ID

VAR-201609-0225

CVE

CVE-2016-4658

TITLE

Multiple Apple product libxml2 Memory corruption vulnerability

DESCRIPTION

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document. Apple iOS, tvOS,MacOS and watchOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks. Versions prior to iOS 10, watchOS 3, MacOS 10.12, and tvOS 10 are vulnerable. Apple iOS, OS X, tvOS, and watchOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Apple OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. Libxml2 is one of the function library components based on C language for parsing XML documents. A memory corruption vulnerability exists in Libxml2 in several Apple products. Summary: The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es): * mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef" 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-09-20-5 watchOS 3 The watchOS 3 advisory has been updated to include additional entries as noted below. Audio Available for: All Apple Watch models Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park, and Taekyoung Kwon of Information Security Lab, Yonsei University Entry added September 20, 2016 CFNetwork Available for: All Apple Watch models Impact: Processing maliciously crafted web content may compromise user information Description: An input validation issue existed in the parsing of the set-cookie header. This issue was addressed through improved validation checking. CVE-2016-4708: Dawid Czagan of Silesia Security Lab Entry added September 20, 2016 CoreCrypto Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code Description: An out-of-bounds write issue was addressed by removing the vulnerable code. CVE-2016-4712: Gergo Koteles Entry added September 20, 2016 FontParser Available for: All Apple Watch models Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2016-4718: Apple Entry added September 20, 2016 GeoServices Available for: All Apple Watch models Impact: An application may be able to read sensitive location information Description: A permissions issue existed in PlaceData. This issue was addressed through improved permission validation. CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt) IOAcceleratorFamily Available for: All Apple Watch models Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4725: Rodger Combs of Plex, Inc. Entry added September 20, 2016 IOAcceleratorFamily Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4726: An anonymous researcher Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: A remote attacker may be able to cause a denial of service Description: A lock handling issue was addressed through improved lock handling. CVE-2016-4772: Marc Heuse of mh-sec Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: An application may be able to determine kernel memory layout Description: Multiple out-of-bounds read issues existed that led to the disclosure of kernel memory. These were addressed through improved input validation. CVE-2016-4773: Brandon Azad CVE-2016-4774: Brandon Azad CVE-2016-4776: Brandon Azad Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4775: Brandon Azad Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: An untrusted pointer dereference was addressed by removing the affected code. CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4778: CESG Entry added September 20, 2016 libxml2 Available for: All Apple Watch models Impact: Multiple issues in libxml2, the most significant of which may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4658: Nick Wellnhofer CVE-2016-5131: Nick Wellnhofer Entry added September 20, 2016 libxslt Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4738: Nick Wellnhofer Entry added September 20, 2016 Security Available for: All Apple Watch models Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in signed disk images. This issue was addressed through improved size validation. CVE-2016-4753: Mark Mentovai of Google Inc. Entry added September 20, 2016 WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4737: Apple Entry added September 20, 2016 Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJX4YPQAAoJEIOj74w0bLRG8S0QAIkepFBcosbmZLpY04hlt+Ah yHXnqKyghV5Ribkl64KUQRkyPHDOGaEaErYEiscMtUqbFP/rnSM8ScFF65Oxxg/P 3NCGpKkedA0J4cMtb58x4nvWJe3GW8aV8iP4H7t65jCprdIAxZuniLjhGMtM0r7G a/A6cmpqhwL055RMr1c7ksC1oCk43BP5rZOlndqE9Ns6lw1F5RNmATbZgjHdPHkC xuml7fEdhRbt/lswdDMq7epIZFqDX7jlZig349oesZhsUVczQnRZtsdUQ695OZcd XSZisclix5b0t4Ett5HiarbYLYbalnz5ftU511Va9pf5VOGaZcl942cmns8CRbQy GT+qCk9TCMhtf6nqBTrX8MwSP481fa1OssLHE1rYGibBFpr0xqqXw70zzpl77w9I OT31mBtdrPor7luR7haXOMuwaD7Fbmj6sd3ph0p6wQQG0GZ/zsLRJtBJfFU2Qx1X fesFDPTyNrby4nMHaF6MGY04hME2zHApq0KHOtGfg3WaaIJWGbWY+xPAUW5kDLIf Q6u+8BVjCT1qvfK3oi93wA5FOqfqlud4LuMGdTehJL1PBTh93JnabQwZDuNjufg0 4p4j7jFIenYxdYgjbbCKrXu6PYTUB7yqMRDYAQN7hk4bKabwHacyqKmQbH5MCYXt yHVD9Vuo3lqcs8fMnUow =yYuL -----END PGP SIGNATURE----- . Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files 5. For the stable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-5+deb8u4. For the testing distribution (stretch), these problems have been fixed in version 2.9.4+dfsg1-2.1. For the unstable distribution (sid), these problems have been fixed in version 2.9.4+dfsg1-2.1. We recommend that you upgrade your libxml2 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Advanced Cluster Management 2.1.12 security fixes and container updates Advisory ID: RHSA-2021:3949-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2021:3949 Issue date: 2021-10-20 CVE Names: CVE-2016-4658 CVE-2021-3653 CVE-2021-3656 CVE-2021-22543 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-23840 CVE-2021-23841 CVE-2021-32626 CVE-2021-32627 CVE-2021-32628 CVE-2021-32672 CVE-2021-32675 CVE-2021-32687 CVE-2021-36222 CVE-2021-37576 CVE-2021-37750 CVE-2021-41099 ===================================================================== 1. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.1.12 General Availability release images, which provide security fixes and update the container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Advanced Cluster Management for Kubernetes 2.1.12 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.1/html/release_notes/ Security fixes: * redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626) * redis: Integer overflow issue with Streams (CVE-2021-32627) * redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628) * redis: Integer overflow issue with intsets (CVE-2021-32687) * redis: Integer overflow issue with strings (CVE-2021-41099) * redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675) * redis: Out of bounds read in lua debugger protocol parser (CVE-2021-32672) For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Container updates: * RHACM 2.1.12 images (BZ# 2007489) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. *Important:* This upgrade of Red Hat Advanced Cluster Management for Kubernetes is not supported when you are running Red Hat Advanced Cluster Management on Red Hat OpenShift Container Platform version 4.5. To apply this upgrade, you must upgrade your OpenShift Container Platform version to 4.6, or later. For details on how to apply this update, refer to: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.1/html/install/installing#upgrading-by-using-the-op erator 4. Bugs fixed (https://bugzilla.redhat.com/): 2007489 - RHACM 2.1.12 images 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings 5. References: https://access.redhat.com/security/cve/CVE-2016-4658 https://access.redhat.com/security/cve/CVE-2021-3653 https://access.redhat.com/security/cve/CVE-2021-3656 https://access.redhat.com/security/cve/CVE-2021-22543 https://access.redhat.com/security/cve/CVE-2021-22922 https://access.redhat.com/security/cve/CVE-2021-22923 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-32626 https://access.redhat.com/security/cve/CVE-2021-32627 https://access.redhat.com/security/cve/CVE-2021-32628 https://access.redhat.com/security/cve/CVE-2021-32672 https://access.redhat.com/security/cve/CVE-2021-32675 https://access.redhat.com/security/cve/CVE-2021-32687 https://access.redhat.com/security/cve/CVE-2021-36222 https://access.redhat.com/security/cve/CVE-2021-37576 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/cve/CVE-2021-41099 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYXBy89zjgjWX9erEAQidJRAAjBZW8NKlYCam/Ec3EL7Fq0qhjqfq40w3 W0K3ohqRU+Qk8obedR2BqnU6+Vp4JgXfSId6pexR1NW96vDXXORlbJkuY/QVUBaQ HpguRKWuxS3lKw5WXMLi//ZBYBtl61K3hUQPBciP+d+JY3KUBWDmKr46d2sEPeiR wI7aVdkkdCs2pVyNOGO7DXXaPDNMnJDGccV090chlGekJLwBtJFVTwKjKa3i6SlF CChDoS7+zLgXXj1LrG2cBvx+tcZhIx+LMQwLDgto0tpX86SD1pvFx+emanKnxJGq qnlRXnW/LA2i6ZWHH7BIDU5GJTPAU0vXPjfUy/5Pj49oOYGU/vuFIqXdM5tRQzSJ gyhl99AcERAJMvx57yUWM8o3O6Rjcy2GheCXzIjfOvMWZ2ExPsXsmI/5Uia6FBH5 UxKbRQOVqJl1/G36cOKuqWczQhCmgOT0EfUPMX4RgRTR9sNmLOKOMiHVO5YB9fJD ErcRuZGHYMaBMad5GPt1zPDN2Mj8N2X3eD92Aq9EhKzEh4/bizr6+JV5LqjknuNL pInkniLmTJNcb2NOso1ldIYA+eP0H4ozVwD6HRaBbbkLvznu/iOwPs8zlqZllVmE ShHZ9Dk0rWRb64CTCbQRXIWZt1ixnbB1w5ynXHDthR6sMThT+r3kFZAnZoVsbpYx 29P4K7z+F+I= =siEM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer error

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

MinSik Shin,YoungJin Yoon, Gergo Koteles, Sunghyun Park, Inc,and Taekyoung Kwon of Information Security Lab, Lufeng Li of Qihoo, Dawid Czagan of Silesia Security Lab, Rodger Combs of Plex, Brandon Azad, HoJae Han, Yonsei University, Marc Heuse of mh-sec

SOURCES

LAST UPDATE DATE

2025-02-20T19:50:53.421000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE