Lucene search

K
ubuntucveUbuntu.comUB:CVE-2016-4610
HistoryJul 22, 2016 - 12:00 a.m.

CVE-2016-4610

2016-07-2200:00:00
ubuntu.com
ubuntu.com
19

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.047

Percentile

92.6%

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before
12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and
watchOS before 2.2.2 allows remote attackers to cause a denial of service
(memory corruption) or possibly have unspecified other impact via unknown
vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608,
CVE-2016-4609, and CVE-2016-4612.

Notes

Author Note
mdeslaur per Nick Wellnhofer, possibly one of these commits: https://git.gnome.org/browse/libxslt/commit/?id=ef7429bb4f1433726cc8fc4fe3d134d8a439fab1 https://git.gnome.org/browse/libxslt/commit/?id=93bb314768aafaffad1df15bbee10b7c5423e283 https://git.gnome.org/browse/libxslt/commit/?id=8b90c9a699e0eaa98bbeec63a473ddc73aaa238c https://git.gnome.org/browse/libxslt/commit/?id=87c3d9ea214fc0503fd8130b6dd97431d69cc066
sbeattie given the above, these were fixed in the upstream 1.1.29 release
sbettie incorporated patches into USN 3271-1
OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchlibxslt< 1.1.26-8ubuntu1.4UNKNOWN
ubuntu14.04noarchlibxslt< 1.1.28-2ubuntu0.1UNKNOWN
ubuntu16.04noarchlibxslt< 1.1.28-2.1ubuntu0.1UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.047

Percentile

92.6%