[Midnightbsd-cvs] mports [21959] trunk/security/vuxml/vuln.xml: update master list from freebsd.
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Thu Sep 29 17:08:20 EDT 2016
Revision: 21959
http://svnweb.midnightbsd.org/mports/?rev=21959
Author: laffer1
Date: 2016-09-29 17:08:20 -0400 (Thu, 29 Sep 2016)
Log Message:
-----------
update master list from freebsd. this is mostly right.
Modified Paths:
--------------
trunk/security/vuxml/vuln.xml
Modified: trunk/security/vuxml/vuln.xml
===================================================================
--- trunk/security/vuxml/vuln.xml 2016-09-29 21:06:38 UTC (rev 21958)
+++ trunk/security/vuxml/vuln.xml 2016-09-29 21:08:20 UTC (rev 21959)
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE vuxml PUBLIC "-//vuxml.org//DTD VuXML 1.1//EN" "http://www.vuxml.org/dtd/vuxml-1/vuxml-11.dtd">
<!--
-Copyright 2003-2014 Jacques Vidrine and contributors
+Copyright 2003-2016 Jacques Vidrine and contributors
Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
HTML, PDF, PostScript, RTF and so forth) with or without modification,
@@ -28,7 +28,7 @@
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- $FreeBSD: head/security/vuxml/vuln.xml 409851 2016-03-01 07:30:20Z matthew $
+ $FreeBSD: head/security/vuxml/vuln.xml 421245 2016-09-01 20:27:24Z gjb $
QUICK GUIDE TO ADDING A NEW ENTRY
@@ -58,6 +58,10657 @@
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="adccefd1-7080-11e6-a2cb-c80aa9043978">
+ <topic>openssh -- sshd -- remote valid user discovery and PAM /bin/login attack</topic>
+ <affects>
+ <package>
+ <name>openssh-portable</name>
+ <range><lt>7.3.p1,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OpenSSH project reports:</p>
+ <blockquote cite="http://www.openssh.com/txt/release-7.3">
+ <p>* sshd(8): Mitigate timing differences in password authentication
+ that could be used to discern valid from invalid account names
+ when long passwords were sent and particular password hashing
+ algorithms are in use on the server. CVE-2016-6210, reported by
+ EddieEzra.Harari at verint.com
+ </p>
+ <p> * sshd(8): (portable only) Ignore PAM environment vars when
+ UseLogin=yes. If PAM is configured to read user-specified
+ environment variables and UseLogin=yes in sshd_config, then a
+ hostile local user may attack /bin/login via LD_PRELOAD or
+ similar environment variables set via PAM. CVE-2015-8325,
+ found by Shayan Sadigh.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openssh.com/txt/release-7.3</url>
+ <cvename>CVE-2016-6210</cvename>
+ <cvename>CVE-2015-8325</cvename>
+ </references>
+ <dates>
+ <discovery>2016-08-01</discovery>
+ <entry>2016-09-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b11ab01b-6e19-11e6-ab24-080027ef73ec">
+ <topic>mailman -- CSRF protection enhancements</topic>
+ <affects>
+ <package>
+ <name>mailman</name>
+ <range><lt>2.1.23</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mark Sapiro reports:</p>
+ <blockquote cite="http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1668">
+ <p>CSRF protection has been extended to the user options page. This
+ was actually fixed by Tokio Kikuchi as part of the fix for LP:
+ #775294 and intended for Mailman 2.1.15, but that fix wasn't
+ completely merged at the time. The full fix also addresses the
+ admindb, and edithtml pages as well as the user options page and the
+ previously fixed admin pages. Thanks to Nishant Agarwala for reporting the issue.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1668</url>
+ <url>https://mail.python.org/pipermail/mailman-announce/2016-August/000226.html</url>
+ <cvename>CVE-2016-6893</cvename>
+ </references>
+ <dates>
+ <discovery>2016-08-19</discovery>
+ <entry>2016-08-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e195679d-045b-4953-bb33-be0073ba2ac6">
+ <topic>libxml2 -- multiple vulnabilities</topic>
+ <affects>
+ <package>
+ <name>libxml2</name>
+ <range><lt>2.9.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Daniel Veillard reports:</p>
+ <blockquote cite="https://mail.gnome.org/archives/xml/2016-May/msg00023.html">
+ <p>More format string warnings with possible format string
+ vulnerability (David Kilzer)</p>
+ <p>Avoid building recursive entities (Daniel Veillard)</p>
+ <p>Heap-based buffer overread in htmlCurrentChar (Pranjal Jumde)</p>
+ <p>Heap-based buffer-underreads due to xmlParseName (David Kilzer)</p>
+ <p>Heap use-after-free in xmlSAX2AttributeNs (Pranjal Jumde)</p>
+ <p>Heap use-after-free in htmlParsePubidLiteral and
+ htmlParseSystemiteral (Pranjal Jumde)</p>
+ <p>Fix some format string warnings with possible format string
+ vulnerability (David Kilzer)</p>
+ <p>Detect change of encoding when parsing HTML names (Hugh Davenport)</p>
+ <p>Fix inappropriate fetch of entities content (Daniel Veillard)</p>
+ <p>Bug 759398: Heap use-after-free in xmlDictComputeFastKey
+ (Pranjal Jumde)</p>
+ <p>Bug 758605: Heap-based buffer overread in xmlDictAddString
+ (Pranjal Jumde)</p>
+ <p>Bug 758588: Heap-based buffer overread in
+ xmlParserPrintFileContextInternal (David Kilzer)</p>
+ <p>Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup
+ (Pranjal Jumde)</p>
+ <p>Add missing increments of recursion depth counter to XML parser.
