var-201212-0268
Vulnerability from variot
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. ibxml2 Does not properly limit the assumption of hash collisions, so it calculates the hash value, which may interfere with service operation. (CPU Resource consumption ) There is a vulnerability that becomes a condition.Crafted by attackers XML Service disruption through data (CPU Resource consumption ) There is a possibility of being put into a state. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. There is a vulnerability in libxml2 versions prior to 2.8.0. An attacker with a privileged network position may inject arbitrary contents. This issue was addressed by using an encrypted HTTPS connection to retrieve tutorials. ============================================================================ Ubuntu Security Notice USN-1376-1 February 27, 2012
libxml2 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
libxml2 could be made to cause a denial of service by consuming excessive CPU resources.
Software Description: - libxml2: GNOME XML library
Details:
Juraj Somorovsky discovered that libxml2 was vulnerable to hash table collisions.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: libxml2 2.7.8.dfsg-4ubuntu0.2
Ubuntu 11.04: libxml2 2.7.8.dfsg-2ubuntu0.3
Ubuntu 10.10: libxml2 2.7.7.dfsg-4ubuntu0.4
Ubuntu 10.04 LTS: libxml2 2.7.6.dfsg-1ubuntu1.4
Ubuntu 8.04 LTS: libxml2 2.6.31.dfsg-2ubuntu1.8
After a standard system update you need to reboot your computer to make all the necessary changes. Given an attacker with knowledge of the hashing algorithm, it is possible to craft input that creates a large amount of collisions. As a result it is possible to perform denial of service attacks against applications using libxml2 functionality because of the computational overhead.
For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze3.
For the testing (wheezy) and unstable (sid) distributions, this problem will be fixed soon.
We recommend that you upgrade your libxml2 packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
Background
libxml2 is the XML C parser and toolkit developed for the Gnome project.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/libxml2 < 2.7.8-r5 >= 2.7.8-r5
Description
libxml2 does not properly randomize hash functions to protect against hash collision attacks.
Impact
A remote attacker could entice a user or automated system to open a specially crafted XML document with an application using libxml2 resulting in a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All libxml2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.8-r5"
References
[ 1 ] CVE-2012-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0841
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-04.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions (CVE-2012-0841).
The updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841 https://bugzilla.redhat.com/show_bug.cgi?id=787067
Updated Packages:
Mandriva Linux 2010.1: c4a4de644600e3b89dedd642bc7606a1 2010.1/i586/libxml2_2-2.7.7-1.7mdv2010.2.i586.rpm b1160c067c0b7b50bfebb9adac8769b3 2010.1/i586/libxml2-devel-2.7.7-1.7mdv2010.2.i586.rpm e94d565354634255f818468319649dde 2010.1/i586/libxml2-python-2.7.7-1.7mdv2010.2.i586.rpm aa3315322ccbccc48055f2e8860b7868 2010.1/i586/libxml2-utils-2.7.7-1.7mdv2010.2.i586.rpm ead392e09e89f2011263d05c99fa434b 2010.1/SRPMS/libxml2-2.7.7-1.7mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64: 4f1ba56596e1ba6119a234e7389bc58e 2010.1/x86_64/lib64xml2_2-2.7.7-1.7mdv2010.2.x86_64.rpm 582599db10d8e84e864463e8ff6fb07a 2010.1/x86_64/lib64xml2-devel-2.7.7-1.7mdv2010.2.x86_64.rpm b064e3da97a8c6a0810e375e1ae3e81c 2010.1/x86_64/libxml2-python-2.7.7-1.7mdv2010.2.x86_64.rpm b321e028246266da82411f9fdd49c74e 2010.1/x86_64/libxml2-utils-2.7.7-1.7mdv2010.2.x86_64.rpm ead392e09e89f2011263d05c99fa434b 2010.1/SRPMS/libxml2-2.7.7-1.7mdv2010.2.src.rpm
Mandriva Linux 2011: 9893954628d54b7bd22afe4aab629ef5 2011/i586/libxml2_2-2.7.8-6.5-mdv2011.0.i586.rpm 908b43d457870436b177460b524aa281 2011/i586/libxml2-devel-2.7.8-6.5-mdv2011.0.i586.rpm 0fe2037a51ef9a76dff60d3781ca2181 2011/i586/libxml2-python-2.7.8-6.5-mdv2011.0.i586.rpm 062865bcf995d61848d2686f8d73a910 2011/i586/libxml2-utils-2.7.8-6.5-mdv2011.0.i586.rpm af4ed80cff9385a905711d137b278ebd 2011/SRPMS/libxml2-2.7.8-6.5.src.rpm
Mandriva Linux 2011/X86_64: ff02a21cf286b1ef892e90a95cb3816b 2011/x86_64/lib64xml2_2-2.7.8-6.5-mdv2011.0.x86_64.rpm e038a8a0f4d667e886337b71675e43bf 2011/x86_64/lib64xml2-devel-2.7.8-6.5-mdv2011.0.x86_64.rpm 8b71ca0b796535eeba859405150ecdb1 2011/x86_64/libxml2-python-2.7.8-6.5-mdv2011.0.x86_64.rpm 735d2815d09981de741cd8f145125b14 2011/x86_64/libxml2-utils-2.7.8-6.5-mdv2011.0.x86_64.rpm af4ed80cff9385a905711d137b278ebd 2011/SRPMS/libxml2-2.7.8-6.5.src.rpm
Mandriva Enterprise Server 5: 99e5f8322dc90c2e56ceba63b2ed8fe1 mes5/i586/libxml2_2-2.7.1-1.11mdvmes5.2.i586.rpm d45b4507df61ebb818c610a6d8b3f171 mes5/i586/libxml2-devel-2.7.1-1.11mdvmes5.2.i586.rpm a2ccad748424c026aab45f4737cbc83f mes5/i586/libxml2-python-2.7.1-1.11mdvmes5.2.i586.rpm 41332d41df915e790b7802609345f91f mes5/i586/libxml2-utils-2.7.1-1.11mdvmes5.2.i586.rpm 445537aab89c781bbaff02b0aa03460b mes5/SRPMS/libxml2-2.7.1-1.11mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: 76ef432df24b061b2458779ccfe04dcb mes5/x86_64/lib64xml2_2-2.7.1-1.11mdvmes5.2.x86_64.rpm 80a62a0e00e71223f1b88225c7c10ebe mes5/x86_64/lib64xml2-devel-2.7.1-1.11mdvmes5.2.x86_64.rpm 674a35a706c833b0594c0cb5491b7bc0 mes5/x86_64/libxml2-python-2.7.1-1.11mdvmes5.2.x86_64.rpm b76d3ed47e2f3c7c680f476ddb5e31d0 mes5/x86_64/libxml2-utils-2.7.1-1.11mdvmes5.2.x86_64.rpm 445537aab89c781bbaff02b0aa03460b mes5/SRPMS/libxml2-2.7.1-1.11mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2012-0012 Synopsis: VMware ESXi update to third party library Issue date: 2012-07-12 Updated on: 2012-07-12 (initial advisory) CVE number: CVE-2010-4008, CVE-2010-4494, CVE-2011-0216, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919, CVE-2012-0841
- Summary
VMware ESXi update addresses several security issues.
