ID

VAR-201605-0145


CVE

CVE-2016-0718


TITLE

Expat Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-002931

DESCRIPTION

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Expat is a C language-based XML parser library developed by American software developer Jim Clark, which uses a stream-oriented parser. There is a security hole in Expat. Description: This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release. Security Fix(es): * expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718) * curl: escape and unescape integer overflows (CVE-2016-7167) * curl: Cookie injection for other servers (CVE-2016-8615) * curl: Case insensitive password comparison (CVE-2016-8616) * curl: Out-of-bounds write via unchecked multiplication (CVE-2016-8617) * curl: Double-free in curl_maprintf (CVE-2016-8618) * curl: Double-free in krb5 code (CVE-2016-8619) * curl: curl_getdate out-of-bounds read (CVE-2016-8621) * curl: URL unescape heap overflow via integer truncation (CVE-2016-8622) * curl: Use-after-free via shared cookies (CVE-2016-8623) * curl: Invalid URL parsing with '#' (CVE-2016-8624) * curl: IDNA 2003 makes curl use wrong host (CVE-2016-8625) * libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) (CVE-2016-9598) * pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) (CVE-2017-6004) * pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) (CVE-2017-7186) * pcre: invalid memory read in_pcre32_xclass (pcre_xclass.c) (CVE-2017-7244) * pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7245) * pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7246) * curl: FTP PWD response parser out of bounds read (CVE-2017-1000254) * curl: IMAP FETCH response out of bounds read (CVE-2017-1000257) * curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP (CVE-2018-0500) Details around this issue, including information about the CVE, severity of the issue, and the CVSS score can be found on the CVE page listed in the Reference section below. The following packages have been upgraded to a newer upstream version: * Curl (7.57.0) * OpenSSL (1.0.2n) * Expat (2.2.5) * PCRE (8.41) * libxml2 (2.9.7) Acknowledgements: CVE-2017-1000254: Red Hat would like to thank Daniel Stenberg for reporting this issue. Upstream acknowledges Max Dymond as the original reporter. Upstream acknowledges Brian Carpenter, (the OSS-Fuzz project) as the original reporter. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/): 1296102 - CVE-2016-0718 expat: Out-of-bounds heap read on crafted input causing crash 1375906 - CVE-2016-7167 curl: escape and unescape integer overflows 1388370 - CVE-2016-8615 curl: Cookie injection for other servers 1388371 - CVE-2016-8616 curl: Case insensitive password comparison 1388377 - CVE-2016-8617 curl: Out-of-bounds write via unchecked multiplication 1388378 - CVE-2016-8618 curl: Double-free in curl_maprintf 1388379 - CVE-2016-8619 curl: Double-free in krb5 code 1388385 - CVE-2016-8621 curl: curl_getdate out-of-bounds read 1388386 - CVE-2016-8622 curl: URL unescape heap overflow via integer truncation 1388388 - CVE-2016-8623 curl: Use-after-free via shared cookies 1388390 - CVE-2016-8624 curl: Invalid URL parsing with '#' 1388392 - CVE-2016-8625 curl: IDNA 2003 makes curl use wrong host 1408306 - CVE-2016-9598 libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) 1425365 - CVE-2017-6004 pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) 1434504 - CVE-2017-7186 pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) 1437364 - CVE-2017-7244 pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c) 1437367 - CVE-2017-7245 pcre: stack-based buffer overflow write in pcre32_copy_substring 1437369 - CVE-2017-7246 pcre: stack-based buffer overflow write in pcre32_copy_substring 1495541 - CVE-2017-1000254 curl: FTP PWD response parser out of bounds read 1503705 - CVE-2017-1000257 curl: IMAP FETCH response out of bounds read 1597101 - CVE-2018-0500 curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP 5. From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <57683228.8060901@canonical.com> Subject: [USN-3013-1] XML-RPC for C and C++ vulnerabilities ============================================================================ Ubuntu Security Notice USN-3013-1 June 20, 2016 xmlrpc-c vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: Several security issues were fixed in XML-RPC for C and C++. This could reduce the security of calling applications. (CVE-2012-6702) It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-1283, CVE-2016-4472) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libxmlrpc-c++4 1.16.33-3.1ubuntu5.2 libxmlrpc-core-c3 1.16.33-3.1ubuntu5.2 After a standard system upgrade you need to restart any applications linked against XML-RPC for C and C++ to effect the necessary changes. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/expat-2.2.0-i586-1_slack14.2.txz: Upgraded. This update fixes bugs and security issues: Multiple integer overflows in XML_GetBuffer. Fix crash on malformed input. Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716. Use more entropy for hash initialization. Resolve troublesome internal call to srand. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/expat-2.2.0-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/expat-2.2.0-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/expat-2.2.0-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/expat-2.2.0-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/expat-2.2.0-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/expat-2.2.0-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/expat-2.2.0-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/expat-2.2.0-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/expat-2.2.0-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/expat-2.2.0-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/expat-2.2.0-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/expat-2.2.0-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.2.0-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.2.0-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: d042603604cda3dedb7a75cb049071c8 expat-2.2.0-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 4c57af80cc3ccd277a365f8053dabd9b expat-2.2.0-x86_64-1_slack13.0.txz Slackware 13.1 package: 649682e89895159e90c0775f056a5b2a expat-2.2.0-i486-1_slack13.1.txz Slackware x86_64 13.1 package: dc109e48fb07db4aa47caa912308dcee expat-2.2.0-x86_64-1_slack13.1.txz Slackware 13.37 package: a7893a356510073d213e08e6df41be6b expat-2.2.0-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 31f42e6ef7be259413659497f473b499 expat-2.2.0-x86_64-1_slack13.37.txz Slackware 14.0 package: 3d5ab68ef82db833aa1b890372dfa789 expat-2.2.0-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 7ab4d2d05f4695904a4e164f6093ea38 expat-2.2.0-x86_64-1_slack14.0.txz Slackware 14.1 package: 3e9c111a338efb49ed9aa85322e7dfed expat-2.2.0-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 5ec656840cad0813deeb632ef659d97b expat-2.2.0-x86_64-1_slack14.1.txz Slackware 14.2 package: 770d5c370a923d7f1356bc81ceaaa3e9 expat-2.2.0-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 0b44169d48b17e181cddd25c547a0258 expat-2.2.0-x86_64-1_slack14.2.txz Slackware -current package: bc2d54deb510e5a41845207133fc1a75 l/expat-2.2.0-i586-1.txz Slackware x86_64 -current package: 4bf858ad9d41159ce9fe624e47d58f21 l/expat-2.2.0-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg expat-2.2.0-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Updated to the latest 2.7.x release. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: expat security update Advisory ID: RHSA-2016:2824-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2824.html Issue date: 2016-11-28 CVE Names: CVE-2016-0718 ===================================================================== 1. Summary: An update for expat is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Expat is a C library for parsing XML documents. Security Fix(es): * An out-of-bounds read flaw was found in the way Expat processed certain input. (CVE-2016-0718) Red Hat would like to thank Gustavo Grieco for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, applications using the Expat library must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1296102 - CVE-2016-0718 expat: Out-of-bounds heap read on crafted input causing crash 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: expat-2.0.1-13.el6_8.src.rpm i386: expat-2.0.1-13.el6_8.i686.rpm expat-debuginfo-2.0.1-13.el6_8.i686.rpm x86_64: expat-2.0.1-13.el6_8.i686.rpm expat-2.0.1-13.el6_8.x86_64.rpm expat-debuginfo-2.0.1-13.el6_8.i686.rpm expat-debuginfo-2.0.1-13.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: expat-debuginfo-2.0.1-13.el6_8.i686.rpm expat-devel-2.0.1-13.el6_8.i686.rpm x86_64: expat-debuginfo-2.0.1-13.el6_8.i686.rpm expat-debuginfo-2.0.1-13.el6_8.x86_64.rpm expat-devel-2.0.1-13.el6_8.i686.rpm expat-devel-2.0.1-13.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: expat-2.0.1-13.el6_8.src.rpm x86_64: expat-2.0.1-13.el6_8.i686.rpm expat-2.0.1-13.el6_8.x86_64.rpm expat-debuginfo-2.0.1-13.el6_8.i686.rpm expat-debuginfo-2.0.1-13.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: expat-debuginfo-2.0.1-13.el6_8.i686.rpm expat-debuginfo-2.0.1-13.el6_8.x86_64.rpm expat-devel-2.0.1-13.el6_8.i686.rpm expat-devel-2.0.1-13.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: expat-2.0.1-13.el6_8.src.rpm i386: expat-2.0.1-13.el6_8.i686.rpm expat-debuginfo-2.0.1-13.el6_8.i686.rpm expat-devel-2.0.1-13.el6_8.i686.rpm ppc64: expat-2.0.1-13.el6_8.ppc.rpm expat-2.0.1-13.el6_8.ppc64.rpm expat-debuginfo-2.0.1-13.el6_8.ppc.rpm expat-debuginfo-2.0.1-13.el6_8.ppc64.rpm expat-devel-2.0.1-13.el6_8.ppc.rpm expat-devel-2.0.1-13.el6_8.ppc64.rpm s390x: expat-2.0.1-13.el6_8.s390.rpm expat-2.0.1-13.el6_8.s390x.rpm expat-debuginfo-2.0.1-13.el6_8.s390.rpm expat-debuginfo-2.0.1-13.el6_8.s390x.rpm expat-devel-2.0.1-13.el6_8.s390.rpm expat-devel-2.0.1-13.el6_8.s390x.rpm x86_64: expat-2.0.1-13.el6_8.i686.rpm expat-2.0.1-13.el6_8.x86_64.rpm expat-debuginfo-2.0.1-13.el6_8.i686.rpm expat-debuginfo-2.0.1-13.el6_8.x86_64.rpm expat-devel-2.0.1-13.el6_8.i686.rpm expat-devel-2.0.1-13.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: expat-2.0.1-13.el6_8.src.rpm i386: expat-2.0.1-13.el6_8.i686.rpm expat-debuginfo-2.0.1-13.el6_8.i686.rpm expat-devel-2.0.1-13.el6_8.i686.rpm x86_64: expat-2.0.1-13.el6_8.i686.rpm expat-2.0.1-13.el6_8.x86_64.rpm expat-debuginfo-2.0.1-13.el6_8.i686.rpm expat-debuginfo-2.0.1-13.el6_8.x86_64.rpm expat-devel-2.0.1-13.el6_8.i686.rpm expat-devel-2.0.1-13.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: expat-2.1.0-10.el7_3.src.rpm x86_64: expat-2.1.0-10.el7_3.i686.rpm expat-2.1.0-10.el7_3.x86_64.rpm expat-debuginfo-2.1.0-10.el7_3.i686.rpm expat-debuginfo-2.1.0-10.el7_3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: expat-debuginfo-2.1.0-10.el7_3.i686.rpm expat-debuginfo-2.1.0-10.el7_3.x86_64.rpm expat-devel-2.1.0-10.el7_3.i686.rpm expat-devel-2.1.0-10.el7_3.x86_64.rpm expat-static-2.1.0-10.el7_3.i686.rpm expat-static-2.1.0-10.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: expat-2.1.0-10.el7_3.src.rpm x86_64: expat-2.1.0-10.el7_3.i686.rpm expat-2.1.0-10.el7_3.x86_64.rpm expat-debuginfo-2.1.0-10.el7_3.i686.rpm expat-debuginfo-2.1.0-10.el7_3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: expat-debuginfo-2.1.0-10.el7_3.i686.rpm expat-debuginfo-2.1.0-10.el7_3.x86_64.rpm expat-devel-2.1.0-10.el7_3.i686.rpm expat-devel-2.1.0-10.el7_3.x86_64.rpm expat-static-2.1.0-10.el7_3.i686.rpm expat-static-2.1.0-10.el7_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: expat-2.1.0-10.el7_3.src.rpm aarch64: expat-2.1.0-10.el7_3.aarch64.rpm expat-debuginfo-2.1.0-10.el7_3.aarch64.rpm expat-devel-2.1.0-10.el7_3.aarch64.rpm ppc64: expat-2.1.0-10.el7_3.ppc.rpm expat-2.1.0-10.el7_3.ppc64.rpm expat-debuginfo-2.1.0-10.el7_3.ppc.rpm expat-debuginfo-2.1.0-10.el7_3.ppc64.rpm