Details of VAR-201603-0244

ID

VAR-201603-0244

CVE

CVE-2016-1950

TITLE

Mozilla Firefox Used in Network Security Services Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-001841

DESCRIPTION

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. Both Mozilla Firefox and Firefox ESR are developed by the Mozilla Foundation in the United States. Firefox is an open source web browser; Firefox ESR is an extended support release of Firefox. The following products and versions are affected: Mozilla Firefox prior to 45.0, Firefox ESR prior to 38.7 38.x, Mozilla NSS prior to 3.19.2.3, 3.20.x, 3.21.1 prior to 3.21.x. CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of data encrypted with Transport Layer Security (TLS). CVE-2015-7181 CVE-2015-7182 CVE-2016-1950 Tyson Smith, David Keeler, and Francis Gabriel discovered heap-based buffer overflows in the ASN.1 DER parser, potentially leading to arbitrary code execution. CVE-2015-7575 Karthikeyan Bhargavan discovered that TLS client implementation accepted MD5-based signatures for TLS 1.2 connections with forward secrecy, weakening the intended security strength of TLS connections. CVE-2016-1938 Hanno Boeck discovered that NSS miscomputed the result of integer division for certain inputs. This could weaken the cryptographic protections provided by NSS. However, NSS implements RSA-CRT leak hardening, so RSA private keys are not directly disclosed by this issue. CVE-2016-1978 Eric Rescorla discovered a user-after-free vulnerability in the implementation of ECDH-based TLS handshakes, with unknown consequences. CVE-2016-1979 Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER processing, with application-specific impact. CVE-2016-2834 Tyson Smith and Jed Davis discovered unspecified memory-safety bugs in NSS. In addition, the NSS library did not ignore environment variables in processes which underwent a SUID/SGID/AT_SECURE transition at process start. In certain system configurations, this allowed local users to escalate their privileges. For the stable distribution (jessie), these problems have been fixed in version 2:3.26-1+debu8u1. For the unstable distribution (sid), these problems have been fixed in version 2:3.23-1. We recommend that you upgrade your nss packages. From: Chris Coulson <chris.coulson@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <422435dc-578f-06b7-474a-0471371d9312@canonical.com> Subject: [USN-2934-1] Thunderbird vulnerabilities ============================================================================ Ubuntu Security Notice USN-2934-1 April 27, 2016 thunderbird vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in Thunderbird. Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client Details: Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, and Randell Jesup discovered multiple memory safety issues in Thunderbird. (CVE-2016-1952) Nicolas Golubovic discovered that CSP violation reports can be used to overwrite local files. If a user were tricked in to opening a specially crafted website in a browsing context with addon signing disabled and unpacked addons installed, an attacker could potentially exploit this to gain additional privileges. (CVE-2016-1954) Jose Martinez and Romina Santillan discovered a memory leak in libstagefright during MPEG4 video file processing in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via memory exhaustion. (CVE-2016-1957) A use-after-free was discovered in the HTML5 string parser. (CVE-2016-1960) A use-after-free was discovered in the SetBody function of HTMLDocument. (CVE-2016-1961) Nicolas Gr=C3=A9goire discovered a use-after-free during XML transformations. (CVE-2016-1964) A memory corruption issues was discovered in the NPAPI subsystem. (CVE-2016-1966) Ronald Crane discovered an out-of-bounds read following a failed allocation in the HTML parser in some circumstances. (CVE-2016-1950) Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple memory safety issues in the Graphite 2 library. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: thunderbird 1:38.7.2+build1-0ubuntu0.16.04.1 Ubuntu 15.10: thunderbird 1:38.7.2+build1-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: thunderbird 1:38.7.2+build1-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: thunderbird 1:38.7.2+build1-0ubuntu0.12.04.1 After a standard system update you need to restart Thunderbird to make all the necessary changes. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as 'Mozilla Application Suite'. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/nspr < 4.12 >= 4.12 2 dev-libs/nss < 3.22.2 >= 3.22.2 3 mail-client/thunderbird < 38.7.0 >= 38.7.0 4 mail-client/thunderbird-bin < 38.7.0 >= 38.7.0 5 www-client/firefox < 38.7.0 >= 38.7.0 6 www-client/firefox-bin < 38.7.0 >= 38.7.0 ------------------------------------------------------------------- 6 affected packages Description =========== Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts. Workaround ========== There is no known workaround at this time. Resolution ========== All NSS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.22.2" All Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.7.0"= All users of the Thunderbird binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-38.7.0" All Firefox 38.7.