ID DEBIAN:DLA-1008-1:B463B Type debian Reporter Debian Modified 2017-06-30T20:50:35
Description
Package : libxml2
Version : 2.8.0+dfsg1-7+wheezy8
CVE ID : CVE-2017-7375 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049
CVE-2017-9050
CVE-2017-7375
Missing validation for external entities in xmlParsePEReference
CVE-2017-9047
CVE-2017-9048
A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801.
The function xmlSnprintfElementContent in valid.c is supposed to
recursively dump the element content definition into a char buffer 'buf'
of size 'size'. The variable len is assigned strlen(buf).
If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the
content->prefix is appended to buf (if it actually fits) whereupon
(ii) content->name is written to the buffer. However, the check for
whether the content->name actually fits also uses 'len' rather than
the updated buffer length strlen(buf). This allows us to write about
"size" many bytes beyond the allocated memory. This vulnerability
causes programs that use libxml2, such as PHP, to crash.
CVE-2017-9049
CVE-2017-9050
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based
buffer over-read in the xmlDictComputeFastKey function in dict.c.
This vulnerability causes programs that use libxml2, such as PHP,
to crash. This vulnerability exists because of an incomplete fix
for libxml2 Bug 759398.
For Debian 7 "Wheezy", these problems have been fixed in version
2.8.0+dfsg1-7+wheezy8.
We recommend that you upgrade your libxml2 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
{"lastseen": "2019-05-30T02:23:10", "references": [], "scheme": null, "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "arch": "all", "operator": "lt", "packageFilename": "libxml2_2.8.0+dfsg1-7+wheezy8_all.deb", "packageName": "libxml2", "packageVersion": "2.8.0+dfsg1-7+wheezy8"}], "description": "Package : libxml2\nVersion : 2.8.0+dfsg1-7+wheezy8\nCVE ID : CVE-2017-7375 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049\n CVE-2017-9050\n\nCVE-2017-7375\n Missing validation for external entities in xmlParsePEReference\n\nCVE-2017-9047\nCVE-2017-9048\n A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801.\n The function xmlSnprintfElementContent in valid.c is supposed to\n recursively dump the element content definition into a char buffer 'buf'\n of size 'size'. The variable len is assigned strlen(buf).\n If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the\n content->prefix is appended to buf (if it actually fits) whereupon\n (ii) content->name is written to the buffer. However, the check for\n whether the content->name actually fits also uses 'len' rather than\n the updated buffer length strlen(buf). This allows us to write about\n "size" many bytes beyond the allocated memory. This vulnerability\n causes programs that use libxml2, such as PHP, to crash.\n\nCVE-2017-9049\nCVE-2017-9050\n libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based\n buffer over-read in the xmlDictComputeFastKey function in dict.c.\n This vulnerability causes programs that use libxml2, such as PHP,\n to crash. This vulnerability exists because of an incomplete fix\n for libxml2 Bug 759398.\n\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n2.8.0+dfsg1-7+wheezy8.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "reporter": "Debian", "published": "2017-06-30T20:50:35", "title": "[SECURITY] [DLA 1008-1] libxml2 security update", "type": "debian", "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_SU-2017-1587-1.NASL", "UBUNTU_USN-3424-1.NASL", "PHOTONOS_PHSA-2017-0024_LIBXML2.NASL", "SUSE_SU-2017-1557-1.NASL", "DEBIAN_DLA-1008.NASL", "GENTOO_GLSA-201711-01.NASL", "OPENSUSE-2017-711.NASL", "SUSE_SU-2017-1538-1.NASL", "DEBIAN_DSA-3952.NASL", "OPENSUSE-2017-663.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220181336", "OPENVAS:1361412562310891008", "OPENVAS:1361412562310874119", "OPENVAS:1361412562311220201268", "OPENVAS:1361412562311220181070", "OPENVAS:1361412562310874073", "OPENVAS:1361412562310703952", "OPENVAS:1361412562310843311", "OPENVAS:1361412562311220171238", "OPENVAS:1361412562311220192211"]}, {"type": "cve", "idList": ["CVE-2017-9047", "CVE-2017-9048", "CVE-2017-7375", "CVE-2017-9049", "CVE-2017-9050"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3952-1:343CC"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:29B0983CCEB0C92897BDB6A87096A5D7"]}, {"type": "ubuntu", "idList": ["USN-3424-2", "USN-3424-1"]}, {"type": "freebsd", "idList": ["76E59F55-4F7A-4887-BCB0-11604004163A"]}, {"type": "gentoo", "idList": ["GLSA-201711-01"]}, {"type": "github", "idList": ["GHSA-8C56-CPMW-89X7"]}, {"type": "redhat", "idList": ["RHSA-2018:2486"]}, {"type": "suse", "idList": ["SUSE-SU-2017:2699-1", "SUSE-SU-2017:2701-1", "SUSE-SU-2017:2700-1"]}, {"type": "apple", "idList": ["APPLE:HT208221", "APPLE:HT208142", "APPLE:HT208113", "APPLE:HT208112", "APPLE:HT208141", "APPLE:HT208115", "APPLE:HT208144"]}], "modified": "2019-05-30T02:23:10", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2019-05-30T02:23:10", "rev": 2}, "vulnersScore": 6.0}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-7375", "CVE-2017-9049", "CVE-2017-9048", "CVE-2017-9047", "CVE-2017-9050"], "modified": "2017-06-30T20:50:35", "id": "DEBIAN:DLA-1008-1:B463B", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201706/msg00037.html", "viewCount": 1, "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}
{"nessus": [{"lastseen": "2020-09-14T13:25:49", "description": "CVE-2017-7375 Missing validation for external entities in\nxmlParsePEReference\n\nCVE-2017-9047 CVE-2017-9048 A buffer overflow was discovered in\nlibxml2 20904-GITv2.9.4-16-g0741801. The function\nxmlSnprintfElementContent in valid.c is supposed to recursively dump\nthe element content definition into a char buffer 'buf' of size\n'size'. The variable len is assigned strlen(buf). If the content->type\nis XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is\nappended to buf (if it actually fits) whereupon (ii) content->name is\nwritten to the buffer. However, the check for whether the\ncontent->name actually fits also uses 'len' rather than the updated\nbuffer length strlen(buf). This allows us to write about 'size' many\nbytes beyond the allocated memory. This vulnerability causes programs\nthat use libxml2, such as PHP, to crash.\n\nCVE-2017-9049 CVE-2017-9050 libxml2 20904-GITv2.9.4-16-g0741801 is\nvulnerable to a heap-based buffer over-read in the\nxmlDictComputeFastKey function in dict.c. This vulnerability causes\nprograms that use libxml2, such as PHP, to crash. This vulnerability\nexists because of an incomplete fix for libxml2 Bug 759398.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.8.0+dfsg1-7+wheezy8.\n\nWe recommend that you upgrade your libxml2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-03T00:00:00", "title": "Debian DLA-1008-1 : libxml2 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7375", "CVE-2017-9049", "CVE-2017-9048", "CVE-2017-9047", "CVE-2017-9050"], "modified": "2017-07-03T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxml2-dbg", "p-cpe:/a:debian:debian_linux:python-libxml2", "p-cpe:/a:debian:debian_linux:python-libxml2-dbg", "p-cpe:/a:debian:debian_linux:libxml2-utils-dbg", "p-cpe:/a:debian:debian_linux:libxml2-dev", "p-cpe:/a:debian:debian_linux:libxml2", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:libxml2-doc", "p-cpe:/a:debian:debian_linux:libxml2-utils"], "id": "DEBIAN_DLA-1008.NASL", "href": "https://www.tenable.com/plugins/nessus/101174", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1008-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101174);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2017-7375\", \"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\");\n\n script_name(english:\"Debian DLA-1008-1 : libxml2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-7375 Missing validation for external entities in\nxmlParsePEReference\n\nCVE-2017-9047 CVE-2017-9048 A buffer overflow was discovered in\nlibxml2 20904-GITv2.9.4-16-g0741801. The function\nxmlSnprintfElementContent in valid.c is supposed to recursively dump\nthe element content definition into a char buffer 'buf' of size\n'size'. The variable len is assigned strlen(buf). If the content->type\nis XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is\nappended to buf (if it actually fits) whereupon (ii) content->name is\nwritten to the buffer. However, the check for whether the\ncontent->name actually fits also uses 'len' rather than the updated\nbuffer length strlen(buf). This allows us to write about 'size' many\nbytes beyond the allocated memory. This vulnerability causes programs\nthat use libxml2, such as PHP, to crash.\n\nCVE-2017-9049 CVE-2017-9050 libxml2 20904-GITv2.9.4-16-g0741801 is\nvulnerable to a heap-based buffer over-read in the\nxmlDictComputeFastKey function in dict.c. This vulnerability causes\nprograms that use libxml2, such as PHP, to crash. This vulnerability\nexists because of an incomplete fix for libxml2 Bug 759398.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.8.0+dfsg1-7+wheezy8.\n\nWe recommend that you upgrade your libxml2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/06/msg00037.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libxml2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-utils-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxml2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libxml2\", reference:\"2.8.0+dfsg1-7+wheezy8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-dbg\", reference:\"2.8.0+dfsg1-7+wheezy8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-dev\", reference:\"2.8.0+dfsg1-7+wheezy8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-doc\", reference:\"2.8.0+dfsg1-7+wheezy8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-utils\", reference:\"2.8.0+dfsg1-7+wheezy8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-utils-dbg\", reference:\"2.8.0+dfsg1-7+wheezy8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-libxml2\", reference:\"2.8.0+dfsg1-7+wheezy8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-libxml2-dbg\", reference:\"2.8.0+dfsg1-7+wheezy8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-04T05:37:52", "description": "This update for libxml2 fixes the following security issues :\n\n - CVE-2017-9050: A heap-based buffer over-read in\n xmlDictAddString (bsc#1039069, bsc#1039661)\n\n - CVE-2017-9049: A heap-based buffer overflow in\n xmlDictComputeFastKey (bsc#1039066)\n\n - CVE-2017-9048: A stack overflow vulnerability in\n xmlSnprintfElementContent (bsc#1039063)\n\n - CVE-2017-9047: A stack overflow vulnerability in\n xmlSnprintfElementContent (bsc#1039064)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-06-13T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1538-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9049", "CVE-2017-9048", "CVE-2017-9047", "CVE-2017-9050"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo", "p-cpe:/a:novell:suse_linux:python-libxml2", "p-cpe:/a:novell:suse_linux:libxml2-2", "p-cpe:/a:novell:suse_linux:libxml2", "p-cpe:/a:novell:suse_linux:python-libxml2-debugsource", "p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo", "p-cpe:/a:novell:suse_linux:libxml2-tools", "p-cpe:/a:novell:suse_linux:libxml2-debugsource", "p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo"], "id": "SUSE_SU-2017-1538-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100754", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1538-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100754);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/09/11 11:22:15\");\n\n script_cve_id(\"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1538-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libxml2 fixes the following security issues :\n\n - CVE-2017-9050: A heap-based buffer over-read in\n xmlDictAddString (bsc#1039069, bsc#1039661)\n\n - CVE-2017-9049: A heap-based buffer overflow in\n xmlDictComputeFastKey (bsc#1039066)\n\n - CVE-2017-9048: A stack overflow vulnerability in\n xmlSnprintfElementContent (bsc#1039063)\n\n - CVE-2017-9047: A stack overflow vulnerability in\n xmlSnprintfElementContent (bsc#1039064)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9047/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9048/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9049/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9050/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171538-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e662aea9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-939=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-939=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-939=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-939=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-939=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-debugsource-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-tools-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-tools-debuginfo-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-debuginfo-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-debugsource-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-debugsource-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-tools-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-tools-debuginfo-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-debuginfo-2.9.4-39.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-debugsource-2.9.4-39.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-05T11:15:06", "description": "This update for libxml2 fixes the following security issues :\n\n - CVE-2017-9050: A heap-based buffer over-read in\n xmlDictAddString (bsc#1039069, bsc#1039661)\n\n - CVE-2017-9049: A heap-based buffer overflow in\n xmlDictComputeFastKey (bsc#1039066)\n\n - CVE-2017-9048: A stack overflow vulnerability in\n xmlSnprintfElementContent (bsc#1039063)\n\n - CVE-2017-9047: A stack overflow vulnerability in\n xmlSnprintfElementContent (bsc#1039064)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-06-20T00:00:00", "title": "openSUSE Security Update : libxml2 (openSUSE-2017-711)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9049", "CVE-2017-9048", "CVE-2017-9047", "CVE-2017-9050"], "modified": "2017-06-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libxml2-2-debuginfo", "p-cpe:/a:novell:opensuse:python-libxml2-debuginfo", "p-cpe:/a:novell:opensuse:python-libxml2", "p-cpe:/a:novell:opensuse:libxml2-2", "p-cpe:/a:novell:opensuse:libxml2-devel-32bit", "p-cpe:/a:novell:opensuse:libxml2-debugsource", "p-cpe:/a:novell:opensuse:libxml2-devel", "p-cpe:/a:novell:opensuse:libxml2-2-32bit", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:python-libxml2-debugsource", "p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo", "p-cpe:/a:novell:opensuse:libxml2-tools", "p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit"], "id": "OPENSUSE-2017-711.NASL", "href": "https://www.tenable.com/plugins/nessus/100884", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-711.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100884);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\");\n\n script_name(english:\"openSUSE Security Update : libxml2 (openSUSE-2017-711)\");\n script_summary(english:\"Check for the openSUSE-2017-711 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libxml2 fixes the following security issues :\n\n - CVE-2017-9050: A heap-based buffer over-read in\n xmlDictAddString (bsc#1039069, bsc#1039661)\n\n - CVE-2017-9049: A heap-based buffer overflow in\n xmlDictComputeFastKey (bsc#1039066)\n\n - CVE-2017-9048: A stack overflow vulnerability in\n xmlSnprintfElementContent (bsc#1039063)\n\n - CVE-2017-9047: A stack overflow vulnerability in\n xmlSnprintfElementContent (bsc#1039064)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1039063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1039064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1039066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1039069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1039661\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libxml2-2-2.9.4-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libxml2-2-debuginfo-2.9.4-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libxml2-debugsource-2.9.4-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libxml2-devel-2.9.4-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libxml2-tools-2.9.4-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libxml2-tools-debuginfo-2.9.4-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"python-libxml2-2.9.4-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"python-libxml2-debuginfo-2.9.4-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"python-libxml2-debugsource-2.9.4-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.4-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.9.4-5.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2-2 / libxml2-2-32bit / libxml2-2-debuginfo / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-04T01:24:53", "description": "Several vulnerabilities were discovered in libxml2, a library\nproviding support to read, modify and write XML and HTML files. A\nremote attacker could provide a specially crafted XML or HTML file\nthat, when processed by an application using libxml2, would cause a\ndenial-of-service against the application, information leaks, or\npotentially, the execution of arbitrary code with the privileges of\nthe user running the application.", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-23T00:00:00", "title": "Debian DSA-3952-1 : libxml2 - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7375", "CVE-2017-9049", "CVE-2017-9048", "CVE-2017-7376", "CVE-2017-0663", "CVE-2017-9047", "CVE-2017-9050"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:libxml2", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3952.NASL", "href": "https://www.tenable.com/plugins/nessus/102685", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3952. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102685);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2018/11/10 11:49:38\");\n\n script_cve_id(\"CVE-2017-0663\", \"CVE-2017-7375\", \"CVE-2017-7376\", \"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\");\n script_xref(name:\"DSA\", value:\"3952\");\n\n script_name(english:\"Debian DSA-3952-1 : libxml2 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in libxml2, a library\nproviding support to read, modify and write XML and HTML files. A\nremote attacker could provide a specially crafted XML or HTML file\nthat, when processed by an application using libxml2, would cause a\ndenial-of-service against the application, information leaks, or\npotentially, the execution of arbitrary code with the privileges of\nthe user running the application.