expat-devel-2.1.0-10.el7_3.ppc.rpm expat-devel-2.1.0-10.el7_3.ppc64.rpm ppc64le: expat-2.1.0-10.el7_3.ppc64le.rpm expat-debuginfo-2.1.0-10.el7_3.ppc64le.rpm expat-devel-2.1.0-10.el7_3.ppc64le.rpm s390x: expat-2.1.0-10.el7_3.s390.rpm expat-2.1.0-10.el7_3.s390x.rpm expat-debuginfo-2.1.0-10.el7_3.s390.rpm expat-debuginfo-2.1.0-10.el7_3.s390x.rpm expat-devel-2.1.0-10.el7_3.s390.rpm expat-devel-2.1.0-10.el7_3.s390x.rpm x86_64: expat-2.1.0-10.el7_3.i686.rpm expat-2.1.0-10.el7_3.x86_64.rpm expat-debuginfo-2.1.0-10.el7_3.i686.rpm expat-debuginfo-2.1.0-10.el7_3.x86_64.rpm expat-devel-2.1.0-10.el7_3.i686.rpm expat-devel-2.1.0-10.el7_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: expat-debuginfo-2.1.0-10.el7_3.aarch64.rpm expat-static-2.1.0-10.el7_3.aarch64.rpm ppc64: expat-debuginfo-2.1.0-10.el7_3.ppc.rpm expat-debuginfo-2.1.0-10.el7_3.ppc64.rpm expat-static-2.1.0-10.el7_3.ppc.rpm expat-static-2.1.0-10.el7_3.ppc64.rpm ppc64le: expat-debuginfo-2.1.0-10.el7_3.ppc64le.rpm expat-static-2.1.0-10.el7_3.ppc64le.rpm s390x: expat-debuginfo-2.1.0-10.el7_3.s390.rpm expat-debuginfo-2.1.0-10.el7_3.s390x.rpm expat-static-2.1.0-10.el7_3.s390.rpm expat-static-2.1.0-10.el7_3.s390x.rpm x86_64: expat-debuginfo-2.1.0-10.el7_3.i686.rpm expat-debuginfo-2.1.0-10.el7_3.x86_64.rpm expat-static-2.1.0-10.el7_3.i686.rpm expat-static-2.1.0-10.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: expat-2.1.0-10.el7_3.src.rpm x86_64: expat-2.1.0-10.el7_3.i686.rpm expat-2.1.0-10.el7_3.x86_64.rpm expat-debuginfo-2.1.0-10.el7_3.i686.rpm expat-debuginfo-2.1.0-10.el7_3.x86_64.rpm expat-devel-2.1.0-10.el7_3.i686.rpm expat-devel-2.1.0-10.el7_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: expat-debuginfo-2.1.0-10.el7_3.i686.rpm expat-debuginfo-2.1.0-10.el7_3.x86_64.rpm expat-static-2.1.0-10.el7_3.i686.rpm expat-static-2.1.0-10.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0718 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYPIyBXlSAg2UNWIIRAmHXAJ0XmPOxvAJOT6/eusxHQBKBs/LPDgCguirS H8Bczzxw4Aj5YxGpyacoQBE= =GbHX -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These issues were addressed by updating SQLite to version 3.15.2. These issues were addressed by updating expat to version 2.2.0. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Expat: Multiple vulnerabilities Date: January 11, 2017 Bugs: #458742, #555642, #577928, #583268, #585510 ID: 201701-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Expat, the worst of which may allow execution of arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/expat < 2.2.0-r1 >= 2.2.0-r1 Description =========== Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. This attack could also be used against automated systems that arbitrarily process XML files. Workaround ========== There is no known workaround at this time. Resolution ========== All Expat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/expat-2.2.0-r1" References ========== [ 1 ] CVE-2012-6702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6702 [ 2 ] CVE-2013-0340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0340 [ 3 ] CVE-2015-1283 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283 [ 4 ] CVE-2016-0718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0718 [ 5 ] CVE-2016-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4472 [ 6 ] CVE-2016-5300 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5300 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-21 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3582-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 18, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : expat CVE ID : CVE-2016-0718 Gustavo Grieco discovered that Expat, an XML parsing C library, does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. For the stable distribution (jessie), this problem has been fixed in version 2.1.0-6+deb8u2. Additionally this update refreshes the fix for CVE-2015-1283 to avoid relying on undefined behavior. We recommend that you upgrade your expat packages