+ (Peter Simons)</p>
+ <p>Fix NULL pointer deref in XPointer range-to</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://mail.gnome.org/archives/xml/2016-May/msg00023.html</url>
+ <url>https://bugzilla.gnome.org/show_bug.cgi?id=759398</url>
+ <url>https://bugzilla.gnome.org/show_bug.cgi?id=758605</url>
+ <url>https://bugzilla.gnome.org/show_bug.cgi?id=758588</url>
+ <url>https://bugzilla.gnome.org/show_bug.cgi?id=757711</url>
+ <url>https://git.gnome.org/browse/libxml2/patch/?id=d8083bf77955b7879c1290f0c0a24ab8cc70f7fb</url>
+ <cvename>CVE-2016-1762</cvename>
+ <cvename>CVE-2016-1833</cvename>
+ <cvename>CVE-2016-1834</cvename>
+ <cvename>CVE-2016-1835</cvename>
+ <cvename>CVE-2016-1836</cvename>
+ <cvename>CVE-2016-1837</cvename>
+ <cvename>CVE-2016-1838</cvename>
+ <cvename>CVE-2016-1839</cvename>
+ <cvename>CVE-2016-1840</cvename>
+ <cvename>CVE-2016-3627</cvename>
+ <cvename>CVE-2016-3705</cvename>
+ <cvename>CVE-2016-4449</cvename>
+ <cvename>CVE-2016-4483</cvename>
+ </references>
+ <dates>
+ <discovery>2016-05-23</discovery>
+ <entry>2016-08-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4472ab39-6c66-11e6-9ca5-50e549ebab6c">
+ <topic>kdelibs -- directory traversal vulnerability</topic>
+ <affects>
+ <package>
+ <name>kdelibs</name>
+ <range><lt>4.14.10_7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>David Faure reports:</p>
+ <blockquote cite="https://www.kde.org/info/security/advisory-20160724-1.txt">
+ <p>A maliciously crafted archive (.zip or .tar.bz2) with "../" in the
+ file paths could be offered for download via the KNewStuff
+ framework (e.g. on www.kde-look.org), and upon extraction would
+ install files anywhere in the user's home directory.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-6232</cvename>
+ <url>https://www.kde.org/info/security/advisory-20160724-1.txt</url>
+ </references>
+ <dates>
+ <discovery>2016-07-24</discovery>
+ <entry>2016-08-27</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f5035ead-688b-11e6-8b1d-c86000169601">
+ <topic>eog -- out-of-bounds write</topic>
+ <affects>
+ <package>
+ <name>eog</name>
+ <range><lt>3.18.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Felix Riemann reports:</p>
+ <blockquote cite="https://mail.gnome.org/archives/ftp-release-list/2016-August/msg00123.html">
+ <p>CVE-2016-6855 out-of-bounds write in eog 3.10.2.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://mail.gnome.org/archives/ftp-release-list/2016-August/msg00123.html</url>
+ <cvename>CVE-2016-6855</cvename>
+ </references>
+ <dates>
+ <discovery>2016-08-21</discovery>
+ <entry>2016-08-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="44989c29-67d1-11e6-8b1d-c86000169601">
+ <topic>fontconfig -- insufficiently cache file validation</topic>
+ <affects>
+ <package>
+ <name>fontconfig</name>
+ <range><lt>1.12.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Debian security team reports:</p>
+ <blockquote cite="https://packetstormsecurity.com/files/138236/Debian-Security-Advisory-3644-1.html">
+ <p>Tobias Stoeckmann discovered that cache files are insufficiently
+ validated in fontconfig, a generic font configuration library. An
+ attacker can trigger arbitrary free() calls, which in turn allows
+ double free attacks and therefore arbitrary code execution. In
+ combination with setuid binaries using crafted cache files, this
+ could allow privilege escalation.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://packetstormsecurity.com/files/138236/Debian-Security-Advisory-3644-1.html</url>
+ <cvename>CVE-2016-5384</cvename>
+ </references>
+ <dates>
+ <discovery>2016-08-05</discovery>
+ <entry>2016-08-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7fe7df75-6568-11e6-a590-14dae9d210b8">
+ <topic>End of Life Ports</topic>
+ <affects>
+ <package>
+ <name>python32</name>
+ <name>python31</name>
+ <name>python30</name>
+ <name>python26</name>
+ <name>python25</name>
+ <name>python24</name>
+ <name>python23</name>
+ <name>python22</name>
+ <name>python21</name>
+ <name>python20</name>
+ <name>python15</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>php54</name>
+ <name>php53</name>
+ <name>php52</name>
+ <name>php5</name>
+ <name>php4</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>perl5</name>
+ <range><lt>5.18</lt></range>
+ </package>
+ <package>
+ <name>perl5.16</name>
+ <name>perl5.14</name>
+ <name>perl5.12</name>
+ <name>perl</name> <!-- Perl 5.10 and earlier were called "perl" -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>ruby</name>
+ <name>ruby_static</name>
+ <range><lt>2.1,1</lt></range>
+ </package>
+ <package>
+ <name>unifi2</name>