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libxml2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/libxml2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3952\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libxml2 packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 2.9.1+dfsg1-5+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 2.9.4+dfsg1-2.2+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libxml2\", reference:\"2.9.1+dfsg1-5+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-dbg\", reference:\"2.9.1+dfsg1-5+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-dev\", reference:\"2.9.1+dfsg1-5+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-doc\", reference:\"2.9.1+dfsg1-5+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-utils\", reference:\"2.9.1+dfsg1-5+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-utils-dbg\", reference:\"2.9.1+dfsg1-5+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-libxml2\", reference:\"2.9.1+dfsg1-5+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-libxml2-dbg\", reference:\"2.9.1+dfsg1-5+deb8u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2\", reference:\"2.9.4+dfsg1-2.2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-dbg\", reference:\"2.9.4+dfsg1-2.2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-dev\", reference:\"2.9.4+dfsg1-2.2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-doc\", reference:\"2.9.4+dfsg1-2.2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-utils\", reference:\"2.9.4+dfsg1-2.2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-utils-dbg\", reference:\"2.9.4+dfsg1-2.2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python-libxml2\", reference:\"2.9.4+dfsg1-2.2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python-libxml2-dbg\", reference:\"2.9.4+dfsg1-2.2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python3-libxml2\", reference:\"2.9.4+dfsg1-2.2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python3-libxml2-dbg\", reference:\"2.9.4+dfsg1-2.2+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-04T05:37:53", "description": "This update for libxml2 fixes the following issues :\n\n - CVE-2017-9050: heap-based buffer overflow\n (xmlDictAddString func) [bsc#1039069, bsc#1039661]\n\n - CVE-2017-9049: heap-based buffer overflow\n (xmlDictComputeFastKey func) [bsc#1039066]\n\n - CVE-2017-9048: stack overflow vulnerability\n (xmlSnprintfElementContent func) [bsc#1039063]\n\n - CVE-2017-9047: stack overflow vulnerability\n (xmlSnprintfElementContent func) [bsc#1039064]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-06-19T00:00:00", "title": "SUSE SLES12 Security Update : libxml2 (SUSE-SU-2017:1587-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9049", "CVE-2017-9048", "CVE-2017-9047", "CVE-2017-9050"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo", "p-cpe:/a:novell:suse_linux:python-libxml2", "p-cpe:/a:novell:suse_linux:libxml2-2", "p-cpe:/a:novell:suse_linux:libxml2", "p-cpe:/a:novell:suse_linux:python-libxml2-debugsource", "p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo", "p-cpe:/a:novell:suse_linux:libxml2-tools", "p-cpe:/a:novell:suse_linux:libxml2-debugsource", "p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo"], "id": "SUSE_SU-2017-1587-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100867", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1587-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100867);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/09/11 11:22:15\");\n\n script_cve_id(\"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\");\n\n script_name(english:\"SUSE SLES12 Security Update : libxml2 (SUSE-SU-2017:1587-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libxml2 fixes the following issues :\n\n - CVE-2017-9050: heap-based buffer overflow\n (xmlDictAddString func) [bsc#1039069, bsc#1039661]\n\n - CVE-2017-9049: heap-based buffer overflow\n (xmlDictComputeFastKey func) [bsc#1039066]\n\n - CVE-2017-9048: stack overflow vulnerability\n (xmlSnprintfElementContent func) [bsc#1039063]\n\n - CVE-2017-9047: stack overflow vulnerability\n (xmlSnprintfElementContent func) [bsc#1039064]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9047/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9048/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9049/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9050/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171587-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4443f8b3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-975=1\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-975=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-975=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-975=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libxml2-2-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libxml2-2-debuginfo-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libxml2-debugsource-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libxml2-tools-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libxml2-tools-debuginfo-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-libxml2-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-libxml2-debuginfo-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-libxml2-debugsource-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libxml2-2-32bit-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libxml2-2-debuginfo-32bit-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libxml2-2-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libxml2-2-debuginfo-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libxml2-debugsource-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libxml2-tools-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libxml2-tools-debuginfo-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-libxml2-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-libxml2-debuginfo-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-libxml2-debugsource-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libxml2-2-32bit-2.9.1-26.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libxml2-2-debuginfo-32bit-2.9.1-26.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-23T18:17:10", "description": "This update for libxml2 fixes the following issues: Security issues\nfixed :\n\n - CVE-2017-9050: heap-based buffer overflow\n (xmlDictAddString func) [bsc#1039069, bsc#1039661]\n\n - CVE-2017-9049: heap-based buffer overflow\n (xmlDictComputeFastKey func) [bsc#1039066]\n\n - CVE-2017-9048: stack overflow vulnerability\n (xmlSnprintfElementContent func) [bsc#1039063]\n\n - CVE-2017-9047: stack overflow vulnerability\n (xmlSnprintfElementContent func) [bsc#1039064] A\n clarification for the previously released update: For\n CVE-2016-9318 we decided not to ship a fix since it can\n break existing setups. Please take appropriate actions\n if you parse untrusted XML files and use the new\n\n-noxxe flag if possible (bnc#1010675, bnc#1013930).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-06-14T00:00:00", "title": "SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:1557-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9318", "CVE-2017-9049", "CVE-2017-9048", "CVE-2017-9047", "CVE-2017-9050"], "modified": "2017-06-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libxml2-python", "p-cpe:/a:novell:suse_linux:libxml2", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:libxml2-doc"], "id": "SUSE_SU-2017-1557-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100780", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1557-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100780);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2016-9318\", \"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\");\n\n script_name(english:\"SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:1557-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libxml2 fixes the following issues: Security issues\nfixed :\n\n - CVE-2017-9050: heap-based buffer overflow\n (xmlDictAddString func) [bsc#1039069, bsc#1039661]\n\n - CVE-2017-9049: heap-based buffer overflow\n (xmlDictComputeFastKey func) [bsc#1039066]\n\n - CVE-2017-9048: stack overflow vulnerability\n (xmlSnprintfElementContent func) [bsc#1039063]\n\n - CVE-2017-9047: stack overflow vulnerability\n (xmlSnprintfElementContent func) [bsc#1039064] A\n clarification for the previously released update: For\n CVE-2016-9318 we decided not to ship a fix since it can\n break existing setups. Please take appropriate actions\n if you parse untrusted XML files and use the new\n\n-noxxe flag if possible (bnc#1010675, bnc#1013930).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9318/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9047/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9048/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9049/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9050/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171557-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b70a10e1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-libxml2-13143=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-libxml2-13143=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-libxml2-13143=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-libxml2-13143=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-libxml2-13143=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-libxml2-13143=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libxml2-32bit-2.7.6-0.69.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libxml2-32bit-2.7.6-0.69.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libxml2-2.7.6-0.69.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libxml2-doc-2.7.6-0.69.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libxml2-python-2.7.6-0.69.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-32bit-2.7.6-0.69.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libxml2-32bit-2.7.6-0.69.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libxml2-2.7.6-0.69.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libxml2-doc-2.7.6-0.69.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libxml2-python-2.7.6-0.69.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:39:19", "description": "An update of the libxml2 package has been released.", "edition": 8, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 1.0: Libxml2 PHSA-2017-0024", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10685", "CVE-2017-9049", "CVE-2017-9048", "CVE-2017-9047", "CVE-2017-9050"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:libxml2", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0024_LIBXML2.NASL", "href": "https://www.tenable.com/plugins/nessus/121711", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0024. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121711);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\n \"CVE-2017-9047\",\n \"CVE-2017-9048\",\n \"CVE-2017-9049\",\n \"CVE-2017-9050\"\n );\n\n script_name(english:\"Photon OS 1.0: Libxml2 PHSA-2017-0024\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libxml2 package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-54.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10685\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-2.9.4-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-2.9.4-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-2.9.4-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-2.9.4-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-debuginfo-2.9.4-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-debuginfo-2.9.4-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-debuginfo-2.9.4-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-debuginfo-2.9.4-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-devel-2.9.4-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-devel-2.9.4-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-devel-2.9.4-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-devel-2.9.4-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-python-2.9.4-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-python-2.9.4-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-python-2.9.4-6.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-python-2.9.4-6.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-04T05:37:52", "description": "This update for libxml2 fixes the following issues :\n\n - CVE-2017-9047, CVE-2017-9048: The function\n xmlSnprintfElementContent in valid.c was vulnerable to a\n stack-based buffer overflow (bsc#1039063, bsc#1039064)\n\n - CVE-2017-9049: The function xmlDictComputeFastKey in\n dict.c was vulnerable to a heap-based buffer over-read.\n (bsc#1039066)\n\n - CVE-2017-9050: The function xmlDictAddString was\n vulnerable to a heap-based buffer over-read\n (bsc#1039661)\n\n - CVE-2016-1839: heap-based buffer overflow\n (xmlDictAddString func) (bnc#1039069)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-05-31T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1454-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9049", "CVE-2017-9048", "CVE-2016-1839", "CVE-2017-9047", "CVE-2017-9050"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo", "p-cpe:/a:novell:suse_linux:python-libxml2", "p-cpe:/a:novell:suse_linux:libxml2-2", "p-cpe:/a:novell:suse_linux:libxml2", "p-cpe:/a:novell:suse_linux:python-libxml2-debugsource", "p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo", "p-cpe:/a:novell:suse_linux:libxml2-tools", "p-cpe:/a:novell:suse_linux:libxml2-debugsource", "p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo"], "id": "SUSE_SU-2017-1454-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100544", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1454-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100544);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/09/11 11:22:15\");\n\n script_cve_id(\"CVE-2016-1839\", \"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1454-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libxml2 fixes the following issues :\n\n - CVE-2017-9047, CVE-2017-9048: The function\n xmlSnprintfElementContent in valid.c was vulnerable to a\n stack-based buffer overflow (bsc#1039063, bsc#1039064)\n\n - CVE-2017-9049: The function xmlDictComputeFastKey in\n dict.c was vulnerable to a heap-based buffer over-read.\n (bsc#1039066)\n\n - CVE-2017-9050: The function xmlDictAddString was\n vulnerable to a heap-based buffer over-read\n (bsc#1039661)\n\n - CVE-2016-1839: heap-based buffer overflow\n (xmlDictAddString func) (bnc#1039069)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1839/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9047/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9048/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9049/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9050/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171454-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97009793\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-891=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-891=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-891=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-891=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-891=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-debugsource-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-tools-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-tools-debuginfo-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-debuginfo-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-debugsource-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-debugsource-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-tools-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-tools-debuginfo-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-debuginfo-2.9.4-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-debugsource-2.9.4-36.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-04T02:28:58", "description": "The remote host is affected by the vulnerability described in GLSA-201711-01\n(libxml2: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libxml2. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker, by enticing a user to process a specially crafted XML\n document, could remotely execute arbitrary code, conduct XML External\n Entity (XXE) attacks, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-10T00:00:00", "title": "GLSA-201711-01 : libxml2: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7375", "CVE-2017-5969", "CVE-2016-9318", "CVE-2017-9049", "CVE-2017-9048", "CVE-2017-0663", "CVE-2017-9047", "CVE-2017-9050"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:libxml2"], "id": "GENTOO_GLSA-201711-01.NASL", "href": "https://www.tenable.com/plugins/nessus/104492", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201711-01.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104492);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/03/27 20:24:42\");\n\n script_cve_id(\"CVE-2016-9318\", \"CVE-2017-0663\", \"CVE-2017-5969\", \"CVE-2017-7375\", \"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\");\n script_xref(name:\"GLSA\", value:\"201711-01\");\n\n script_name(english:\"GLSA-201711-01 : libxml2: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201711-01\n(libxml2: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libxml2. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker, by enticing a user to process a specially crafted XML\n document, could remotely execute arbitrary code, conduct XML External\n Entity (XXE) attacks, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201711-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libxml2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/libxml2-2.9.4-r3'\n Packages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying some of these packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/libxml2\", unaffected:make_list(\"ge 2.9.4-r3\"), vulnerable:make_list(\"lt 2.9.4-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-04T06:09:23", "description": "It was discovered that a type confusion error existed in libxml2. An\nattacker could use this to specially construct XML data that could\ncause a denial of service or possibly execute arbitrary code.\n(CVE-2017-0663)\n\nIt was discovered that libxml2 did not properly validate parsed entity\nreferences. An attacker could use this to specially construct XML data\nthat could expose sensitive information. (CVE-2017-7375)\n\nIt was discovered that a buffer overflow existed in libxml2 when\nhandling HTTP redirects. An attacker could use this to specially\nconstruct XML data that could cause a denial of service or possibly\nexecute arbitrary code. (CVE-2017-7376)\n\nMarcel Bohme and Van-Thuan Pham discovered a buffer overflow in\nlibxml2 when handling elements. An attacker could use this to\nspecially construct XML data that could cause a denial of service or\npossibly execute arbitrary code. (CVE-2017-9047)\n\nMarcel Bohme and Van-Thuan Pham discovered a buffer overread in\nlibxml2 when handling elements. An attacker could use this to\nspecially construct XML data that could cause a denial of service.\n(CVE-2017-9048)\n\nMarcel Bohme and Van-Thuan Pham discovered multiple buffer overreads\nin libxml2 when handling parameter-entity references. An attacker\ncould use these to specially construct XML data that could cause a\ndenial of service. (CVE-2017-9049, CVE-2017-9050).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-19T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : libxml2 vulnerabilities (USN-3424-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7375", "CVE-2017-9049", "CVE-2017-9048", "CVE-2017-7376", "CVE-2017-0663", "CVE-2017-9047", "CVE-2017-9050"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:libxml2", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3424-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103327", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3424-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103327);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-0663\", \"CVE-2017-7375\", \"CVE-2017-7376\", \"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\");\n script_xref(name:\"USN\", value:\"3424-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : libxml2 vulnerabilities (USN-3424-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that a type confusion error existed in libxml2. An\nattacker could use this to specially construct XML data that could\ncause a denial of service or possibly execute arbitrary code.\n(CVE-2017-0663)\n\nIt was discovered that libxml2 did not properly validate parsed entity\nreferences. An attacker could use this to specially construct XML data\nthat could expose sensitive information. (CVE-2017-7375)\n\nIt was discovered that a buffer overflow existed in libxml2 when\nhandling HTTP redirects. An attacker could use this to specially\nconstruct XML data that could cause a denial of service or possibly\nexecute arbitrary code. (CVE-2017-7376)\n\nMarcel Bohme and Van-Thuan Pham discovered a buffer overflow in\nlibxml2 when handling elements. An attacker could use this to\nspecially construct XML data that could cause a denial of service or\npossibly execute arbitrary code. (CVE-2017-9047)\n\nMarcel Bohme and Van-Thuan Pham discovered a buffer overread in\nlibxml2 when handling elements. An attacker could use this to\nspecially construct XML data that could cause a denial of service.\n(CVE-2017-9048)\n\nMarcel Bohme and Van-Thuan Pham discovered multiple buffer overreads\nin libxml2 when handling parameter-entity references. An attacker\ncould use these to specially construct XML data that could cause a\ndenial of service. (CVE-2017-9049, CVE-2017-9050).