make a call without prompting the user Description: A user was not prompted before invoking a call. This was addressed through improved entitlement checks. CVE-ID CVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca Ruby Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648. CVE-ID CVE-2015-7551 Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to check for the existence of arbitrary files Description: A permissions issue existed in code signing tools. This was addressed though additional ownership checks. CVE-ID CVE-2016-1773 : Mark Mentovai of Google Inc. Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab Tcl Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by removing libpng. CVE-ID CVE-2015-8126 : Adam Mariš TrueTypeScaler Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI) Wi-Fi Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher OS X El Capitan 10.11.4 includes the security content of Safari 9.1. https://support.apple.com/kb/HT206171 OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6 ARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w HiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l Jy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau /71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi UhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng O+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78 juPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF i9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP Izo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X qlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q VZmOKa8qMxB1L/JmdCqy =mZR+ -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2015-8035 // JVNDB: JVNDB-2015-005980 // BID: 77390 // VULHUB: VHN-85996 // PACKETSTORM: 136344 // PACKETSTORM: 137101 // PACKETSTORM: 140533 // PACKETSTORM: 157021 // PACKETSTORM: 137292 // PACKETSTORM: 134383 // PACKETSTORM: 136342 // PACKETSTORM: 136346

AFFECTED PRODUCTS

vendor:xmlsoftmodel:libxml2scope:eqversion:2.9.1

Trust: 1.8

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.11.3

Trust: 1.0

vendor:applemodel:watchosscope:lteversion:2.1

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:applemodel:tvosscope:lteversion:9.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:9.2.1

Trust: 1.0

vendor:canonicalmodel:ubuntuscope:eqversion:12.04 lts

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:14.04 lts

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:15.04

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:15.10

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11 to 10.11.3

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.3 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.3 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.3 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:9.2 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.2 (apple watch edition)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.2 (apple watch hermes)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.2 (apple watch sport)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.2 (apple watch)

Trust: 0.8

vendor:hewlett packardmodel:hpe insight controlscope:eqversion:none

Trust: 0.8

vendor:hewlett packardmodel:hpe insight controlscope:eqversion:server provisioning

Trust: 0.8

vendor:hewlett packardmodel:hpe server migration packscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hpe systems insight managerscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hpe version control repository managerscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:system management homepagescope: - version: -

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:2.1

Trust: 0.6

vendor:applemodel:tvscope:eqversion:9.1

Trust: 0.6

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.10

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.13

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.7.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.6

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.9

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.15

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.8

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.16

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.29

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.20

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.6

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.16

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.13

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.10

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.14

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.6

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.14

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.32

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.21

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.9

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.7.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.14

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.8

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.9

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.1.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.5

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.11

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.16

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.20

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.3

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.7.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.25

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.5

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.30

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.12

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.6

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.12

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.28

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.30

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.23

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.15

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.18

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.8

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.22

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.11

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.8

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.13

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.31

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.26

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.12

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.5

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.10

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.7.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.27

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.26

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.18

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.17

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.11

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.6

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.14

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.11

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.24

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.27

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.17

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.0.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.22

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.3

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.11

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.19

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.13

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.8

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.6

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.1

Trust: 0.3

sources: BID: 77390 // JVNDB: JVNDB-2015-005980 // CNNVD: CNNVD-201511-025 // NVD: CVE-2015-8035

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8035
value: LOW

Trust: 1.0

NVD: CVE-2015-8035
value: LOW

Trust: 0.8

CNNVD: CNNVD-201511-025
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85996
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-8035
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-85996
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-85996 // JVNDB: JVNDB-2015-005980 // CNNVD: CNNVD-201511-025 // NVD: CVE-2015-8035

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-85996 // JVNDB: JVNDB-2015-005980 // NVD: CVE-2015-8035

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 137292 // CNNVD: CNNVD-201511-025

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201511-025

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005980

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-85996

PATCH

title:APPLE-SA-2016-03-21-2 watchOS 2.2url:http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

Trust: 0.8

title:APPLE-SA-2016-03-21-3 tvOS 9.2url:http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

Trust: 0.8

title:APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002url:http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

Trust: 0.8

title:APPLE-SA-2016-03-21-1 iOS 9.3url:http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