Trust: 2.52

sources: NVD: CVE-2016-0718 // JVNDB: JVNDB-2016-002931 // VULHUB: VHN-88228 // VULMON: CVE-2016-0718 // PACKETSTORM: 148973 // PACKETSTORM: 137544 // PACKETSTORM: 140275 // PACKETSTORM: 147507 // PACKETSTORM: 139908 // PACKETSTORM: 141796 // PACKETSTORM: 140431 // PACKETSTORM: 137108

AFFECTED PRODUCTS

vendor:susemodel:linux enterprise serverscope:eqversion:12

Trust: 1.8

vendor:susemodel:linux enterprise software development kitscope:eqversion:12

Trust: 1.8

vendor:opensusemodel:leapscope:eqversion:42.1

Trust: 1.8

vendor:susemodel:linux enterprise desktopscope:eqversion:12

Trust: 1.8

vendor:susemodel:studio onsitescope:eqversion:1.3

Trust: 1.8

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.6

vendor:applemodel:mac os xscope:gteversion:10.11.0

Trust: 1.0

vendor:libexpatmodel:libexpatscope:ltversion:2.2.0

Trust: 1.0

vendor:pythonmodel:pythonscope:gteversion:2.7.0

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:3.6.2

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:3.5.4

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:3.3.7

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:2.7.15

Trust: 1.0

vendor:pythonmodel:pythonscope:gteversion:3.3.0

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:3.4.7

Trust: 1.0

vendor:pythonmodel:pythonscope:gteversion:3.5.0

Trust: 1.0

vendor:pythonmodel:pythonscope:gteversion:3.4.0

Trust: 1.0

vendor:pythonmodel:pythonscope:gteversion:3.6.0

Trust: 1.0

vendor:mcafeemodel:policy auditorscope:ltversion:6.5.1

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.2

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:mozillamodel:firefoxscope:ltversion:48.0

Trust: 1.0

vendor:susemodel:linux enterprise serverscope:eqversion:11

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.1

Trust: 1.0

vendor:susemodel:linux enterprise debuginfoscope:eqversion:11

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:susemodel:linux enterprise software development kitscope:eqversion:11

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.11.5

Trust: 1.0

vendor:susemodel:linux enterprise software development kitscope:eqversion:11-sp4

Trust: 0.8

vendor:susemodel:linux enterprise desktopscope:eqversion:12-sp1

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:12.04 lts

Trust: 0.8

vendor:susemodel:linux enterprise serverscope:eqversion:12-sp1

Trust: 0.8

vendor:susemodel:linux enterprise serverscope:eqversion:11-sp4

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:16.04 lts

Trust: 0.8

vendor:susemodel:linux enterprise debuginfoscope:eqversion:11-sp4

Trust: 0.8

vendor:expatmodel:expatscope: - version: -

Trust: 0.8

vendor:susemodel:linux enterprise software development kitscope:eqversion:12-sp1

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:15.10

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:14.04 lts

Trust: 0.8

vendor:applemodel:mac os xscope:ltversion:10.11

Trust: 0.8

vendor:debianmodel:gnu/linuxscope:eqversion:8.0

Trust: 0.8

sources: JVNDB: JVNDB-2016-002931 // CNNVD: CNNVD-201605-455 // NVD: CVE-2016-0718