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3424-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libxml2\", pkgver:\"2.9.1+dfsg1-3ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libxml2\", pkgver:\"2.9.3+dfsg1-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libxml2\", pkgver:\"2.9.4+dfsg1-2.2ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-29T20:11:49", "description": "CVE-2017-7375\nMissing validation for external entities in xmlParsePEReference\n\nCVE-2017-9047\nCVE-2017-9048\nA buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801.\nThe function xmlSnprintfElementContent in valid.c is supposed to\nrecursively dump the element content definition into a char buffer ", "edition": 11, "published": "2018-01-29T00:00:00", "title": "Debian LTS: Security Advisory for libxml2 (DLA-1008-1)", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7375", "CVE-2017-9049", "CVE-2017-9048", "CVE-2017-9047", "CVE-2017-9050"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891008", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891008", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891008\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-7375\", \"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\");\n script_name(\"Debian LTS: Security Advisory for libxml2 (DLA-1008-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-29 00:00:00 +0100 (Mon, 29 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/06/msg00037.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"libxml2 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n2.8.0+dfsg1-7+wheezy8.\n\nWe recommend that you upgrade your libxml2 packages.\");\n\n script_tag(name:\"summary\", value:\"CVE-2017-7375\nMissing validation for external entities in xmlParsePEReference\n\nCVE-2017-9047\nCVE-2017-9048\nA buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801.\nThe function xmlSnprintfElementContent in valid.c is supposed to\nrecursively dump the element content definition into a char buffer 'buf'\nof size 'size'. The variable len is assigned strlen(buf).\nIf the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the\ncontent->prefix is appended to buf (if it actually fits) whereupon\n(ii) content->name is written to the buffer. However, the check for\nwhether the content->name actually fits also uses 'len' rather than\nthe updated buffer length strlen(buf). This allows us to write about\n'size' many bytes beyond the allocated memory. This vulnerability\ncauses programs that use libxml2, such as PHP, to crash.\n\nCVE-2017-9049\nCVE-2017-9050\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based\nbuffer over-read in the xmlDictComputeFastKey function in dict.c.\nThis vulnerability causes programs that use libxml2, such as PHP,\nto crash. This vulnerability exists because of an incomplete fix\nfor libxml2 Bug 759398.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.8.0+dfsg1-7+wheezy8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.8.0+dfsg1-7+wheezy8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.8.0+dfsg1-7+wheezy8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.8.0+dfsg1-7+wheezy8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.8.0+dfsg1-7+wheezy8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.8.0+dfsg1-7+wheezy8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.8.0+dfsg1-7+wheezy8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.8.0+dfsg1-7+wheezy8\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:16", "description": "Several vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause a denial-of-service against\nthe application, information leaks, or potentially, the execution of\narbitrary code with the privileges of the user running the application.", "edition": 6, "published": "2017-08-23T00:00:00", "title": "Debian Security Advisory DSA 3952-1 (libxml2 - security update)", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7375", "CVE-2017-9049", "CVE-2017-9048", "CVE-2017-7376", "CVE-2017-0663", "CVE-2017-9047", "CVE-2017-9050"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703952", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703952", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3952.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3952-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703952\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-0663\", \"CVE-2017-7375\", \"CVE-2017-7376\", \"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\");\n script_name(\"Debian Security Advisory DSA 3952-1 (libxml2 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-23 00:00:00 +0200 (Wed, 23 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3952.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"libxml2 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 2.9.1+dfsg1-5+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2.9.4+dfsg1-2.2+deb9u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.9.4+dfsg1-3.1.\n\nWe recommend that you upgrade your libxml2 packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause a denial-of-service against\nthe application, information leaks, or potentially, the execution of\narbitrary code with the privileges of the user running the application.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.9.1+dfsg1-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.9.1+dfsg1-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.9.1+dfsg1-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.9.1+dfsg1-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.1+dfsg1-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.9.1+dfsg1-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.9.1+dfsg1-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.9.1+dfsg1-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.9.4+dfsg1-2.2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.9.4+dfsg1-2.2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.9.4+dfsg1-2.2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.9.4+dfsg1-2.2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.4+dfsg1-2.2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.9.4+dfsg1-2.2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.9.4+dfsg1-2.2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.9.4+dfsg1-2.2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-libxml2\", ver:\"2.9.4+dfsg1-2.2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-libxml2-dbg\", ver:\"2.9.4+dfsg1-2.2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:23", "description": "The remote host is missing an update for the ", "edition": 9, "published": "2017-09-19T00:00:00", "title": "Ubuntu Update for libxml2 USN-3424-1", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7375", "CVE-2017-9049", "CVE-2017-9048", "CVE-2017-7376", "CVE-2017-0663", "CVE-2017-9047", "CVE-2017-9050"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843311", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843311", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3424_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for libxml2 USN-3424-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843311\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-19 07:42:23 +0200 (Tue, 19 Sep 2017)\");\n script_cve_id(\"CVE-2017-0663\", \"CVE-2017-7375\", \"CVE-2017-7376\", \"CVE-2017-9047\",\n \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for libxml2 USN-3424-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that a type confusion\n error existed in libxml2. An attacker could use this to specially construct XML\n data that could cause a denial of service or possibly execute arbitrary code.\n (CVE-2017-0663) It was discovered that libxml2 did not properly validate parsed\n entity references. An attacker could use this to specially construct XML data\n that could expose sensitive information. (CVE-2017-7375) It was discovered that\n a buffer overflow existed in libxml2 when handling HTTP redirects. An attacker\n could use this to specially construct XML data that could cause a denial of\n service or possibly execute arbitrary code. (CVE-2017-7376) Marcel Bhme and\n Van-Thuan Pham discovered a buffer overflow in libxml2 when handling elements.\n An attacker could use this to specially construct XML data that could cause a\n denial of service or possibly execute arbitrary code. (CVE-2017-9047) Marcel\n Bhme and Van-Thuan Pham discovered a buffer overread in libxml2 when handling\n elements. An attacker could use this to specially construct XML data that could\n cause a denial of service. (CVE-2017-9048) Marcel Bhme and Van-Thuan Pham\n discovered multiple buffer overreads in libxml2 when handling parameter-entity\n references. An attacker could use these to specially construct XML data that\n could cause a denial of service. (CVE-2017-9049, CVE-2017-9050)\");\n script_tag(name:\"affected\", value:\"libxml2 on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3424-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3424-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.9.1+dfsg1-3ubuntu4.10\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.1+dfsg1-3ubuntu4.10\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.9.4+dfsg1-2.2ubuntu0.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.4+dfsg1-2.2ubuntu0.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.9.3+dfsg1-1ubuntu0.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.3+dfsg1-1ubuntu0.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:06", "description": "The remote host is missing an update for the ", "edition": 5, "published": "2018-01-31T00:00:00", "title": "Fedora Update for libxml2 FEDORA-2018-db610fff5b", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9049", "CVE-2017-8872", "CVE-2017-9048", "CVE-2016-5131", "CVE-2017-9047", "CVE-2016-4658", "CVE-2017-9050"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874073", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874073", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_db610fff5b_libxml2_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libxml2 FEDORA-2018-db610fff5b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874073\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-31 07:58:38 +0100 (Wed, 31 Jan 2018)\");\n script_cve_id(\"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\",\n \"CVE-2017-8872\", \"CVE-2016-4658\", \"CVE-2016-5131\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libxml2 FEDORA-2018-db610fff5b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libxml2 on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-db610fff5b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBWYRHEVCVJN2ELXKZBFGCVFBBOGVDL7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.7~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:58", "description": "The remote host is missing an update for the ", "edition": 5, "published": "2018-02-15T00:00:00", "title": "Fedora Update for libxml2 FEDORA-2018-a6b59d8f78", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9049", "CVE-2017-8872", "CVE-2017-9048", "CVE-2016-5131", "CVE-2017-9047", "CVE-2016-4658", "CVE-2017-9050"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874119", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874119", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_a6b59d8f78_libxml2_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libxml2 FEDORA-2018-a6b59d8f78\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874119\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-15 08:49:42 +0100 (Thu, 15 Feb 2018)\");\n script_cve_id(\"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\",\n \"CVE-2017-8872\", \"CVE-2016-4658\", \"CVE-2016-5131\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libxml2 FEDORA-2018-a6b59d8f78\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libxml2 on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-a6b59d8f78\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMHEXSXRPASMXWMMIMMGZ5NAFH22EGNY\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.7~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-23T14:57:09", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "edition": 2, "published": "2020-03-19T00:00:00", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1268)", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14567", "CVE-2017-9049", "CVE-2017-8872", "CVE-2018-9251", "CVE-2017-9048", "CVE-2016-1839", "CVE-2015-8035", "CVE-2017-9050"], "modified": "2020-03-19T00:00:00", "id": "OPENVAS:1361412562311220201268", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201268", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1268\");\n script_version(\"2020-03-19T13:43:01+0000\");\n script_cve_id(\"CVE-2017-8872\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\", \"CVE-2018-14567\", \"CVE-2018-9251\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-19 13:43:01 +0000 (Thu, 19 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-19 13:43:01 +0000 (Thu, 19 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1268)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.2\\.2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1268\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1268\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2020-1268 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.(CVE-2017-9050)\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.(CVE-2017-9049)\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 size. This vulnerability causes programs that use libxml2, such as PHP, to crash.(CVE-2017-9048)\n\nThe htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.(CVE-2017-8872)\n\nThe xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.(CVE-2018-9251)\n\nlibxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.(CVE-2018-14567)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS Virtualization 3.0.2.2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.2.2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h17\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h17\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h17\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-01-27T18:34:23", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "edition": 1, "published": "2020-01-23T00:00:00", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2018-1070)", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7375", "CVE-2017-9049", "CVE-2017-7376", "CVE-2017-5130"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181070", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181070", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1070\");\n script_version(\"2020-01-23T11:11:40+0000\");\n script_cve_id(\"CVE-2017-5130\", \"CVE-2017-7375\", \"CVE-2017-7376\", \"CVE-2017-9049\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:11:40 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:11:40 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2018-1070)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1070\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1070\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2018-1070 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.(CVE-2017-5130)\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. (CVE-2017-9049)\n\nA flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).(CVE-2017-7375)\n\nBuffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.(CVE-2017-7376)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h7\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h7\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h7\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:35:25", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "edition": 1, "published": "2020-01-23T00:00:00", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-2211)", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14567", "CVE-2017-5969", "CVE-2017-9049", "CVE-2017-8872", "CVE-2018-9251", "CVE-2017-9048", "CVE-2016-1839", "CVE-2015-8806", "CVE-2015-8035", "CVE-2017-9050"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192211", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192211", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2211\");\n script_version(\"2020-01-23T12:39:57+0000\");\n script_cve_id(\"CVE-2015-8806\", \"CVE-2017-5969\", \"CVE-2017-8872\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\", \"CVE-2018-14567\", \"CVE-2018-9251\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:39:57 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:39:57 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-2211)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2211\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2211\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2019-2211 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the '!DOCTYPE html' substring in a crafted HTML document.(CVE-2015-8806)\n\nlibxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states 'I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.'(CVE-2017-5969)\n\nThe htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.(CVE-2017-8872)\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 size. This vulnerability causes programs that use libxml2, such as PHP, to crash.(CVE-2017-9048)\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.(CVE-2017-9049)\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.(CVE-2017-9050)\n\nThe xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.(CVE-2018-9251)\n\nlibxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.(CVE-2018-14567)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h20.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h20.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h20.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-01-27T18:35:32", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "edition": 1, "published": "2020-01-23T00:00:00", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2017-1237)", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9047"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171237", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171237", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1237\");\n script_version(\"2020-01-23T11:00:22+0000\");\n script_cve_id(\"CVE-2017-9047\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:00:22 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:00:22 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2017-1237)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1237\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1237\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2017-1237 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-prefix is appended to buf (if it actually fits) whereupon (ii) content-name is written to the buffer. However, the check for whether the content-name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about 'size' many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.(CVE-2017-9047)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h3\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h3\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h3\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:41:25", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "edition": 1, "published": "2020-01-23T00:00:00", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2017-1238)", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9047"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171238", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171238", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1238\");\n script_version(\"2020-01-23T11:00:23+0000\");\n script_cve_id(\"CVE-2017-9047\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:00:23 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:00:23 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2017-1238)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1238\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1238\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2017-1238 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-prefix is appended to buf (if it actually fits) whereupon (ii) content-name is written to the buffer. However, the check for whether the content-name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about 'size' many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.