- Relevant releases
ESX 5.0 without patch ESXi500-201207101-SG
- Problem Description
a. ESXi update to third party component libxml2
The libxml2 third party library has been updated which addresses
multiple security issues
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-4008, CVE-2010-4494, CVE-2011-0216,
CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905,
CVE-2011-3919 and CVE-2012-0841 to these issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
========== ======== ======== =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 5.0 any ESXi500-201207101-SG
ESXi 4.1 any patch pending
ESXi 4.0 any patch pending
ESXi 3.5 any patch pending
ESX any any not applicable
- hosted products are VMware Workstation, Player, ACE, Fusion.
Note: "patch pending" means that the product is affected, but no patch is currently available. The advisory will be updated when a patch is available.
- Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
ESXi 5.0
ESXi500-201207001
md5sum: 01196c5c1635756ff177c262cb69a848 sha1sum: 85936f5439100cd5fb55c7add574b5b3b937fe86 http://kb.vmware.com/kb/2020571
ESXi500-201207001 contains ESXi500-201207101-SG
- References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4494 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1944 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2821 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2834 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3905 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3919 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
- Change log
2012-07-12 VMSA-2012-0012
Initial security advisory in conjunction with the release of a patch
for ESXi 5.0 on 2012-07-12.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2012 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 2599) Charset: utf-8
wj8DBQFP/5CnDEcm8Vbi9kMRAqxoAKCmIqiS9koANgqErRPhxwE2pKNyTwCeNNa/ ChaKaZj6SWN+tJ+UUajIIxQ= =QQgn -----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Avaya Voice Portal Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA50614
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50614/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50614
RELEASE DATE: 2012-09-21
DISCUSS ADVISORY: http://secunia.com/advisories/50614/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50614/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50614
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Avaya has acknowledged a weakness and multiple vulnerabilities in Avaya Voice Portal, which can be exploited by malicious, local users to disclose system and sensitive information and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
For more information: SA44490 SA46460 SA46958 SA48000
The weakness and vulnerabilities are reported in versions 5.0, 5.1, 5.1.1, and 5.1.2.
SOLUTION: Update to Avaya Enterprise Linux for Voice Portal 5.1.3 and Voice Portal 5.1.3.
ORIGINAL ADVISORY: Avaya (ASA-2011-154, ASA-2012-137, ASA-2012-139, ASA-2012-166, ASA-2012-207): https://downloads.avaya.com/css/P8/documents/100141102 https://downloads.avaya.com/css/P8/documents/100160023 https://downloads.avaya.com/css/P8/documents/100160589 https://downloads.avaya.com/css/P8/documents/100160780 https://downloads.avaya.com/css/P8/documents/100162507
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2013-09-20-1 Apple TV 6.0
Apple TV 6.0 is now available and addresses the following:
Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1025 : Felix Groebert of the Google Security Team
Apple TV Available for: Apple TV 2nd generation and later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Sorenson encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative
Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update added the involved sub-CA certificate to OS X's list of untrusted certificates. CVE-ID CVE-2013-5134
Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker who has arbitrary code execution on a device may be able to persist code execution across reboots Description: Multiple buffer overflows existed in dyld's openSharedCacheFile() function. These issues were addressed through improved bounds checking. CVE-ID CVE-2013-3950 : Stefan Esser
Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1026 : Felix Groebert of the Google Security Team
Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious local application could cause an unexpected system termination Description: A null pointer dereference existed in IOCatalogue. The issue was addressed through additional type checking. CVE-ID CVE-2013-5138 : Will Estes
Apple TV Available for: Apple TV 2nd generation and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: An out of bounds array access existed in the IOSerialFamily driver. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-5139 : @dent1zt
Apple TV Available for: Apple TV 2nd generation and later Impact: A remote attacker can cause a device to unexpectedly restart Description: Sending an invalid packet fragment to a device can cause a kernel assert to trigger, leading to a device restart. The issue was addressed through additional validation of packet fragments. CVE-ID CVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous researcher working with CERT-FI, Antti LevomAki and Lauri Virtanen of Vulnerability Analysis Group, Stonesoft
Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker on a local network can cause a denial of service Description: An attacker on a local network can send specially crafted IPv6 ICMP packets and cause high CPU load. The issue was addressed by rate limiting ICMP packets before verifying their checksum. CVE-ID CVE-2011-2391 : Marc Heuse
Apple TV Available for: Apple TV 2nd generation and later Impact: Kernel stack memory may be disclosed to local users Description: An information disclosure issue existed in the msgctl and segctl APIs. This issue was addressed by initializing data structures returned from the kernel. CVE-ID CVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc
Apple TV Available for: Apple TV 2nd generation and later Impact: Unprivileged processes could get access to the contents of kernel memory which could lead to privilege escalation Description: An information disclosure issue existed in the mach_port_space_info API. This issue was addressed by initializing the iin_collision field in structures returned from the kernel. CVE-ID CVE-2013-3953 : Stefan Esser
Apple TV Available for: Apple TV 2nd generation and later Impact: Unprivileged processes may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A memory corruption issue existed in the handling of arguments to the posix_spawn API. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-3954 : Stefan Esser
Apple TV Available for: Apple TV 2nd generation and later Impact: An unauthorized process may modify the set of loaded kernel extensions Description: An issue existed in kextd's handling of IPC messages from unauthenticated senders. This issue was addressed by adding additional authorization checks. CVE-ID CVE-2013-5145 : "Rainbow PRISM"
Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0. CVE-ID CVE-2011-3102 : Juri Aedla CVE-2012-0841 CVE-2012-2807 : Juri Aedla CVE-2012-5134 : Google Chrome Security Team (Juri Aedla)
Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28. CVE-ID CVE-2012-2825 : Nicolas Gregoire CVE-2012-2870 : Nicolas Gregoire CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas Gregoire
