var-201211-0356
Vulnerability from variot
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. An attacker with a privileged network position may inject arbitrary contents. This issue was addressed by using an encrypted HTTPS connection to retrieve tutorials. 6) - i386, x86_64
- The desktop must be restarted (log out, then log back in) for this update to take effect. Bugs fixed (http://bugzilla.redhat.com/):
880466 - CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex
- The verification of md5 checksums and GPG signatures is performed automatically for you.
Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/libxml2-2.8.0-i486-2_slack14.0.txz: Rebuilt. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libxml2-2.6.32-i486-3_slack12.1.tgz
Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libxml2-2.6.32-i486-4_slack12.2.tgz
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libxml2-2.7.3-i486-5_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libxml2-2.7.3-x86_64-5_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libxml2-2.7.6-i486-3_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libxml2-2.7.6-x86_64-3_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libxml2-2.7.8-i486-5_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libxml2-2.7.8-x86_64-5_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libxml2-2.8.0-i486-2_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libxml2-2.8.0-x86_64-2_slack14.0.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libxml2-2.8.0-i486-2.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libxml2-2.8.0-x86_64-2.txz
MD5 signatures: +-------------+
Slackware 12.1 package: 4b8f8073e5ab0e468368aac52031e133 libxml2-2.6.32-i486-3_slack12.1.tgz
Slackware 12.2 package: a38284d735b51156b6a0c2aad4a0b0b6 libxml2-2.6.32-i486-4_slack12.2.tgz
Slackware 13.0 package: de8fa68b968b05115f06fd1a6c8c874d libxml2-2.7.3-i486-5_slack13.0.txz
Slackware x86_64 13.0 package: ff17bc7c4513ad04192ecc351f390d2e libxml2-2.7.3-x86_64-5_slack13.0.txz
Slackware 13.1 package: 82340fb2bd9eb47336c072dc0f801589 libxml2-2.7.6-i486-3_slack13.1.txz
Slackware x86_64 13.1 package: 1e37ae374658bedbaa62aee52d960e6d libxml2-2.7.6-x86_64-3_slack13.1.txz
Slackware 13.37 package: a2c3792fbf110ad3d05fd347deff3958 libxml2-2.7.8-i486-5_slack13.37.txz
Slackware x86_64 13.37 package: 817ab99eff08314862f48c33703f572f libxml2-2.7.8-x86_64-5_slack13.37.txz
Slackware 14.0 package: b407f6c6e488375e9d7775c1b8eb7231 libxml2-2.8.0-i486-2_slack14.0.txz
Slackware x86_64 14.0 package: b11a66b5e80391dac16d92c59a7aa111 libxml2-2.8.0-x86_64-2_slack14.0.txz
Slackware -current package: dba82933cc4a5298b14ca4f085e930ce l/libxml2-2.8.0-i486-2.txz
Slackware x86_64 -current package: 061c5ad8691d874a9c2a9079c312a725 l/libxml2-2.8.0-x86_64-2.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg libxml2-2.8.0-i486-2_slack14.0.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.
Background
libxml2 is the XML C parser and toolkit developed for the Gnome project.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/libxml2 < 2.9.1-r1 >= 2.9.1-r1
Description
Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All libxml2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.1-r1"
References
[ 1 ] CVE-2012-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2871 [ 2 ] CVE-2012-5134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5134 [ 3 ] CVE-2013-0338 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338 [ 4 ] CVE-2013-1664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664 [ 5 ] CVE-2013-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969 [ 6 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201311-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: mingw32-libxml2 security update Advisory ID: RHSA-2013:0217-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0217.html Issue date: 2013-01-31 CVE Names: CVE-2010-4008 CVE-2010-4494 CVE-2011-0216 CVE-2011-1944 CVE-2011-2821 CVE-2011-2834 CVE-2011-3102 CVE-2011-3905 CVE-2011-3919 CVE-2012-0841 CVE-2012-5134 =====================================================================
- Summary:
Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch
- Description:
These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows).
IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat's discretion and these packages may be removed in a future minor release.
A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. (CVE-2011-3919)
A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. (CVE-2012-5134)
It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841)
Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834)
Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. (CVE-2011-0216, CVE-2011-3102)
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. (CVE-2011-1944)
An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)
Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008.