(CVE-2017-9047)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2020-09-21T14:31:30", "description": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-19T19:29:00", "title": "CVE-2017-7375", "type": "cve", "cwe": ["CWE-611"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7375"], "modified": "2018-03-18T14:17:00", "cpe": ["cpe:/a:xmlsoft:libxml2:2.9.4", "cpe:/o:google:android:6.0", "cpe:/o:google:android:5.0.2", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:google:android:5.1.1", "cpe:/o:google:android:7.0", "cpe:/o:google:android:7.1.2", "cpe:/o:google:android:4.4.4", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:google:android:6.0.1", "cpe:/o:google:android:7.1.1", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2017-7375", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7375", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.9.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.9.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-09-21T14:31:32", "description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-05-18T06:29:00", "title": "CVE-2017-9048", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9048"], "modified": "2017-11-11T02:29:00", "cpe": ["cpe:/a:xmlsoft:libxml2:2.9.4"], "id": "CVE-2017-9048", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9048", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-09-21T14:31:32", "description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-05-18T06:29:00", "title": "CVE-2017-9049", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9049"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:xmlsoft:libxml2:2.9.4"], "id": "CVE-2017-9049", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9049", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-09-21T14:31:32", "description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-05-18T06:29:00", "title": "CVE-2017-9047", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9047"], "modified": "2017-11-11T02:29:00", "cpe": ["cpe:/a:xmlsoft:libxml2:2.9.4"], "id": "CVE-2017-9047", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9047", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-09-21T14:31:32", "description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-05-18T06:29:00", "title": "CVE-2017-9050", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9050"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:xmlsoft:libxml2:2.9.4"], "id": "CVE-2017-9050", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9050", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*"]}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:53", "bulletinFamily": "software", "cvelist": ["CVE-2017-7375", "CVE-2017-9049", "CVE-2017-9048", "CVE-2017-7376", "CVE-2017-0663", "CVE-2017-9047", "CVE-2017-9050"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nIt was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. ([CVE-2017-0663](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-0663>))\n\nIt was discovered that libxml2 did not properly validate parsed entity references. An attacker could use this to specially construct XML data that could expose sensitive information. ([CVE-2017-7375](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7375>))\n\nIt was discovered that a buffer overflow existed in libxml2 when handling HTTP redirects. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. ([CVE-2017-7376](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7376>))\n\nMarcel B\u00f6hme and Van-Thuan Pham discovered a buffer overflow in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. ([CVE-2017-9047](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9047>))\n\nMarcel B\u00f6hme and Van-Thuan Pham discovered a buffer overread in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service. ([CVE-2017-9048](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9048>))\n\nMarcel B\u00f6hme and Van-Thuan Pham discovered multiple buffer overreads in libxml2 when handling parameter-entity references. An attacker could use these to specially construct XML data that could cause a denial of service. ([CVE-2017-9049](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9049>), [CVE-2017-9050](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9050>))\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3363.x versions prior to 3363.40\n * 3421.x versions prior to 3421.29\n * 3445.x versions prior to 3445.15\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.156.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3363.x versions prior to 3363.40\n * Upgrade 3421.x versions prior to 3421.29\n * Upgrade 3445.x versions prior to 3445.15\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.156.0 or later.\n\n# References\n\n * [USN-3424-1](<http://www.ubuntu.com/usn/usn-3424-1/>)\n * [CVE-2017-0663](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-0663>)\n * [CVE-2017-7375](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7375>)\n * [CVE-2017-7376](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7376>)\n * [CVE-2017-9047](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9047>)\n * [CVE-2017-9048](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9048>)\n * [CVE-2017-9049](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9049>)\n * [CVE-2017-9050](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9050>)\n", "edition": 6, "modified": "2017-11-01T00:00:00", "published": "2017-11-01T00:00:00", "id": "CFOUNDRY:29B0983CCEB0C92897BDB6A87096A5D7", "href": "https://www.cloudfoundry.org/blog/usn-3424-1/", "title": "USN-3424-1: libxml2 vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:35:37", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7375", "CVE-2017-9049", "CVE-2017-9048", "CVE-2017-7376", "CVE-2017-0663", "CVE-2017-9047", "CVE-2017-9050"], "description": "USN-3424-1 fixed several vulnerabilities in libxml2. This update \nprovides the corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that a type confusion error existed in libxml2. An \nattacker could use this to specially construct XML data that \ncould cause a denial of service or possibly execute arbitrary \ncode. (CVE-2017-0663)\n\nIt was discovered that libxml2 did not properly validate parsed entity \nreferences. An attacker could use this to specially construct XML \ndata that could expose sensitive information. (CVE-2017-7375)\n\nIt was discovered that a buffer overflow existed in libxml2 when \nhandling HTTP redirects. An attacker could use this to specially \nconstruct XML data that could cause a denial of service or possibly \nexecute arbitrary code. (CVE-2017-7376)\n\nMarcel B\u00f6hme and Van-Thuan Pham discovered a buffer overflow in \nlibxml2 when handling elements. An attacker could use this to specially \nconstruct XML data that could cause a denial of service or possibly \nexecute arbitrary code. (CVE-2017-9047)\n\nMarcel B\u00f6hme and Van-Thuan Pham discovered a buffer overread \nin libxml2 when handling elements. An attacker could use this \nto specially construct XML data that could cause a denial of \nservice. (CVE-2017-9048)\n\nMarcel B\u00f6hme and Van-Thuan Pham discovered multiple buffer overreads \nin libxml2 when handling parameter-entity references. An attacker \ncould use these to specially construct XML data that could cause a \ndenial of service. (CVE-2017-9049, CVE-2017-9050)", "edition": 6, "modified": "2017-10-10T00:00:00", "published": "2017-10-10T00:00:00", "id": "USN-3424-2", "href": "https://ubuntu.com/security/notices/USN-3424-2", "title": "libxml2 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-15T01:38:57", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7375", "CVE-2017-9049", "CVE-2017-9048", "CVE-2017-7376", "CVE-2017-0663", "CVE-2017-9047", "CVE-2017-9050"], "description": "It was discovered that a type confusion error existed in libxml2. An \nattacker could use this to specially construct XML data that \ncould cause a denial of service or possibly execute arbitrary \ncode. (CVE-2017-0663)\n\nIt was discovered that libxml2 did not properly validate parsed entity \nreferences. An attacker could use this to specially construct XML \ndata that could expose sensitive information. (CVE-2017-7375)\n\nIt was discovered that a buffer overflow existed in libxml2 when \nhandling HTTP redirects. An attacker could use this to specially \nconstruct XML data that could cause a denial of service or possibly \nexecute arbitrary code. (CVE-2017-7376)\n\nMarcel B\u00f6hme and Van-Thuan Pham discovered a buffer overflow in \nlibxml2 when handling elements. An attacker could use this to specially \nconstruct XML data that could cause a denial of service or possibly \nexecute arbitrary code. (CVE-2017-9047)\n\nMarcel B\u00f6hme and Van-Thuan Pham discovered a buffer overread \nin libxml2 when handling elements. An attacker could use this \nto specially construct XML data that could cause a denial of \nservice. (CVE-2017-9048)\n\nMarcel B\u00f6hme and Van-Thuan Pham discovered multiple buffer overreads \nin libxml2 when handling parameter-entity references. An attacker \ncould use these to specially construct XML data that could cause a \ndenial of service. (CVE-2017-9049, CVE-2017-9050)", "edition": 6, "modified": "2017-09-19T00:00:00", "published": "2017-09-19T00:00:00", "id": "USN-3424-1", "href": "https://ubuntu.com/security/notices/USN-3424-1", "title": "libxml2 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:05", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9049", "CVE-2017-8872", "CVE-2017-9048", "CVE-2017-9047", "CVE-2017-9050"], "description": "\nlibxml2 developers report:\nThe htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.\nA buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.\n", "edition": 4, "modified": "2017-05-10T00:00:00", "published": "2017-05-10T00:00:00", "id": "76E59F55-4F7A-4887-BCB0-11604004163A", "href": "https://vuxml.freebsd.org/freebsd/76e59f55-4f7a-4887-bcb0-11604004163a.html", "title": "libxml2 -- Multiple Issues", "type": "freebsd", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "gentoo": [{"lastseen": "2017-11-10T06:33:45", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7375", "CVE-2017-5969", "CVE-2016-9318", "CVE-2017-9049", "CVE-2017-9048", "CVE-2017-0663", "CVE-2017-9047", "CVE-2017-9050"], "description": "### Background\n\nlibxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker, by enticing a user to process a specially crafted XML document, could remotely execute arbitrary code, conduct XML External Entity (XXE) attacks, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libxml2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/libxml2-2.9.4-r3\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.", "edition": 1, "modified": "2017-11-10T00:00:00", "published": "2017-11-10T00:00:00", "href": "https://security.gentoo.org/glsa/201711-01", "id": "GLSA-201711-01", "title": "libxml2: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-08-12T00:58:22", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7375", "CVE-2017-9049", "CVE-2017-9048", "CVE-2017-7376", "CVE-2017-0663", "CVE-2017-9047", "CVE-2017-9050"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3952-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 23, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxml2\nCVE ID : CVE-2017-0663 CVE-2017-7375 CVE-2017-7376 CVE-2017-9047\n CVE-2017-9048 CVE-2017-9049 CVE-2017-9050\nDebian Bug : 863018 863019 863021 863022 870865 870867 870870\n\nSeveral vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause a denial-of-service against\nthe application, information leaks, or potentially, the execution of\narbitrary code with the privileges of the user running the application.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 2.9.1+dfsg1-5+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2.9.4+dfsg1-2.2+deb9u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.9.4+dfsg1-3.1.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 12, "modified": "2017-08-23T04:54:38", "published": "2017-08-23T04:54:38", "id": "DEBIAN:DSA-3952-1:343CC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00214.html", "title": "[SECURITY] [DSA 3952-1] libxml2 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "github": [{"lastseen": "2020-03-10T23:26:16", "bulletinFamily": "software", "cvelist": ["CVE-2017-9050"], "description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. GitHub is notifying on nokogiri as uses libxml2.", "edition": 2, "modified": "2019-07-03T21:02:00", "published": "2017-12-13T21:38:24", "id": "GHSA-8C56-CPMW-89X7", "href": "https://github.com/advisories/GHSA-8c56-cpmw-89x7", "title": "Critical severity vulnerability that affects nokogiri", "type": "github", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-12-11T13:30:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0718", "CVE-2016-4483", "CVE-2016-4975", "CVE-2016-5131", "CVE-2016-7167", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8619", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-8625", "CVE-2016-9318", "CVE-2016-9596", "CVE-2016-9597", "CVE-2016-9598", "CVE-2017-1000254", "CVE-2017-1000257", "CVE-2017-18258", "CVE-2017-6004", "CVE-2017-7186", "CVE-2017-7244", "CVE-2017-7245", "CVE-2017-7246", "CVE-2017-9047", "CVE-2017-9048", "CVE-2017-9049", "CVE-2017-9050", "CVE-2018-0500"], "description": "This release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nSecurity Fix(es):\n\n* expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718)\n* curl: escape and unescape integer overflows (CVE-2016-7167)\n* curl: Cookie injection for other servers (CVE-2016-8615)\n* curl: Case insensitive password comparison (CVE-2016-8616)\n* curl: Out-of-bounds write via unchecked multiplication (CVE-2016-8617)\n* curl: Double-free in curl_maprintf (CVE-2016-8618)\n* curl: Double-free in krb5 code (CVE-2016-8619)\n* curl: curl_getdate out-of-bounds read (CVE-2016-8621)\n* curl: URL unescape heap overflow via integer truncation (CVE-2016-8622)\n* curl: Use-after-free via shared cookies (CVE-2016-8623)\n* curl: Invalid URL parsing with '#' (CVE-2016-8624)\n* curl: IDNA 2003 makes curl use wrong host (CVE-2016-8625)\n* libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) (CVE-2016-9598)\n* pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) (CVE-2017-6004)\n* pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) (CVE-2017-7186)\n* pcre: invalid memory read in_pcre32_xclass (pcre_xclass.c) (CVE-2017-7244)\n* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7245)\n* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7246)\n* curl: FTP PWD response parser out of bounds read (CVE-2017-1000254)\n* curl: IMAP FETCH response out of bounds read (CVE-2017-1000257)\n* curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP (CVE-2018-0500)\n\nDetails around this issue, including information about the CVE, severity of\nthe issue, and the CVSS score can be found on the CVE page listed in the\nReference section below.\n\nThe following packages have been upgraded to a newer upstream version:\n* Curl (7.57.0)\n* OpenSSL (1.0.2n)\n* Expat (2.2.5)\n* PCRE (8.41)\n* libxml2 (2.9.7)\n\nAcknowledgements:\n\nCVE-2017-1000254: Red Hat would like to thank Daniel Stenberg for reporting this issue.\nUpstream acknowledges Max Dymond as the original reporter.\nCVE-2017-1000257: Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter, (the OSS-Fuzz project) as the original reporter.\nCVE-2018-0500: Red Hat would like to thank the Curl project for reporting this issue.", "modified": "2018-09-05T09:26:14", "published": "2018-08-16T20:05:21", "id": "RHSA-2018:2486", "href": "https://access.redhat.com/errata/RHSA-2018:2486", "type": "redhat", "title": "(RHSA-2018:2486) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2017-10-11T05:54:20", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7407", "CVE-2017-9233", "CVE-2016-9840", "CVE-2017-7375", "CVE-2017-10685", "CVE-2017-9445", "CVE-2016-9063", "CVE-2016-5300", "CVE-2017-11112", "CVE-2017-5969", "CVE-2016-9318", "CVE-2016-7055", "CVE-2017-3731", "CVE-2017-9049", "CVE-2016-9842", "CVE-2017-2616", "CVE-2017-8872", "CVE-2012-6702", "CVE-2015-3238", "CVE-2017-9048", "CVE-2017-11113", "CVE-2017-3732", "CVE-2017-7376", "CVE-2017-7436", "CVE-2017-1000101", "CVE-2016-9401", "CVE-2017-7526", "CVE-2017-1000366", "CVE-2016-1839", "CVE-2017-0663", "CVE-2016-9843", "CVE-2017-9047", "CVE-2016-9597", "CVE-2017-9217", "CVE-2016-10156", "CVE-2017-1000100", "CVE-2016-9586", "CVE-2016-5011", "CVE-2017-7435", "CVE-2016-9841", "CVE-2016-2037", "CVE-2017-9287", "CVE-2017-6507", "CVE-2016-4658", "CVE-2017-10684", "CVE-2017-9269", "CVE-2017-9050"], "description": "The SUSE Linux Enterprise Server 12 SP2 container image has been updated\n to include security and stability fixes.\n\n The following issues related to building of the container images have been\n fixed:\n\n - Included krb5 package to avoid the inclusion of krb5-mini which gets\n selected as a dependency by the Build Service solver. (bsc#1056193)\n\n A number of security issues that have been already fixed by updates\n released for SUSE Linux Enterprise Server 12 are now included in the base\n image. A package/CVE cross-reference is available below.\n\n bash:\n\n - CVE-2016-9401\n\n expat:\n\n - CVE-2012-6702\n - CVE-2016-5300\n - CVE-2016-9063\n - CVE-2017-9233\n\n curl:\n\n - CVE-2016-9586\n - CVE-2017-1000100\n - CVE-2017-1000101\n - CVE-2017-7407\n\n glibc:\n\n - CVE-2017-1000366\n\n openssl:\n\n - CVE-2017-3731\n - CVE-2017-3732\n - CVE-2016-7055\n\n pam:\n\n - CVE-2015-3238\n\n apparmor:\n\n - CVE-2017-6507\n\n ncurses:\n\n - CVE-2017-10684\n - CVE-2017-10685\n - CVE-2017-11112\n - CVE-2017-11113\n\n libgcrypt:\n\n - CVE-2017-7526\n\n libxml2:\n\n - CVE-2016-1839\n - CVE-2016-4658\n - CVE-2016-9318\n - CVE-2016-9597\n - CVE-2017-0663\n - CVE-2017-5969\n - CVE-2017-7375\n - CVE-2017-7376\n - CVE-2017-8872\n - CVE-2017-9047\n - CVE-2017-9048\n - CVE-2017-9049\n - CVE-2017-9050\n\n libzypp:\n\n - CVE-2017-9269\n - CVE-2017-7435\n - CVE-2017-7436\n\n openldap2:\n\n - CVE-2017-9287\n\n systemd:\n\n - CVE-2016-10156\n - CVE-2017-9217\n - CVE-2017-9445\n\n util-linux:\n\n - CVE-2016-5011\n - CVE-2017-2616\n\n zlib:\n\n - CVE-2016-9840\n - CVE-2016-9841\n - CVE-2016-9842\n - CVE-2016-9843\n\n zypper:\n\n - CVE-2017-7436\n\n Finally, the following packages received non-security fixes:\n\n - binutils\n - cpio\n - cryptsetup\n - cyrus-sasl\n - dbus-1\n - dirmngr\n - e2fsprogs\n - gpg2\n - insserv-compat\n - kmod\n - libsolv\n - libsemanage\n - lvm2\n - lua51\n - netcfg\n - procps\n - sed\n - sg3_utils\n - shadow\n\n", "edition": 1, "modified": "2017-10-11T03:08:09", "published": "2017-10-11T03:08:09", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00012.html", "id": "SUSE-SU-2017:2701-1", "title": "Security update for SLES 12-SP2 Docker image (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-11T05:54:19", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6262", "CVE-2017-7407", "CVE-2015-8388", "CVE-2016-8620", "CVE-2016-8623", "CVE-2017-9233", "CVE-2016-5420", "CVE-2016-9840", "CVE-2016-3705", "CVE-2016-1840", "CVE-2014-0191", "CVE-2016-8615", "CVE-2016-8616", "CVE-2015-5276", "CVE-2015-3210", "CVE-2015-2325", "CVE-2016-6261", "CVE-2016-8619", "CVE-2017-10685", "CVE-2016-6306", "CVE-2016-2183", "CVE-2016-2178", "CVE-2015-8391", "CVE-2016-6263", "CVE-2016-2108", "CVE-2016-9063", "CVE-2016-8618", "CVE-2016-1762", "CVE-2016-6302", "CVE-2016-5300", "CVE-2015-8395", "CVE-2016-7141", "CVE-2016-1834", "CVE-2017-11112", "CVE-2016-2177", "CVE-2014-7169", "CVE-2015-8382", "CVE-2016-3627", "CVE-2015-1283", "CVE-2014-6277", "CVE-2016-2105", "CVE-2016-9318", "CVE-2016-4483", "CVE-2016-2107", "CVE-2015-8386", "CVE-2014-6278", "CVE-2015-2327", "CVE-2017-9049", "CVE-2016-3075", "CVE-2016-8617", "CVE-2016-9842", "CVE-2016-7796", "CVE-2017-2616", "CVE-2016-0634", "CVE-2012-6702", "CVE-2015-3238", "CVE-2016-2180", "CVE-2016-1835", "CVE-2016-0787", "CVE-2016-1234", "CVE-2016-0718", "CVE-2016-6185", "CVE-2015-8392", "CVE-2016-4574", "CVE-2015-8389", "CVE-2016-2109", "CVE-2015-8380", "CVE-2016-2181", "CVE-2016-6304", "CVE-2016-4449", "CVE-2017-9048", "CVE-2014-8964", "CVE-2015-2059", "CVE-2017-11113", "CVE-2016-1283", "CVE-2016-6313", "CVE-2016-1837", "CVE-2016-6318", "CVE-2015-3622", "CVE-2016-4448", "CVE-2016-1238", "CVE-2015-8393", "CVE-2016-1838", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-2381", "CVE-2016-7543", "CVE-2017-1000101", "CVE-2016-8622", "CVE-2015-8853", "CVE-2014-7187", "CVE-2015-8394", "CVE-2016-4008", "CVE-2014-9770", "CVE-2015-3217", "CVE-2014-6271", "CVE-2017-7526", "CVE-2016-3191", "CVE-2017-1000366", "CVE-2016-1839", "CVE-2016-8624", "CVE-2015-8384", "CVE-2016-9843", "CVE-2017-9047", "CVE-2015-8948", "CVE-2014-7824", "CVE-2015-8842", "CVE-2016-9597", "CVE-2015-5218", "CVE-2016-6303", "CVE-2015-8383", "CVE-2017-1000100", "CVE-2015-8381", "CVE-2016-2182", "CVE-2016-5421", "CVE-2016-9586", "CVE-2015-5073", "CVE-2016-4447", "CVE-2016-5011", "CVE-2015-7511", "CVE-2015-8385", "CVE-2015-8806", "CVE-2016-9841", "CVE-2016-4579", "CVE-2015-0245", "CVE-2016-2037", "CVE-2016-2073", "CVE-2016-5419", "CVE-2015-2328", "CVE-2017-6507", "CVE-2016-4658", "CVE-2016-7167", "CVE-2017-10684", "CVE-2016-2179", "CVE-2016-2106", "CVE-2016-1833", "CVE-2015-8387", "CVE-2016-8621", "CVE-2015-8390", "CVE-2017-9050"], "description": "The SUSE Linux Enterprise Server 12 container image has been updated to\n include security and stability fixes.