ID

VAR-201605-0466


CVE

CVE-2016-1839


TITLE

plural Apple Used in products libxml2 of xmlDictAddString Service disruption in functions (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-002803

DESCRIPTION

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code and bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 9.3.2, watchOS 2.2.1, Mac OS X 10.11.5, and tvOS 9.2.1 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libxml2 security update Advisory ID: RHSA-2016:1292-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1292 Issue date: 2016-06-23 CVE Names: CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 ===================================================================== 1. Summary: An update for libxml2 is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2016-1834, CVE-2016-1840) Multiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all applications linked to the libxml2 library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux HPC Node (v. 6): Source: libxml2-2.7.6-21.el6_8.1.src.rpm x86_64: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-2.7.6-21.el6_8.1.x86_64.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: libxml2-2.7.6-21.el6_8.1.src.rpm i386: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-python-2.7.6-21.el6_8.1.i686.rpm ppc64: libxml2-2.7.6-21.el6_8.1.ppc.rpm libxml2-2.7.6-21.el6_8.1.ppc64.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.ppc.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm libxml2-devel-2.7.6-21.el6_8.1.ppc.rpm libxml2-devel-2.7.6-21.el6_8.1.ppc64.rpm libxml2-python-2.7.6-21.el6_8.1.ppc64.rpm s390x: libxml2-2.7.6-21.el6_8.1.s390.rpm libxml2-2.7.6-21.el6_8.1.s390x.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.s390.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm libxml2-devel-2.7.6-21.el6_8.1.s390.rpm libxml2-devel-2.7.6-21.el6_8.1.s390x.rpm libxml2-python-2.7.6-21.el6_8.1.s390x.rpm x86_64: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-2.7.6-21.el6_8.1.x86_64.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-static-2.7.6-21.el6_8.1.i686.rpm ppc64: libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm libxml2-static-2.7.6-21.el6_8.1.ppc64.rpm s390x: libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm libxml2-static-2.7.6-21.el6_8.1.s390x.rpm x86_64: libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libxml2-2.7.6-21.el6_8.1.src.rpm i386: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-python-2.7.6-21.el6_8.1.i686.rpm x86_64: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-2.7.6-21.el6_8.1.x86_64.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-static-2.7.6-21.el6_8.1.i686.rpm x86_64: libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: libxml2-2.9.1-6.el7_2.3.src.rpm x86_64: libxml2-2.9.1-6.el7_2.3.i686.rpm libxml2-2.9.1-6.el7_2.3.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.3.i686.rpm libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libxml2-2.9.1-6.el7_2.3.src.rpm x86_64: libxml2-2.9.1-6.el7_2.3.i686.rpm libxml2-2.9.1-6.el7_2.3.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.3.i686.rpm libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libxml2-2.9.1-6.el7_2.3.src.rpm ppc64: libxml2-2.9.1-6.el7_2.3.ppc.rpm libxml2-2.9.1-6.el7_2.3.ppc64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm libxml2-devel-2.9.1-6.el7_2.3.ppc.rpm libxml2-devel-2.9.1-6.el7_2.3.ppc64.rpm libxml2-python-2.9.1-6.el7_2.3.ppc64.rpm ppc64le: libxml2-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-devel-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-python-2.9.1-6.el7_2.3.ppc64le.rpm s390x: libxml2-2.9.1-6.el7_2.3.s390.rpm libxml2-2.9.1-6.el7_2.3.s390x.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm libxml2-devel-2.9.1-6.el7_2.3.s390.rpm libxml2-devel-2.9.1-6.el7_2.3.s390x.rpm libxml2-python-2.9.1-6.el7_2.3.s390x.rpm x86_64: libxml2-2.9.1-6.el7_2.3.i686.rpm libxml2-2.9.1-6.el7_2.3.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.3.i686.rpm libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm libxml2-static-2.9.1-6.el7_2.3.ppc.rpm libxml2-static-2.9.1-6.el7_2.3.ppc64.rpm ppc64le: libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-static-2.9.1-6.el7_2.3.ppc64le.rpm s390x: libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm libxml2-static-2.9.1-6.el7_2.3.s390.rpm libxml2-static-2.9.1-6.el7_2.3.s390x.rpm x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libxml2-2.9.1-6.el7_2.3.src.rpm x86_64: libxml2-2.9.1-6.el7_2.3.i686.rpm libxml2-2.9.1-6.el7_2.3.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.3.i686.rpm libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1762 https://access.redhat.com/security/cve/CVE-2016-1833 https://access.redhat.com/security/cve/CVE-2016-1834 https://access.redhat.com/security/cve/CVE-2016-1835 https://access.redhat.com/security/cve/CVE-2016-1836 https://access.redhat.com/security/cve/CVE-2016-1837 https://access.redhat.com/security/cve/CVE-2016-1838 https://access.redhat.com/security/cve/CVE-2016-1839 https://access.redhat.com/security/cve/CVE-2016-1840 https://access.redhat.com/security/cve/CVE-2016-3627 https://access.redhat.com/security/cve/CVE-2016-3705 https://access.redhat.com/security/cve/CVE-2016-4447 https://access.redhat.com/security/cve/CVE-2016-4448 https://access.redhat.com/security/cve/CVE-2016-4449 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXa8B8XlSAg2UNWIIRAh9ZAJ99xgPhOaIopIxmynm+vlDcmw4jFACeLvTm ZsVLEgJAF0Zt6xZVzqvVW7U= =fREV -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-2 iOS 9.3.2 iOS 9.3.2 is now available and addresses the following: Accessibility Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to determine kernel memory