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0718
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-0718
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201605-455
value: CRITICAL

Trust: 0.6

VULHUB: VHN-88228
value: HIGH

Trust: 0.1

VULMON: CVE-2016-0718
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-0718
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-88228
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0718
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2016-0718
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-88228 // VULMON: CVE-2016-0718 // JVNDB: JVNDB-2016-002931 // CNNVD: CNNVD-201605-455 // NVD: CVE-2016-0718

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-88228 // JVNDB: JVNDB-2016-002931 // NVD: CVE-2016-0718

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 137544 // PACKETSTORM: 139908 // PACKETSTORM: 137108 // CNNVD: CNNVD-201605-455

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201605-455

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002931

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-88228

PATCH

title:APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004url:http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

Trust: 0.8

title:HT206903url:https://support.apple.com/en-us/HT206903

Trust: 0.8

title:HT206903url:https://support.apple.com/ja-jp/HT206903

Trust: 0.8

title:DSA-3582url:https://www.debian.org/security/2016/dsa-3582

Trust: 0.8

title:MFSA2016-68url:http://www.mozilla.org/security/announce/2016/mfsa2016-68.html

Trust: 0.8

title:MFSA2016-68url:http://www.mozilla-japan.org/security/announce/2016/mfsa2016-68.html

Trust: 0.8

title:SUSE-SU-2016:1512url:https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html

Trust: 0.8

title:openSUSE-SU-2016url:https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html

Trust: 0.8

title:SUSE-SU-2016:1508url:https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html

Trust: 0.8

title:Bug 1296102url:https://bugzilla.redhat.com/show_bug.cgi?id=1296102#c2

Trust: 0.8

title:Expat XML Parserurl:https://sourceforge.net/projects/expat/

Trust: 0.8

title:USN-2983-1url:http://www.ubuntu.com/usn/USN-2983-1/

Trust: 0.8

title:Expat Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=61769

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2017/02/28/eset_antivirus_opens_macs_to_remote_execution_as_root/

Trust: 0.2

title:Red Hat: Moderate: expat security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20162824 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: expat vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2983-1

Trust: 0.1

title:Mozilla: Mozilla Foundation Security Advisory 2016-68url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=2016-68

Trust: 0.1

title:Mozilla: Out-of-bounds read during XML parsing in Expat libraryurl:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=ed80349726dbf716de7cec0c272ec473

Trust: 0.1

title:Amazon Linux AMI: ALAS-2016-775url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-775

Trust: 0.1

title:Ubuntu Security Notice: xmlrpc-c vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3013-1

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182486 - Security Advisory

Trust: 0.1

title:Tenable Security Advisories: [R5] Nessus 6.8 Fixes Multiple Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-11

Trust: 0.1

title:Ubuntu Security Notice: firefox vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3044-1

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=ac5af5dd99788925425f5747ec672707

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099

Trust: 0.1

title:Android Security Bulletins: Android Security Bulletin—November 2016url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=29d79db4a6421689e55b5a9ce5d2aa60

Trust: 0.1

title:Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-20

Trust: 0.1

title:Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=21c0efa2643d707e2f50a501209eb75c

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=13f3551b67d913fba90df4b2c0dae0bf

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title:afl-cveurl:https://github.com/mrash/afl-cve

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/google-security-researcher-finds-security-hole-in-esets-mac-antivirus/