Trust: 0.8

title:HT206166url:https://support.apple.com/en-us/HT206166

Trust: 0.8

title:HT206167url:https://support.apple.com/en-us/HT206167

Trust: 0.8

title:HT206168url:https://support.apple.com/en-us/HT206168

Trust: 0.8

title:HT206169url:https://support.apple.com/en-us/HT206169

Trust: 0.8

title:HT206167url:https://support.apple.com/ja-jp/HT206167

Trust: 0.8

title:HT206168url:https://support.apple.com/ja-jp/HT206168

Trust: 0.8

title:HT206169url:https://support.apple.com/ja-jp/HT206169

Trust: 0.8

title:HT206166url:https://support.apple.com/ja-jp/HT206166

Trust: 0.8

title:Bug 757466url:https://bugzilla.gnome.org/show_bug.cgi?id=757466

Trust: 0.8

title:CVE-2015-8035 Fix XZ compression support loopurl:https://git.gnome.org/browse/libxml2/commit/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63

Trust: 0.8

title:HPSBMU03612url:https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05158380

Trust: 0.8

title:USN-2812-1url:http://www.ubuntu.com/usn/USN-2812-1/

Trust: 0.8

title:Top Pageurl:http://xmlsoft.org/index.html

Trust: 0.8

title:v2.9.3: Nov 20 2015url:http://xmlsoft.org/news.html

Trust: 0.8

title:Libxml2‘parser.c’ Remediation measures for remote denial of service vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=90852

Trust: 0.6

sources: JVNDB: JVNDB-2015-005980 // CNNVD: CNNVD-201511-025

EXTERNAL IDS

db:NVDid:CVE-2015-8035

Trust: 3.6

db:BIDid:77390

Trust: 2.0

db:OPENWALLid:OSS-SECURITY/2015/11/03/1

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2015/11/02/2

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2015/11/02/4

Trust: 1.7

db:SECTRACKid:1034243

Trust: 1.7

db:JVNid:JVNVU97668313

Trust: 0.8

db:JVNDBid:JVNDB-2015-005980

Trust: 0.8

db:CNNVDid:CNNVD-201511-025

Trust: 0.7

db:AUSCERTid:ESB-2020.2565

Trust: 0.6

db:AUSCERTid:ESB-2023.3732

Trust: 0.6

db:AUSCERTid:ESB-2020.2200

Trust: 0.6

db:PACKETSTORMid:157021

Trust: 0.2

db:VULHUBid:VHN-85996

Trust: 0.1

db:PACKETSTORMid:136344

Trust: 0.1

db:PACKETSTORMid:137101

Trust: 0.1

db:PACKETSTORMid:140533

Trust: 0.1

db:PACKETSTORMid:137292

Trust: 0.1

db:PACKETSTORMid:134383

Trust: 0.1

db:PACKETSTORMid:136342

Trust: 0.1

db:PACKETSTORMid:136346

Trust: 0.1

sources: VULHUB: VHN-85996 // BID: 77390 // JVNDB: JVNDB-2015-005980 // PACKETSTORM: 136344 // PACKETSTORM: 137101 // PACKETSTORM: 140533 // PACKETSTORM: 157021 // PACKETSTORM: 137292 // PACKETSTORM: 134383 // PACKETSTORM: 136342 // PACKETSTORM: 136346 // CNNVD: CNNVD-201511-025 // NVD: CVE-2015-8035

REFERENCES

url:https://security.gentoo.org/glsa/201701-37

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2016-1089.html

Trust: 1.8

url:http://www.ubuntu.com/usn/usn-2812-1

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html

Trust: 1.7

url:http://www.securityfocus.com/bid/77390

Trust: 1.7

url:http://xmlsoft.org/news.html

Trust: 1.7

url:https://bugzilla.gnome.org/show_bug.cgi?id=757466

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05111017

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380

Trust: 1.7

url:https://support.apple.com/ht206166

Trust: 1.7

url:https://support.apple.com/ht206167

Trust: 1.7

url:https://support.apple.com/ht206168

Trust: 1.7

url:https://support.apple.com/ht206169

Trust: 1.7

url:http://www.debian.org/security/2015/dsa-3430

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177341.html

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177381.html

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2015/11/02/2

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2015/11/02/4

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2015/11/03/1

Trust: 1.7

url:http://www.securitytracker.com/id/1034243

Trust: 1.7

url:http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8035

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97668313/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8035

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-8035

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-7942

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3732

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-libxml2-vulnerabilities/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2200/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2565/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-1819

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-7499

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-8242

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-5312

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-7500

Trust: 0.5

url:http://seclists.org/oss-sec/2015/q4/206

Trust: 0.3

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21972720

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?rs=630&uid=swg21973201

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21975975

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21979767

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8659

Trust: 0.3

url:https://gpgtools.org

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-0801

Trust: 0.3

url:https://www.apple.com/support/security/pgp/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1740

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-0802

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-7941

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1751

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1755

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1753

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1750

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1752

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1762

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1775

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1754

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1748

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-7498

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-8035

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-7497

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-5131

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-3195

Trust: 0.2

url:https://support.apple.com/kb/ht201222

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1734

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1784

Trust: 0.1

url:https://support.apple.com/kb/ht1222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1950

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1783

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0763

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3/html-single/3.0.3_release_notes/index.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0706

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5345

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0714

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-7941

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-8241

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0209

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-7942

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-5312

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0714

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-7500

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-0209

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8710

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-7499

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0706

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=webserver&version=3.0.3

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-7497

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8241

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-8242

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-8317

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-7498

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-8710

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8317

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-5346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-5351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-5345

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0763

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5131

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3705

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1840

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4483

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3705

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1836

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1838

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3627

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4483

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7942

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1839

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2073

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7499

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1836

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1839

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8806

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2073

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8806

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3627

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8035

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5312

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7498

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7500

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1838

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7941

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1819

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4658

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8242

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4658

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1840

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7497

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-15412

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14404

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-15412

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:1190

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14404

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14567

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14567

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-18258

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-5131

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-18258

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7995

Trust: 0.1

url:http://www.hpe.com/support/security_bulletin_archive

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-6750

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1790

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0705

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1788

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1792

Trust: 0.1

url:http://www.hpe.com/support/subscriber_choice

Trust: 0.1

url:http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0799

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3567

Trust: 0.1

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3237

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3513

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1789

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1791

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2015

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0728

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7501

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2017

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7547

Trust: 0.1

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_

Trust: 0.1

url:http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4969

Trust: 0.1

url:http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6565

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3568

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3508

Trust: 0.1

url:http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3194

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3569

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3509

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3511

Trust: 0.1

url:http://www.hpe.com/info/insightcontrol

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.12

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.2+dfsg1-3ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.2+zdfsg1-4ubuntu0.1

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1756

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1757

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1760

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1766

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1761

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1758

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1763

Trust: 0.1

url:http://www.tencent.com)

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7551

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0777

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8472

Trust: 0.1

url:http://www.apple.com/support/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8126

Trust: 0.1

url:https://support.apple.com/kb/ht206171

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1732

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9495

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5334

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1733

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1736

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1735

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5333

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1738

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1737

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0973

Trust: 0.1

sources: VULHUB: VHN-85996 // BID: 77390 // JVNDB: JVNDB-2015-005980 // PACKETSTORM: 136344 // PACKETSTORM: 137101 // PACKETSTORM: 140533 // PACKETSTORM: 157021 // PACKETSTORM: 137292 // PACKETSTORM: 134383 // PACKETSTORM: 136342 // PACKETSTORM: 136346 // CNNVD: CNNVD-201511-025 // NVD: CVE-2015-8035

CREDITS

Gustavo Grieco

Trust: 0.9

sources: BID: 77390 // CNNVD: CNNVD-201511-025

SOURCES

db:VULHUBid:VHN-85996
db:BIDid:77390
db:JVNDBid:JVNDB-2015-005980
db:PACKETSTORMid:136344
db:PACKETSTORMid:137101
db:PACKETSTORMid:140533
db:PACKETSTORMid:157021
db:PACKETSTORMid:137292
db:PACKETSTORMid:134383
db:PACKETSTORMid:136342
db:PACKETSTORMid:136346
db:CNNVDid:CNNVD-201511-025
db:NVDid:CVE-2015-8035

LAST UPDATE DATE

2024-12-21T20:13:15.111000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-85996date:2019-03-08T00:00:00
db:BIDid:77390date:2016-07-06T14:55:00
db:JVNDBid:JVNDB-2015-005980date:2016-09-08T00:00:00
db:CNNVDid:CNNVD-201511-025date:2023-06-30T00:00:00
db:NVDid:CVE-2015-8035date:2024-11-21T02:37:53.517

SOURCES RELEASE DATE

db:VULHUBid:VHN-85996date:2015-11-18T00:00:00
db:BIDid:77390date:2015-11-02T00:00:00
db:JVNDBid:JVNDB-2015-005980date:2015-11-20T00:00:00
db:PACKETSTORMid:136344date:2016-03-22T15:12:44
db:PACKETSTORMid:137101date:2016-05-17T23:47:44
db:PACKETSTORMid:140533date:2017-01-17T02:26:10
db:PACKETSTORMid:157021date:2020-04-01T15:13:56
db:PACKETSTORMid:137292date:2016-06-02T19:12:12
db:PACKETSTORMid:134383date:2015-11-17T00:04:00
db:PACKETSTORMid:136342date:2016-03-22T15:05:15
db:PACKETSTORMid:136346date:2016-03-22T15:18:02
db:CNNVDid:CNNVD-201511-025date:2015-11-04T00:00:00
db:NVDid:CVE-2015-8035date:2015-11-18T16:59:09.883