ID

VAR-201609-0225

CVE

CVE-2016-4658

TITLE

plural Apple Product libxml2 Vulnerable to arbitrary code execution

DESCRIPTION

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document. Apple iOS, OS X, tvOS, and watchOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Apple OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. A memory corruption vulnerability exists in Libxml2 in several Apple products. The following versions are affected: versions prior to Apple iOS 10, versions prior to tvOS 10, versions prior to OS X 10.12, versions prior to watchOS 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2021:3810-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3810 Issue date: 2021-10-12 CVE Names: CVE-2016-4658 ===================================================================== 1. Summary: An update for libxml2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The desktop must be restarted (log out, then log back in) for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1384424 - CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libxml2-2.9.1-6.el7_9.6.src.rpm x86_64: libxml2-2.9.1-6.el7_9.6.i686.rpm libxml2-2.9.1-6.el7_9.6.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm libxml2-python-2.9.1-6.el7_9.6.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm libxml2-devel-2.9.1-6.el7_9.6.i686.rpm libxml2-devel-2.9.1-6.el7_9.6.x86_64.rpm libxml2-static-2.9.1-6.el7_9.6.i686.rpm libxml2-static-2.9.1-6.el7_9.6.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libxml2-2.9.1-6.el7_9.6.src.rpm x86_64: libxml2-2.9.1-6.el7_9.6.i686.rpm libxml2-2.9.1-6.el7_9.6.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm libxml2-python-2.9.1-6.el7_9.6.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm libxml2-devel-2.9.1-6.el7_9.6.i686.rpm libxml2-devel-2.9.1-6.el7_9.6.x86_64.rpm libxml2-static-2.9.1-6.el7_9.6.i686.rpm libxml2-static-2.9.1-6.el7_9.6.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libxml2-2.9.1-6.el7_9.6.src.rpm ppc64: libxml2-2.9.1-6.el7_9.6.ppc.rpm libxml2-2.9.1-6.el7_9.6.ppc64.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.ppc64.rpm libxml2-devel-2.9.1-6.el7_9.6.ppc.rpm libxml2-devel-2.9.1-6.el7_9.6.ppc64.rpm libxml2-python-2.9.1-6.el7_9.6.ppc64.rpm ppc64le: libxml2-2.9.1-6.el7_9.6.ppc64le.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.ppc64le.rpm libxml2-devel-2.9.1-6.el7_9.6.ppc64le.rpm libxml2-python-2.9.1-6.el7_9.6.ppc64le.rpm s390x: libxml2-2.9.1-6.el7_9.6.s390.rpm libxml2-2.9.1-6.el7_9.6.s390x.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.s390.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.s390x.rpm libxml2-devel-2.9.1-6.el7_9.6.s390.rpm libxml2-devel-2.9.1-6.el7_9.6.s390x.rpm libxml2-python-2.9.1-6.el7_9.6.s390x.rpm x86_64: libxml2-2.9.1-6.el7_9.6.i686.rpm libxml2-2.9.1-6.el7_9.6.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm libxml2-devel-2.9.1-6.el7_9.6.i686.rpm libxml2-devel-2.9.1-6.el7_9.6.x86_64.rpm libxml2-python-2.9.1-6.el7_9.6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libxml2-debuginfo-2.9.1-6.el7_9.6.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.ppc64.rpm libxml2-static-2.9.1-6.el7_9.6.ppc.rpm libxml2-static-2.9.1-6.el7_9.6.ppc64.rpm ppc64le: libxml2-debuginfo-2.9.1-6.el7_9.6.ppc64le.rpm libxml2-static-2.9.1-6.el7_9.6.ppc64le.rpm s390x: libxml2-debuginfo-2.9.1-6.el7_9.6.s390.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.s390x.rpm libxml2-static-2.9.1-6.el7_9.6.s390.rpm libxml2-static-2.9.1-6.el7_9.6.s390x.rpm x86_64: libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm libxml2-static-2.9.1-6.el7_9.6.i686.rpm libxml2-static-2.9.1-6.el7_9.6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libxml2-2.9.1-6.el7_9.6.src.rpm x86_64: libxml2-2.9.1-6.el7_9.6.i686.rpm libxml2-2.9.1-6.el7_9.6.