\n\n The following issues related to building of the container images have been\n fixed:\n\n - Included krb5 package to avoid the inclusion of krb5-mini which gets\n selected as a dependency by the Build Service solver. (bsc#1056193)\n - Do not install recommended packages when building container images.\n (bsc#975726)\n\n A number of security issues that have been already fixed by updates\n released for SUSE Linux Enterprise Server 12 are now included in the base\n image. A package/CVE cross-reference is available below.\n\n pam:\n\n - CVE-2015-3238\n\n libtasn1:\n\n - CVE-2015-3622\n - CVE-2016-4008\n\n libidn:\n\n - CVE-2015-2059\n - CVE-2015-8948\n - CVE-2016-6261\n - CVE-2016-6262\n - CVE-2016-6263\n\n zlib:\n\n - CVE-2016-9840\n - CVE-2016-9841\n - CVE-2016-9842\n - CVE-2016-9843\n\n curl:\n\n - CVE-2016-5419\n - CVE-2016-5420\n - CVE-2016-5421\n - CVE-2016-7141\n - CVE-2016-7167\n - CVE-2016-8615\n - CVE-2016-8616\n - CVE-2016-8617\n - CVE-2016-8618\n - CVE-2016-8619\n - CVE-2016-8620\n - CVE-2016-8621\n - CVE-2016-8622\n - CVE-2016-8623\n - CVE-2016-8624\n - CVE-2016-9586\n - CVE-2017-1000100\n - CVE-2017-1000101\n - CVE-2017-7407\n\n openssl:\n\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2177\n - CVE-2016-2178\n - CVE-2016-2179\n - CVE-2016-2180\n - CVE-2016-2181\n - CVE-2016-2182\n - CVE-2016-2183\n - CVE-2016-6302\n - CVE-2016-6303\n - CVE-2016-6304\n - CVE-2016-6306\n\n libxml2:\n\n - CVE-2014-0191\n - CVE-2015-8806\n - CVE-2016-1762\n - CVE-2016-1833\n - CVE-2016-1834\n - CVE-2016-1835\n - CVE-2016-1837\n - CVE-2016-1838\n - CVE-2016-1839\n - CVE-2016-1840\n - CVE-2016-2073\n - CVE-2016-3627\n - CVE-2016-3705\n - CVE-2016-4447\n - CVE-2016-4448\n - CVE-2016-4449\n - CVE-2016-4483\n - CVE-2016-4658\n - CVE-2016-9318\n - CVE-2016-9597\n - CVE-2017-9047\n - CVE-2017-9048\n - CVE-2017-9049\n - CVE-2017-9050\n\n util-linux:\n\n - CVE-2015-5218\n - CVE-2016-5011\n - CVE-2017-2616\n\n cracklib:\n\n - CVE-2016-6318\n\n systemd:\n\n - CVE-2014-9770\n - CVE-2015-8842\n - CVE-2016-7796\n\n pcre:\n\n - CVE-2014-8964\n - CVE-2015-2325\n - CVE-2015-2327\n - CVE-2015-2328\n - CVE-2015-3210\n - CVE-2015-3217\n - CVE-2015-5073\n - CVE-2015-8380\n - CVE-2015-8381\n - CVE-2015-8382\n - CVE-2015-8383\n - CVE-2015-8384\n - CVE-2015-8385\n - CVE-2015-8386\n - CVE-2015-8387\n - CVE-2015-8388\n - CVE-2015-8389\n - CVE-2015-8390\n - CVE-2015-8391\n - CVE-2015-8392\n - CVE-2015-8393\n - CVE-2015-8394\n - CVE-2015-8395\n - CVE-2016-1283\n - CVE-2016-3191\n\n appamor:\n\n - CVE-2017-6507\n\n bash:\n\n - CVE-2014-6277\n - CVE-2014-6278\n - CVE-2016-0634\n - CVE-2016-7543\n\n cpio:\n\n - CVE-2016-2037\n\n glibc:\n\n - CVE-2016-1234\n - CVE-2016-3075\n - CVE-2016-3706\n - CVE-2016-4429\n - CVE-2017-1000366\n\n perl:\n\n - CVE-2015-8853\n - CVE-2016-1238\n - CVE-2016-2381\n - CVE-2016-6185\n\n libssh2_org:\n\n - CVE-2016-0787\n\n expat:\n\n - CVE-2012-6702\n - CVE-2015-1283\n - CVE-2016-0718\n - CVE-2016-5300\n - CVE-2016-9063\n - CVE-2017-9233\n\n ncurses:\n\n - CVE-2017-10684\n - CVE-2017-10685\n - CVE-2017-11112\n - CVE-2017-11113\n\n libksba:\n\n - CVE-2016-4574\n - CVE-2016-4579\n\n libgcrypt:\n\n - CVE-2015-7511\n - CVE-2016-6313\n - CVE-2017-7526\n\n dbus-1:\n\n - CVE-2014-7824\n - CVE-2015-0245\n\n Finally, the following packages received non-security fixes:\n\n - augeas\n - bzip2\n - ca-certificates-mozilla\n - coreutils\n - cryptsetup\n - cyrus-sasl\n - dirmngr\n - e2fsprogs\n - findutils\n - gpg2\n - insserv-compat\n - kmod\n - libcap\n - libsolv\n - libzypp\n - openldap2\n - p11-kit\n - permissions\n - procps\n - rpm\n - sed\n - shadow\n - zypper\n\n", "edition": 1, "modified": "2017-10-11T03:06:53", "published": "2017-10-11T03:06:53", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", "id": "SUSE-SU-2017:2699-1", "title": "Security update for SLES 12 Docker image (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-11T05:54:20", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6262", "CVE-2016-7056", "CVE-2017-7407", "CVE-2015-8388", "CVE-2016-8620", "CVE-2016-8623", "CVE-2017-9233", "CVE-2016-5420", "CVE-2016-9840", "CVE-2016-3705", "CVE-2016-1840", "CVE-2014-0191", "CVE-2016-8615", "CVE-2016-8616", "CVE-2015-5276", "CVE-2015-3210", "CVE-2015-2325", "CVE-2016-6261", "CVE-2016-8619", "CVE-2017-10685", "CVE-2016-6306", "CVE-2016-2183", "CVE-2015-0860", "CVE-2016-2178", "CVE-2015-8391", "CVE-2016-6263", "CVE-2016-2108", "CVE-2016-9063", "CVE-2016-8618", "CVE-2016-1762", "CVE-2016-6302", "CVE-2016-5300", "CVE-2015-8395", "CVE-2016-7141", "CVE-2016-1834", "CVE-2017-11112", "CVE-2016-2177", "CVE-2014-7169", "CVE-2015-8382", "CVE-2016-3627", "CVE-2015-1283", "CVE-2014-6277", "CVE-2016-2105", "CVE-2016-9318", "CVE-2016-4483", "CVE-2016-2107", "CVE-2017-3731", "CVE-2015-8386", "CVE-2014-6278", "CVE-2015-2327", "CVE-2017-9049", "CVE-2016-3075", "CVE-2016-8617", "CVE-2016-9842", "CVE-2016-7796", "CVE-2017-2616", "CVE-2016-0634", "CVE-2012-6702", "CVE-2015-3238", "CVE-2016-2180", "CVE-2016-1835", "CVE-2016-0787", "CVE-2016-8610", "CVE-2016-1234", "CVE-2016-0718", "CVE-2016-6185", "CVE-2015-8392", "CVE-2016-4574", "CVE-2015-8389", "CVE-2016-2109", "CVE-2015-8380", "CVE-2016-2181", "CVE-2016-6304", "CVE-2016-4449", "CVE-2017-9048", "CVE-2014-8964", "CVE-2015-2059", "CVE-2017-11113", "CVE-2016-1283", "CVE-2016-6313", "CVE-2016-1837", "CVE-2016-6318", "CVE-2015-3622", "CVE-2016-4448", "CVE-2016-1238", "CVE-2015-8393", "CVE-2016-1838", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-2381", "CVE-2016-7543", "CVE-2017-1000101", "CVE-2016-8622", "CVE-2015-8853", "CVE-2014-7187", "CVE-2015-8394", "CVE-2016-4008", "CVE-2014-9770", "CVE-2015-3217", "CVE-2014-6271", "CVE-2017-7526", "CVE-2016-3191", "CVE-2017-1000366", "CVE-2016-1839", "CVE-2016-8624", "CVE-2015-8384", "CVE-2016-9843", "CVE-2017-9047", "CVE-2015-8948", "CVE-2014-7824", "CVE-2015-8842", "CVE-2016-9597", "CVE-2016-6303", "CVE-2015-8383", "CVE-2017-1000100", "CVE-2015-8381", "CVE-2016-2182", "CVE-2016-5421", "CVE-2016-9586", "CVE-2015-5073", "CVE-2016-4447", "CVE-2016-5011", "CVE-2015-7511", "CVE-2015-8385", "CVE-2015-8806", "CVE-2016-9841", "CVE-2016-4579", "CVE-2015-0245", "CVE-2016-2037", "CVE-2016-2073", "CVE-2016-5419", "CVE-2015-2328", "CVE-2017-6507", "CVE-2016-4658", "CVE-2016-7167", "CVE-2017-10684", "CVE-2016-2179", "CVE-2016-2106", "CVE-2016-1833", "CVE-2015-8387", "CVE-2016-8621", "CVE-2015-8390", "CVE-2017-9050"], "description": "The SUSE Linux Enterprise Server 12 SP1 container image has been updated\n to include security and stability fixes.\n\n The following issues related to building of the container images have been\n fixed:\n\n - Included krb5 package to avoid the inclusion of krb5-mini which gets\n selected as a dependency by the Build Service solver. (bsc#1056193)\n - Do not install recommended packages when building container images.\n (bsc#975726)\n\n A number of security issues that have been already fixed by updates\n released for SUSE Linux Enterprise Server 12 SP1 are now included in the\n base image. A package/CVE cross-reference is available below.\n\n pam:\n\n - CVE-2015-3238\n\n libtasn1:\n\n - CVE-2015-3622\n - CVE-2016-4008\n\n expat:\n\n expat:\n\n - CVE-2012-6702\n - CVE-2015-1283\n - CVE-2016-0718\n - CVE-2016-5300\n - CVE-2016-9063\n - CVE-2017-9233\n\n libidn:\n\n - CVE-2015-2059\n - CVE-2015-8948\n - CVE-2016-6261\n - CVE-2016-6262\n - CVE-2016-6263\n\n\n zlib:\n\n - CVE-2016-9840\n - CVE-2016-9841\n - CVE-2016-9842\n - CVE-2016-9843\n\n curl:\n\n - CVE-2016-5419\n - CVE-2016-5420\n - CVE-2016-5421\n - CVE-2016-7141\n - CVE-2016-7167\n - CVE-2016-8615\n - CVE-2016-8616\n - CVE-2016-8617\n - CVE-2016-8618\n - CVE-2016-8619\n - CVE-2016-8620\n - CVE-2016-8621\n - CVE-2016-8622\n - CVE-2016-8623\n - CVE-2016-8624\n - CVE-2016-9586\n - CVE-2017-1000100\n - CVE-2017-1000101\n - CVE-2017-7407\n\n openssl:\n\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2177\n - CVE-2016-2178\n - CVE-2016-2179\n - CVE-2016-2180\n - CVE-2016-2181\n - CVE-2016-2182\n - CVE-2016-2183\n - CVE-2016-6302\n - CVE-2016-6303\n - CVE-2016-6304\n - CVE-2016-6306\n - CVE-2016-7056\n - CVE-2016-8610\n - CVE-2017-3731\n\n cracklib:\n\n - CVE-2016-6318\n\n pcre:\n\n - CVE-2014-8964\n - CVE-2015-2325\n - CVE-2015-2327\n - CVE-2015-2328\n - CVE-2015-3210\n - CVE-2015-3217\n - CVE-2015-5073\n - CVE-2015-8380\n - CVE-2015-8381\n - CVE-2015-8382\n - CVE-2015-8383\n - CVE-2015-8384\n - CVE-2015-8385\n - CVE-2015-8386\n - CVE-2015-8387\n - CVE-2015-8388\n - CVE-2015-8389\n - CVE-2015-8390\n - CVE-2015-8391\n - CVE-2015-8392\n - CVE-2015-8393\n - CVE-2015-8394\n - CVE-2015-8395\n - CVE-2016-1283\n - CVE-2016-3191\n\n appamor:\n\n - CVE-2017-6507\n\n bash:\n\n - CVE-2014-6277\n - CVE-2014-6278\n - CVE-2016-0634\n - CVE-2016-7543\n\n cpio:\n\n - CVE-2016-2037\n\n glibc:\n\n - CVE-2016-1234\n - CVE-2016-3075\n - CVE-2016-3706\n - CVE-2016-4429\n - CVE-2017-1000366\n\n perl:\n\n - CVE-2015-8853\n - CVE-2016-1238\n - CVE-2016-2381\n - CVE-2016-6185\n\n libssh2_org:\n\n - CVE-2016-0787\n\n util-linux:\n\n - CVE-2016-5011\n - CVE-2017-2616\n\n ncurses:\n\n - CVE-2017-10684\n - CVE-2017-10685\n - CVE-2017-11112\n - CVE-2017-11113\n\n libksba:\n\n - CVE-2016-4574\n - CVE-2016-4579\n\n libxml2:\n\n - CVE-2014-0191\n - CVE-2015-8806\n - CVE-2016-1762\n - CVE-2016-1833\n - CVE-2016-1834\n - CVE-2016-1835\n - CVE-2016-1837\n - CVE-2016-1838\n - CVE-2016-1839\n - CVE-2016-1840\n - CVE-2016-2073\n - CVE-2016-3627\n - CVE-2016-3705\n - CVE-2016-4447\n - CVE-2016-4448\n - CVE-2016-4449\n - CVE-2016-4483\n - CVE-2016-4658\n - CVE-2016-9318\n - CVE-2016-9597\n - CVE-2017-9047\n - CVE-2017-9048\n - CVE-2017-9049\n - CVE-2017-9050\n\n libgcrypt:\n\n - CVE-2015-7511\n - CVE-2016-6313\n - CVE-2017-7526\n\n update-alternatives:\n\n - CVE-2015-0860\n\n systemd:\n\n - CVE-2014-9770\n - CVE-2015-8842\n - CVE-2016-7796\n\n dbus-1:\n\n - CVE-2014-7824\n - CVE-2015-0245\n\n Finally, the following packages received non-security fixes:\n\n - augeas\n - bzip2\n - ca-certificates-mozilla\n - coreutils\n - cryptsetup\n - cyrus-sasl\n - dirmngr\n - e2fsprogs\n - findutils\n - gpg2\n - insserv-compat\n - kmod\n - libcap\n - libsolv\n - libzypp\n - lua51\n - lvm2\n - netcfg\n - p11-kit\n - permissions\n - procps\n - rpm\n - sed\n - sg3_utils\n - shadow\n - zypper\n\n", "edition": 1, "modified": "2017-10-11T03:07:32", "published": "2017-10-11T03:07:32", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", "id": "SUSE-SU-2017:2700-1", "title": "Security update for SLES 12-SP1 Docker image (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "apple": [{"lastseen": "2020-05-07T18:05:56", "bulletinFamily": "software", "cvelist": ["CVE-2017-7102", "CVE-2017-7120", "CVE-2017-7117", "CVE-2017-7099", "CVE-2017-7096", "CVE-2017-7090", "CVE-2017-9049", "CVE-2017-7081", "CVE-2017-7093", "CVE-2017-13831", "CVE-2017-7376", "CVE-2017-13833", "CVE-2017-7089", "CVE-2018-4302", "CVE-2017-13829", "CVE-2017-7107", "CVE-2017-7098", "CVE-2017-7087", "CVE-2017-7092", "CVE-2017-7095", "CVE-2017-7100", "CVE-2017-7091", "CVE-2017-7094", "CVE-2017-7127", "CVE-2017-7104", "CVE-2017-7109", "CVE-2017-7111", "CVE-2017-5130", "CVE-2017-9050", "CVE-2017-7106"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iCloud for Windows 7.0\n\nReleased September 25, 2017\n\n**CFNetwork**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-7376: an anonymous researcher\n\nCVE-2017-5130: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2018-4302: Gustavo Grieco\n\nEntry added October 18, 2018\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7127: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-7081: Apple\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7087: Apple\n\nCVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7092: Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative, Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team\n\nCVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group\n\nCVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7096: Wei Yuan of Baidu Security Lab\n\nCVE-2017-7098: Felipe Freitas of Instituto Tecnol\u00f3gico de Aeron\u00e1utica\n\nCVE-2017-7099: Apple\n\nCVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53\n\nCVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University\n\nCVE-2017-7104: likemeng of Baidu Secutity Lab\n\nCVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University\n\nCVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7117: lokihardt of Google Project Zero\n\nCVE-2017-7120: chenqin (\u9648\u94a6) of Ant-financial Light-Year Security Lab\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of parent-tab. This issue was addressed with improved state management.\n\nCVE-2017-7089: Frans Ros\u00e9n of Detectify, Anton Lopanitsyn of ONSEC\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Cookies belonging to one origin may be sent to another origin\n\nDescription: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.\n\nCVE-2017-7090: Apple\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-7106: Oliver Paukstadt of Thinking Objects GmbH (to.com)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: Application Cache policy may be unexpectedly applied.\n\nCVE-2017-7109: avlidienbrunn\n\n\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter for their assistance.\n", "edition": 1, "modified": "2018-10-18T04:48:21", "published": "2018-10-18T04:48:21", "id": "APPLE:HT208142", "href": "https://support.apple.com/kb/HT208142", "title": "About the security content of iCloud for Windows 7.0 - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-07T18:07:12", "bulletinFamily": "software", "cvelist": ["CVE-2017-7102", "CVE-2017-7120", "CVE-2017-7117", "CVE-2017-7099", "CVE-2017-7096", "CVE-2017-7090", "CVE-2017-9049", "CVE-2017-7081", "CVE-2017-7093", "CVE-2017-13831", "CVE-2017-7376", "CVE-2017-13833", "CVE-2018-4302", "CVE-2017-13829", "CVE-2017-7107", "CVE-2017-7098", "CVE-2017-7087", "CVE-2017-7092", "CVE-2017-7095", "CVE-2017-7100", "CVE-2017-7091", "CVE-2017-7094", "CVE-2017-7104", "CVE-2017-7109", "CVE-2017-7111", "CVE-2017-5130", "CVE-2017-9050"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iTunes 12.7 for Windows\n\nReleased September 12, 2017\n\n**CFNetwork**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-7376: an anonymous researcher\n\nCVE-2017-5130: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2018-4302: Gustavo Grieco\n\nEntry added October 18, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-7081: Apple\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7087: Apple\n\nCVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7092: Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative, Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team\n\nCVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group\n\nCVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7096: Wei Yuan of Baidu Security Lab\n\nCVE-2017-7098: Felipe Freitas of Instituto Tecnol\u00f3gico de Aeron\u00e1utica\n\nCVE-2017-7099: Apple\n\nCVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53\n\nCVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University\n\nCVE-2017-7104: likemeng of Baidu Secutity Lab\n\nCVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University\n\nCVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7117: lokihardt of Google Project Zero\n\nCVE-2017-7120: chenqin (\u9648\u94a6) of Ant-financial Light-Year Security Lab\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Cookies belonging to one origin may be sent to another origin\n\nDescription: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.\n\nCVE-2017-7090: Apple\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: Application Cache policy may be unexpectedly applied.\n\nCVE-2017-7109: avlidienbrunn\n\nEntry added September 25, 2017\n\n\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter for their assistance.\n", "edition": 1, "modified": "2018-10-18T05:03:03", "published": "2018-10-18T05:03:03", "id": "APPLE:HT208141", "href": "https://support.apple.com/kb/HT208141", "title": "About the security content of iTunes 12.7 for Windows - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-07T18:04:40", "bulletinFamily": "software", "cvelist": ["CVE-2017-13873", "CVE-2017-9233", "CVE-2017-10989", "CVE-2017-13854", "CVE-2016-9840", "CVE-2017-13840", "CVE-2017-13843", "CVE-2016-9063", "CVE-2017-13816", "CVE-2017-13832", "CVE-2017-7130", "CVE-2017-7128", "CVE-2017-13815", "CVE-2017-9049", "CVE-2016-9842", "CVE-2017-7114", "CVE-2017-13836", "CVE-2017-1000373", "CVE-2017-7083", "CVE-2017-13813", "CVE-2017-7129", "CVE-2017-13831", "CVE-2017-7376", "CVE-2017-0381", "CVE-2017-13833", "CVE-2017-7080", "CVE-2017-7116", "CVE-2017-13812", "CVE-2018-4302", "CVE-2017-13829", "CVE-2017-13828", "CVE-2017-13821", "CVE-2017-13834", "CVE-2017-13830", "CVE-2017-13818", "CVE-2016-9843", "CVE-2017-13841", "CVE-2017-7103", "CVE-2017-7086", "CVE-2017-7110", "CVE-2017-7105", "CVE-2017-13782", "CVE-2017-13814", "CVE-2017-13817", "CVE-2016-9841", "CVE-2017-7108", "CVE-2017-7127", "CVE-2017-7112", "CVE-2017-13825", "CVE-2017-13842", "CVE-2017-5130", "CVE-2017-9050"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 4\n\nReleased September 19, 2017\n\n**802.1X**\n\nAvailable for: All Apple Watch models\n\nImpact: An attacker may be able to exploit weaknesses in TLS 1.0\n\nDescription: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2.\n\nCVE-2017-13832: Doug Wussler of Florida State University\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**CFNetwork**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**CFNetwork Proxies**\n\nAvailable for: All Apple Watch models\n\nImpact: An attacker in a privileged network position may be able to cause a denial of service\n\nDescription: Multiple denial of service issues were addressed through improved memory handling.\n\nCVE-2017-7083: Abhinav Bansal of Zscaler Inc.\n\nEntry added September 25, 2017\n\n**CFString**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13821: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**CoreAudio**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed by updating to Opus version 1.1.4.\n\nCVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro\n\nEntry added September 25, 2017\n\n**CoreText**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13825: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, uodated November 16, 2018\n\n**file**\n\nAvailable for: All Apple Watch models\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.31.\n\nCVE-2017-13815: found by OSS-Fuzz\n\nEntry added October 31, 2017, updated October 18, 2018\n\n**Fonts**\n\nAvailable for: All Apple Watch models\n\nImpact: Rendering untrusted text may lead to spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**HFS**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\n\nEntry added October 31, 2017\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13814: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry added October 31, 2017, updated April 3, 2019\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-2017-13817: Maxime Villard (m00nbsd)\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13818: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2017-13836: Vlad Tsyrklevich\n\nCVE-2017-13841: Vlad Tsyrklevich\n\nCVE-2017-13840: Vlad Tsyrklevich\n\nCVE-2017-13842: Vlad Tsyrklevich\n\nCVE-2017-13782: an anonymous researcher\n\nEntry added October 31, 2017, updated June 18, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13843: an anonymous researcher, an anonymous researcher\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7114: Alex Plaskett of MWR InfoSecurity\n\nEntry added September 25, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13854: shrek_wzw of Qihoo 360 Nirvan Team\n\nEntry added November 2, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a malformed mach binary may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved validation.