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-38.7.0" All users of the Firefox 38.7.x binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.7.0" References ========== [ 1 ] CVE-2015-2708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708 [ 2 ] CVE-2015-2708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708 [ 3 ] CVE-2015-2709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709 [ 4 ] CVE-2015-2709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709 [ 5 ] CVE-2015-2710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710 [ 6 ] CVE-2015-2710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710 [ 7 ] CVE-2015-2711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711 [ 8 ] CVE-2015-2711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711 [ 9 ] CVE-2015-2712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712 [ 10 ] CVE-2015-2712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712 [ 11 ] CVE-2015-2713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713 [ 12 ] CVE-2015-2713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713 [ 13 ] CVE-2015-2714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714 [ 14 ] CVE-2015-2714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714 [ 15 ] CVE-2015-2715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715 [ 16 ] CVE-2015-2715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715 [ 17 ] CVE-2015-2716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716 [ 18 ] CVE-2015-2716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716 [ 19 ] CVE-2015-2717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717 [ 20 ] CVE-2015-2717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717 [ 21 ] CVE-2015-2718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718 [ 22 ] CVE-2015-2718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718 [ 23 ] CVE-2015-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473 [ 24 ] CVE-2015-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473 [ 25 ] CVE-2015-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474 [ 26 ] CVE-2015-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474 [ 27 ] CVE-2015-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475 [ 28 ] CVE-2015-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475 [ 29 ] CVE-2015-4477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477 [ 30 ] CVE-2015-4477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477 [ 31 ] CVE-2015-4478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478 [ 32 ] CVE-2015-4478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478 [ 33 ] CVE-2015-4479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479 [ 34 ] CVE-2015-4479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479 [ 35 ] CVE-2015-4480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480 [ 36 ] CVE-2015-4480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480 [ 37 ] CVE-2015-4481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481 [ 38 ] CVE-2015-4481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481 [ 39 ] CVE-2015-4482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482 [ 40 ] CVE-2015-4482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482 [ 41 ] CVE-2015-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483 [ 42 ] CVE-2015-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483 [ 43 ] CVE-2015-4484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484 [ 44 ] CVE-2015-4484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484 [ 45 ] CVE-2015-4485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485 [ 46 ] CVE-2015-4485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485 [ 47 ] CVE-2015-4486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486 [ 48 ] CVE-2015-4486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486 [ 49 ] CVE-2015-4487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487 [ 50 ] CVE-2015-4487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487 [ 51 ] CVE-2015-4488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488 [ 52 ] CVE-2015-4488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488 [ 53 ] CVE-2015-4489 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489 [ 54 ] CVE-2015-4489 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489 [ 55 ] CVE-2015-4490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490 [ 56 ] CVE-2015-4490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490 [ 57 ] CVE-2015-4491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491 [ 58 ] CVE-2015-4491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491 [ 59 ] CVE-2015-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492 [ 60 ] CVE-2015-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492 [ 61 ] CVE-2015-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493 [ 62 ] CVE-2015-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493 [ 63 ] CVE-2015-7181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181 [ 64 ] CVE-2015-7182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182 [ 65 ] CVE-2015-7183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183 [ 66 ] CVE-2016-1523 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523 [ 67 ] CVE-2016-1523 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523 [ 68 ] CVE-2016-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930 [ 69 ] CVE-2016-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930 [ 70 ] CVE-2016-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931 [ 71 ] CVE-2016-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931 [ 72 ] CVE-2016-1933 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933 [ 73 ] CVE-2016-1933 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933 [ 74 ] CVE-2016-1935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935 [ 75 ] CVE-2016-1935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935 [ 76 ] CVE-2016-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937 [ 77 ] CVE-2016-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937 [ 78 ] CVE-2016-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938 [ 79 ] CVE-2016-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938 [ 80 ] CVE-2016-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939 [ 81 ] CVE-2016-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939 [ 82 ] CVE-2016-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940 [ 83 ] CVE-2016-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940 [ 84 ] CVE-2016-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941 [ 85 ] CVE-2016-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941 [ 86 ] CVE-2016-1942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942 [ 87 ] CVE-2016-1942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942 [ 88 ] CVE-2016-1943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943 [ 89 ] CVE-2016-1943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943 [ 90 ] CVE-2016-1944 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944 [ 91 ] CVE-2016-1944 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944 [ 92 ] CVE-2016-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945 [ 93 ] CVE-2016-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945 [ 94 ] CVE-2016-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946 [ 95 ] CVE-2016-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946 [ 96 ] CVE-2016-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947 [ 97 ] CVE-2016-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947 [ 98 ] CVE-2016-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948 [ 99 ] CVE-2016-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948 [ 100 ] CVE-2016-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949 [ 101 ] CVE-2016-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949 [ 102 ] CVE-2016-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950 [ 103 ] CVE-2016-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950 [ 104 ] CVE-2016-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952 [ 105 ] CVE-2016-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952 [ 106 ] CVE-2016-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953 [ 107 ] CVE-2016-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953 [ 108 ] CVE-2016-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954 [ 109 ] CVE-2016-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954 [ 110 ] CVE-2016-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955 [ 111 ] CVE-2016-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955 [ 112 ] CVE-2016-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956 [ 113 ] CVE-2016-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956 [ 114 ] CVE-2016-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957 [ 115 ] CVE-2016-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957 [ 116 ] CVE-2016-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958 [ 117 ] CVE-2016-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958 [ 118 ] CVE-2016-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959 [ 119 ] CVE-2016-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959 [ 120 ] CVE-2016-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960 [ 121 ] CVE-2016-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960 [ 122 ] CVE-2016-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961 [ 123 ] CVE-2016-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961 [ 124 ] CVE-2016-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962 [ 125 ] CVE-2016-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962 [ 126 ] CVE-2016-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963 [ 127 ] CVE-2016-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963 [ 128 ] CVE-2016-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964 [ 129 ] CVE-2016-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964 [ 130 ] CVE-2016-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965 [ 131 ] CVE-2016-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965 [ 132 ] CVE-2016-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966 [ 133 ] CVE-2016-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966 [ 134 ] CVE-2016-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967 [ 135 ] CVE-2016-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967 [ 136 ] CVE-2016-1968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968 [ 137 ] CVE-2016-1968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968 [ 138 ] CVE-2016-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969 [ 139 ] CVE-2016-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969 [ 140 ] CVE-2016-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970 [ 141 ] CVE-2016-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970 [ 142 ] CVE-2016-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971 [ 143 ] CVE-2016-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971 [ 144 ] CVE-2016-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972 [ 145 ] CVE-2016-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972 [ 146 ] CVE-2016-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973 [ 147 ] CVE-2016-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973 [ 148 ] CVE-2016-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974 [ 149 ] CVE-2016-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974 [ 150 ] CVE-2016-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975 [ 151 ] CVE-2016-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975 [ 152 ] CVE-2016-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976 [ 153 ] CVE-2016-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976 [ 154 ] CVE-2016-1977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977 [ 155 ] CVE-2016-1977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977 [ 156 ] CVE-2016-1978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978 [ 157 ] CVE-2016-1978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978 [ 158 ] CVE-2016-1979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979 [ 159 ] CVE-2016-1979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979 [ 160 ] CVE-2016-2790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790 [ 161 ] CVE-2016-2790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790 [ 162 ] CVE-2016-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791 [ 163 ] CVE-2016-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791 [ 164 ] CVE-2016-2792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792 [ 165 ] CVE-2016-2792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792 [ 166 ] CVE-2016-2793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793 [ 167 ] CVE-2016-2793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793 [ 168 ] CVE-2016-2794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794 [ 169 ] CVE-2016-2794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794 [ 170 ] CVE-2016-2795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795 [ 171 ] CVE-2016-2795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795 [ 172 ] CVE-2016-2796 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796 [ 173 ] CVE-2016-2796 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796 [ 174 ] CVE-2016-2797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797 [ 175 ] CVE-2016-2797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797 [ 176 ] CVE-2016-2798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798 [ 177 ] CVE-2016-2798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798 [ 178 ] CVE-2016-2799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799 [ 179 ] CVE-2016-2799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799 [ 180 ] CVE-2016-2800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800 [ 181 ] CVE-2016-2800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800 [ 182 ] CVE-2016-2801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801 [ 183 ] CVE-2016-2801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801 [ 184 ] CVE-2016-2802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802 [ 185 ] CVE-2016-2802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201605-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --Bs4bwglUWSbluQjJQQ051Q7fVoU1XxLw6 . 5 client) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: nss-util security update Advisory ID: RHSA-2016:0370-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0370.html Issue date: 2016-03-09 CVE Names: CVE-2016-1950 ===================================================================== 1. Summary: Updated nss-util packages that fix one security issue are now available for Red Hat Enterprise 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2016-1950) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francis Gabriel as the original reporter. All nss-util users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the nss and nss-util library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1310509 - CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm i386: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm x86_64: nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm i386: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm ppc64: nss-util-3.19.1-5.el6_7.ppc.rpm nss-util-3.19.1-5.el6_7.ppc64.rpm nss-util-debuginfo-3.19.1-5.el6_7.ppc.rpm nss-util-debuginfo-3.19.1-5.el6_7.ppc64.rpm nss-util-devel-3.19.1-5.el6_7.ppc.rpm nss-util-devel-3.19.1-5.el6_7.ppc64.rpm s390x: nss-util-3.19.1-5.el6_7.s390.rpm nss-util-3.19.1-5.el6_7.s390x.rpm nss-util-debuginfo-3.19.1-5.el6_7.s390.rpm nss-util-debuginfo-3.19.1-5.el6_7.s390x.rpm nss-util-devel-3.19.1-5.el6_7.s390.rpm nss-util-devel-3.19.1-5.el6_7.s390x.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm i386: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: nss-util-3.19.1-9.el7_2.src.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: nss-util-3.19.1-9.el7_2.src.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: nss-util-3.19.1-9.el7_2.src.rpm ppc64: nss-util-3.19.1-9.el7_2.ppc.rpm nss-util-3.19.1-9.el7_2.ppc64.rpm nss-util-debuginfo-3.19.1-9.el7_2.ppc.rpm nss-util-debuginfo-3.19.1-9.el7_2.ppc64.rpm nss-util-devel-3.19.1-9.el7_2.ppc.rpm nss-util-devel-3.19.1-9.el7_2.ppc64.rpm ppc64le: nss-util-3.19.1-9.el7_2.ppc64le.rpm nss-util-debuginfo-3.19.1-9.el7_2.ppc64le.rpm nss-util-devel-3.19.1-9.el7_2.ppc64le.rpm s390x: nss-util-3.19.1-9.el7_2.s390.rpm nss-util-3.19.1-9.el7_2.s390x.rpm nss-util-debuginfo-3.19.1-9.el7_2.s390.rpm nss-util-debuginfo-3.19.1-9.el7_2.s390x.rpm nss-util-devel-3.19.1-9.el7_2.s390.rpm nss-util-devel-3.19.1-9.el7_2.s390x.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: nss-util-3.19.1-9.el7_2.src.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1950 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/advisories/mfsa2016-36 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW3580XlSAg2UNWIIRAovDAJwKx54WxiK95+n4U/9G+nDl0wRlYwCeM1lR iGa2ZA5NBkpEYzNEuWdBT74= =dxl7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.1) - ppc64, ppc64le, s390x, x86_64 3