Apple TV Available for: Apple TV 2nd generation and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-0879 : Atte Kettunen of OUSPG CVE-2013-0991 : Jay Civelli of the Chromium development community CVE-2013-0992 : Google Chrome Security Team (Martin Barbella) CVE-2013-0993 : Google Chrome Security Team (Inferno) CVE-2013-0994 : David German of Google CVE-2013-0995 : Google Chrome Security Team (Inferno) CVE-2013-0996 : Google Chrome Security Team (Inferno) CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative CVE-2013-0998 : pa_kt working with HP's Zero Day Initiative CVE-2013-0999 : pa_kt working with HP's Zero Day Initiative CVE-2013-1000 : Fermin J. Serna of the Google Security Team CVE-2013-1001 : Ryan Humenick CVE-2013-1002 : Sergey Glazunov CVE-2013-1003 : Google Chrome Security Team (Inferno) CVE-2013-1004 : Google Chrome Security Team (Martin Barbella) CVE-2013-1005 : Google Chrome Security Team (Martin Barbella) CVE-2013-1006 : Google Chrome Security Team (Martin Barbella) CVE-2013-1007 : Google Chrome Security Team (Inferno) CVE-2013-1008 : Sergey Glazunov CVE-2013-1010 : miaubiz CVE-2013-1011 CVE-2013-1037 : Google Chrome Security Team CVE-2013-1038 : Google Chrome Security Team CVE-2013-1039 : own-hero Research working with iDefense VCP CVE-2013-1040 : Google Chrome Security Team CVE-2013-1041 : Google Chrome Security Team CVE-2013-1042 : Google Chrome Security Team CVE-2013-1043 : Google Chrome Security Team CVE-2013-1044 : Apple CVE-2013-1045 : Google Chrome Security Team CVE-2013-1046 : Google Chrome Security Team CVE-2013-1047 : miaubiz CVE-2013-2842 : Cyril Cattiaux CVE-2013-5125 : Google Chrome Security Team CVE-2013-5126 : Apple CVE-2013-5127 : Google Chrome Security Team CVE-2013-5128 : Apple
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software".
To check the current version of software, select "Settings -> General -> About".
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJSPKFKAAoJEPefwLHPlZEwbNcP/352LQ8RLNL4kdQN7HkNV4lE F4r9LGM+SUyUHaXO/mUDGZxodhsLYdEVPZ9gYAkecbxqYBRw8vHiXtRHIwMdl92I OWIAtr5Zbd55Dv9hH7SvC9ji4bA+I+8AScVZkkXIresh8fRlkID/KxM9Z8ImgVpz b3pmFAfI35VaEdsefjX32f9p9SAEq58qi+59LVVjwnMu1/29zbvQlVatYz5+ISaz LiBIV8zCpeDiaa3M+VmHQFR8CRjlDHinEs55wlFsKITQ29iABAO4hHQJg5+djPwo tWZo6nVEuMhbwTL9xHKFriwmsio17Ky/qdJu1+c6nBfz/Wu2SqqtgwQTJXgOEU6N G7N3bvLpaTE7rtPRmeFrXg79wfKVGgwu1OwYvTDnMQ7VcI9Oal2akSBDzEMHXHVN wvUDbXAU2Ya+Ii46kgm5Xbbhr4yw2ckbuY7/b4w7S1iPFLGgk29vQK0wazF8yj/E yoPLWgTUgQLwWldvxHX/XcOTSXAlf2tOvWz257DMqoqT8brQ6a5CjAvTDHRRRFau pOkzb3hV/C4Rx/8L+O/NVYLH4RmWhyjqfzKLvIYGTM1w8AoBKqvNcUitlwDMQTyw d9dhdaD6WbqOh9SC4qj3Nr6LijRr4Elgp+HUBlBmvnanS26zUsynXRYy1bvnJ3Po Xp07MGtHmSPNt4ShV2XP =G8s7 -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201212-0268", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "2.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "2.0.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "2.0.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "2.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "2.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "3.0.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "2.2.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "2.1.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "2.0.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "3.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.5" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.13" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.5" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.5" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.1.5" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.7.3" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.14" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.3" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.5.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.0.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "6.0.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.25" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.14" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.5" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.7.4" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.1.3" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.1.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.9" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.10" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.7" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.8" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.8" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.9" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.31" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.4" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.7" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.7.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.3.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.6" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.7.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.9" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.11" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.10" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.0.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.1.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.16" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "5.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.24" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.28" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.7.3" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.7.5" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.19" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.25" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.2.5" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.29" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.3" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.7" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.9" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.18" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.13" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.13" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.16" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.6" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.17" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.22" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.7.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.8" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.0.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.3.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.18" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.29" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.3.2" }, { "model": "iphone os", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "6.1.4" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.1.4" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.6" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.5.11" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.12" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.17" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "6.1.3" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "6.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.7.6" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.26" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.3.5" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.0.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.21" }, { "model": "libxml2", "scope": "lte", "trust": 1.0, "vendor": "xmlsoft", "version": "2.7.8" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.3" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.7.4" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.2.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.7.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.3.3" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.3" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.1.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.27" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.22" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.16" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.6" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.23" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "5.