All users of mingw32-libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis 665963 - CVE-2010-4494 libxml2: double-free in XPath processing code 709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets 724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding 735712 - CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT 735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT 767387 - CVE-2011-3905 libxml2 out of bounds read 771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name 787067 - CVE-2012-0841 libxml2: hash table collisions CPU usage DoS 822109 - CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation 880466 - CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex
- Package List:
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2010-4008.html https://www.redhat.com/security/data/cve/CVE-2010-4494.html https://www.redhat.com/security/data/cve/CVE-2011-0216.html https://www.redhat.com/security/data/cve/CVE-2011-1944.html https://www.redhat.com/security/data/cve/CVE-2011-2821.html https://www.redhat.com/security/data/cve/CVE-2011-2834.html https://www.redhat.com/security/data/cve/CVE-2011-3102.html https://www.redhat.com/security/data/cve/CVE-2011-3905.html https://www.redhat.com/security/data/cve/CVE-2011-3919.html https://www.redhat.com/security/data/cve/CVE-2012-0841.html https://www.redhat.com/security/data/cve/CVE-2012-5134.html https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRCujqXlSAg2UNWIIRAq0HAJ41YXDqlCpJkg97YuQmaF2MqKDIpACgn5j7 sLTqWGtUMTYIUvLH8YXGFX4= =rOjB -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze6.
For the unstable distribution (sid), this problem has been fixed in version 2.8.0+dfsg1-7. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA51437
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51437/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51437
RELEASE DATE: 2012-11-27
DISCUSS ADVISORY: http://secunia.com/advisories/51437/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/51437/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51437
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to compromise a user's system.
1) A use-after-free error exists in SVG filters.
3) An error exists within the libxml2 library.
For more information see vulnerability #2: SA48000
4) A use-after-free error exists within printing.
5) A bad cast error exists within input element handling.
The vulnerabilities are reported in versions prior to 23.0.1271.91.
SOLUTION: Update to version 23.0.1271.91.
ORIGINAL ADVISORY: http://googlechromereleases.blogspot.dk/2012/11/stable-channel-update.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2013-09-20-1 Apple TV 6.0
Apple TV 6.0 is now available and addresses the following:
Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1025 : Felix Groebert of the Google Security Team
Apple TV Available for: Apple TV 2nd generation and later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Sorenson encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative
Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update added the involved sub-CA certificate to OS X's list of untrusted certificates. CVE-ID CVE-2013-5134
Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker who has arbitrary code execution on a device may be able to persist code execution across reboots Description: Multiple buffer overflows existed in dyld's openSharedCacheFile() function. These issues were addressed through improved bounds checking. CVE-ID CVE-2013-3950 : Stefan Esser
Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1026 : Felix Groebert of the Google Security Team
Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious local application could cause an unexpected system termination Description: A null pointer dereference existed in IOCatalogue. The issue was addressed through additional type checking. CVE-ID CVE-2013-5138 : Will Estes
Apple TV Available for: Apple TV 2nd generation and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: An out of bounds array access existed in the IOSerialFamily driver. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-5139 : @dent1zt
Apple TV Available for: Apple TV 2nd generation and later Impact: A remote attacker can cause a device to unexpectedly restart Description: Sending an invalid packet fragment to a device can cause a kernel assert to trigger, leading to a device restart. The issue was addressed through additional validation of packet fragments. CVE-ID CVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous researcher working with CERT-FI, Antti LevomAki and Lauri Virtanen of Vulnerability Analysis Group, Stonesoft
Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker on a local network can cause a denial of service Description: An attacker on a local network can send specially crafted IPv6 ICMP packets and cause high CPU load. The issue was addressed by rate limiting ICMP packets before verifying their checksum. CVE-ID CVE-2011-2391 : Marc Heuse
Apple TV Available for: Apple TV 2nd generation and later Impact: Kernel stack memory may be disclosed to local users Description: An information disclosure issue existed in the msgctl and segctl APIs. This issue was addressed by initializing data structures returned from the kernel. CVE-ID CVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc
Apple TV Available for: Apple TV 2nd generation and later Impact: Unprivileged processes could get access to the contents of kernel memory which could lead to privilege escalation Description: An information disclosure issue existed in the mach_port_space_info API. This issue was addressed by initializing the iin_collision field in structures returned from the kernel. CVE-ID CVE-2013-3953 : Stefan Esser
Apple TV Available for: Apple TV 2nd generation and later Impact: Unprivileged processes may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A memory corruption issue existed in the handling of arguments to the posix_spawn API. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-3954 : Stefan Esser
Apple TV Available for: Apple TV 2nd generation and later Impact: An unauthorized process may modify the set of loaded kernel extensions Description: An issue existed in kextd's handling of IPC messages from unauthenticated senders. This issue was addressed by adding additional authorization checks. CVE-ID CVE-2013-5145 : "Rainbow PRISM"
Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0. CVE-ID CVE-2011-3102 : Juri Aedla CVE-2012-0841 CVE-2012-2807 : Juri Aedla CVE-2012-5134 : Google Chrome Security Team (Juri Aedla)
Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28. CVE-ID CVE-2012-2825 : Nicolas Gregoire CVE-2012-2870 : Nicolas Gregoire CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas Gregoire
Apple TV Available for: Apple TV 2nd generation and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-0879 : Atte Kettunen of OUSPG CVE-2013-0991 : Jay Civelli of the Chromium development community CVE-2013-0992 : Google Chrome Security Team (Martin Barbella) CVE-2013-0993 : Google Chrome Security Team (Inferno) CVE-2013-0994 : David German of Google CVE-2013-0995 : Google Chrome Security Team (Inferno) CVE-2013-0996 : Google Chrome Security Team (Inferno) CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative CVE-2013-0998 : pa_kt working with HP's Zero Day Initiative CVE-2013-0999 : pa_kt working with HP's Zero Day Initiative CVE-2013-1000 : Fermin J. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software".
To check the current version of software, select "Settings -> General -> About"
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201211-0356", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "libxml2", "scope": "lte", "trust": 1.8, "vendor": "xmlsoft", "version": "2.9.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.5" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.0" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.44" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.13" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.5" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.5" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.1.5" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.7.3" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.14" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.57" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.1" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.22" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.3" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.5.0" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.52" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.0.2" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.46" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "6.0.2" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.85" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.61" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.16" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.25" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.14" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.83" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.5" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.7.4" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.1.3" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.1.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.9" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.21" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.10" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "2.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.7" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.50" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.8" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.8" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.33" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.9" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.4" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.7" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.2" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.30" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.7.0" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.53" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "2.0.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.3.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.6" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.7.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.9" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.3" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.11" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.19" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.4" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.64" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.10" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.0.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.1.1" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.35" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.10" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "2.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.16" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "5.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.0" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.38" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.7.3" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.7.5" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.4" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.19" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.2.5" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.29" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.3" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.7" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.9" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.13" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.18" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.54" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.13" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.16" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "2.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.6" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.56" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.22" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.7.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.8" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.0.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.3.1" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.88" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.18" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.3.2" }, { "model": "iphone os", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "6.1.4" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.1" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.84" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.5.11" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.12" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.6" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.13" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.17" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.1.4" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.45" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "6.1.3" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.87" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "6.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.7.6" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.23" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.26" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "2.1.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.3.5" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.0.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.21" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.51" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.26" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.7.4" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.55" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.3" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.2.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.7.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.3.3" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.41" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.3" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.1.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.27" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.7" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.37" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.22" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.16" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.6" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.23" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.0" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.8" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.7" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "5.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.13" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.14" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.8" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.9.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "2.0.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.2.8" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.9" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.7" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.39" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.5.7" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.1.2" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.32" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.0" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.0" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.40" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.20" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.10" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.20" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.49" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.18" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "2.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "6.1.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.10" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.30" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "5.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.15" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.12" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.14" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.30" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.11" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.1.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "5.1.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.27" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.0.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.11" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.60" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.3" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.11" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.5.8" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.7.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.24" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.31" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.12" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.4" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.32" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "6.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.7.7" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.2.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "6.1" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.7.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.4" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.12" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.17" }, { "model": "chrome", "scope": "lte", "trust": 1.0, "vendor": "google", "version": "23.0.1271.89" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.11" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.5" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "2.2.1" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.86" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.5.10" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.14" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.20" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.62" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.36" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.1.3" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.6" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.5" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.5.4" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.26" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.28" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.4" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.24" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.1.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.2.1" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.58" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.15" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.17" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "23.0.1271.6" }, { "model": "chrome", "scope": "lt", "trust": 0.8, "vendor": "google", "version": "23.0.1271.91" }, { "model": "tv", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "6.0 (apple tv first 2 after generation )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "7 (ipad 2 or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "7 (iphone 4 or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "7 (ipod touch first 5 after generation )" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "11.1.4 (windows 7)" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "11.1.4 (windows 8)" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "11.1.4 (windows vista)" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "11.1.4 (windows xp sp2 or later )" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-005575" }, { "db": "NVD", "id": "CVE-2012-5134" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:google:chrome", "vulnerable": true }, { "cpe22Uri": "cpe:/a:xmlsoft:libxml2", "vulnerable": true }, { "cpe22Uri": "cpe:/a:apple:apple_tv", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:iphone_os", "vulnerable": true }, { "cpe22Uri": "cpe:/a:apple:itunes", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-005575" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple", "sources": [ { "db": "PACKETSTORM", "id": "124932" }, { "db": "PACKETSTORM", "id": "123339" } ], "trust": 0.2 }, "cve": "CVE-2012-5134", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2012-5134", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-58415", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-5134", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2012-5134", "trust": 0.8, "value": "Medium" }, { "author": "VULHUB", "id": "VHN-58415", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-58415" }, { "db": "JVNDB", "id": "JVNDB-2012-005575" }, { "db": "NVD", "id": "CVE-2012-5134" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. An\nattacker with a privileged network position may inject arbitrary\ncontents. This issue was addressed by using an encrypted HTTPS\nconnection to retrieve tutorials. 6) - i386, x86_64\n\n3. The desktop must be\nrestarted (log out, then log back in) for this update to take effect. Bugs fixed (http://bugzilla.redhat.com/):\n\n880466 - CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex\n\n6. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n\nHere are the details from the Slackware 14.0 ChangeLog:\n+--------------------------+\npatches/packages/libxml2-2.8.0-i486-2_slack14.0.txz: Rebuilt. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libxml2-2.6.32-i486-3_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libxml2-2.6.32-i486-4_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libxml2-2.7.3-i486-5_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libxml2-2.7.3-x86_64-5_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libxml2-2.7.6-i486-3_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libxml2-2.7.6-x86_64-3_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libxml2-2.7.8-i486-5_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libxml2-2.7.8-x86_64-5_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libxml2-2.8.0-i486-2_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libxml2-2.8.0-x86_64-2_slack14.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libxml2-2.8.0-i486-2.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libxml2-2.8.0-x86_64-2.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 12.1 package:\n4b8f8073e5ab0e468368aac52031e133 libxml2-2.6.32-i486-3_slack12.1.tgz\n\nSlackware 12.2 package:\na38284d735b51156b6a0c2aad4a0b0b6 libxml2-2.6.32-i486-4_slack12.2.tgz\n\nSlackware 13.0 package:\nde8fa68b968b05115f06fd1a6c8c874d libxml2-2.7.3-i486-5_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nff17bc7c4513ad04192ecc351f390d2e libxml2-2.7.3-x86_64-5_slack13.0.txz\n\nSlackware 13.1 package:\n82340fb2bd9eb47336c072dc0f801589 libxml2-2.7.6-i486-3_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n1e37ae374658bedbaa62aee52d960e6d libxml2-2.7.6-x86_64-3_slack13.1.txz\n\nSlackware 13.37 package:\na2c3792fbf110ad3d05fd347deff3958 libxml2-2.7.8-i486-5_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n817ab99eff08314862f48c33703f572f libxml2-2.7.8-x86_64-5_slack13.37.txz\n\nSlackware 14.0 package:\nb407f6c6e488375e9d7775c1b8eb7231 libxml2-2.8.0-i486-2_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nb11a66b5e80391dac16d92c59a7aa111 libxml2-2.8.0-x86_64-2_slack14.0.txz\n\nSlackware -current package:\ndba82933cc4a5298b14ca4f085e930ce l/libxml2-2.8.0-i486-2.txz\n\nSlackware x86_64 -current package:\n061c5ad8691d874a9c2a9079c312a725 l/libxml2-2.8.0-x86_64-2.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg libxml2-2.8.0-i486-2_slack14.0.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \n\nBackground\n==========\n\nlibxml2 is the XML C parser and toolkit developed for the Gnome\nproject. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/libxml2 \u003c 2.9.1-r1 \u003e= 2.9.1-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in libxml2. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libxml2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/libxml2-2.9.1-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-2871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2871\n[ 2 ] CVE-2012-5134\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5134\n[ 3 ] CVE-2013-0338\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338\n[ 4 ] CVE-2013-1664\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664\n[ 5 ] CVE-2013-1969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969\n[ 6 ] CVE-2013-2877\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201311-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: mingw32-libxml2 security update\nAdvisory ID: RHSA-2013:0217-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2013-0217.html\nIssue date: 2013-01-31\nCVE Names: CVE-2010-4008 CVE-2010-4494 CVE-2011-0216 \n CVE-2011-1944 CVE-2011-2821 CVE-2011-2834 \n CVE-2011-3102 CVE-2011-3905 CVE-2011-3919 \n CVE-2012-0841 CVE-2012-5134 \n=====================================================================\n\n1. Summary:\n\nUpdated mingw32-libxml2 packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 6. This advisory also contains\ninformation about future updates for the mingw32 packages, as well as the\ndeprecation of the packages with the release of Red Hat\nEnterprise Linux 6.4. \n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6) - noarch\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch\nRed Hat Enterprise Linux Server Optional (v. 6) - noarch\nRed Hat Enterprise Linux Workstation Optional (v. 6) - noarch\n\n3. Description:\n\nThese packages provide the libxml2 library, a development toolbox providing\nthe implementation of various XML standards, for users of MinGW (Minimalist\nGNU for Windows). \n\nIMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no\nlonger be updated proactively and will be deprecated with the release of\nRed Hat Enterprise Linux 6.4. These packages were provided to support other\ncapabilities in Red Hat Enterprise Linux and were not intended for direct\ncustomer use. Customers are advised to not use these packages with\nimmediate effect. Future updates to these packages will be at Red Hat\u0027s\ndiscretion and these packages may be removed in a future minor release. \n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. (CVE-2011-3919)\n\nA heap-based buffer underflow flaw was found in the way libxml2 decoded\ncertain entities. (CVE-2012-5134)\n\nIt was found that the hashing routine used by libxml2 arrays was\nsusceptible to predictable hash collisions. Sending a specially-crafted\nmessage to an XML service could result in longer processing time, which\ncould lead to a denial of service. To mitigate this issue, randomization\nhas been added to the hashing function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0841)\n\nMultiple flaws were found in the way libxml2 parsed certain XPath (XML Path\nLanguage) expressions. If an attacker were able to supply a\nspecially-crafted XML file to an application using libxml2, as well as an\nXPath expression for that application to run against the crafted file, it\ncould cause the application to crash. (CVE-2010-4008, CVE-2010-4494,\nCVE-2011-2821, CVE-2011-2834)\n\nTwo heap-based buffer overflow flaws were found in the way libxml2 decoded\ncertain XML files. (CVE-2011-0216,\nCVE-2011-3102)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XPath expressions. (CVE-2011-1944)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash. \n(CVE-2011-3905)\n\nRed Hat would like to thank the Google Security Team for reporting the\nCVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the\noriginal reporter of CVE-2010-4008. \n\nAll users of mingw32-libxml2 are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis\n665963 - CVE-2010-4494 libxml2: double-free in XPath processing code\n709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets\n724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding\n735712 - CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT\n735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT\n767387 - CVE-2011-3905 libxml2 out of bounds read\n771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name\n787067 - CVE-2012-0841 libxml2: hash table collisions CPU usage DoS\n822109 - CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation\n880466 - CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm\n\nnoarch:\nmingw32-libxml2-2.7.6-6.el6_3.noarch.rpm\nmingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm\nmingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm\n\nnoarch:\nmingw32-libxml2-2.7.6-6.el6_3.noarch.rpm\nmingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm\nmingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm\n\nnoarch:\nmingw32-libxml2-2.7.6-6.el6_3.noarch.rpm\nmingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm\nmingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm\n\nnoarch:\nmingw32-libxml2-2.7.6-6.el6_3.noarch.rpm\nmingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm\nmingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2010-4008.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4494.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-0216.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-1944.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-2821.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-2834.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3102.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3905.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3919.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0841.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-5134.html\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2013 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFRCujqXlSAg2UNWIIRAq0HAJ41YXDqlCpJkg97YuQmaF2MqKDIpACgn5j7\nsLTqWGtUMTYIUvLH8YXGFX4=\n=rOjB\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze6. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.8.0+dfsg1-7. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nGoogle Chrome Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA51437\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51437/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51437\n\nRELEASE DATE:\n2012-11-27\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51437/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51437/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51437\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Google Chrome, where\none has an unknown impact and others can be exploited by malicious\npeople to compromise a user\u0027s system. \n\n1) A use-after-free error exists in SVG filters. \n\n3) An error exists within the libxml2 library. \n\nFor more information see vulnerability #2:\nSA48000\n\n4) A use-after-free error exists within printing. \n\n5) A bad cast error exists within input element handling. \n\nThe vulnerabilities are reported in versions prior to 23.0.1271.91. \n\nSOLUTION:\nUpdate to version 23.0.1271.91. \n\nORIGINAL ADVISORY:\nhttp://googlechromereleases.blogspot.dk/2012/11/stable-channel-update.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2013-09-20-1 Apple TV 6.0\n\nApple TV 6.0 is now available and addresses the following:\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of JBIG2\nencoded data in PDF files. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2013-1025 : Felix Groebert of the Google Security Team\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of Sorenson\nencoded movie files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2013-1019 : Tom Gallagher (Microsoft) \u0026 Paul Bates (Microsoft)\nworking with HP\u0027s Zero Day Initiative\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription: TrustWave, a trusted root CA, has issued, and\nsubsequently revoked, a sub-CA certificate from one of its trusted\nanchors. This sub-CA facilitated the interception of communications\nsecured by Transport Layer Security (TLS). This update added the\ninvolved sub-CA certificate to OS X\u0027s list of untrusted certificates. \nCVE-ID\nCVE-2013-5134\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: An attacker who has arbitrary code execution on a device may\nbe able to persist code execution across reboots\nDescription: Multiple buffer overflows existed in dyld\u0027s\nopenSharedCacheFile() function. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2013-3950 : Stefan Esser\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of JPEG2000\nencoded data in PDF files. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2013-1026 : Felix Groebert of the Google Security Team\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: A malicious local application could cause an unexpected\nsystem termination\nDescription: A null pointer dereference existed in IOCatalogue. \nThe issue was addressed through additional type checking. \nCVE-ID\nCVE-2013-5138 : Will Estes\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Executing a malicious application may result in arbitrary\ncode execution within the kernel\nDescription: An out of bounds array access existed in the\nIOSerialFamily driver. This issue was addressed through additional\nbounds checking. \nCVE-ID\nCVE-2013-5139 : @dent1zt\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: A remote attacker can cause a device to unexpectedly restart\nDescription: Sending an invalid packet fragment to a device can\ncause a kernel assert to trigger, leading to a device restart. The\nissue was addressed through additional validation of packet\nfragments. \nCVE-ID\nCVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous\nresearcher working with CERT-FI, Antti LevomAki and Lauri Virtanen\nof Vulnerability Analysis Group, Stonesoft\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: An attacker on a local network can cause a denial of service\nDescription: An attacker on a local network can send specially\ncrafted IPv6 ICMP packets and cause high CPU load. The issue was\naddressed by rate limiting ICMP packets before verifying their\nchecksum. \nCVE-ID\nCVE-2011-2391 : Marc Heuse\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Kernel stack memory may be disclosed to local users\nDescription: An information disclosure issue existed in the msgctl\nand segctl APIs. This issue was addressed by initializing data\nstructures returned from the kernel. \nCVE-ID\nCVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Unprivileged processes could get access to the contents of\nkernel memory which could lead to privilege escalation\nDescription: An information disclosure issue existed in the\nmach_port_space_info API. This issue was addressed by initializing\nthe iin_collision field in structures returned from the kernel. \nCVE-ID\nCVE-2013-3953 : Stefan Esser\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Unprivileged processes may be able to cause an unexpected\nsystem termination or arbitrary code execution in the kernel\nDescription: A memory corruption issue existed in the handling of\narguments to the posix_spawn API. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2013-3954 : Stefan Esser\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: An unauthorized process may modify the set of loaded kernel\nextensions\nDescription: An issue existed in kextd\u0027s handling of IPC messages\nfrom unauthenticated senders. This issue was addressed by adding\nadditional authorization checks. \nCVE-ID\nCVE-2013-5145 : \"Rainbow PRISM\"\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Viewing a maliciously crafted web page may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in libxml. \nThese issues were addressed by updating libxml to version 2.9.0. \nCVE-ID\nCVE-2011-3102 : Juri Aedla\nCVE-2012-0841\nCVE-2012-2807 : Juri Aedla\nCVE-2012-5134 : Google Chrome Security Team (Juri Aedla)\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Viewing a maliciously crafted web page may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in libxslt. \nThese issues were addressed by updating libxslt to version 1.1.28. \nCVE-ID\nCVE-2012-2825 : Nicolas Gregoire\nCVE-2012-2870 : Nicolas Gregoire\nCVE-2012-2871 : Kai Lu of Fortinet\u0027s FortiGuard Labs, Nicolas\nGregoire\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2013-0879 : Atte Kettunen of OUSPG\nCVE-2013-0991 : Jay Civelli of the Chromium development community\nCVE-2013-0992 : Google Chrome Security Team (Martin Barbella)\nCVE-2013-0993 : Google Chrome Security Team (Inferno)\nCVE-2013-0994 : David German of Google\nCVE-2013-0995 : Google Chrome Security Team (Inferno)\nCVE-2013-0996 : Google Chrome Security Team (Inferno)\nCVE-2013-0997 : Vitaliy Toropov working with HP\u0027s Zero Day Initiative\nCVE-2013-0998 : pa_kt working with HP\u0027s Zero Day Initiative\nCVE-2013-0999 : pa_kt working with HP\u0027s Zero Day Initiative\nCVE-2013-1000 : Fermin J. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e General -\u003e Update Software\". \n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About\"", "sources": [ { "db": "NVD", "id": "CVE-2012-5134" }, { "db": "JVNDB", "id": "JVNDB-2012-005575" }, { "db": "VULHUB", "id": "VHN-58415" }, { "db": "PACKETSTORM", "id": "124932" }, { "db": "PACKETSTORM", "id": "118451" }, { "db": "PACKETSTORM", "id": "121130" }, { "db": "PACKETSTORM", "id": "118674" }, { "db": "PACKETSTORM", "id": "123959" }, { "db": "PACKETSTORM", "id": "119960" }, { "db": "PACKETSTORM", "id": "118533" }, { "db": "PACKETSTORM", "id": "118407" }, { "db": "PACKETSTORM", "id": "118546" }, { "db": "PACKETSTORM", "id": "123339" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-5134", "trust": 2.8 }, { "db": "SECUNIA", "id": "54886", "trust": 1.1 }, { "db": "SECUNIA", "id": "55568", "trust": 1.1 }, { "db": "SECUNIA", "id": "51448", "trust": 1.1 }, { "db": "BID", "id": "56684", "trust": 1.1 }, { "db": "SECTRACK", "id": "1027815", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU98681940", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95174988", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU94321146", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-005575", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "118533", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "118451", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "118546", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "121130", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "118674", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "118639", "trust": 0.1 }, { "db": "CNNVD", "id": "CNNVD-201211-518", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-58415", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "124932", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123959", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "119960", "trust": 0.1 }, { "db": "SECUNIA", "id": "51437", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "118407", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123339", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-58415" }, { "db": "JVNDB", "id": "JVNDB-2012-005575" }, { "db": "PACKETSTORM", "id": "124932" }, { "db": "PACKETSTORM", "id": "118451" }, { "db": "PACKETSTORM", "id": "121130" }, { "db": "PACKETSTORM", "id": "118674" }, { "db": "PACKETSTORM", "id": "123959" }, { "db": "PACKETSTORM", "id": "119960" }, { "db": "PACKETSTORM", "id": "118533" }, { "db": "PACKETSTORM", "id": "118407" }, { "db": "PACKETSTORM", "id": "118546" }, { "db": "PACKETSTORM", "id": "123339" }, { "db": "NVD", "id": "CVE-2012-5134" } ] }, "id": "VAR-201211-0356", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-58415" } ], "trust": 0.01 }, "last_update_date": "2024-11-29T20:45:59.455000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2013-10-22-8", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html" }, { "title": "APPLE-SA-2013-09-18-2", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" }, { "title": "APPLE-SA-2013-09-20-1", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00008.html" }, { "title": "HT6001", "trust": 0.8, "url": "http://support.apple.com/kb/HT6001" }, { "title": "HT5934", "trust": 0.8, "url": "http://support.apple.com/kb/HT5934" }, { "title": "HT5935", "trust": 0.8, "url": "http://support.apple.com/kb/HT5935" }, { "title": "HT5935", "trust": 0.8, "url": "http://support.apple.com/kb/HT5935?viewlocale=ja_JP" }, { "title": "HT6001", "trust": 0.8, "url": "http://support.apple.com/kb/HT6001?viewlocale=ja_JP" }, { "title": "HT5934", "trust": 0.8, "url": "http://support.apple.com/kb/HT5934?viewlocale=ja_JP" }, { "title": "DSA-2580", "trust": 0.8, "url": "http://www.debian.org/security/2012/dsa-2580" }, { "title": "Fix potential out of bound access", "trust": 0.8, "url": "http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d" }, { "title": "Stable Channel Update", "trust": 0.8, "url": "http://googlechromereleases.blogspot.jp/2012/11/stable-channel-update.html" }, { "title": "Google Chrome", "trust": 0.8, "url": "http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja\u0026hl=ja" }, { "title": "openSUSE-SU-2012:1637", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html" }, { "title": "openSUSE-SU-2013:0178", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00023.html" }, { "title": "Bug 880466", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880466" }, { "title": "RHSA-2012:1512", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2012-1512.html" }, { "title": "RHSA-2013:0217", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html" }, { "title": "MDVSA-2013:056", "trust": 0.8, "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:056" }, { "title": "CVE-2012-5134 Buffer Overflow vulnerability in libxml2", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_5134_buffer_overflow" }, { "title": "USN-1656-1", "trust": 0.8, "url": "http://www.ubuntu.com/usn/USN-1656-1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-005575" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-58415" }, { "db": "JVNDB", "id": "JVNDB-2012-005575" }, { "db": "NVD", "id": "CVE-2012-5134" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2012-1512.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2013-0217.html" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2013/oct/msg00009.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/56684" }, { "trust": 1.1, "url": "http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d" }, { "trust": 1.1, "url": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html" }, { "trust": 1.1, "url": "http://support.apple.com/kb/ht5934" }, { "trust": 1.1, "url": "http://support.apple.com/kb/ht6001" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880466" }, { "trust": 1.1, "url": "https://code.google.com/p/chromium/issues/detail?id=158249" }, { "trust": 1.1, "url": "http://www.debian.org/security/2012/dsa-2580" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:056" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1027815" }, { "trust": 1.1, "url": "http://secunia.com/advisories/51448" }, { "trust": 1.1, "url": "http://secunia.com/advisories/54886" }, { "trust": 1.1, "url": "http://secunia.com/advisories/55568" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00023.html" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-1656-1" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80294" }, { "trust": 1.