Trust: 2.34

sources: NVD: CVE-2016-1950 // JVNDB: JVNDB-2016-001841 // VULHUB: VHN-90769 // PACKETSTORM: 139002 // PACKETSTORM: 136826 // PACKETSTORM: 136152 // PACKETSTORM: 137239 // PACKETSTORM: 136133 // PACKETSTORM: 136131 // PACKETSTORM: 136394

AFFECTED PRODUCTS

vendor:	oracle	model:	iplanet web proxy server	scope:	eq	version:	4.0	Trust: 1.8
vendor:	oracle	model:	iplanet web server	scope:	eq	version:	7.0	Trust: 1.8
vendor:	oracle	model:	glassfish server	scope:	eq	version:	2.1.1	Trust: 1.8
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.20.1	Trust: 1.6
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.20	Trust: 1.6
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.21	Trust: 1.6
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.19.2	Trust: 1.6
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.4.0	Trust: 1.0
vendor:	oracle	model:	linux	scope:	eq	version:	5.0	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.5.1	Trust: 1.0
vendor:	oracle	model:	linux	scope:	eq	version:	7	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.1.0	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.1	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.0	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	lte	version:	44.0.2	Trust: 1.0
vendor:	oracle	model:	linux	scope:	eq	version:	6	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lte	version:	2.1	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lte	version:	9.1	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.6.0	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.3.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.3	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.0.1	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.2.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	9.2.1	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.1.1	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.2.1	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.5.0	Trust: 1.0
vendor:	oracle	model:	vm server	scope:	eq	version:	3.2	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.6.1	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.0.5	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	(ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	(apple watch sport)	Trust: 0.8
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.21.1	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11 to 10.11.3	Trust: 0.8
vendor:	oracle	model:	vm server	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	tvos	scope:	eq	version:	9.2	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	(apple watch edition)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	eq	version:	2.2	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	(apple watch hermes)	Trust: 0.8
vendor:	mozilla	model:	network security services	scope:	lt	version:	3.21.x	Trust: 0.8
vendor:	mozilla	model:	firefox esr	scope:	eq	version:	38.7	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	(iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	(ipod touch first 5 after generation )	Trust: 0.8
vendor:	oracle	model:	linux	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	(apple watch)	Trust: 0.8
vendor:	opensuse	model:	opensuse	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.8
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.20.x	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	(apple tv first 4 generation )	Trust: 0.8
vendor:	mozilla	model:	firefox esr	scope:	lt	version:	38.x	Trust: 0.8

sources: JVNDB: JVNDB-2016-001841 // CNNVD: CNNVD-201603-136 // NVD: CVE-2016-1950

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1950
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1950
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201603-136
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90769
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1950
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90769
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1950
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90769 // JVNDB: JVNDB-2016-001841 // CNNVD: CNNVD-201603-136 // NVD: CVE-2016-1950

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-90769 // JVNDB: JVNDB-2016-001841 // NVD: CVE-2016-1950

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 137239 // CNNVD: CNNVD-201603-136

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201603-136

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001841

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-90769

PATCH

title:	APPLE-SA-2016-03-21-1 iOS 9.3	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html	Trust: 0.8
title:	APPLE-SA-2016-03-21-2 watchOS 2.2	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html	Trust: 0.8
title:	APPLE-SA-2016-03-21-3 tvOS 9.2	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html	Trust: 0.8
title:	APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	Trust: 0.8
title:	HT206168	url:	https://support.apple.com/en-us/HT206168	Trust: 0.8
title:	HT206169	url:	https://support.apple.com/en-us/HT206169	Trust: 0.8
title:	HT206166	url:	https://support.apple.com/en-us/HT206166	Trust: 0.8
title:	HT206167	url:	https://support.apple.com/en-us/HT206167	Trust: 0.8
title:	HT206166	url:	http://support.apple.com/ja-jp/HT206166	Trust: 0.8
title:	HT206167	url:	http://support.apple.com/ja-jp/HT206167	Trust: 0.8
title:	HT206168	url:	http://support.apple.com/ja-jp/HT206168	Trust: 0.8
title:	HT206169	url:	http://support.apple.com/ja-jp/HT206169	Trust: 0.8
title:	NSS 3.19.2.3 release notes	url:	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes	Trust: 0.8
title:	NSS 3.21.1 release notes	url:	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes	Trust: 0.8
title:	MFSA2016-35	url:	http://www.mozilla.org/security/announce/2016/mfsa2016-35.html	Trust: 0.8
title:	MFSA2016-35	url:	http://www.mozilla-japan.org/security/announce/2016/mfsa2016-35.html	Trust: 0.8
title:	openSUSE-SU-2016:1557	url:	https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - October 2016	url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices	url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html	Trust: 0.8
title:	Oracle Linux Bulletin - January 2016	url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Trust: 0.8
title:	Oracle VM Server for x86 Bulletin - July 2016	url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Trust: 0.8
title:	October 2016 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/october_2016_critical_patch_update	Trust: 0.8
title:	Mozilla Firefox and Firefox ESR Network Security Services Fixes for heap-based buffer overflow vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60496	Trust: 0.6

sources: JVNDB: JVNDB-2016-001841 // CNNVD: CNNVD-201603-136

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1950	Trust: 3.2
db:	BID	id:	84223	Trust: 1.7
db:	SECTRACK	id:	1035215	Trust: 1.7
db:	JVN	id:	JVNVU97668313	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-001841	Trust: 0.8
db:	CNNVD	id:	CNNVD-201603-136	Trust: 0.7
db:	PACKETSTORM	id:	136131	Trust: 0.2
db:	PACKETSTORM	id:	136826	Trust: 0.2
db:	PACKETSTORM	id:	136152	Trust: 0.2
db:	PACKETSTORM	id:	136133	Trust: 0.2
db:	PACKETSTORM	id:	136394	Trust: 0.2
db:	PACKETSTORM	id:	136148	Trust: 0.1
db:	PACKETSTORM	id:	136146	Trust: 0.1
db:	PACKETSTORM	id:	136614	Trust: 0.1
db:	PACKETSTORM	id:	136304	Trust: 0.1
db:	PACKETSTORM	id:	136723	Trust: 0.1
db:	VULHUB	id:	VHN-90769	Trust: 0.1
db:	PACKETSTORM	id:	139002	Trust: 0.1
db:	PACKETSTORM	id:	137239	Trust: 0.1

sources: VULHUB: VHN-90769 // JVNDB: JVNDB-2016-001841 // PACKETSTORM: 139002 // PACKETSTORM: 136826 // PACKETSTORM: 136152 // PACKETSTORM: 137239 // PACKETSTORM: 136133 // PACKETSTORM: 136131 // PACKETSTORM: 136394 // CNNVD: CNNVD-201603-136 // NVD: CVE-2016-1950