\n\nCVE-2017-13834: Maxime Villard (m00nbsd)\n\nEntry added November 10, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access network activity information maintained by the operating system unrestricted. This issue was addressed by reducing the information available to third party applications.\n\nCVE-2017-13873: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 30, 2017\n\n**libarchive**\n\nAvailable for: All Apple Watch models\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-13813: found by OSS-Fuzz\n\nCVE-2017-13816: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: All Apple Watch models\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation.\n\nCVE-2017-13812: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libc**\n\nAvailable for: All Apple Watch models\n\nImpact: A remote attacker may be able to cause a denial-of-service\n\nDescription: A resource exhaustion issue in glob() was addressed through an improved algorithm.\n\nCVE-2017-7086: Russ Cox of Google\n\nEntry added September 25, 2017\n\n**libc**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-1000373\n\nEntry added September 25, 2017\n\n**libexpat**\n\nAvailable for: All Apple Watch models\n\nImpact: Multiple issues in expat\n\nDescription: Multiple issues were addressed by updating to version 2.2.1\n\nCVE-2016-9063\n\nCVE-2017-9233\n\nEntry added September 25, 2017\n\n**libxml2**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-7376: an anonymous researcher\n\nCVE-2017-5130: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2018-4302: Gustavo Grieco\n\nEntry added October 18, 2018\n\n**Security**\n\nAvailable for: All Apple Watch models\n\nImpact: A revoked certificate may be trusted\n\nDescription: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation.\n\nCVE-2017-7080: an anonymous researcher, Sven Driemecker of adesso mobile solutions gmbh, an anonymous researcher, Rune Darrud (@theflyingcorpse) of B\u00e6rum kommune\n\nEntry added September 25, 2017\n\n**SQLite**\n\nAvailable for: All Apple Watch models\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating to version 3.19.3.\n\nCVE-2017-10989: found by OSS-Fuzz\n\nCVE-2017-7128: found by OSS-Fuzz\n\nCVE-2017-7129: found by OSS-Fuzz\n\nCVE-2017-7130: found by OSS-Fuzz\n\nEntry added September 25, 2017\n\n**SQLite**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7127: an anonymous researcher\n\nEntry added September 25, 2017\n\n**Wi-Fi**\n\nAvailable for: All Apple Watch models\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7103: Gal Beniamini of Google Project Zero\n\nCVE-2017-7105: Gal Beniamini of Google Project Zero\n\nCVE-2017-7108: Gal Beniamini of Google Project Zero\n\nCVE-2017-7110: Gal Beniamini of Google Project Zero\n\nCVE-2017-7112: Gal Beniamini of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: All Apple Watch models\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to read restricted kernel memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-7116: Gal Beniamini of Google Project Zero\n\n**zlib**\n\nAvailable for: All Apple Watch models\n\nImpact: Multiple issues in zlib\n\nDescription: Multiple issues were addressed by updating to version 1.2.11.\n\nCVE-2016-9840\n\nCVE-2016-9841\n\nCVE-2016-9842\n\nCVE-2016-9843\n\nEntry added September 25, 2017\n\n\n\n## Additional recognition\n\n**Security**\n\nWe would like to acknowledge Abhinav Bansal of Zscaler, Inc. for their assistance.\n", "edition": 1, "modified": "2019-04-03T09:47:52", "published": "2019-04-03T09:47:52", "id": "APPLE:HT208115", "href": "https://support.apple.com/kb/HT208115", "title": "About the security content of watchOS 4 - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-07T18:06:34", "bulletinFamily": "software", "cvelist": ["CVE-2017-13873", "CVE-2017-11122", "CVE-2017-9233", "CVE-2017-10989", "CVE-2017-13854", "CVE-2017-7102", "CVE-2016-9840", "CVE-2017-13840", "CVE-2017-7120", "CVE-2017-13843", "CVE-2017-7117", "CVE-2017-11121", "CVE-2016-9063", "CVE-2017-13822", "CVE-2017-7099", "CVE-2017-13816", "CVE-2017-13832", "CVE-2017-7096", "CVE-2017-7090", "CVE-2017-7130", "CVE-2017-7128", "CVE-2017-13815", "CVE-2017-9049", "CVE-2016-9842", "CVE-2017-7114", "CVE-2017-7081", "CVE-2017-13836", "CVE-2017-1000373", "CVE-2017-7083", "CVE-2017-7093", "CVE-2017-11120", "CVE-2017-13813", "CVE-2017-7129", "CVE-2017-13831", "CVE-2017-7376", "CVE-2017-0381", "CVE-2017-13833", "CVE-2017-7080", "CVE-2017-7116", "CVE-2017-13812", "CVE-2017-13829", "CVE-2017-7107", "CVE-2017-13828", "CVE-2017-7098", "CVE-2017-13834", "CVE-2017-13830", "CVE-2017-7087", "CVE-2017-7092", "CVE-2017-13818", "CVE-2016-9843", "CVE-2017-13841", "CVE-2017-7103", "CVE-2017-7086", "CVE-2017-7095", "CVE-2017-7110", "CVE-2017-7105", "CVE-2017-13782", "CVE-2017-7100", "CVE-2017-7115", "CVE-2017-13814", "CVE-2017-13817", "CVE-2017-7091", "CVE-2016-9841", "CVE-2017-7108", "CVE-2017-7094", "CVE-2017-7127", "CVE-2017-7104", "CVE-2017-7109", "CVE-2017-7112", "CVE-2017-13825", "CVE-2017-13842", "CVE-2017-7111", "CVE-2017-5130", "CVE-2017-9050"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 11\n\nReleased September 19, 2017\n\n**802.1X**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker may be able to exploit weaknesses in TLS 1.0\n\nDescription: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2.\n\nCVE-2017-13832: Doug Wussler of Florida State University\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**CFNetwork**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**CFNetwork Proxies**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to cause a denial of service\n\nDescription: Multiple denial of service issues were addressed through improved memory handling.\n\nCVE-2017-7083: Abhinav Bansal of Zscaler Inc.\n\nEntry added September 25, 2017\n\n**CoreAudio**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed by updating to Opus version 1.1.4.\n\nCVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro\n\nEntry added September 25, 2017\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13825: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**file**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.31.\n\nCVE-2017-13815: found by OSS-Fuzz\n\nEntry added October 31, 2017, updated October 18, 2018\n\n**Fonts**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Rendering untrusted text may lead to spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**HFS**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\n\nEntry added October 31, 2017\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13814: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry added October 31, 2017, updated April 3, 2019\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-2017-13817: Maxime Villard (m00nbsd)\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13818: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2017-13836: Vlad Tsyrklevich\n\nCVE-2017-13841: Vlad Tsyrklevich\n\nCVE-2017-13840: Vlad Tsyrklevich\n\nCVE-2017-13842: Vlad Tsyrklevich\n\nCVE-2017-13782: an anonymous researcher\n\nEntry added October 31, 2017, updated June 18, 2018\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13843: an anonymous researcher, an anonymous researcher\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7114: Alex Plaskett of MWR InfoSecurity\n\nEntry added September 25, 2017\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13854: shrek_wzw of Qihoo 360 Nirvan Team\n\nEntry added November 2, 2017\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a malformed mach binary may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved validation.\n\nCVE-2017-13834: Maxime Villard (m00nbsd)\n\nEntry added November 10, 2017\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access network activity information maintained by the operating system unrestricted. This issue was addressed by reducing the information available to third party applications.\n\nCVE-2017-13873: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 30, 2017\n\n**libarchive**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-13813: found by OSS-Fuzz\n\nCVE-2017-13816: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation.\n\nCVE-2017-13812: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libc**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A remote attacker may be able to cause a denial-of-service\n\nDescription: A resource exhaustion issue in glob() was addressed through an improved algorithm.\n\nCVE-2017-7086: Russ Cox of Google\n\nEntry added September 25, 2017\n\n**libc**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-1000373\n\nEntry added September 25, 2017\n\n**libexpat**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple issues in expat\n\nDescription: Multiple issues were addressed by updating to version 2.2.1\n\nCVE-2016-9063\n\nCVE-2017-9233\n\nEntry added September 25, 2017\n\n**libxml2**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-5130: an anonymous researcher\n\nCVE-2017-7376: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**Quick Look**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13822: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**Security**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A revoked certificate may be trusted\n\nDescription: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation.\n\nCVE-2017-7080: an anonymous researcher, Sven Driemecker of adesso mobile solutions gmbh, Rune Darrud (@theflyingcorpse) of B\u00e6rum kommune, an anonymous researcher\n\nEntry added September 25, 2017\n\n**SQLite**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating to version 3.19.3.\n\nCVE-2017-10989: found by OSS-Fuzz\n\nCVE-2017-7128: found by OSS-Fuzz\n\nCVE-2017-7129: found by OSS-Fuzz\n\nCVE-2017-7130: found by OSS-Fuzz\n\nEntry added September 25, 2017\n\n**SQLite**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7127: an anonymous researcher\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-7081: Apple\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7087: Apple\n\nCVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7092: Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team, Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group\n\nCVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7096: Wei Yuan of Baidu Security Lab\n\nCVE-2017-7098: Felipe Freitas of Instituto Tecnol\u00f3gico de Aeron\u00e1utica\n\nCVE-2017-7099: Apple\n\nCVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53\n\nCVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University\n\nCVE-2017-7104: likemeng of Baidu Secutity Lab\n\nCVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University\n\nCVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7117: lokihardt of Google Project Zero\n\nCVE-2017-7120: chenqin (\u9648\u94a6) of Ant-financial Light-Year Security Lab\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Cookies belonging to one origin may be sent to another origin\n\nDescription: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.\n\nCVE-2017-7090: Apple\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: Application Cache policy may be unexpectedly applied.\n\nCVE-2017-7109: avlidienbrunn\n\nEntry added September 25, 2017\n\n**Wi-Fi**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-11120: Gal Beniamini of Google Project Zero\n\nCVE-2017-11121: Gal Beniamini of Google Project Zero\n\nEntry added September 25, 2017\n\n**Wi-Fi**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7103: Gal Beniamini of Google Project Zero\n\nCVE-2017-7105: Gal Beniamini of Google Project Zero\n\nCVE-2017-7108: Gal Beniamini of Google Project Zero\n\nCVE-2017-7110: Gal Beniamini of Google Project Zero\n\nCVE-2017-7112: Gal Beniamini of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor\n\nDescription: Multiple race conditions were addressed through improved validation.\n\nCVE-2017-7115: Gal Beniamini of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to read restricted kernel memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-7116: Gal Beniamini of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A attacker within range may be able to read restricted memory from the Wi-Fi chipset\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-11122: Gal Beniamini of Google Project Zero\n\nEntry added October 9, 2017\n\n**zlib**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple issues in zlib\n\nDescription: Multiple issues were addressed by updating to version 1.2.11.\n\nCVE-2016-9840\n\nCVE-2016-9841\n\nCVE-2016-9842\n\nCVE-2016-9843\n\nEntry added September 25, 2017\n\n\n\n## Additional recognition\n\n**Security**\n\nWe would like to acknowledge Abhinav Bansal of Zscaler, Inc. for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter for their assistance.\n", "edition": 1, "modified": "2019-04-03T09:46:21", "published": "2019-04-03T09:46:21", "id": "APPLE:HT208113", "href": "https://support.apple.com/kb/HT208113", "title": "About the security content of tvOS 11 - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-28T03:18:02", "bulletinFamily": "software", "cvelist": ["CVE-2017-13873", "CVE-2017-11122", "CVE-2017-13806", "CVE-2017-9233", "CVE-2017-13877", "CVE-2017-13863", "CVE-2017-10989", "CVE-2017-13854", "CVE-2017-7102", "CVE-2016-9840", "CVE-2017-7075", "CVE-2017-13840", "CVE-2017-7120", "CVE-2017-7139", "CVE-2017-13843", "CVE-2017-7117", "CVE-2017-11121", "CVE-2017-7088", "CVE-2017-7085", "CVE-2016-9063", "CVE-2017-13822", "CVE-2017-7099", "CVE-2017-13816", "CVE-2017-11103", "CVE-2017-13832", "CVE-2017-7096", "CVE-2017-6211", "CVE-2017-7132", "CVE-2017-7090", "CVE-2017-7130", "CVE-2017-7128", "CVE-2017-13815", "CVE-2017-9049", "CVE-2016-9842", "CVE-2017-7114", "CVE-2017-7081", "CVE-2017-13836", "CVE-2017-1000373", "CVE-2017-7072", "CVE-2017-7083", "CVE-2017-7093", "CVE-2017-7078", "CVE-2017-11120", "CVE-2017-13813", "CVE-2017-7129", "CVE-2017-13831", "CVE-2017-7148", "CVE-2017-7376", "CVE-2017-0381", "CVE-2017-13833", "CVE-2017-7080", "CVE-2017-7116", "CVE-2017-13812", "CVE-2017-7089", "CVE-2018-4302", "CVE-2017-13829", "CVE-2017-7107", "CVE-2017-7131", "CVE-2017-13828", "CVE-2017-7098", "CVE-2017-13821", "CVE-2017-7142", "CVE-2017-13834", "CVE-2017-13830", "CVE-2017-7087", "CVE-2017-7092", "CVE-2017-7146", "CVE-2017-7145", "CVE-2017-13818", "CVE-2016-9843", "CVE-2017-13841", "CVE-2017-7103", "CVE-2017-7097", "CVE-2017-7133", "CVE-2017-7086", "CVE-2017-7095", "CVE-2017-7110", "CVE-2017-7105", "CVE-2017-7100", "CVE-2017-7115", "CVE-2017-13814", "CVE-2017-13817", "CVE-2017-7091", "CVE-2016-9841", "CVE-2017-7144", "CVE-2017-7108", "CVE-2017-7094", "CVE-2017-7127", "CVE-2017-7104", "CVE-2017-7109", "CVE-2017-7112", "CVE-2017-13825", "CVE-2017-7140", "CVE-2017-13842", "CVE-2017-7111", "CVE-2017-5130", "CVE-2017-7118", "CVE-2017-9050", "CVE-2017-7106"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 11\n\nReleased September 19, 2017\n\n**802.1X**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker may be able to exploit weaknesses in TLS 1.0\n\nDescription: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2.\n\nCVE-2017-13832: Doug Wussler of Florida State University\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**APNs**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position could track a user\n\nDescription: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol. \n\nCVE-2017-13863: FURIOUSMAC Team of United States Naval Academy\n\nEntry added December 21, 2017\n\n**Bluetooth**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to access restricted files\n\nDescription: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management.\n\nCVE-2017-7131: Dominik Conrads of Federal Office for Information Security, an anonymous researcher, Anand Kathapurkar of India, Elvis (@elvisimprsntr)\n\nEntry updated October 9, 2017\n\n**CFNetwork**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**CFNetwork Proxies**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to cause a denial of service\n\nDescription: Multiple denial of service issues were addressed through improved memory handling.\n\nCVE-2017-7083: Abhinav Bansal of Zscaler Inc.\n\nEntry added September 25, 2017\n\n**CFString**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13821: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**CoreAudio**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed by updating to Opus version 1.1.4.\n\nCVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro\n\nEntry added September 25, 2017\n\n**CoreText**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13825: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**Exchange ActiveSync**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to erase a device during Exchange account setup\n\nDescription: A validation issue existed in AutoDiscover V1. This was addressed by requiring TLS for AutoDiscover V1. AutoDiscover V2 is now supported.\n\nCVE-2017-7088: Ilya Nesterov, Maxim Goncharov\n\n**file**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.31.\n\nCVE-2017-13815: found by OSS-Fuzz\n\nEntry added October 31, 2017, updated October 18, 2018\n\n**Fonts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Rendering untrusted text may lead to spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Heimdal**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to impersonate a service\n\nDescription: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed through improved validation.\n\nCVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams\n\nEntry added September 25, 2017\n\n**HFS**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\n\nEntry added October 31, 2017\n\n**iBooks**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service\n\nDescription: Multiple denial of service issues were addressed through improved memory handling.\n\nCVE-2017-7072: J\u0119drzej Krysztofiak\n\n**ImageIO**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13814: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**ImageIO**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry added October 31, 2017, updated April 3, 2019\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7114: Alex Plaskett of MWR InfoSecurity\n\nEntry added September 25, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-2017-13817: Maxime Villard (m00nbsd)\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13818: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2017-13836: Vlad Tsyrklevich\n\nCVE-2017-13841: Vlad Tsyrklevich\n\nCVE-2017-13840: Vlad Tsyrklevich\n\nCVE-2017-13842: Vlad Tsyrklevich\n\nEntry added October 31, 2017, updated June 18, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13843: an anonymous researcher, an anonymous researcher\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13854: shrek_wzw of Qihoo 360 Nirvan Team\n\nEntry added November 2, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a malformed mach binary may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved validation.\n\nCVE-2017-13834: Maxime Villard (m00nbsd)\n\nEntry added November 10, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access network activity information maintained by the operating system unrestricted. This issue was addressed by reducing the information available to third party applications.\n\nCVE-2017-13873: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 30, 2017\n\n**Keyboard Suggestions**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Keyboard autocorrect suggestions may reveal sensitive information\n\nDescription: The iOS keyboard was inadvertently caching sensitive information. This issue was addressed with improved heuristics.\n\nCVE-2017-7140: Agim Allkanjari of Stream in Motion Inc.\n\nEntry updated October 9, 2017\n\n**libarchive**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-13813: found by OSS-Fuzz\n\nCVE-2017-13816: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation.\n\nCVE-2017-13812: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libc**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A remote attacker may be able to cause a denial-of-service\n\nDescription: A resource exhaustion issue in glob() was addressed through an improved algorithm.