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5134" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5134" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu94321146/" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu98681940/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu95174988/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5134" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3102" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0841" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2807" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2871" }, { "trust": 0.2, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2825" }, { "trust": 0.2, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2870" }, { "trust": 0.2, "url": "http://gpgtools.org" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-5134.html" }, { "trust": 0.2, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/knowledge/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0338" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1039" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1045" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1024" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5125" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1043" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1041" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1040" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1038" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5126" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1044" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1042" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1046" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1047" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5127" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2842" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1242" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5128" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1037" }, { "trust": 0.1, "url": "http://www.apple.com/itunes/download/" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=912400" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0338" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2807" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3102" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5134" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1664" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0338" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2877" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201311-06.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1969" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2877" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1664" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1969" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2871" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-2834.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4494.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3919" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3905" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4008" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3102.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-1944.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3919.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4494" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-2821.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3905.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0841.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0216.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4008.html" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://googlechromereleases.blogspot.dk/2012/11/stable-channel-update.html" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/51437/#comments" }, { "trust": 0.1, "url": "http://secunia.com/blog/325/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51437" }, { "trust": 0.1, "url": "http://secunia.com/advisories/51437/" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0997" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0996" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0879" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1000" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1010" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1001" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0995" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0992" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1003" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1005" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2391" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1002" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0993" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1004" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0991" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0999" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0994" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1007" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0998" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1006" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1008" } ], "sources": [ { "db": "VULHUB", "id": "VHN-58415" }, { "db": "JVNDB", "id": "JVNDB-2012-005575" }, { "db": "PACKETSTORM", "id": "124932" }, { "db": "PACKETSTORM", "id": "118451" }, { "db": "PACKETSTORM", "id": "121130" }, { "db": "PACKETSTORM", "id": "118674" }, { "db": "PACKETSTORM", "id": "123959" }, { "db": "PACKETSTORM", "id": "119960" }, { "db": "PACKETSTORM", "id": "118533" }, { "db": "PACKETSTORM", "id": "118407" }, { "db": "PACKETSTORM", "id": "118546" }, { "db": "PACKETSTORM", "id": "123339" }, { "db": "NVD", "id": "CVE-2012-5134" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-58415" }, { "db": "JVNDB", "id": "JVNDB-2012-005575" }, { "db": "PACKETSTORM", "id": "124932" }, { "db": "PACKETSTORM", "id": "118451" }, { "db": "PACKETSTORM", "id": "121130" }, { "db": "PACKETSTORM", "id": "118674" }, { "db": "PACKETSTORM", "id": "123959" }, { "db": "PACKETSTORM", "id": "119960" }, { "db": "PACKETSTORM", "id": "118533" }, { "db": "PACKETSTORM", "id": "118407" }, { "db": "PACKETSTORM", "id": "118546" }, { "db": "PACKETSTORM", "id": "123339" }, { "db": "NVD", "id": "CVE-2012-5134" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-11-28T00:00:00", "db": "VULHUB", "id": "VHN-58415" }, { "date": "2012-11-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-005575" }, { "date": "2014-01-24T01:33:33", "db": "PACKETSTORM", "id": "124932" }, { "date": "2012-11-30T03:11:59", "db": "PACKETSTORM", "id": "118451" }, { "date": "2013-04-08T20:28:39", "db": "PACKETSTORM", "id": "121130" }, { "date": "2012-12-07T18:27:31", "db": "PACKETSTORM", "id": "118674" }, { "date": "2013-11-11T23:02:01", "db": "PACKETSTORM", "id": "123959" }, { "date": "2013-02-01T03:30:19", "db": "PACKETSTORM", "id": "119960" }, { "date": "2012-12-03T01:27:47", "db": "PACKETSTORM", "id": "118533" }, { "date": "2012-11-27T07:16:54", "db": "PACKETSTORM", "id": "118407" }, { "date": "2012-12-03T02:00:31", "db": "PACKETSTORM", "id": "118546" }, { "date": "2013-09-20T20:54:13", "db": "PACKETSTORM", "id": "123339" }, { "date": "2012-11-28T01:55:01.323000", "db": "NVD", "id": "CVE-2012-5134" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-29T00:00:00", "db": "VULHUB", "id": "VHN-58415" }, { "date": "2014-02-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-005575" }, { "date": "2024-11-21T01:44:06.940000", "db": "NVD", "id": "CVE-2012-5134" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "118451" }, { "db": "PACKETSTORM", "id": "121130" }, { "db": "PACKETSTORM", "id": "123959" }, { "db": "PACKETSTORM", "id": "118546" } ], "trust": 0.4 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Google Chrome Used in libxml2 Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-005575" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "overflow, arbitrary", "sources": [ { "db": "PACKETSTORM", "id": "121130" }, { "db": "PACKETSTORM", "id": "118533" }, { "db": "PACKETSTORM", "id": "118546" } ], "trust": 0.3 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.