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.7" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.13" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.14" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.8" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.2.8" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.9" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.7" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.5.7" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.1.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.20" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.10" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.20" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "6.1.2" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.10" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.30" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "5.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.15" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.14" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.30" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.1.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "5.1.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.27" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.0.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.11" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.3" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.11" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.5.8" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.7.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.21" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.24" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.23" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.12" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.4" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.32" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "6.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.7.7" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.2.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "6.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.12" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.7.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.4" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.11" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.5.10" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.1.3" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.6" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.3.5" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.5.4" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.6.26" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.4.28" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.2.4" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "2.1.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.2.1" }, { "model": "libxml2", "scope": "eq", "trust": 1.0, "vendor": "xmlsoft", "version": "1.8.4" }, { "model": "libxml2", "scope": "lt", "trust": 0.8, "vendor": "xmlsoft", "version": "2.8.0" }, { "model": "tv", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "6.0 (apple tv first 2 after generation )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "7 (ipad 2 or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "7 (iphone 4 or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "7 (ipod touch first 5 after generation )" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "11.1.4 (windows 7)" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "11.1.4 (windows 8)" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "11.1.4 (windows vista)" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "11.1.4 (windows xp sp2 or later )" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11.1.1.6.0" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-005773" }, { "db": "CNNVD", "id": "CNNVD-201202-435" }, { "db": "NVD", "id": "CVE-2012-0841" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:xmlsoft:libxml2", "vulnerable": true }, { "cpe22Uri": "cpe:/a:apple:apple_tv", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:iphone_os", "vulnerable": true }, { "cpe22Uri": "cpe:/a:apple:itunes", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:http_server", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-005773" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Juraj Somorovsky", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-435" } ], "trust": 0.6 }, "cve": "CVE-2012-0841", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2012-0841", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-54122", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-0841", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2012-0841", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201202-435", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-54122", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2012-0841", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-54122" }, { "db": "VULMON", "id": "CVE-2012-0841" }, { "db": "JVNDB", "id": "JVNDB-2012-005773" }, { "db": "CNNVD", "id": "CNNVD-201202-435" }, { "db": "NVD", "id": "CVE-2012-0841" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. ibxml2 Does not properly limit the assumption of hash collisions, so it calculates the hash value, which may interfere with service operation. (CPU Resource consumption ) There is a vulnerability that becomes a condition.Crafted by attackers XML Service disruption through data (CPU Resource consumption ) There is a possibility of being put into a state. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. There is a vulnerability in libxml2 versions prior to 2.8.0. An\nattacker with a privileged network position may inject arbitrary\ncontents. This issue was addressed by using an encrypted HTTPS\nconnection to retrieve tutorials. ============================================================================\nUbuntu Security Notice USN-1376-1\nFebruary 27, 2012\n\nlibxml2 vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nlibxml2 could be made to cause a denial of service by consuming excessive\nCPU resources. \n\nSoftware Description:\n- libxml2: GNOME XML library\n\nDetails:\n\nJuraj Somorovsky discovered that libxml2 was vulnerable to hash table\ncollisions. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n libxml2 2.7.8.dfsg-4ubuntu0.2\n\nUbuntu 11.04:\n libxml2 2.7.8.dfsg-2ubuntu0.3\n\nUbuntu 10.10:\n libxml2 2.7.7.dfsg-4ubuntu0.4\n\nUbuntu 10.04 LTS:\n libxml2 2.7.6.dfsg-1ubuntu1.4\n\nUbuntu 8.04 LTS:\n libxml2 2.6.31.dfsg-2ubuntu1.8\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Given an attacker with knowledge of the\nhashing algorithm, it is possible to craft input that creates a large\namount of collisions. As a result it is possible to perform denial of\nservice attacks against applications using libxml2 functionality because\nof the computational overhead. \n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze3. \n\nFor the testing (wheezy) and unstable (sid) distributions, this problem\nwill be fixed soon. \n\nWe recommend that you upgrade your libxml2 packages. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nBackground\n==========\n\nlibxml2 is the XML C parser and toolkit developed for the Gnome\nproject. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/libxml2 \u003c 2.7.8-r5 \u003e= 2.7.8-r5\n\nDescription\n===========\n\nlibxml2 does not properly randomize hash functions to protect against\nhash collision attacks. \n\nImpact\n======\n\nA remote attacker could entice a user or automated system to open a\nspecially crafted XML document with an application using libxml2\nresulting in a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libxml2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/libxml2-2.7.8-r5\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-0841\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0841\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-04.