layout Description: A buffer overflow was addressed through improved size validation. CVE-ID CVE-2016-1790 : Rapelly Akhil CFNetwork Proxies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved locking. CVE-ID CVE-2016-1814 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1823 : Ian Beer of Google Project Zero CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad libc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) OpenGL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A user may be unable to fully delete browsing history Description: "Clear History and Website Data" did not clear the history. The issue was addressed through improved data deletion. CVE-ID CVE-2016-1849 : Adham Ghrayeb Siri Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may be able to use Siri to access contacts and photos from the the lock screen Description: A state management issue existed when accessing Siri results on the lock screen. This issue was addressed by disabling data detectors in Twitter results when the device is locked. CVE-ID CVE-2016-1852 : videosdebarraquito WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose data from another website Description: An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking. CVE-ID CVE-2016-1858 : an anonymous researcher WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day Initiative CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day Initiative CVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative WebKit Canvas Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.3.2". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libxml2: Multiple vulnerabilities Date: January 16, 2017 Bugs: #564776, #566374, #572878, #573820, #577998, #582538, #582540, #583888, #589816, #597112, #597114, #597116 ID: 201701-37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in libxml2, the worst of which could lead to the execution of arbitrary code. Background ========== libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxml2 < 2.9.4-r1 >= 2.9.4-r1 Description =========== Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.4-r1" References ========== [ 1 ] CVE-2015-1819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819 [ 2 ] CVE-2015-5312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5312 [ 3 ] CVE-2015-7497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7497 [ 4 ] CVE-2015-7498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7498 [ 5 ] CVE-2015-7499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7499 [ 6 ] CVE-2015-7500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7500 [ 7 ] CVE-2015-7941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7941 [ 8 ] CVE-2015-7942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7942 [ 9 ] CVE-2015-8035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8035 [ 10 ] CVE-2015-8242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8242 [ 11 ] CVE-2015-8806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8806 [ 12 ] CVE-2016-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1836 [ 13 ] CVE-2016-1838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1838 [ 14 ] CVE-2016-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1839 [ 15 ] CVE-2016-1840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1840 [ 16 ] CVE-2016-2073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2073 [ 17 ] CVE-2016-3627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3627 [ 18 ] CVE-2016-3705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3705 [ 19 ] CVE-2016-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4483 [ 20 ] CVE-2016-4658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4658 [ 21 ] CVE-2016-5131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-37 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <5755B7E3.5040103@canonical.com> Subject: [USN-2994-1] libxml2 vulnerabilities ============================================================================ Ubuntu Security Notice USN-2994-1 June 06, 2016 libxml2 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in libxml2. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447) It was discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1762, CVE-2016-1834) Mateusz Jurczyk discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839) Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1835, CVE-2016-1837) Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-1836) Kostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1840) It was discovered that libxml2 would load certain XML external entities. (CVE-2016-4449) Gustavo Grieco discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-4483) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libxml2 2.9.3+dfsg1-1ubuntu0.1 Ubuntu 15.10: libxml2 2.9.2+zdfsg1-4ubuntu0.4 Ubuntu 14.04 LTS: libxml2 2.9.1+dfsg1-3ubuntu4.8 Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.15 After a standard system update you need to reboot your computer to make all the necessary changes. For the stable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-5+deb8u2. Description: This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. Security Fix(es): * This update fixes several flaws in OpenSSL. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483) * This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141) * This update fixes two flaws in httpd. (CVE-2016-4459, CVE-2016-8612) * A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808) * A memory leak flaw was fixed in expat. Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705. See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/): JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service 6