\n\nCVE-2017-7086: Russ Cox of Google\n\nEntry added September 25, 2017\n\n**libc**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-1000373\n\nEntry added September 25, 2017\n\n**libexpat**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Multiple issues in expat\n\nDescription: Multiple issues were addressed by updating to version 2.2.1\n\nCVE-2016-9063\n\nCVE-2017-9233\n\nEntry added September 25, 2017\n\n**libxml2**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-7376: an anonymous researcher\n\nCVE-2017-5130: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2018-4302: Gustavo Grieco\n\nEntry added October 18, 2018\n\n**Location Framework**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read sensitive location information\n\nDescription: A permissions issue existed in the handling of the location variable. This was addressed with additional ownership checks.\n\nCVE-2017-7148: Igor Makarov from Moovit, Will McGinty and Shawnna Rodriguez of Bottle Rocket Studios\n\nEntry updated October 9, 2017\n\n**Mail Drafts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker with a privileged network position may be able to intercept mail contents\n\nDescription: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.\n\nCVE-2017-7078: Petter Flink, Pierre ALBAR\u00c8DE from Marseille (France), an anonymous researcher\n\nEntry updated October 9, 2017\n\n**Mail MessageUI**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2017-7097: Xinshu Dong and Jun Hao Tan of Anquan Capital\n\n**Messages**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A denial of service issue was addressed through improved validation.\n\nCVE-2017-7118: Kiki Jiang and Jason Tokoph\n\n**MobileBackup**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Backup may perform an unencrypted backup despite a requirement to perform only encrypted backups\n\nDescription: A permissions issue existed. This issue was addressed with improved permission validation.\n\nCVE-2017-7133: Don Sparks of HackediOS.com\n\n**Notes**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: The contents of locked notes sometimes appeared in search results. This issue was addressed through improved data cleanup.\n\nCVE-2017-7075: Richard Will of Marathon Oil Company\n\nEntry added November 10, 2017\n\n**Phone**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A screenshot of secure content may be taken when locking an iOS device\n\nDescription: A timing issue existed in the handling of locking. This issue was addressed by disabling screenshots while locking.\n\nCVE-2017-7139: an anonymous researcher\n\nEntry added September 25, 2017\n\n**Profiles**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Device pairing records could be inadvertently installed on a device when a profile that disallows pairing is installed\n\nDescription: Pairings were not removed when a profile disallowing pairings was installed. This was addressed by removing pairings conflicting with the configuration profile.\n\nCVE-2017-13806: Rorie Hood of MWR InfoSecurity\n\nEntry added November 2, 2017\n\n**Quick Look**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13822: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**Quick Look**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-7132: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**Safari**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-7085: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Sandbox Profiles**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to learn information about the presence of other applications on the device.\n\nDescription: An application was able to determine the existence of files outside of its sandbox. This issue was addressed through additional sandbox checks.\n\nCVE-2017-13877: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 30, 2017\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A revoked certificate may be trusted\n\nDescription: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation.\n\nCVE-2017-7080: an anonymous researcher, an anonymous researcher, Sven Driemecker of adesso mobile solutions gmbh, Rune Darrud (@theflyingcorpse) of B\u00e6rum kommune\n\nEntry added September 25, 2017\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious app may be able to track users between installs\n\nDescription: A permission checking issue existed in the handling of an app's Keychain data. This issue was addressed with improved permission checking.\n\nCVE-2017-7146: an anonymous researcher\n\nEntry added September 25, 2017\n\n**SQLite**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating to version 3.19.3.\n\nCVE-2017-10989: found by OSS-Fuzz\n\nCVE-2017-7128: found by OSS-Fuzz\n\nCVE-2017-7129: found by OSS-Fuzz\n\nCVE-2017-7130: found by OSS-Fuzz\n\nEntry added September 25, 2017\n\n**SQLite**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7127: an anonymous researcher\n\nEntry added September 25, 2017\n\n**Telephony**\n\nAvailable for: iPhone 5s and later, and Wi-Fi + Cellular models of iPad Air generation and later\n\nImpact: An attacker within range may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-6211: Matthew Spisak of ENDGAME (endgame.com)\n\nEntry added December 4, 2017\n\n**Time**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: \"Setting Time Zone\" may incorrectly indicate that it is using location\n\nDescription: A permissions issue existed in the process that handles time zone information. The issue was resolved by modifying permissions.\n\nCVE-2017-7145: Chris Lawrence\n\nEntry updated October 9, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-7081: Apple\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7087: Apple\n\nCVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7092: Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative, Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team\n\nCVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group\n\nCVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7096: Wei Yuan of Baidu Security Lab\n\nCVE-2017-7098: Felipe Freitas of Instituto Tecnol\u00f3gico de Aeron\u00e1utica\n\nCVE-2017-7099: Apple\n\nCVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53\n\nCVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University\n\nCVE-2017-7104: likemeng of Baidu Secutity Lab\n\nCVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University\n\nCVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7117: lokihardt of Google Project Zero\n\nCVE-2017-7120: chenqin (\u9648\u94a6) of Ant-financial Light-Year Security Lab\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management.\n\nCVE-2017-7089: Anton Lopanitsyn of ONSEC, Frans Ros\u00e9n of Detectify\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Cookies belonging to one origin may be sent to another origin\n\nDescription: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.\n\nCVE-2017-7090: Apple\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-7106: Oliver Paukstadt of Thinking Objects GmbH (to.com)\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: Application Cache policy may be unexpectedly applied.\n\nCVE-2017-7109: avlidienbrunn\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to track users in Safari private browsing mode\n\nDescription: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions.\n\nCVE-2017-7144: Mohammad Ghasemisharif of UIC\u2019s BITS Lab\n\nEntry updated October 9, 2017\n\n**WebKit Storage**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Website data may persist after a Safari Private browsing session\n\nDescription: An information leakage issue existed in the handling of website data in Safari Private windows. This issue was addressed with improved data handling.\n\nCVE-2017-7142: Rich Shawn O\u2019Connell, an anonymous researcher, an anonymous researcher\n\nEntry added November 10, 2017\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-11120: Gal Beniamini of Google Project Zero\n\nCVE-2017-11121: Gal Beniamini of Google Project Zero\n\nEntry added September 25, 2017\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7103: Gal Beniamini of Google Project Zero\n\nCVE-2017-7105: Gal Beniamini of Google Project Zero\n\nCVE-2017-7108: Gal Beniamini of Google Project Zero\n\nCVE-2017-7110: Gal Beniamini of Google Project Zero\n\nCVE-2017-7112: Gal Beniamini of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor\n\nDescription: Multiple race conditions were addressed through improved validation.\n\nCVE-2017-7115: Gal Beniamini of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to read restricted kernel memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-7116: Gal Beniamini of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A attacker within range may be able to read restricted memory from the Wi-Fi chipset\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-11122: Gal Beniamini of Google Project Zero\n\nEntry added October 2, 2017\n\n**zlib**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Multiple issues in zlib\n\nDescription: Multiple issues were addressed by updating to version 1.2.11.\n\nCVE-2016-9840\n\nCVE-2016-9841\n\nCVE-2016-9842\n\nCVE-2016-9843\n\nEntry added September 25, 2017\n\n\n\n## Additional recognition \n\n**LaunchServices**\n\nWe would like to acknowledge Mark Zimmermann of EnBW Energie Baden-W\u00fcrttemberg AG for their assistance.\n\n**Security**\n\nWe would like to acknowledge Abhinav Bansal of Zscaler, Inc. for their assistance.\n\n**Webkit**\n\nWe would like to acknowledge xisigr of Tencent's Xuanwu Lab (tencent.com) for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter for their assistance.\n\n**WebKit Web Inspector**\n\nWe would like to acknowledge Ioan Biz\u0103u of Bloggify for their assistance.\n", "edition": 2, "modified": "2020-07-27T08:16:39", "published": "2020-07-27T08:16:39", "id": "APPLE:HT208112", "href": "https://support.apple.com/kb/HT208112", "title": "About the security content of iOS 11 - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-07T18:06:07", "bulletinFamily": "software", "cvelist": ["CVE-2017-6459", "CVE-2017-7077", "CVE-2017-13810", "CVE-2017-13873", "CVE-2017-9233", "CVE-2016-2161", "CVE-2017-10989", "CVE-2017-13854", "CVE-2017-7143", "CVE-2016-9840", "CVE-2017-13840", "CVE-2017-13843", "CVE-2017-13809", "CVE-2017-7084", "CVE-2017-13823", "CVE-2016-8743", "CVE-2017-7138", "CVE-2016-9063", "CVE-2017-13822", "CVE-2017-13816", "CVE-2017-7126", "CVE-2017-13910", "CVE-2017-11103", "CVE-2017-13906", "CVE-2017-13832", "CVE-2017-13846", "CVE-2017-7132", "CVE-2017-6455", "CVE-2017-6460", "CVE-2017-13908", "CVE-2017-13811", "CVE-2017-7130", "CVE-2017-7128", "CVE-2017-13815", "CVE-2017-9049", "CVE-2016-9842", "CVE-2017-7114", "CVE-2017-13820", "CVE-2017-13836", "CVE-2017-6451", "CVE-2017-1000373", "CVE-2017-13827", "CVE-2017-7083", "CVE-2017-7121", "CVE-2017-7074", "CVE-2017-13808", "CVE-2017-7078", "CVE-2017-13813", "CVE-2017-7129", "CVE-2017-13831", "CVE-2017-7376", "CVE-2017-0381", "CVE-2017-13833", "CVE-2017-7080", "CVE-2017-6458", "CVE-2017-13890", "CVE-2017-13812", "CVE-2017-13824", "CVE-2018-4302", "CVE-2017-7141", "CVE-2016-4736", "CVE-2017-7119", "CVE-2017-13829", "CVE-2017-13851", "CVE-2017-13828", "CVE-2017-13839", "CVE-2017-13821", "CVE-2017-13834", "CVE-2017-13830", "CVE-2016-9042", "CVE-2017-7125", "CVE-2017-6462", "CVE-2017-13838", "CVE-2017-6463", "CVE-2017-13818", "CVE-2016-9843", "CVE-2016-8740", "CVE-2017-10140", "CVE-2017-13841", "CVE-2017-6452", "CVE-2016-5387", "CVE-2017-7086", "CVE-2017-7082", "CVE-2017-13835", "CVE-2017-13782", "CVE-2017-13807", "CVE-2017-13819", "CVE-2017-13814", "CVE-2017-13817", "CVE-2017-13837", "CVE-2016-9841", "CVE-2017-7127", "CVE-2017-6464", "CVE-2017-13825", "CVE-2017-7124", "CVE-2017-7123", "CVE-2017-13842", "CVE-2016-0736", "CVE-2017-5130", "CVE-2017-7122", "CVE-2017-13909", "CVE-2017-9050"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS High Sierra 10.13\n\nReleased September 25, 2017\n\n**802.1X**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An attacker may be able to exploit weaknesses in TLS 1.0\n\nDescription: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2.\n\nCVE-2017-13832: Doug Wussler of Florida State University\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**apache**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in Apache\n\nDescription: Multiple issues existed in Apache. These were addressed by updating Apache to version 2.4.25.\n\nCVE-2016-0736\n\nCVE-2016-2161\n\nCVE-2016-5387\n\nCVE-2016-8740\n\nCVE-2016-8743\n\nEntry added October 31, 2017, updated December 14, 2018\n\n**Apple Account Settings**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local attacker may gain access to iCloud authentication tokens\n\nDescription: An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain.\n\nCVE-2017-13909: Andreas Nilsson\n\nEntry added October 18, 2018\n\n**AppleScript**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13809: bat0s\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Application Firewall**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A previously denied application firewall setting may take effect after upgrading\n\nDescription: An upgrade issue existed in the handling of firewall settings. This issue was addressed through improved handling of firewall settings during upgrades.\n\nCVE-2017-7084: an anonymous researcher\n\n**AppSandbox**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to cause a denial of service\n\nDescription: Multiple denial of service issues were addressed through improved memory handling.\n\nCVE-2017-7074: Daniel Jalkut of Red Sweater Software\n\n**ATS**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13820: John Villamil, Doyensec\n\nEntry added October 31, 2017\n\n**Audio**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team\n\nEntry added October 31, 2017\n\n**Captive Network Assistant**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local user may unknowingly send a password unencrypted over the network\n\nDescription: The security state of the captive portal browser was not obvious. This issue was addressed with improved visibility of the captive portal browser security state.\n\nCVE-2017-7143: Matthew Green of Johns Hopkins University\n\nEntry updated October 3, 2017\n\n**CFNetwork**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**CFNetwork Proxies**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An attacker in a privileged network position may be able to cause a denial of service\n\nDescription: Multiple denial of service issues were addressed through improved memory handling.\n\nCVE-2017-7083: Abhinav Bansal of Zscaler Inc.\n\n**CFString**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13821: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**CoreAudio**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed by updating to Opus version 1.1.4.\n\nCVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro\n\n**CoreText**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13825: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**CoreTypes**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted webpage may result in the mounting of a disk image\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2017-13890: Apple, Theodor Ragnar Gislason of Syndis\n\nEntry added March 29, 2018\n\n**DesktopServices**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local attacker may be able to observe unprotected user data\n\nDescription: A file access issue existed with certain home folder files. This was addressed with improved access restrictions.\n\nCVE-2017-13851: Henrique Correa de Amorim\n\nEntry added November 2, 2017, updated February 14, 2018\n\n**Directory Utility**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local attacker may be able to determine the Apple ID of the owner of the computer\n\nDescription: A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls.\n\nCVE-2017-7138: Daniel Kvak of Masaryk University\n\nEntry updated October 3, 2017\n\n**file**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.30.\n\nCVE-2017-7121: found by OSS-Fuzz\n\nCVE-2017-7122: found by OSS-Fuzz\n\nCVE-2017-7123: found by OSS-Fuzz\n\nCVE-2017-7124: found by OSS-Fuzz\n\nCVE-2017-7125: found by OSS-Fuzz\n\nCVE-2017-7126: found by OSS-Fuzz\n\n**file**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.31.\n\nCVE-2017-13815\n\nEntry added October 31, 2017\n\n**Fonts**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Rendering untrusted text may lead to spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**fsck_msdos**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13811: V.E.O. (@VYSEa) of Mobile Advanced Threat Team of Trend Micro\n\nEntry updated November 2, 2017\n\n**fsck_msdos**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13835: an anonymous researcher\n\nEntry added October 18, 2018\n\n**Heimdal**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An attacker in a privileged network position may be able to impersonate a service\n\nDescription: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed through improved validation.\n\nCVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams\n\n**HelpViewer**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A quarantined HTML file may execute arbitrary JavaScript cross-origin\n\nDescription: A cross-site scripting issue existed in HelpViewer. This issue was addressed by removing the affected file.\n\nCVE-2017-13819: Filippo Cavallarin of SecuriTeam Secure Disclosure\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**HFS**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\n\nEntry added October 31, 2017\n\n**ImageIO**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13814: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**ImageIO**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry added October 31, 2017, updated April 3, 2019\n\n**Installer**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A malicious application may be able to access the FileVault unlock key\n\nDescription: This issue was addressed by removing additional entitlements.\n\nCVE-2017-13837: Patrick Wardle of Synack\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**IOAcceleratorFamily**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13906\n\nEntry added October 18, 2018\n\n**IOFireWireFamily**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7077: Brandon Azad\n\n**IOFireWireFamily**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-7119: Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc., Benjamin Gnahm (@mitp0sh) of PDX\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7114: Alex Plaskett of MWR InfoSecurity\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: A permissions issue existed in kernel packet counters. This issue was addressed through improved permission validation.\n\nCVE-2017-13810: Zhiyun Qian of University of California, Riverside\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-2017-13817: Maxime Villard (m00nbsd)\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13818: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2017-13836: Vlad Tsyrklevich\n\nCVE-2017-13841: Vlad Tsyrklevich\n\nCVE-2017-13840: Vlad Tsyrklevich\n\nCVE-2017-13842: Vlad Tsyrklevich\n\nCVE-2017-13782: Kevin Backhouse of Semmle Ltd.\n\nEntry added October 31, 2017, updated June 18, 2018\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13843: an anonymous researcher, an anonymous researcher\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13854: shrek_wzw of Qihoo 360 Nirvan Team\n\nEntry added November 2, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a malformed mach binary may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved validation.\n\nCVE-2017-13834: Maxime Villard (m00nbsd)\n\nEntry added November 10, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access network activity information maintained by the operating system unrestricted. This issue was addressed by reducing the information available to third party applications.\n\nCVE-2017-13873: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 30, 2017\n\n**kext tools**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A logic error in kext loading was addressed with improved state handling.\n\nCVE-2017-13827: an anonymous researcher\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-13813: found by OSS-Fuzz\n\nCVE-2017-13816: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation.\n\nCVE-2017-13812: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2016-4736: an anonymous researcher\n\nEntry added October 31, 2017\n\n**libc**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A remote attacker may be able to cause a denial-of-service\n\nDescription: A resource exhaustion issue in glob() was addressed through an improved algorithm.\n\nCVE-2017-7086: Russ Cox of Google\n\n**libc**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-1000373\n\n**libexpat**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in expat\n\nDescription: Multiple issues were addressed by updating to version 2.2.1\n\nCVE-2016-9063\n\nCVE-2017-9233\n\n**libxml2**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2018-4302: Gustavo Grieco\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-5130: an anonymous researcher\n\nCVE-2017-7376: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**Mail**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: The sender of an email may be able to determine the IP address of the recipient\n\nDescription: Turning off \"Load remote content in messages\" did not apply to all mailboxes. This issue was addressed with improved setting propagation.\n\nCVE-2017-7141: John Whitehead of The New York Times\n\nEntry updated October 3, 2017\n\n**Mail Drafts**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An attacker with a privileged network position may be able to intercept mail contents\n\nDescription: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.\n\nCVE-2017-7078: Petter Flink, Pierre ALBAR\u00c8DE from Marseille (France), an anonymous researcher\n\nEntry updated October 3, 2017\n\n**ntp**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in ntp\n\nDescription: Multiple issues were addressed by updating to version 4.2.8p10\n\nCVE-2017-6451: Cure53 \n\nCVE-2017-6452: Cure53 \n\nCVE-2017-6455: Cure53 \n\nCVE-2017-6458: Cure53 \n\nCVE-2017-6459: Cure53 \n\nCVE-2017-6460: Cure53 \n\nCVE-2017-6462: Cure53 \n\nCVE-2017-6463: Cure53 \n\nCVE-2017-6464: Cure53\n\nCVE-2016-9042: Matthew Van Gundy of Cisco\n\n**Open Scripting Architecture**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13824: an anonymous researcher\n\nEntry added October 31, 2017\n\n**PCRE**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in pcre\n\nDescription: Multiple issues were addressed by updating to version 8.40.\n\nCVE-2017-13846\n\nEntry added October 31, 2017\n\n**Postfix**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in Postfix\n\nDescription: Multiple issues were addressed by updating to version 3.2.2.\n\nCVE-2017-10140: an anonymous researcher\n\nEntry added October 31, 2017, updated November 17, 2017\n\n**Quick Look**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13822: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**Quick Look**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-7132: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**QuickTime**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13823: Xiangkun Jia of Institute of Software Chinese Academy of Sciences\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Remote Management**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13808: an anonymous researcher\n\nEntry added October 31, 2017\n\n**Sandbox**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13838: Alastair Houghton\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Screen Lock**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Application Firewall prompts may appear over Login Window\n\nDescription: A window management issue was addressed through improved state management.\n\nCVE-2017-7082: Tim Kingman\n\n**Security**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A revoked certificate may be trusted\n\nDescription: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation.\n\nCVE-2017-7080: Sven Driemecker of adesso mobile solutions gmbh, Rune Darrud (@theflyingcorpse) of B\u00e6rum kommune, an anonymous researcher, an anonymous researcher\n\n**SMB**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local attacker may be able to execute non-executable text files via an SMB share\n\nDescription: An issue in handling file permissions was addressed with improved validation.\n\nCVE-2017-13908: an anonymous researcher\n\nEntry added October 18, 2018\n\n**Spotlight**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Spotlight may display results for files not belonging to the user\n\nDescription: An access issue existed in Spotlight. This issue was addressed through improved access restrictions.\n\nCVE-2017-13839: Ken Harris of the Free Robot Collective\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Spotlight**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to access restricted files\n\nDescription: An access issue was addressed with additional sandbox restrictions on applications.\n\nCVE-2017-13910\n\nEntry added October 18, 2018\n\n**SQLite**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating to version 3.19.3.\n\nCVE-2017-10989: found by OSS-Fuzz\n\nCVE-2017-7128: found by OSS-Fuzz\n\nCVE-2017-7129: found by OSS-Fuzz\n\nCVE-2017-7130: found by OSS-Fuzz\n\n**SQLite**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7127: an anonymous researcher\n\n**zlib**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in zlib\n\nDescription: Multiple issues were addressed by updating to version 1.2.11.\n\nCVE-2016-9840\n\nCVE-2016-9841\n\nCVE-2016-9842\n\nCVE-2016-9843\n\n\n\n## Additional recognition\n\n**Mail**\n\nWe would like to acknowledge Jon Bottarini of HackerOne for their assistance.\n\nEntry added February 6, 2020\n\n**Security**\n\nWe would like to acknowledge Abhinav Bansal of Zscaler, Inc. for their assistance.\n\n**NSWindow**\n\nWe would like to acknowledge Trent Apted of the Google Chrome team for their assistance.\n\n**WebKit Web Inspector**\n\nWe would like to acknowledge Ioan Biz\u0103u of Bloggify for their assistance.\n\n\n\n## macOS High Sierra 10.13 Supplemental Update\n\nNew downloads of macOS High Sierra 10.13 include the security content of the [macOS High Sierra 10.13 Supplemental Update](<https://support.apple.com/kb/HT208165>).\n", "edition": 1, "modified": "2020-02-06T07:51:09", "published": "2020-02-06T07:51:09", "id": "APPLE:HT208144", "href": "https://support.apple.com/kb/HT208144", "title": "About the security content of macOS High Sierra 10.13 - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-07T18:06:23", "bulletinFamily": "software", "cvelist": ["CVE-2017-13008", "CVE-2017-13038", "CVE-2017-13040", "CVE-2017-12902", "CVE-2017-13786", "CVE-2017-13810", "CVE-2017-12986", "CVE-2017-13036", "CVE-2018-4390", "CVE-2017-13031", "CVE-2017-12896", "CVE-2016-2161", "CVE-2017-12893", "CVE-2017-13037", "CVE-2017-13053", "CVE-2017-13799", "CVE-2017-13840", "CVE-2017-12998", "CVE-2017-13080", "CVE-2017-13006", "CVE-2017-13843", "CVE-2017-11543", "CVE-2017-13049", "CVE-2017-13026", "CVE-2017-13809", "CVE-2017-13017", "CVE-2017-13687", "CVE-2017-12991", "CVE-2017-13016", "CVE-2017-12897", "CVE-2017-13051", "CVE-2017-13029", "CVE-2017-3167", "CVE-2017-13035", "CVE-2017-13823", "CVE-2017-13689", "CVE-2016-8743", "CVE-2017-13027", "CVE-2017-13010", "CVE-2017-12900", "CVE-2017-13822", "CVE-2017-13046", "CVE-2017-12901", "CVE-2017-11103", "CVE-2017-13906", "CVE-2017-13852", "CVE-2017-13022", "CVE-2017-13846", "CVE-2017-13019", "CVE-2017-13043", "CVE-2017-7132", "CVE-2017-5969", "CVE-2017-13907", "CVE-2017-13908", "CVE-2017-11108", "CVE-2017-13811", "CVE-2017-13815", "CVE-2017-13054", "CVE-2017-13800", "CVE-2017-13688", "CVE-2017-9049", "CVE-2017-13050", "CVE-2017-12895", "CVE-2017-12997", "CVE-2017-13013", "CVE-2017-13048", "CVE-2017-12985", "CVE-2017-13820", "CVE-2017-13836", "CVE-2017-13078", "CVE-2017-12996", "CVE-2017-13690", "CVE-2017-13808", "CVE-2017-12992", "CVE-2017-13005", "CVE-2017-13014", "CVE-2017-13052", "CVE-2017-13813", "CVE-2017-13831", "CVE-2018-4391", "CVE-2017-12993", "CVE-2017-7376", "CVE-2017-12990", "CVE-2017-13725", "CVE-2017-13024", "CVE-2017-13833", "CVE-2017-11542", "CVE-2017-13804", "CVE-2017-13812", "CVE-2017-13824", "CVE-2017-13028", "CVE-2017-1000101", "CVE-2016-4736", "CVE-2017-11541", "CVE-2017-13000", "CVE-2017-13041", "CVE-2017-13829", "CVE-2017-13828", "CVE-2017-13015", "CVE-2017-13821", "CVE-2017-13834", "CVE-2017-13830", "CVE-2017-12988", "CVE-2017-13018", "CVE-2017-13838", "CVE-2017-13818", "CVE-2017-12999", "CVE-2017-12899", "CVE-2016-8740", "CVE-2017-10140", "CVE-2017-13841", "CVE-2017-9788", "CVE-2017-13020", "CVE-2017-13032", "CVE-2017-13025", "CVE-2016-5387", "CVE-2017-13011", "CVE-2017-13042", "CVE-2017-1000100", "CVE-2017-13003", "CVE-2017-9789", "CVE-2017-13047", "CVE-2017-13782", "CVE-2017-13807", "CVE-2017-13012", "CVE-2017-7170", "CVE-2017-7668", "CVE-2017-13044", "CVE-2017-13004", "CVE-2017-13819", "CVE-2017-13814", "CVE-2017-13033", "CVE-2017-13817", "CVE-2017-13009", "CVE-2017-3169", "CVE-2017-13007", "CVE-2017-13055", "CVE-2017-13001", "CVE-2017-13077", "CVE-2017-12987", "CVE-2017-13030", "CVE-2017-7659", "CVE-2017-13023", "CVE-2017-7150", "CVE-2017-13002", "CVE-2017-13039", "CVE-2017-13825", "CVE-2017-13801", "CVE-2017-13842", "CVE-2016-0736", "CVE-2017-5130", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12989", "CVE-2017-12894", "CVE-2017-13021", "CVE-2017-12898", "CVE-2017-13045", "CVE-2017-7679", "CVE-2017-9050", "CVE-2017-13034"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan\n\nReleased October 31, 2017\n\n**apache**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Multiple issues in Apache\n\nDescription: Multiple issues were addressed by updating to version 2.4.27.\n\nCVE-2016-0736\n\nCVE-2016-2161\n\nCVE-2016-5387\n\nCVE-2016-8740\n\nCVE-2016-8743\n\nCVE-2017-3167\n\nCVE-2017-3169\n\nCVE-2017-7659\n\nCVE-2017-7668\n\nCVE-2017-7679\n\nCVE-2017-9788\n\nCVE-2017-9789\n\nEntry updated November 14, 2017\n\n**APFS**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: A malicious Thunderbolt adapter may be able to recover unencrypted APFS filesystem data\n\nDescription: An issue existed in the handling of DMA. This issue was addressed by limiting the time the FileVault decryption buffers are DMA mapped to the duration of the I/O operation.\n\nCVE-2017-13786: Dmytro Oleksiuk\n\nEntry updated November 10, 2017\n\n**APFS**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13800: Sergej Schumilo of Ruhr-University Bochum\n\n**AppleScript**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13809: bat0s\n\nEntry updated November 10, 2017\n\n**ATS**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13820: John Villamil, Doyensec\n\n**Audio**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team\n\nEntry updated January 22, 2019\n\n**CFNetwork**\n\nAvailable for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**CFString**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13821: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\n**CoreText**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13825: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry updated November 16, 2018\n\n**curl**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Uploading using TFTP to a maliciously crafted URL with libcurl may disclose application memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-1000100: Even Rouault, found by OSS-Fuzz\n\n**curl**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Processing a maliciously crafted URL with libcurl may cause unexpected application termination or read process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-1000101: Brian Carpenter, Yongji Ouyang\n\n**Dictionary Widget**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Searching pasted text in the Dictionary widget may lead to compromise of user information\n\nDescription: A validation issue existed which allowed local file access. This was addressed with input sanitization.\n\nCVE-2017-13801: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**file**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.31.\n\nCVE-2017-13815: found by OSS-Fuzz\n\nEntry updated October 18, 2018\n\n**Fonts**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Rendering untrusted text may lead to spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome\n\nEntry updated November 10, 2017\n\n**fsck_msdos**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13811: V.E.O. (@VYSEa) of Mobile Advanced Threat Team of Trend Micro\n\nEntry updated November 2, 2017\n\n**HFS**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\n\n**Heimdal**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An attacker in a privileged network position may be able to impersonate a service\n\nDescription: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed with improved validation.\n\nCVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams\n\nEntry updated January 22, 2019\n\n**HelpViewer**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A quarantined HTML file may execute arbitrary JavaScript cross-origin\n\nDescription: A cross-site scripting issue existed in HelpViewer. This issue was addressed by removing the affected file.\n\nCVE-2017-13819: Filippo Cavallarin of SecuriTeam Secure Disclosure\n\nEntry updated November 10, 2017\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13814: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry updated November 16, 2018\n\n**ImageIO**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry updated April 3, 2019\n\n**IOAcceleratorFamily**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13906\n\nEntry added October 18, 2018\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: A permissions issue existed in kernel packet counters. This issue was addressed with improved permission validation.\n\nCVE-2017-13810: Zhiyun Qian of University of California, Riverside\n\nEntry updated January 22, 2019\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2017-13817: Maxime Villard (m00nbsd)\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13818: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2017-13836: Vlad Tsyrklevich\n\nCVE-2017-13841: Vlad Tsyrklevich\n\nCVE-2017-13840: Vlad Tsyrklevich\n\nCVE-2017-13842: Vlad Tsyrklevich\n\nCVE-2017-13782: Kevin Backhouse of Semmle Ltd.\n\nEntry updated June 18, 2018\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13843: an anonymous researcher, an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing a malformed mach binary may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2017-13834: Maxime Villard (m00nbsd)\n\nEntry updated January 22, 2019\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13799: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry updated November 10, 2017\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access process information maintained by the operating system unrestricted. This issue was addressed with rate limiting.\n\nCVE-2017-13852: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 10, 2017, updated January 22, 2019\n\n**libarchive**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.\n\nCVE-2017-13813: found by OSS-Fuzz\n\nEntry updated November 16, 2018, updated January 22, 2019\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.\n\nCVE-2017-13812: found by OSS-Fuzz\n\nEntry updated January 22, 2019\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2016-4736: Proteas of Qihoo 360 Nirvan Team\n\nEntry updated December 21, 2017\n\n**libxml2**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2017-5969: Gustavo Grieco\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: OS X El Capitan 10.11.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-5130: an anonymous researcher\n\nCVE-2017-7376: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**LinkPresentation**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nCVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nEntry added November 16, 2018\n\n**Login Window**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: The screen lock may unexpectedly remain unlocked\n\nDescription: A state management issue was addressed with improved state validation.\n\nCVE-2017-13907: an anonymous researcher\n\nEntry added October 18, 2018\n\n**Open Scripting Architecture**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13824: an anonymous researcher\n\n**PCRE**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Multiple issues in pcre\n\nDescription: Multiple issues were addressed by updating to version 8.40.\n\nCVE-2017-13846\n\n**Postfix**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Multiple issues in Postfix\n\nDescription: Multiple issues were addressed by updating to version 3.2.2.\n\nCVE-2017-10140: an anonymous researcher\n\nEntry updated November 17, 2017\n\n**Quick Look**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13822: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\n**Quick Look**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-7132: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry updated January 22, 2019\n\n**QuickTime**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13823: Xiangkun Jia of Institute of Software Chinese Academy of Sciences\n\nEntry updated November 10, 2017\n\n**Remote Management**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13808: an anonymous researcher\n\n**Sandbox**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13838: Alastair Houghton\n\nEntry updated November 10, 2017\n\n**Security**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2017-7170: Patrick Wardle of Synack\n\nEntry added January 11, 2018\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A malicious application can extract keychain passwords\n\nDescription: A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access.\n\nCVE-2017-7150: Patrick Wardle of Synack\n\nEntry added November 17, 2017\n\n**SMB**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: A local attacker may be able to execute non-executable text files via an SMB share\n\nDescription: An issue in handling file permissions was addressed with improved validation.\n\nCVE-2017-13908: an anonymous researcher\n\nEntry added October 18, 2018\n\n**StreamingZip**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A malicious zip file may be able modify restricted areas of the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.\n\n**tcpdump**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6\n\nImpact: Multiple issues in tcpdump\n\nDescription: Multiple issues were addressed by updating to version 4.9.2.\n\nCVE-2017-11108\n\nCVE-2017-11541\n\nCVE-2017-11542\n\nCVE-2017-11543\n\nCVE-2017-12893\n\nCVE-2017-12894\n\nCVE-2017-12895\n\nCVE-2017-12896\n\nCVE-2017-12897\n\nCVE-2017-12898\n\nCVE-2017-12899\n\nCVE-2017-12900\n\nCVE-2017-12901\n\nCVE-2017-12902\n\nCVE-2017-12985\n\nCVE-2017-12986\n\nCVE-2017-12987\n\nCVE-2017-12988\n\nCVE-2017-12989\n\nCVE-2017-12990\n\nCVE-2017-12991\n\nCVE-2017-12992\n\nCVE-2017-12993\n\nCVE-2017-12994\n\nCVE-2017-12995\n\nCVE-2017-12996\n\nCVE-2017-12997\n\nCVE-2017-12998\n\nCVE-2017-12999\n\nCVE-2017-13000\n\nCVE-2017-13001\n\nCVE-2017-13002\n\nCVE-2017-13003\n\nCVE-2017-13004\n\nCVE-2017-13005\n\nCVE-2017-13006\n\nCVE-2017-13007\n\nCVE-2017-13008\n\nCVE-2017-13009\n\nCVE-2017-13010\n\nCVE-2017-13011\n\nCVE-2017-13012\n\nCVE-2017-13013\n\nCVE-2017-13014\n\nCVE-2017-13015\n\nCVE-2017-13016\n\nCVE-2017-13017\n\nCVE-2017-13018\n\nCVE-2017-13019\n\nCVE-2017-13020\n\nCVE-2017-13021\n\nCVE-2017-13022\n\nCVE-2017-13023\n\nCVE-2017-13024\n\nCVE-2017-13025\n\nCVE-2017-13026\n\nCVE-2017-13027\n\nCVE-2017-13028\n\nCVE-2017-13029\n\nCVE-2017-13030\n\nCVE-2017-13031\n\nCVE-2017-13032\n\nCVE-2017-13033\n\nCVE-2017-13034\n\nCVE-2017-13035\n\nCVE-2017-13036\n\nCVE-2017-13037\n\nCVE-2017-13038\n\nCVE-2017-13039\n\nCVE-2017-13040\n\nCVE-2017-13041\n\nCVE-2017-13042\n\nCVE-2017-13043\n\nCVE-2017-13044\n\nCVE-2017-13045\n\nCVE-2017-13046\n\nCVE-2017-13047\n\nCVE-2017-13048\n\nCVE-2017-13049\n\nCVE-2017-13050\n\nCVE-2017-13051\n\nCVE-2017-13052\n\nCVE-2017-13053\n\nCVE-2017-13054\n\nCVE-2017-13055\n\nCVE-2017-13687\n\nCVE-2017-13688\n\nCVE-2017-13689\n\nCVE-2017-13690\n\nCVE-2017-13725\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n", "edition": 1, "modified": "2019-04-03T09:42:09", "published": "2019-04-03T09:42:09", "id": "APPLE:HT208221", "href": "https://support.apple.com/kb/HT208221", "title": "About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