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Sending a specially-crafted\n message to an XML service could result in longer processing time,\n which could lead to a denial of service. To mitigate this issue,\n randomization has been added to the hashing function to reduce the\n chance of an attacker successfully causing intentional collisions\n (CVE-2012-0841). \n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841\n https://bugzilla.redhat.com/show_bug.cgi?id=787067\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2010.1:\n c4a4de644600e3b89dedd642bc7606a1 2010.1/i586/libxml2_2-2.7.7-1.7mdv2010.2.i586.rpm\n b1160c067c0b7b50bfebb9adac8769b3 2010.1/i586/libxml2-devel-2.7.7-1.7mdv2010.2.i586.rpm\n e94d565354634255f818468319649dde 2010.1/i586/libxml2-python-2.7.7-1.7mdv2010.2.i586.rpm\n aa3315322ccbccc48055f2e8860b7868 2010.1/i586/libxml2-utils-2.7.7-1.7mdv2010.2.i586.rpm \n ead392e09e89f2011263d05c99fa434b 2010.1/SRPMS/libxml2-2.7.7-1.7mdv2010.2.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n 4f1ba56596e1ba6119a234e7389bc58e 2010.1/x86_64/lib64xml2_2-2.7.7-1.7mdv2010.2.x86_64.rpm\n 582599db10d8e84e864463e8ff6fb07a 2010.1/x86_64/lib64xml2-devel-2.7.7-1.7mdv2010.2.x86_64.rpm\n b064e3da97a8c6a0810e375e1ae3e81c 2010.1/x86_64/libxml2-python-2.7.7-1.7mdv2010.2.x86_64.rpm\n b321e028246266da82411f9fdd49c74e 2010.1/x86_64/libxml2-utils-2.7.7-1.7mdv2010.2.x86_64.rpm \n ead392e09e89f2011263d05c99fa434b 2010.1/SRPMS/libxml2-2.7.7-1.7mdv2010.2.src.rpm\n\n Mandriva Linux 2011:\n 9893954628d54b7bd22afe4aab629ef5 2011/i586/libxml2_2-2.7.8-6.5-mdv2011.0.i586.rpm\n 908b43d457870436b177460b524aa281 2011/i586/libxml2-devel-2.7.8-6.5-mdv2011.0.i586.rpm\n 0fe2037a51ef9a76dff60d3781ca2181 2011/i586/libxml2-python-2.7.8-6.5-mdv2011.0.i586.rpm\n 062865bcf995d61848d2686f8d73a910 2011/i586/libxml2-utils-2.7.8-6.5-mdv2011.0.i586.rpm \n af4ed80cff9385a905711d137b278ebd 2011/SRPMS/libxml2-2.7.8-6.5.src.rpm\n\n Mandriva Linux 2011/X86_64:\n ff02a21cf286b1ef892e90a95cb3816b 2011/x86_64/lib64xml2_2-2.7.8-6.5-mdv2011.0.x86_64.rpm\n e038a8a0f4d667e886337b71675e43bf 2011/x86_64/lib64xml2-devel-2.7.8-6.5-mdv2011.0.x86_64.rpm\n 8b71ca0b796535eeba859405150ecdb1 2011/x86_64/libxml2-python-2.7.8-6.5-mdv2011.0.x86_64.rpm\n 735d2815d09981de741cd8f145125b14 2011/x86_64/libxml2-utils-2.7.8-6.5-mdv2011.0.x86_64.rpm \n af4ed80cff9385a905711d137b278ebd 2011/SRPMS/libxml2-2.7.8-6.5.src.rpm\n\n Mandriva Enterprise Server 5:\n 99e5f8322dc90c2e56ceba63b2ed8fe1 mes5/i586/libxml2_2-2.7.1-1.11mdvmes5.2.i586.rpm\n d45b4507df61ebb818c610a6d8b3f171 mes5/i586/libxml2-devel-2.7.1-1.11mdvmes5.2.i586.rpm\n a2ccad748424c026aab45f4737cbc83f mes5/i586/libxml2-python-2.7.1-1.11mdvmes5.2.i586.rpm\n 41332d41df915e790b7802609345f91f mes5/i586/libxml2-utils-2.7.1-1.11mdvmes5.2.i586.rpm \n 445537aab89c781bbaff02b0aa03460b mes5/SRPMS/libxml2-2.7.1-1.11mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 76ef432df24b061b2458779ccfe04dcb mes5/x86_64/lib64xml2_2-2.7.1-1.11mdvmes5.2.x86_64.rpm\n 80a62a0e00e71223f1b88225c7c10ebe mes5/x86_64/lib64xml2-devel-2.7.1-1.11mdvmes5.2.x86_64.rpm\n 674a35a706c833b0594c0cb5491b7bc0 mes5/x86_64/libxml2-python-2.7.1-1.11mdvmes5.2.x86_64.rpm\n b76d3ed47e2f3c7c680f476ddb5e31d0 mes5/x86_64/libxml2-utils-2.7.1-1.11mdvmes5.2.x86_64.rpm \n 445537aab89c781bbaff02b0aa03460b mes5/SRPMS/libxml2-2.7.1-1.11mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n -----------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2012-0012\nSynopsis: VMware ESXi update to third party library\nIssue date: 2012-07-12\nUpdated on: 2012-07-12 (initial advisory)\nCVE number: CVE-2010-4008, CVE-2010-4494, \n CVE-2011-0216, CVE-2011-1944,\n CVE-2011-2821, CVE-2011-2834,\n CVE-2011-3905, CVE-2011-3919,\n CVE-2012-0841\n\n -----------------------------------------------------------------------\n1. Summary\n\n VMware ESXi update addresses several security issues. \n\n2. Relevant releases\n\n ESX 5.0 without patch ESXi500-201207101-SG\n \n \n3. Problem Description\n\n a. ESXi update to third party component libxml2\n\n The libxml2 third party library has been updated which addresses \n multiple security issues\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-4008, CVE-2010-4494, CVE-2011-0216,\n CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905,\n CVE-2011-3919 and CVE-2012-0841 to these issues. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n \n VMware Product Running Replace with/\n Product Version on Apply Patch\n ========== ======== ======== =================\n vCenter any Windows not affected \n \n hosted * any any not affected \n \n ESXi 5.0 any ESXi500-201207101-SG\n ESXi\t 4.1 any patch pending\n ESXi\t 4.0 any patch pending\n ESXi\t 3.5 any patch pending\n \n ESX any any not applicable \n \n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n Note: \"patch pending\" means that the product is affected, \n but no patch is currently available. The advisory will be\n updated when a patch is available. \n\n 4. Solution\n\n Please review the patch/release notes for your product and\n version and verify the checksum of your downloaded file. \n\n ESXi 5.0\n --------\n ESXi500-201207001\n\n md5sum: 01196c5c1635756ff177c262cb69a848\n sha1sum: 85936f5439100cd5fb55c7add574b5b3b937fe86\n http://kb.vmware.com/kb/2020571\n\n ESXi500-201207001 contains ESXi500-201207101-SG\n \n5. References\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4008\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4494\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0216\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1944\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2821\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2834\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3905\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3919\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841\n\n -----------------------------------------------------------------------\n\n6. Change log\n\n 2012-07-12 VMSA-2012-0012 \n Initial security advisory in conjunction with the release of a patch\n for ESXi 5.0 on 2012-07-12. \n\n -----------------------------------------------------------------------\n\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Advisories\nhttp://www.vmware.com/security/advisories\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2012 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 10.2.0 (Build 2599)\nCharset: utf-8\n\nwj8DBQFP/5CnDEcm8Vbi9kMRAqxoAKCmIqiS9koANgqErRPhxwE2pKNyTwCeNNa/\nChaKaZj6SWN+tJ+UUajIIxQ=\n=QQgn\n-----END PGP SIGNATURE-----\n\n\n. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nAvaya Voice Portal Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50614\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50614/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50614\n\nRELEASE DATE:\n2012-09-21\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50614/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50614/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50614\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nAvaya has acknowledged a weakness and multiple vulnerabilities in\nAvaya Voice Portal, which can be exploited by malicious, local users\nto disclose system and sensitive information and by malicious people\nto bypass certain security restrictions and cause a DoS (Denial of\nService). \n\nFor more information:\nSA44490\nSA46460\nSA46958\nSA48000\n\nThe weakness and vulnerabilities are reported in versions 5.0, 5.1,\n5.1.1, and 5.1.2. \n\nSOLUTION:\nUpdate to Avaya Enterprise Linux for Voice Portal 5.1.3 and Voice\nPortal 5.1.3. \n\nORIGINAL ADVISORY:\nAvaya (ASA-2011-154, ASA-2012-137, ASA-2012-139, ASA-2012-166,\nASA-2012-207):\nhttps://downloads.avaya.com/css/P8/documents/100141102\nhttps://downloads.avaya.com/css/P8/documents/100160023\nhttps://downloads.avaya.com/css/P8/documents/100160589\nhttps://downloads.avaya.com/css/P8/documents/100160780\nhttps://downloads.avaya.com/css/P8/documents/100162507\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2013-09-20-1 Apple TV 6.0\n\nApple TV 6.0 is now available and addresses the following:\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of JBIG2\nencoded data in PDF files. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2013-1025 : Felix Groebert of the Google Security Team\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of Sorenson\nencoded movie files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2013-1019 : Tom Gallagher (Microsoft) \u0026 Paul Bates (Microsoft)\nworking with HP\u0027s Zero Day Initiative\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription: TrustWave, a trusted root CA, has issued, and\nsubsequently revoked, a sub-CA certificate from one of its trusted\nanchors. This sub-CA facilitated the interception of communications\nsecured by Transport Layer Security (TLS). This update added the\ninvolved sub-CA certificate to OS X\u0027s list of untrusted certificates. \nCVE-ID\nCVE-2013-5134\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: An attacker who has arbitrary code execution on a device may\nbe able to persist code execution across reboots\nDescription: Multiple buffer overflows existed in dyld\u0027s\nopenSharedCacheFile() function. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2013-3950 : Stefan Esser\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of JPEG2000\nencoded data in PDF files. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2013-1026 : Felix Groebert of the Google Security Team\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: A malicious local application could cause an unexpected\nsystem termination\nDescription: A null pointer dereference existed in IOCatalogue. \nThe issue was addressed through additional type checking. \nCVE-ID\nCVE-2013-5138 : Will Estes\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Executing a malicious application may result in arbitrary\ncode execution within the kernel\nDescription: An out of bounds array access existed in the\nIOSerialFamily driver. This issue was addressed through additional\nbounds checking. \nCVE-ID\nCVE-2013-5139 : @dent1zt\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: A remote attacker can cause a device to unexpectedly restart\nDescription: Sending an invalid packet fragment to a device can\ncause a kernel assert to trigger, leading to a device restart. The\nissue was addressed through additional validation of packet\nfragments. \nCVE-ID\nCVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous\nresearcher working with CERT-FI, Antti LevomAki and Lauri Virtanen\nof Vulnerability Analysis Group, Stonesoft\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: An attacker on a local network can cause a denial of service\nDescription: An attacker on a local network can send specially\ncrafted IPv6 ICMP packets and cause high CPU load. The issue was\naddressed by rate limiting ICMP packets before verifying their\nchecksum. \nCVE-ID\nCVE-2011-2391 : Marc Heuse\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Kernel stack memory may be disclosed to local users\nDescription: An information disclosure issue existed in the msgctl\nand segctl APIs. This issue was addressed by initializing data\nstructures returned from the kernel. \nCVE-ID\nCVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Unprivileged processes could get access to the contents of\nkernel memory which could lead to privilege escalation\nDescription: An information disclosure issue existed in the\nmach_port_space_info API. This issue was addressed by initializing\nthe iin_collision field in structures returned from the kernel. \nCVE-ID\nCVE-2013-3953 : Stefan Esser\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Unprivileged processes may be able to cause an unexpected\nsystem termination or arbitrary code execution in the kernel\nDescription: A memory corruption issue existed in the handling of\narguments to the posix_spawn API. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2013-3954 : Stefan Esser\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: An unauthorized process may modify the set of loaded kernel\nextensions\nDescription: An issue existed in kextd\u0027s handling of IPC messages\nfrom unauthenticated senders. This issue was addressed by adding\nadditional authorization checks. \nCVE-ID\nCVE-2013-5145 : \"Rainbow PRISM\"\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Viewing a maliciously crafted web page may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in libxml. \nThese issues were addressed by updating libxml to version 2.9.0. \nCVE-ID\nCVE-2011-3102 : Juri Aedla\nCVE-2012-0841\nCVE-2012-2807 : Juri Aedla\nCVE-2012-5134 : Google Chrome Security Team (Juri Aedla)\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Viewing a maliciously crafted web page may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in libxslt. \nThese issues were addressed by updating libxslt to version 1.1.28. \nCVE-ID\nCVE-2012-2825 : Nicolas Gregoire\nCVE-2012-2870 : Nicolas Gregoire\nCVE-2012-2871 : Kai Lu of Fortinet\u0027s FortiGuard Labs, Nicolas\nGregoire\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2013-0879 : Atte Kettunen of OUSPG\nCVE-2013-0991 : Jay Civelli of the Chromium development community\nCVE-2013-0992 : Google Chrome Security Team (Martin Barbella)\nCVE-2013-0993 : Google Chrome Security Team (Inferno)\nCVE-2013-0994 : David German of Google\nCVE-2013-0995 : Google Chrome Security Team (Inferno)\nCVE-2013-0996 : Google Chrome Security Team (Inferno)\nCVE-2013-0997 : Vitaliy Toropov working with HP\u0027s Zero Day Initiative\nCVE-2013-0998 : pa_kt working with HP\u0027s Zero Day Initiative\nCVE-2013-0999 : pa_kt working with HP\u0027s Zero Day Initiative\nCVE-2013-1000 : Fermin J. Serna of the Google Security Team\nCVE-2013-1001 : Ryan Humenick\nCVE-2013-1002 : Sergey Glazunov\nCVE-2013-1003 : Google Chrome Security Team (Inferno)\nCVE-2013-1004 : Google Chrome Security Team (Martin Barbella)\nCVE-2013-1005 : Google Chrome Security Team (Martin Barbella)\nCVE-2013-1006 : Google Chrome Security Team (Martin Barbella)\nCVE-2013-1007 : Google Chrome Security Team (Inferno)\nCVE-2013-1008 : Sergey Glazunov\nCVE-2013-1010 : miaubiz\nCVE-2013-1011\nCVE-2013-1037 : Google Chrome Security Team\nCVE-2013-1038 : Google Chrome Security Team\nCVE-2013-1039 : own-hero Research working with iDefense VCP\nCVE-2013-1040 : Google Chrome Security Team\nCVE-2013-1041 : Google Chrome Security Team\nCVE-2013-1042 : Google Chrome Security Team\nCVE-2013-1043 : Google Chrome Security Team\nCVE-2013-1044 : Apple\nCVE-2013-1045 : Google Chrome Security Team\nCVE-2013-1046 : Google Chrome Security Team\nCVE-2013-1047 : miaubiz\nCVE-2013-2842 : Cyril Cattiaux\nCVE-2013-5125 : Google Chrome Security Team\nCVE-2013-5126 : Apple\nCVE-2013-5127 : Google Chrome Security Team\nCVE-2013-5128 : Apple\n\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e General -\u003e Update Software\". \n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJSPKFKAAoJEPefwLHPlZEwbNcP/352LQ8RLNL4kdQN7HkNV4lE\nF4r9LGM+SUyUHaXO/mUDGZxodhsLYdEVPZ9gYAkecbxqYBRw8vHiXtRHIwMdl92I\nOWIAtr5Zbd55Dv9hH7SvC9ji4bA+I+8AScVZkkXIresh8fRlkID/KxM9Z8ImgVpz\nb3pmFAfI35VaEdsefjX32f9p9SAEq58qi+59LVVjwnMu1/29zbvQlVatYz5+ISaz\nLiBIV8zCpeDiaa3M+VmHQFR8CRjlDHinEs55wlFsKITQ29iABAO4hHQJg5+djPwo\ntWZo6nVEuMhbwTL9xHKFriwmsio17Ky/qdJu1+c6nBfz/Wu2SqqtgwQTJXgOEU6N\nG7N3bvLpaTE7rtPRmeFrXg79wfKVGgwu1OwYvTDnMQ7VcI9Oal2akSBDzEMHXHVN\nwvUDbXAU2Ya+Ii46kgm5Xbbhr4yw2ckbuY7/b4w7S1iPFLGgk29vQK0wazF8yj/E\nyoPLWgTUgQLwWldvxHX/XcOTSXAlf2tOvWz257DMqoqT8brQ6a5CjAvTDHRRRFau\npOkzb3hV/C4Rx/8L+O/NVYLH4RmWhyjqfzKLvIYGTM1w8AoBKqvNcUitlwDMQTyw\nd9dhdaD6WbqOh9SC4qj3Nr6LijRr4Elgp+HUBlBmvnanS26zUsynXRYy1bvnJ3Po\nXp07MGtHmSPNt4ShV2XP\n=G8s7\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2012-0841" }, { "db": "JVNDB", "id": "JVNDB-2012-005773" }, { "db": "VULHUB", "id": "VHN-54122" }, { "db": "VULMON", "id": "CVE-2012-0841" }, { "db": "PACKETSTORM", "id": "124932" }, { "db": "PACKETSTORM", "id": "110239" }, { "db": "PACKETSTORM", "id": "110142" }, { "db": "PACKETSTORM", "id": "110474" }, { "db": "PACKETSTORM", "id": "110106" }, { "db": "PACKETSTORM", "id": "114714" }, { "db": "PACKETSTORM", "id": "116765" }, { "db": "PACKETSTORM", "id": "123339" } ], "trust": 2.52 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-54122", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-54122" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-0841", "trust": 3.3 }, { "db": "SECUNIA", "id": "54886", "trust": 1.8 }, { "db": "SECUNIA", "id": "55568", "trust": 1.8 }, { "db": "BID", "id": "52107", "trust": 1.