REFERENCES

url:	http://www.securityfocus.com/bid/84223	Trust: 2.3
url:	http://www.debian.org/security/2016/dsa-3510	Trust: 2.3
url:	http://www.debian.org/security/2016/dsa-3520	Trust: 2.3
url:	http://www.debian.org/security/2016/dsa-3688	Trust: 2.3
url:	https://security.gentoo.org/glsa/201605-06	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-0495.html	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-2934-1	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html	Trust: 1.7
url:	http://www.mozilla.org/security/announce/2016/mfsa2016-35.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Trust: 1.7
url:	https://bto.bluecoat.com/security-advisory/sa119	Trust: 1.7
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=1245528	Trust: 1.7
url:	https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.19.2.3_release_notes	Trust: 1.7
url:	https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.21.1_release_notes	Trust: 1.7
url:	https://support.apple.com/ht206166	Trust: 1.7
url:	https://support.apple.com/ht206167	Trust: 1.7
url:	https://support.apple.com/ht206168	Trust: 1.7
url:	https://support.apple.com/ht206169	Trust: 1.7
url:	http://www.securitytracker.com/id/1035215	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-2917-1	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-2917-2	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-2917-3	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-2924-1	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1950	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97668313/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1950	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1950	Trust: 0.6
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-1950	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.3
url:	https://www.mozilla.org/en-us/security/advisories/mfsa2016-36	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	https://www.debian.org/security/faq	Trust: 0.2
url:	https://www.debian.org/security/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2791	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1957	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2795	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1974	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2794	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1977	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2798	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2796	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1961	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2797	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2792	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2793	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2802	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1954	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2790	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1964	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2799	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1960	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2800	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1952	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2801	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1966	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2834	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1979	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1938	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7182	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1978	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4000	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7181	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7575	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.12.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.14.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.15.10.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.16.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1965	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1958	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1962	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4485	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2802	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1950	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4488	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4492	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1935	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7182	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1931	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1972	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1933	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4483	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4479	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1963	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1960	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4485	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1940	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1939	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2713	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7181	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2711	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2718	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1969	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4489	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2796	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4481	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2709	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2790	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4477	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1966	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1975	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1946	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2710	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2714	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1523	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4477	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7183	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4483	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4473	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1959	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1948	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2716	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4480	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2712	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4475	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2712	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1977	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4479	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2792	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4478	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4486	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2800	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1930	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2715	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4487	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2708	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1942	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2713	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1938	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1957	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4493	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4488	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1956	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2717	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4478	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4489	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4473	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1962	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2714	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2710	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1941	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1970	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1978	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2709	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2793	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1945	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4486	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4482	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1953	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2711	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4474	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4490	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1958	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1961	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4482	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4484	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1968	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2799	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1947	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1967	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4475	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2791	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1964	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4484	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1937	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2716	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1979	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1943	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1965	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4487	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4490	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1954	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1955	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1976	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2794	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2795	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1973	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4480	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1952	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4491	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2708	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2718	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4474	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1974	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2797	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2798	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1944	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4481	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2715	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1949	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2801	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2717	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2016-0371.html	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2016-0370.html	Trust: 0.1

CREDITS

Red Hat

Trust: 0.3

sources: PACKETSTORM: 136133 // PACKETSTORM: 136131 // PACKETSTORM: 136394

SOURCES

db:	VULHUB	id:	VHN-90769
db:	JVNDB	id:	JVNDB-2016-001841
db:	PACKETSTORM	id:	139002
db:	PACKETSTORM	id:	136826
db:	PACKETSTORM	id:	136152
db:	PACKETSTORM	id:	137239
db:	PACKETSTORM	id:	136133
db:	PACKETSTORM	id:	136131
db:	PACKETSTORM	id:	136394
db:	CNNVD	id:	CNNVD-201603-136
db:	NVD	id:	CVE-2016-1950

LAST UPDATE DATE

2024-11-20T20:03:12.919000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90769	date:	2019-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2016-001841	date:	2016-11-22T00:00:00
db:	CNNVD	id:	CNNVD-201603-136	date:	2019-12-30T00:00:00
db:	NVD	id:	CVE-2016-1950	date:	2024-10-22T13:42:14.500

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90769	date:	2016-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-001841	date:	2016-03-24T00:00:00
db:	PACKETSTORM	id:	139002	date:	2016-10-06T20:59:47
db:	PACKETSTORM	id:	136826	date:	2016-04-28T00:01:48
db:	PACKETSTORM	id:	136152	date:	2016-03-10T14:57:09
db:	PACKETSTORM	id:	137239	date:	2016-05-31T13:33:03
db:	PACKETSTORM	id:	136133	date:	2016-03-09T15:26:06
db:	PACKETSTORM	id:	136131	date:	2016-03-09T15:25:30
db:	PACKETSTORM	id:	136394	date:	2016-03-23T23:16:10
db:	CNNVD	id:	CNNVD-201603-136	date:	2016-03-11T00:00:00
db:	NVD	id:	CVE-2016-1950	date:	2016-03-13T18:59:00.193