Trust: 0.1

sources: VULMON: CVE-2016-0718 // JVNDB: JVNDB-2016-002931 // CNNVD: CNNVD-201605-455

EXTERNAL IDS

db:NVDid:CVE-2016-0718

Trust: 3.4

db:SECTRACKid:1036348

Trust: 1.8

db:SECTRACKid:1037705

Trust: 1.8

db:SECTRACKid:1036415

Trust: 1.8

db:PACKETSTORMid:141350

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2016/05/17/12

Trust: 1.8

db:TENABLEid:TNS-2016-20

Trust: 1.8

db:MCAFEEid:SB10365

Trust: 1.8

db:BIDid:90729

Trust: 1.8

db:JVNid:JVNVU94844193

Trust: 0.8

db:JVNDBid:JVNDB-2016-002931

Trust: 0.8

db:CNNVDid:CNNVD-201605-455

Trust: 0.7

db:AUSCERTid:ESB-2020.0699

Trust: 0.6

db:AUSCERTid:ESB-2021.2593

Trust: 0.6

db:PACKETSTORMid:139908

Trust: 0.2

db:PACKETSTORMid:137108

Trust: 0.2

db:PACKETSTORMid:148973

Trust: 0.2

db:PACKETSTORMid:138181

Trust: 0.1

db:PACKETSTORMid:137109

Trust: 0.1

db:VULHUBid:VHN-88228

Trust: 0.1

db:VULMONid:CVE-2016-0718

Trust: 0.1

db:PACKETSTORMid:137544

Trust: 0.1

db:PACKETSTORMid:140275

Trust: 0.1

db:PACKETSTORMid:147507

Trust: 0.1

db:PACKETSTORMid:141796

Trust: 0.1

db:PACKETSTORMid:140431

Trust: 0.1

sources: VULHUB: VHN-88228 // VULMON: CVE-2016-0718 // JVNDB: JVNDB-2016-002931 // PACKETSTORM: 148973 // PACKETSTORM: 137544 // PACKETSTORM: 140275 // PACKETSTORM: 147507 // PACKETSTORM: 139908 // PACKETSTORM: 141796 // PACKETSTORM: 140431 // PACKETSTORM: 137108 // CNNVD: CNNVD-201605-455 // NVD: CVE-2016-0718

REFERENCES

url:http://www.securityfocus.com/bid/90729

Trust: 1.9

url:https://security.gentoo.org/glsa/201701-21

Trust: 1.9

url:http://rhn.redhat.com/errata/rhsa-2016-2824.html

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2018:2486

Trust: 1.9

url:http://www.securitytracker.com/id/1036348

Trust: 1.8

url:http://www.securitytracker.com/id/1036415

Trust: 1.8

url:http://www.securitytracker.com/id/1037705

Trust: 1.8

url:http://seclists.org/fulldisclosure/2017/feb/68

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html

Trust: 1.8

url:http://www.debian.org/security/2016/dsa-3582

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html

Trust: 1.8

url:http://www.ubuntu.com/usn/usn-2983-1

Trust: 1.8

url:http://www.ubuntu.com/usn/usn-3044-1

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2016/05/17/12

Trust: 1.8

url:http://packetstormsecurity.com/files/141350/eset-endpoint-antivirus-6-remote-code-execution.html

Trust: 1.8

url:http://support.eset.com/ca6333/

Trust: 1.8

url:http://www.mozilla.org/security/announce/2016/mfsa2016-68.html

Trust: 1.8

url:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Trust: 1.8

url:http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Trust: 1.8

url:https://bugzilla.mozilla.org/show_bug.cgi?id=1236923

Trust: 1.8

url:https://bugzilla.redhat.com/show_bug.cgi?id=1296102

Trust: 1.8

url:https://source.android.com/security/bulletin/2016-11-01.html

Trust: 1.8

url:https://support.apple.com/ht206903

Trust: 1.8

url:https://www.tenable.com/security/tns-2016-20

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html

Trust: 1.8

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10365

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0718

Trust: 1.0

url:http://jvn.jp/vu/jvnvu94844193/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0718

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-0718

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2016-0718

Trust: 0.8

url:https://access.redhat.com/errata/rhsa-2016:2824

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2021.2593

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0699/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2016-5300