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2012/02/22/1", "trust": 1.8 }, { "db": "SECTRACK", "id": "1026723", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU98681940", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95174988", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU94321146", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-005773", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201202-435", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2023.3732", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "110239", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "110474", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "110106", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "110142", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-54122", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2012-0841", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "124932", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114714", "trust": 0.1 }, { "db": "SECUNIA", "id": "50614", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "116765", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123339", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-54122" }, { "db": "VULMON", "id": "CVE-2012-0841" }, { "db": "JVNDB", "id": "JVNDB-2012-005773" }, { "db": "PACKETSTORM", "id": "124932" }, { "db": "PACKETSTORM", "id": "110239" }, { "db": "PACKETSTORM", "id": "110142" }, { "db": "PACKETSTORM", "id": "110474" }, { "db": "PACKETSTORM", "id": "110106" }, { "db": "PACKETSTORM", "id": "114714" }, { "db": "PACKETSTORM", "id": "116765" }, { "db": "PACKETSTORM", "id": "123339" }, { "db": "CNNVD", "id": "CNNVD-201202-435" }, { "db": "NVD", "id": "CVE-2012-0841" } ] }, "id": "VAR-201212-0268", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-54122" } ], "trust": 0.01 }, "last_update_date": "2024-11-29T22:11:48.497000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2013-10-22-8", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html" }, { "title": "APPLE-SA-2013-09-20-1", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00008.html" }, { "title": "APPLE-SA-2013-09-18-2", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" }, { "title": "HT6001", "trust": 0.8, "url": "http://support.apple.com/kb/HT6001" }, { "title": "HT5934", "trust": 0.8, "url": "http://support.apple.com/kb/HT5934" }, { "title": "HT5935", "trust": 0.8, "url": "http://support.apple.com/kb/HT5935" }, { "title": "HT6001", "trust": 0.8, "url": "http://support.apple.com/kb/HT6001?viewlocale=ja_JP" }, { "title": "HT5934", "trust": 0.8, "url": "http://support.apple.com/kb/HT5934?viewlocale=ja_JP" }, { "title": "HT5935", "trust": 0.8, "url": "http://support.apple.com/kb/HT5935?viewlocale=ja_JP" }, { "title": "#660846", "trust": 0.8, "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846" }, { "title": "DSA-2417", "trust": 0.8, "url": "http://www.debian.org/security/2012/dsa-2417" }, { "title": "index : libxml2", "trust": 0.8, "url": "http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a " }, { "title": "Oracle Critical Patch Update Advisory - April 2013", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2013 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapril2013verbose-1899563.html" }, { "title": "RHSA-2013:0217", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html" }, { "title": "RHSA-2012:0324", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2012-0324.html" }, { "title": "MDVSA-2013:150", "trust": 0.8, "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" }, { "title": "CVE-2012-0841 Denial of Service (DoS) vulnerability in libxml2", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_of" }, { "title": "April 2013 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2013_critical_patch_update" }, { "title": "XRX13-003", "trust": 0.8, "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" }, { "title": "Releases", "trust": 0.8, "url": "http://xmlsoft.org/news.html" }, { "title": "libxml2 Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=234412" }, { "title": "Red Hat: Moderate: libxml2 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120324 - Security Advisory" }, { "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2012-0841 computational DoS attack via hash collisions", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e38113b87f75761a754c10eb1c451827" }, { "title": "Ubuntu Security Notice: libxml2 vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1376-1" }, { "title": "Amazon Linux AMI: ALAS-2012-052", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2012-052" }, { "title": "VMware Security Advisories: VMware ESXi update to third party library", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=329050bc1ed5b6a8ba43ca82aa2c2690" }, { "title": "VMware Security Advisories: VMware vSphere and vCOps updates to third party libraries", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=ebfa7ecfec1f973ff975279d7fce2976" } ], "sources": [ { "db": "VULMON", "id": "CVE-2012-0841" }, { "db": "JVNDB", "id": "JVNDB-2012-005773" }, { "db": "CNNVD", "id": "CNNVD-201202-435" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-399", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-54122" }, { "db": "JVNDB", "id": "JVNDB-2012-005773" }, { "db": "NVD", "id": "CVE-2012-0841" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://securitytracker.com/id?1026723" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/52107" }, { "trust": 1.8, "url": "http://secunia.com/advisories/54886" }, { "trust": 1.8, "url": "http://secunia.com/advisories/55568" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2013/oct/msg00009.html" }, { "trust": 1.8, "url": "http://www.debian.org/security/2012/dsa-2417" }, { "trust": 1.8, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:150" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2012-0324.html" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2013-0217.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html" }, { "trust": 1.8, "url": "http://www.openwall.com/lists/oss-security/2012/02/22/1" }, { "trust": 1.8, "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846" }, { "trust": 1.8, "url": "http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a" }, { "trust": 1.8, "url": "http://support.apple.com/kb/ht5934" }, { "trust": 1.8, "url": "http://support.apple.com/kb/ht6001" }, { "trust": 1.