Trust: 2.79

sources: NVD: CVE-2016-1839 // JVNDB: JVNDB-2016-002803 // BID: 90691 // VULHUB: VHN-90658 // VULMON: CVE-2016-1839 // PACKETSTORM: 137080 // PACKETSTORM: 137613 // PACKETSTORM: 137076 // PACKETSTORM: 140533 // PACKETSTORM: 137335 // PACKETSTORM: 137298 // PACKETSTORM: 137075 // PACKETSTORM: 140182

AFFECTED PRODUCTS

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.6

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.2

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:9.2.1

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.4

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.5

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.6.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.6

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:2.2.1

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.4

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:9.3.2

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.3

Trust: 1.0

vendor:xmlsoftmodel:libxml2scope:ltversion:2.9.4

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.3

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:lteversion:7.6.2.3

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:lteversion:7.5.2.10

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.11.5

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.10

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.5.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.2

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.2

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.6

Trust: 1.0

vendor:canonicalmodel:ubuntuscope:eqversion:12.04 lts

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:14.04 lts

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:15.10

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:16.04 lts

Trust: 0.8

vendor:debianmodel:gnu/linuxscope:eqversion:8.0

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11 and later

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.3.2 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.3.2 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.3.2 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:9.2.1 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.2.1 (apple watch edition)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.2.1 (apple watch hermes)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.2.1 (apple watch sport)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.2.1 (apple watch)

Trust: 0.8

vendor:applemodel:itunesscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.211

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.0

Trust: 0.3

vendor:ibmmodel:security network protectionscope:neversion:5.3.2.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.3

Trust: 0.3

vendor:bluecoatmodel:advanced secure gatewayscope:eqversion:6.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1.1.4

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.0.410

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.24

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:neversion:7.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.2

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.219

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.2.0.4

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.1

Trust: 0.3

vendor:junipermodel:junos space 15.1f2scope: - version: -

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.22

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.2

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.36

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6.3

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.5

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.4

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.5.2.10

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0.1

Trust: 0.3

vendor:junipermodel:junos space 15.1r2.11scope: - version: -

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2.12

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2.1

Trust: 0.3

vendor:bluecoatmodel:authconnectorscope:eqversion:2.5

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.44

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2.1

Trust: 0.3

vendor:mcafeemodel:email gateway 7.6.2h968406scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.46

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.26

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.405

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.0.163

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.2

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.2.72

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:12.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.42

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:neversion:9.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:junipermodel:junos space 15.2r1scope: - version: -

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0.2.20

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4.1.10

Trust: 0.3

vendor:applemodel:watchscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:2.1

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.5.2.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.08

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.4

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.08

Trust: 0.3

vendor:bluecoatmodel:security analytics platformscope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.213

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.22

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.2

Trust: 0.3

vendor:bluecoatmodel:industrial control system protectionscope:eqversion:5.3

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.404

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.2.0.413

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fixpacscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.11.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.5

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.3

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.401

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4.1

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.3

vendor:mcafeemodel:email gateway 7.6.405h1165239scope: - version: -

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.1.42

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.32

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:neversion:7.5.2.11

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2.3

Trust: 0.3

vendor:bluecoatmodel:norman network protectionscope:eqversion:5.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.4.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.34

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:13.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.0

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.1.0.412

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.1

Trust: 0.3

vendor:applemodel:watchosscope:neversion:2.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:junipermodel:junos space 15.2r2scope: - version: -

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.21

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.1

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry jre updatescope:eqversion:2.3.0.35

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:2.3.0.33

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.31

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.218

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:iosscope:neversion:9.3.3

Trust: 0.3

vendor:ibmmodel:security network protectionscope:neversion:5.3.1.10

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.0.411

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.3.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.3.2

Trust: 0.3

vendor:junipermodel:junos space 14.1r1.9scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.214

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fpscope:eqversion:3.19

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.1.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.3.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fixpacscope:eqversion:3.2