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-4472

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2012-6702

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-1283

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5300

Trust: 0.2

url:http://slackware.com

Trust: 0.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4472

Trust: 0.2

url:http://osuosl.org)

Trust: 0.2

url:http://slackware.com/gpg-key

Trust: 0.2

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10365

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://usn.ubuntu.com/2983-1/

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=53129

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-8624

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-8625

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-8624

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-7244

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-9598

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-1000254

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-8619

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-8618

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-8617

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-8616

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-7245

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/html-single/red_hat_jboss_core_services_apache_http_server_2.4.29_release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-7186

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-8616

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-8617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-8619

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-7246

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-7167

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-8621

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-8622

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-1000257

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-1000257

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-6004

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-0500

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-0500

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-8622

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-7245

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-1000254

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-7186

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-8615

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-8615

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-8618

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-8625

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-7244

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-8623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-9598

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-7167

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-8621

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-8623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-7246

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-6004

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/xmlrpc-c/1.16.33-3.1ubuntu5.2

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-3013-1

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1283

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6702

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-9233

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1061

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9233

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0876

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9063

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1060

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0876

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-9063

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1060

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1061

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://gpgtools.org

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-6153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3415

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3270

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6607

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3560

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3416

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3717

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3414

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-7443

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1148

Trust: 0.1

url:https://www.apple.com/itunes/download/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1147

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0340

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0340

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6702

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5300

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1283

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0718

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4472

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

sources: VULHUB: VHN-88228 // VULMON: CVE-2016-0718 // JVNDB: JVNDB-2016-002931 // PACKETSTORM: 148973 // PACKETSTORM: 137544 // PACKETSTORM: 140275 // PACKETSTORM: 147507 // PACKETSTORM: 139908 // PACKETSTORM: 141796 // PACKETSTORM: 140431 // PACKETSTORM: 137108 // CNNVD: CNNVD-201605-455 // NVD: CVE-2016-0718

CREDITS

Gustavo Grieco

Trust: 0.6

sources: CNNVD: CNNVD-201605-455

SOURCES

db:VULHUBid:VHN-88228
db:VULMONid:CVE-2016-0718
db:JVNDBid:JVNDB-2016-002931
db:PACKETSTORMid:148973
db:PACKETSTORMid:137544
db:PACKETSTORMid:140275
db:PACKETSTORMid:147507
db:PACKETSTORMid:139908
db:PACKETSTORMid:141796
db:PACKETSTORMid:140431
db:PACKETSTORMid:137108
db:CNNVDid:CNNVD-201605-455
db:NVDid:CVE-2016-0718

LAST UPDATE DATE

2024-11-11T20:05:42.142000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-88228date:2023-02-12T00:00:00
db:VULMONid:CVE-2016-0718date:2023-02-12T00:00:00
db:JVNDBid:JVNDB-2016-002931date:2016-09-05T00:00:00
db:CNNVDid:CNNVD-201605-455date:2023-04-04T00:00:00
db:NVDid:CVE-2016-0718date:2023-02-12T23:15:50.093

SOURCES RELEASE DATE

db:VULHUBid:VHN-88228date:2016-05-26T00:00:00
db:VULMONid:CVE-2016-0718date:2016-05-26T00:00:00
db:JVNDBid:JVNDB-2016-002931date:2016-05-30T00:00:00
db:PACKETSTORMid:148973date:2018-08-17T17:41:42
db:PACKETSTORMid:137544date:2016-06-21T00:20:59
db:PACKETSTORMid:140275date:2016-12-25T13:15:00
db:PACKETSTORMid:147507date:2018-05-05T13:13:00
db:PACKETSTORMid:139908date:2016-11-28T21:04:32
db:PACKETSTORMid:141796date:2017-03-23T16:22:29
db:PACKETSTORMid:140431date:2017-01-11T18:55:11
db:PACKETSTORMid:137108date:2016-05-18T15:47:12
db:CNNVDid:CNNVD-201605-455date:2016-05-18T00:00:00
db:NVDid:CVE-2016-0718date:2016-05-26T16:59:00.133