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" }, { "trust": 1.8, "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_xrx13-003_v1.0.pdf" }, { "trust": 1.8, "url": "http://xmlsoft.org/news.html" }, { "trust": 1.8, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_of" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0841" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu94321146/" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu98681940/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu95174988/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0841" }, { "trust": 0.7, "url": "https://access.redhat.com/errata/rhsa-2012:0324" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0841" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=787067" }, { "trust": 0.6, "url": "https://access.redhat.com/errata/rhsa-2013:0217" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2012-0841" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.3732" }, { "trust": 0.2, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5134" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2807" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2825" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2871" }, { "trust": 0.2, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2870" }, { "trust": 0.2, "url": "http://gpgtools.org" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3102" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/399.html" }, { "trust": 0.1, "url": "https://www.rapid7.com/db/vulnerabilities/apple-ios-cve-2012-0841" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1376-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.rapid7.com/db/vulnerabilities/linuxrpm-rhsa-2012-0324" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=24871" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1039" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1045" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1024" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5125" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1043" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1041" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1040" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1038" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5126" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1044" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1042" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1046" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1047" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5127" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2842" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1242" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5128" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1037" }, { "trust": 0.1, "url": "http://www.apple.com/itunes/download/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libxml2/2.7.7.dfsg-4ubuntu0.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-4ubuntu0.2" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-1376-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libxml2/2.6.31.dfsg-2ubuntu1.8" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libxml2/2.7.6.dfsg-1ubuntu1.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-2ubuntu0.3" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201203-04.xml" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0841" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3905" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4494" }, { "trust": 0.1, "url": "http://www.vmware.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1944" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3919" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3905" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4008" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/2020571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3919" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4494" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0216" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0216" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2834" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2821" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4008" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50614" }, { "trust": 0.1, "url": "https://downloads.avaya.com/css/p8/documents/100141102" }, { "trust": 0.1, "url": "https://downloads.avaya.com/css/p8/documents/100160023" }, { "trust": 0.1, "url": "http://secunia.com/advisories/50614/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/50614/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "https://downloads.avaya.com/css/p8/documents/100160589" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "https://downloads.avaya.com/css/p8/documents/100160780" }, { "trust": 0.1, "url": "https://downloads.avaya.com/css/p8/documents/100162507" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/blog/325/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0997" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0996" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0879" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1000" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1010" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1001" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0995" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0992" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1003" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1005" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2391" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1002" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0993" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1004" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0991" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0999" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0994" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1007" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0998" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1006" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1008" } ], "sources": [ { "db": "VULHUB", "id": "VHN-54122" }, { "db": "VULMON", "id": "CVE-2012-0841" }, { "db": "JVNDB", "id": "JVNDB-2012-005773" }, { "db": "PACKETSTORM", "id": "124932" }, { "db": "PACKETSTORM", "id": "110239" }, { "db": "PACKETSTORM", "id": "110142" }, { "db": "PACKETSTORM", "id": "110474" }, { "db": "PACKETSTORM", "id": "110106" }, { "db": "PACKETSTORM", "id": "114714" }, { "db": "PACKETSTORM", "id": "116765" }, { "db": "PACKETSTORM", "id": "123339" }, { "db": "CNNVD", "id": "CNNVD-201202-435" }, { "db": "NVD", "id": "CVE-2012-0841" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-54122" }, { "db": "VULMON", "id": "CVE-2012-0841" }, { "db": "JVNDB", "id": "JVNDB-2012-005773" }, { "db": "PACKETSTORM", "id": "124932" }, { "db": "PACKETSTORM", "id": "110239" }, { "db": "PACKETSTORM", "id": "110142" }, { "db": "PACKETSTORM", "id": "110474" }, { "db": "PACKETSTORM", "id": "110106" }, { "db": "PACKETSTORM", "id": "114714" }, { "db": "PACKETSTORM", "id": "116765" }, { "db": "PACKETSTORM", "id": "123339" }, { "db": "CNNVD", "id": "CNNVD-201202-435" }, { "db": "NVD", "id": "CVE-2012-0841" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-12-21T00:00:00", "db": "VULHUB", "id": "VHN-54122" }, { "date": "2012-12-21T00:00:00", "db": "VULMON", "id": "CVE-2012-0841" }, { "date": "2012-12-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-005773" }, { "date": "2014-01-24T01:33:33", "db": "PACKETSTORM", "id": "124932" }, { "date": "2012-02-28T00:36:29", "db": "PACKETSTORM", "id": "110239" }, { "date": "2012-02-24T03:51:16", "db": "PACKETSTORM", "id": "110142" }, { "date": "2012-03-06T23:54:16", "db": "PACKETSTORM", "id": "110474" }, { "date": "2012-02-23T05:15:41", "db": "PACKETSTORM", "id": "110106" }, { "date": "2012-07-13T04:58:06", "db": "PACKETSTORM", "id": "114714" }, { "date": "2012-09-21T05:05:28", "db": "PACKETSTORM", "id": "116765" }, { "date": "2013-09-20T20:54:13", "db": "PACKETSTORM", "id": "123339" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-435" }, { "date": "2012-12-21T05:46:14.993000", "db": "NVD", "id": "CVE-2012-0841" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-13T00:00:00", "db": "VULHUB", "id": "VHN-54122" }, { "date": "2014-01-28T00:00:00", "db": "VULMON", "id": "CVE-2012-0841" }, { "date": "2014-02-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-005773" }, { "date": "2023-06-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-435" }, { "date": "2024-11-21T01:35:49.493000", "db": "NVD", "id": "CVE-2012-0841" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "110474" }, { "db": "CNNVD", "id": "CNNVD-201202-435" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ibxml2 Service disruption in (CPU Resource consumption ) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-005773" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-435" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.