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.403

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.113

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.4

Trust: 0.3

vendor:esignalmodel:esignalscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.11

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.110

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.5

Trust: 0.3

vendor:junipermodel:junos space 16.1r1scope:neversion: -

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fpscope:eqversion:3.110

Trust: 0.3

vendor:bluecoatmodel:proxysgscope:eqversion:6.5

Trust: 0.3

vendor:ibmmodel:mq appliance m2001scope: - version: -

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.21

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:tvscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:bluecoatmodel:security analytics platformscope:eqversion:6.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.6

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.4

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:mq appliance m2000scope: - version: -

Trust: 0.3

vendor:oraclemodel:solaris sru11.6scope:neversion:11.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.4

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:12.1

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.1.0.415

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.4.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.09

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.2.0.4

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:ibmmodel:security identity governance and intelligencescope:eqversion:5.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.0.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.12

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.5

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.4.01

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4.0.80

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.09

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0

Trust: 0.3

vendor:applemodel:mac os security updatescope:neversion:x2016-0030

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1.2

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.11.5

Trust: 0.3

vendor:ibmmodel:smartcloud entry jre updatescope:eqversion:2.3.0.34

Trust: 0.3

vendor:junipermodel:junos space 14.1r1scope: - version: -

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.010

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.2

Trust: 0.3

vendor:applemodel:itunesscope:neversion:12.4.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry jre updatescope:eqversion:2.4.0.55

Trust: 0.3

vendor:bluecoatmodel:directorscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.3

Trust: 0.3

vendor:applemodel:tvosscope:neversion:9.2.1

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:neversion:7.6.2.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:mac os security updatescope:neversion:x2016

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.5.2.9

Trust: 0.3

vendor:applemodel:watchosscope:neversion:2.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1

Trust: 0.3

vendor:bluecoatmodel:industrial control systems network scannerscope:eqversion:5.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:2.4.0.55

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.400

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:1.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.5

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.2.0.415

Trust: 0.3

vendor:bluecoatmodel:proxysgscope:eqversion:6.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.3

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.8

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.9

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.2

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:neversion:7.6.406-3402.103

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.3.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:11.2

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6.1.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:mcafeemodel:email gateway 7.6.405h1157986scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.3.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:bluecoatmodel:security analytics platformscope:eqversion:7.1

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.402

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.0

Trust: 0.3

sources: BID: 90691 // JVNDB: JVNDB-2016-002803 // CNNVD: CNNVD-201605-479 // NVD: CVE-2016-1839

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1839
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1839
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201605-479
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90658
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-1839
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1839
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2016-1839
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-90658
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1839
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2016-1839
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-90658 // VULMON: CVE-2016-1839 // JVNDB: JVNDB-2016-002803 // CNNVD: CNNVD-201605-479 // NVD: CVE-2016-1839

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-90658 // JVNDB: JVNDB-2016-002803 // NVD: CVE-2016-1839

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201605-479

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201605-479

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002803

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-90658 // VULMON: CVE-2016-1839

PATCH

title:Apple security updatesurl:https://support.apple.com/en-us/HT201222

Trust: 0.8

title:APPLE-SA-2016-05-16-3 watchOS 2.2.1url:http://lists.apple.com/archives/security-announce/2016/May/msg00003.html

Trust: 0.8

title:APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003url:http://lists.apple.com/archives/security-announce/2016/May/msg00004.html

Trust: 0.8

title:APPLE-SA-2016-05-16-2 iOS 9.3.2url:http://lists.apple.com/archives/security-announce/2016/May/msg00002.html

Trust: 0.8

title:APPLE-SA-2016-05-16-1 tvOS 9.2.1url:http://lists.apple.com/archives/security-announce/2016/May/msg00001.html

Trust: 0.8

title:HT206564url:https://support.apple.com/en-us/HT206564

Trust: 0.8

title:HT206566url:https://support.apple.com/en-us/HT206566

Trust: 0.8

title:HT206567url:https://support.apple.com/en-us/HT206567

Trust: 0.8

title:HT206568url:https://support.apple.com/en-us/HT206568

Trust: 0.8

title:HT206566url:https://support.apple.com/ja-jp/HT206566

Trust: 0.8

title:HT206567url:https://support.apple.com/ja-jp/HT206567

Trust: 0.8

title:HT206568url:https://support.apple.com/ja-jp/HT206568

Trust: 0.8

title:HT206564url:https://support.apple.com/ja-jp/HT206564

Trust: 0.8

title:DSA-3593url:https://www.debian.org/security/2016/dsa-3593

Trust: 0.8

title:Bug 758605url:https://bugzilla.gnome.org/show_bug.cgi?id=758605

Trust: 0.8

title:Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605>url:https://git.gnome.org/browse/libxml2/commit/?id=a820dbeac29d330bae4be05d9ecd939ad6b4aa33