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm libxml2-devel-2.9.1-6.el7_9.6.i686.rpm libxml2-devel-2.9.1-6.el7_9.6.x86_64.rpm libxml2-python-2.9.1-6.el7_9.6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm libxml2-static-2.9.1-6.el7_9.6.i686.rpm libxml2-static-2.9.1-6.el7_9.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4658 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYWWqlNzjgjWX9erEAQglcQ//SUNNJGppCVp7noool8BcQdiZYbHQYIZc Ip2xZN+MskEdApJVdj+miteXwKbQlzOBC2O7NxxTagWuQd/ZTeojWIBbpN3wDWK4 iEHxXnJxSCc5Mnz98gW5uiiuOZ7YYNenqpf0CwiR8TTaCfzRZviHA5nt6uRCsOoF XnNRQBkGevmh4VE1J8Mn2aD1fZrvxa1K5SywrF01ZI8ySjqEvm0lajuQD/4evvi8 gcjJlkCx8l/IOD4LowDCXrdxG/eiTYGpLYOdE6ZSOAX+pW4MtJm8R+gusQ+jwyJ+ pe5ITvZw2lycRboQEdr0bg/PiMJfguKA0tbf2Ra096ka1VThIFMZO7SDxhAjtohr v/M3Q+4uLIMei1KapYHo09RO7QwAzViT2p3ycsU+9mEVRNJZcCAeVY3naRkaMEnQ SuM57XSYJXJN7w8tQGzFTnzrZZYKv0XkrMG+sIiVgBAQKgPAppomE1PIeORIJqbb PeASp+08mO37T0Aw5e4SUuzd+MiE7LtGE9RzNzFTWMqT2qQptezmJx/+x0FRu3fv UcfEicz2xh0aV4wptaY4wnqvd4juAOO+AgY5QabO4KZPdvvpcMyQ6twt+sdehQjl 03ChiCTvXyZmWO+IhdEYqGWeh9i6eWoK3QF3cZOXOQSLfNKKvGPJMfHYxch18nU/ aV/GyGATRM8= =M6KE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary: The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef" 5. =========================================================================== Ubuntu Security Notice USN-3235-1 March 16, 2017 libxml2 vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in libxml2. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 16.04 LTS. (CVE-2016-4448) It was discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-4658) Nick Wellnhofer discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-5131) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: libxml2 2.9.4+dfsg1-2ubuntu0.1 Ubuntu 16.04 LTS: libxml2 2.9.3+dfsg1-1ubuntu0.2 Ubuntu 14.04 LTS: libxml2 2.9.1+dfsg1-3ubuntu4.9 Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.17 After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-09-20-5 watchOS 3 The watchOS 3 advisory has been updated to include additional entries as noted below. Audio Available for: All Apple Watch models Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park, and Taekyoung Kwon of Information Security Lab, Yonsei University Entry added September 20, 2016 CFNetwork Available for: All Apple Watch models Impact: Processing maliciously crafted web content may compromise user information Description: An input validation issue existed in the parsing of the set-cookie header. This issue was addressed through improved validation checking. CVE-2016-4708: Dawid Czagan of Silesia Security Lab Entry added September 20, 2016 CoreCrypto Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code Description: An out-of-bounds write issue was addressed by removing the vulnerable code. CVE-2016-4712: Gergo Koteles Entry added September 20, 2016 FontParser Available for: All Apple Watch models Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2016-4718: Apple Entry added September 20, 2016 GeoServices Available for: All Apple Watch models Impact: An application may be able to read sensitive location information Description: A permissions issue existed in PlaceData. This issue was addressed through improved permission validation. CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt) IOAcceleratorFamily Available for: All Apple Watch models Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4725: Rodger Combs of Plex, Inc. Entry added September 20, 2016 IOAcceleratorFamily Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4726: An anonymous researcher Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: A remote attacker may be able to cause a denial of service Description: A lock handling issue was addressed through improved lock handling. CVE-2016-4772: Marc Heuse of mh-sec Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: An application may be able to determine kernel memory layout Description: Multiple out-of-bounds read issues existed that led to the disclosure of kernel memory. These were addressed through improved input validation. CVE-2016-4773: Brandon Azad CVE-2016-4774: Brandon Azad CVE-2016-4776: Brandon Azad Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4775: Brandon Azad Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: An untrusted pointer dereference was addressed by removing the affected code. CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4778: CESG Entry added September 20, 2016 libxml2 Available for: All Apple Watch models Impact: Multiple issues in libxml2, the most significant of which may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4658: Nick Wellnhofer CVE-2016-5131: Nick Wellnhofer Entry added September 20, 2016 libxslt Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4738: Nick Wellnhofer Entry added September 20, 2016 Security Available for: All Apple Watch models Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in signed disk images. This issue was addressed through improved size validation. CVE-2016-4753: Mark Mentovai of Google Inc. Entry added September 20, 2016 WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4737: Apple Entry added September 20, 2016 Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJX4YPQAAoJEIOj74w0bLRG8S0QAIkepFBcosbmZLpY04hlt+Ah yHXnqKyghV5Ribkl64KUQRkyPHDOGaEaErYEiscMtUqbFP/rnSM8ScFF65Oxxg/P 3NCGpKkedA0J4cMtb58x4nvWJe3GW8aV8iP4H7t65jCprdIAxZuniLjhGMtM0r7G a/A6cmpqhwL055RMr1c7ksC1oCk43BP5rZOlndqE9Ns6lw1F5RNmATbZgjHdPHkC xuml7fEdhRbt/lswdDMq7epIZFqDX7jlZig349oesZhsUVczQnRZtsdUQ695OZcd XSZisclix5b0t4Ett5HiarbYLYbalnz5ftU511Va9pf5VOGaZcl942cmns8CRbQy GT+qCk9TCMhtf6nqBTrX8MwSP481fa1OssLHE1rYGibBFpr0xqqXw70zzpl77w9I OT31mBtdrPor7luR7haXOMuwaD7Fbmj6sd3ph0p6wQQG0GZ/zsLRJtBJfFU2Qx1X fesFDPTyNrby4nMHaF6MGY04hME2zHApq0KHOtGfg3WaaIJWGbWY+xPAUW5kDLIf Q6u+8BVjCT1qvfK3oi93wA5FOqfqlud4LuMGdTehJL1PBTh93JnabQwZDuNjufg0 4p4j7jFIenYxdYgjbbCKrXu6PYTUB7yqMRDYAQN7hk4bKabwHacyqKmQbH5MCYXt yHVD9Vuo3lqcs8fMnUow =yYuL -----END PGP SIGNATURE----- . Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files 5. For the stable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-5+deb8u4. For the testing distribution (stretch), these problems have been fixed in version 2.9.4+dfsg1-2.1. For the unstable distribution (sid), these problems have been fixed in version 2.9.4+dfsg1-2.1. We recommend that you upgrade your libxml2 packages. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.1.12 General Availability release images, which provide security fixes and update the container images. Description: Red Hat Advanced Cluster Management for Kubernetes 2.1.12 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.1/html/release_notes/ Security fixes: * redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626) * redis: Integer overflow issue with Streams (CVE-2021-32627) * redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628) * redis: Integer overflow issue with intsets (CVE-2021-32687) * redis: Integer overflow issue with strings (CVE-2021-41099) * redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675) * redis: Out of bounds read in lua debugger protocol parser (CVE-2021-32672) For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Container updates: * RHACM 2.1.12 images (BZ# 2007489) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To apply this upgrade, you must upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/): 2007489 - RHACM 2.1.12 images 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings 5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

MinSik Shin,YoungJin Yoon, Gergo Koteles, Sunghyun Park, Inc,and Taekyoung Kwon of Information Security Lab, Lufeng Li of Qihoo, Dawid Czagan of Silesia Security Lab, Rodger Combs of Plex, Brandon Azad, HoJae Han, Yonsei University, Marc Heuse of mh-sec

SOURCES

LAST UPDATE DATE

2024-11-20T20:39:44.757000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE