Уязвимость CVE-2016-1839: Информация

Описание

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

Важность: MEDIUM (5,5) Вектор: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-1839
Опубликовано: 20 мая 2016 г.
Изменено: 25 марта 2019 г.
Идентификатор типа ошибки: CWE-125

Исправленные пакеты

Имя пакета
Ветка
Исправлено в версии
Версия в репозитории
Errata ID
№ Задания
Состояние
libxml2sisyphus2.9.4.0.12.e905-alt12.12.5-alt1ALT-PU-2017-1240-1179126Исправлено
libxml2p102.9.4.0.12.e905-alt12.9.12-alt1.p10.1ALT-PU-2017-1240-1179126Исправлено
libxml2p92.9.4.0.12.e905-alt12.9.10-alt6.p9.1ALT-PU-2017-1240-1179126Исправлено
libxml2p82.9.4.0.12.e905-alt12.9.4.0.12.e905-alt1ALT-PU-2017-1252-1179256Исправлено
libxml2c10f12.9.4.0.12.e905-alt12.9.12-alt1.p10.1ALT-PU-2017-1240-1179126Исправлено
libxml2c9f22.9.4.0.12.e905-alt12.9.12-alt1.c9f2.1ALT-PU-2017-1240-1179126Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
https://support.apple.com/HT206566
  • Vendor Advisory
APPLE-SA-2016-05-16-3
  • Mailing List
  • Vendor Advisory
https://support.apple.com/HT206567
  • Vendor Advisory
https://support.apple.com/HT206568
  • Vendor Advisory
https://support.apple.com/HT206564
  • Vendor Advisory
APPLE-SA-2016-05-16-1
  • Mailing List
  • Vendor Advisory
APPLE-SA-2016-05-16-2
  • Mailing List
  • Vendor Advisory
APPLE-SA-2016-05-16-4
  • Mailing List
  • Vendor Advisory
DSA-3593
  • Third Party Advisory
USN-2994-1
  • Third Party Advisory
RHSA-2016:1292
  • Third Party Advisory
https://git.gnome.org/browse/libxml2/commit/?id=a820dbeac29d330bae4be05d9ecd939ad6b4aa33
  • Patch
  • Third Party Advisory
https://bugzilla.gnome.org/show_bug.cgi?id=758605
  • Exploit
  • Issue Tracking
  • Third Party Advisory
http://xmlsoft.org/news.html
  • Release Notes
  • Vendor Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
  • Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
  • Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
  • Third Party Advisory
1035890
  • Third Party Advisory
  • VDB Entry
https://kc.mcafee.com/corporate/index?page=content&id=SB10170
  • Patch
  • Third Party Advisory
https://www.tenable.com/security/tns-2016-18
  • Third Party Advisory
GLSA-201701-37
  • Third Party Advisory
1038623
  • Third Party Advisory
  • VDB Entry
90691
  • Third Party Advisory
  • VDB Entry
RHSA-2016:2957
  • Third Party Advisory

    1. Конфигурация 1

      cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
      End excliding
      9.3.2
      cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
      End excliding
      10.11.5
      cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
      End excliding
      9.2.1
      cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
      End excliding
      2.2.1

      Конфигурация 2

      cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

      Конфигурация 3

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

      Конфигурация 4

      cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

      Конфигурация 5

      cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
      Start including
      7.5.0.0
      End including
      7.5.2.10
      cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
      Start including
      7.6.0.0
      End including
      7.6.2.3

      Конфигурация 6

      cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
      End excliding
      2.9.4
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Версия: v24.4.2
Наверх