Trust: 0.8

title:Oracle Linux Bulletin - July 2016url:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Trust: 0.8

title:Oracle Solaris Third Party Bulletin - July 2016url:http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Trust: 0.8

title:Oracle VM Server for x86 Bulletin - July 2016url:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Trust: 0.8

title:RHSA-2016:1292url:https://access.redhat.com/errata/RHSA-2016:1292

Trust: 0.8

title:TLSA-2016-22url:http://www.turbolinux.co.jp/security/2016/TLSA-2016-22j.html

Trust: 0.8

title:USN-2994-1url:http://www.ubuntu.com/usn/USN-2994-1

Trust: 0.8

title:2.9.4: May 23 2016url:http://xmlsoft.org/news.html

Trust: 0.8

title:Apple iOS , watchOS , OS X El Capitan and tvOS libxml2 Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=61793

Trust: 0.6

title:Red Hat: CVE-2016-1839url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-1839

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2017-9050: heap-based buffer overflow in xmlDictAddStringurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=fc4554d1a6b6ed0e3083518865fe08f5

Trust: 0.1

title:Apple: watchOS 2.2.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=ee2628a4bdc6cee776cdd4b03ea8fc3f

Trust: 0.1

title:Apple: tvOS 9.2.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=22a8333fe6ca4f25dfb12984728f42d0

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Releaseurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20162957 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: libxml2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2994-1

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2016-2073: out-of-bounds read in htmlParseNameComplex()url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e21c0505f8306f0416606e1a2ec5e18e

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: Heap-buffer overread in libxml2/dict.curl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=1b5e8a6bfa7b3b48920376b728b6bbe2

Trust: 0.1

title:Apple: iOS 9.3.2url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=d85657e8623d63e2afdb2287247cdad6

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2016-3627: stack exhaustion in libxml2 parsing xml files in recover modeurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=7ad6e7048d3904deff82dbbe81adf528

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2016-4483url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=17d0780fd9f0deb51d01d88ca9e90fe3

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2016-3705: stack overflow before detecting invalid XML fileurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=ed475d816a8279c18b15a9aac8146ada

Trust: 0.1

title:Amazon Linux AMI: ALAS-2016-719url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-719

Trust: 0.1

title:Apple: OS X El Capitan v10.11.5 and Security Update 2016-003url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=3c550201b398ce302f3a9adf27215fda

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=ac5af5dd99788925425f5747ec672707

Trust: 0.1

title:Android Security Bulletins: Android Security Bulletin—June 2017url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=f9fbdf3aea1fd17035e18f77d6530ab1

Trust: 0.1

title:Symantec Security Advisories: SA129 : Multiple libxml2 Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=4306b2beef409e7d3306d20a4621babf

Trust: 0.1

title:Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=6c15273f6bf4a785175f27073b98a1ce

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=0bd8c924b56aac98dda0f5b45f425f38

Trust: 0.1

title:Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-18

Trust: 0.1

sources: VULMON: CVE-2016-1839 // JVNDB: JVNDB-2016-002803 // CNNVD: CNNVD-201605-479

EXTERNAL IDS

db:NVDid:CVE-2016-1839

Trust: 3.7

db:MCAFEEid:SB10170

Trust: 2.1

db:BIDid:90691

Trust: 2.1

db:SECTRACKid:1035890

Trust: 1.8

db:SECTRACKid:1038623

Trust: 1.8

db:TENABLEid:TNS-2016-18

Trust: 1.8

db:JVNid:JVNVU91632741

Trust: 0.8

db:JVNDBid:JVNDB-2016-002803

Trust: 0.8

db:CNNVDid:CNNVD-201605-479

Trust: 0.7

db:AUSCERTid:ESB-2023.3732

Trust: 0.6

db:AUSCERTid:ESB-2020.2340

Trust: 0.6

db:JUNIPERid:JSA10770

Trust: 0.3

db:EXPLOIT-DBid:39491

Trust: 0.2

db:VULHUBid:VHN-90658

Trust: 0.1

db:VULMONid:CVE-2016-1839

Trust: 0.1

db:PACKETSTORMid:137080

Trust: 0.1

db:PACKETSTORMid:137613

Trust: 0.1

db:PACKETSTORMid:137076

Trust: 0.1

db:PACKETSTORMid:140533

Trust: 0.1

db:PACKETSTORMid:137335

Trust: 0.1

db:PACKETSTORMid:137298

Trust: 0.1

db:PACKETSTORMid:137075

Trust: 0.1

db:PACKETSTORMid:140182

Trust: 0.1

sources: VULHUB: VHN-90658 // VULMON: CVE-2016-1839 // BID: 90691 // JVNDB: JVNDB-2016-002803 // PACKETSTORM: 137080 // PACKETSTORM: 137613 // PACKETSTORM: 137076 // PACKETSTORM: 140533 // PACKETSTORM: 137335 // PACKETSTORM: 137298 // PACKETSTORM: 137075 // PACKETSTORM: 140182 // CNNVD: CNNVD-201605-479 // NVD: CVE-2016-1839

REFERENCES

url:http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Trust: 2.1

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Trust: 2.1

url:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Trust: 2.1

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10170

Trust: 2.0

url:https://security.gentoo.org/glsa/201701-37

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2016:1292

Trust: 1.9

url:http://rhn.redhat.com/errata/rhsa-2016-2957.html

Trust: 1.9

url:http://www.ubuntu.com/usn/usn-2994-1

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2016/may/msg00001.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/may/msg00002.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/may/msg00003.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/may/msg00004.html

Trust: 1.8

url:http://www.securityfocus.com/bid/90691

Trust: 1.8

url:http://xmlsoft.org/news.html

Trust: 1.8

url:https://bugzilla.gnome.org/show_bug.cgi?id=758605

Trust: 1.8

url:https://git.gnome.org/browse/libxml2/commit/?id=a820dbeac29d330bae4be05d9ecd939ad6b4aa33

Trust: 1.8

url:https://support.apple.com/ht206564

Trust: 1.8

url:https://support.apple.com/ht206566

Trust: 1.8

url:https://support.apple.com/ht206567

Trust: 1.8

url:https://support.apple.com/ht206568

Trust: 1.8

url:https://www.tenable.com/security/tns-2016-18

Trust: 1.8

url:https://www.debian.org/security/2016/dsa-3593

Trust: 1.8

url:http://www.securitytracker.com/id/1035890

Trust: 1.8

url:http://www.securitytracker.com/id/1038623

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1839

Trust: 0.8

url:http://jvn.jp/vu/jvnvu91632741/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1839

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-1836

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-1839

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-1838

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-1840

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-1837

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2016-1833

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2016-1834

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2020.2340/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3732

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2016-1835

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-3705

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-3627

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-1762

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2016-1839

Trust: 0.3

url:http://www.apple.com/ios/

Trust: 0.3

url:http://www.apple.com/accessibility/tvos/

Trust: 0.3

url:http://www.apple.com/watchos-2/

Trust: 0.3

url:http://www.apple.com/ipad/

Trust: 0.3

url:http://www.apple.com/iphone/

Trust: 0.3

url:http://www.apple.com/ipodtouch/

Trust: 0.3

url:http://www.apple.com/macosx/

Trust: 0.3

url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10770&actp=rss

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024088

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024194

Trust: 0.3

url:https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf

Trust: 0.3

url:https://bto.bluecoat.com/security-advisory/sa129

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21986974

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21989043

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21990750

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1823

Trust: 0.3

url:https://support.apple.com/kb/ht201222

Trust: 0.3

url:https://gpgtools.org

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1829

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1817

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1819

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1803

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1827

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1808

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1830

Trust: 0.3

url:https://www.apple.com/support/security/pgp/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1813

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1811

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1828

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1807

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1818

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1802

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1824

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1832

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-4449

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-4447

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-4483

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8806

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-2073

Trust: 0.3

url:https://www.linkedin.com/in/rshupak)

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1847

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1841

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1838

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1837

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1834

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-4448

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1833

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1840

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1836

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1762

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1835

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-4449

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-4447

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-3705

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-3627

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1814

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1801

Trust: 0.2

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10170

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.exploit-db.com/exploits/39491/

Trust: 0.1

url:https://usn.ubuntu.com/2994-1/

Trust: 0.1

url:https://support.apple.com/en-us/ht204641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1842

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4448

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1831

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1790

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5131

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3705

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1840

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8035

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1838

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3627

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4483

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1819

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7942

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7499

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1839

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2073

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7499

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1836

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8242

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5312

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8806

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7498

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7941

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7942

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8035

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7500

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-5131

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5312

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7498

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7500

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7941

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1819

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7497

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4658

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8242

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4658

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7497

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.2+zdfsg1-4ubuntu0.4

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.3+dfsg1-1ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.8

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.15

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1854

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2107

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2106

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0705

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3196

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3216

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2106

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0702

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0797

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-8176

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-6808

Trust: 0.1

url:https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2107

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0799

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3196

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4483

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-3523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2842

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-8612

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1148

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3185

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2109

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0705

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3185

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3194

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp&downloadtype=distributions&version=2.4.23

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2105

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8176

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-0286

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-5420

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2178

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3194

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2108

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0286

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2012-1148

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2109

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0209

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-5419

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4459

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2108

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-0209

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0702

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3216

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2105

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-7141

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0799

Trust: 0.1

sources: VULHUB: VHN-90658 // VULMON: CVE-2016-1839 // BID: 90691 // JVNDB: JVNDB-2016-002803 // PACKETSTORM: 137080 // PACKETSTORM: 137613 // PACKETSTORM: 137076 // PACKETSTORM: 140533 // PACKETSTORM: 137335 // PACKETSTORM: 137298 // PACKETSTORM: 137075 // PACKETSTORM: 140182 // CNNVD: CNNVD-201605-479 // NVD: CVE-2016-1839

CREDITS

Marco Grassi of KeenLab, Tencent, Brandon Azad, CESG, Karl Williamson, Mateusz Jurczyk, Wei Lei and Liu Yang of Nanyang Technological University, Kostya Serebryany, Apple, Sebastian Apelt and Tongbo Luo and Bo Qu of Palo Alto Networks.

Trust: 0.3

sources: BID: 90691

SOURCES

db:VULHUBid:VHN-90658
db:VULMONid:CVE-2016-1839
db:BIDid:90691
db:JVNDBid:JVNDB-2016-002803
db:PACKETSTORMid:137080
db:PACKETSTORMid:137613
db:PACKETSTORMid:137076
db:PACKETSTORMid:140533
db:PACKETSTORMid:137335
db:PACKETSTORMid:137298
db:PACKETSTORMid:137075
db:PACKETSTORMid:140182
db:CNNVDid:CNNVD-201605-479
db:NVDid:CVE-2016-1839

LAST UPDATE DATE

2024-11-21T21:13:20.147000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-90658date:2019-03-25T00:00:00
db:VULMONid:CVE-2016-1839date:2019-03-25T00:00:00
db:BIDid:90691date:2017-12-19T22:37:00
db:JVNDBid:JVNDB-2016-002803date:2016-11-16T00:00:00
db:CNNVDid:CNNVD-201605-479date:2023-06-30T00:00:00
db:NVDid:CVE-2016-1839date:2019-03-25T17:27:11.260

SOURCES RELEASE DATE

db:VULHUBid:VHN-90658date:2016-05-20T00:00:00
db:VULMONid:CVE-2016-1839date:2016-05-20T00:00:00
db:BIDid:90691date:2016-05-16T00:00:00
db:JVNDBid:JVNDB-2016-002803date:2016-05-23T00:00:00
db:PACKETSTORMid:137080date:2016-05-17T15:59:22
db:PACKETSTORMid:137613date:2016-06-23T13:00:52
db:PACKETSTORMid:137076date:2016-05-17T15:50:52
db:PACKETSTORMid:140533date:2017-01-17T02:26:10
db:PACKETSTORMid:137335date:2016-06-07T07:41:54
db:PACKETSTORMid:137298date:2016-06-02T16:29:00
db:PACKETSTORMid:137075date:2016-05-17T15:48:27
db:PACKETSTORMid:140182date:2016-12-16T16:34:49
db:CNNVDid:CNNVD-201605-479date:2016-05-20T00:00:00
db:NVDid:CVE-2016-1839date:2016-05-20T10:59:53.190