+ <name>unifi3</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>apache21</name>
+ <name>apache20</name>
+ <name>apache13</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>tomcat55</name>
+ <name>tomcat41</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>mysql51-client</name>
+ <name>mysql51-server</name>
+ <name>mysql50-client</name>
+ <name>mysql50-server</name>
+ <name>mysql41-client</name>
+ <name>mysql41-server</name>
+ <name>mysql40-client</name>
+ <name>mysql40-server</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>postgresql90-client</name>
+ <name>postgresql90-server</name>
+ <name>postgresql84-client</name>
+ <name>postgresql84-server</name>
+ <name>postgresql83-client</name>
+ <name>postgresql83-server</name>
+ <name>postgresql82-client</name>
+ <name>postgresql82-server</name>
+ <name>postgresql81-client</name>
+ <name>postgresql81-server</name>
+ <name>postgresql80-client</name>
+ <name>postgresql80-server</name>
+ <name>postgresql74-client</name>
+ <name>postgresql74-server</name>
+ <name>postgresql73-client</name>
+ <name>postgresql73-server</name>
+ <name>postgresql72-client</name>
+ <name>postgresql72-server</name>
+ <name>postgresql71-client</name>
+ <name>postgresql71-server</name>
+ <name>postgresql7-client</name>
+ <name>postgresql7-server</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>These packages have reached End of Life status and/or have
+ been removed from the Ports Tree. They may contain undocumented
+ security issues. Please take caution and find alternative
+ software as soon as possible.</p>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>211975</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2016-08-18</discovery>
+ <entry>2016-08-18</entry>
+ <modified>2016-08-19</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="e1c71d8d-64d9-11e6-b38a-25a46b33f2ed">
+ <topic>gnupg -- attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output</topic>
+ <affects>
+ <package>
+ <name>gnupg1</name>
+ <range><lt>1.4.21</lt></range>
+ </package>
+ <package>
+ <name>libgcrypt</name>
+ <range><lt>1.7.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Werner Koch reports:</p>
+ <blockquote cite="https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html">
+ <p>There was a bug in the mixing functions of Libgcrypt's random
+ number generator: An attacker who obtains 4640 bits from the RNG can
+ trivially predict the next 160 bits of output. This bug exists since
+ 1998 in all GnuPG and Libgcrypt versions.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html</url>
+ <cvename>CVE-2016-6313</cvename>
+ </references>
+ <dates>
+ <discovery>2016-08-17</discovery>
+ <entry>2016-08-18</entry>
+ <modified>2016-08-18</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="ef70b201-645d-11e6-9cdc-6805ca0b3d42">
+ <topic>phpmyadmin -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>phpmyadmin</name>
+ <range><ge>4.6.0</ge><lt>4.6.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpmyadmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-29/">
+ <h3>Summary</h3>
+ <p>Weakness with cookie encryption</p>
+ <h3>Description</h3>
+ <p>A pair of vulnerabilities were found affecting the
+ way cookies are stored.</p>
+ <ul>
+ <li>The decryption of the username/password is
+ vulnerable to a padding oracle attack. The can allow
+ an attacker who has access to a user's browser cookie
+ file to decrypt the username and password.</li>
+ <li>A vulnerability was found where the same
+ initialization vector (IV) is used to hash the
+ username and password stored in the phpMyAdmin
+ cookie. If a user has the same password as their
+ username, an attacker who examines the browser cookie
+ can see that they are the but the attacker can not
+ directly decode these values from the cookie as it is
+ still hashed.</li>
+ </ul>
+ <h3>Severity</h3>
+ <p>We consider this to be critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-30/">
+ <h3>Summary</h3>
+ <p>Multiple XSS vulnerabilities</p>
+ <h3>Description</h3>
+ <p>Multiple vulnerabilities have been discovered in the
+ following areas of phpMyAdmin:</p>
+ <ul>
+ <li>Zoom search: Specially crafted column content can
+ be used to trigger an XSS attack</li>
+ <li>GIS editor: Certain fields in the graphical GIS
+ editor at not properly escaped and can be used to
+ trigger an XSS attack</li>
+ <li>Relation view</li>
+ <li>The following Transformations:
+ <ul>
+ <li>Formatted</li>
+ <li>Imagelink</li>
+ <li>JPEG: Upload</li>
+ <li>RegexValidation</li>
+ <li>JPEG inline</li>
+ <li>PNG inline</li>
+ <li>transformation wrapper</li>
+ </ul>
+ </li>
+ <li>XML export</li>
+ <li>MediaWiki export</li>
+ <li>Designer</li>
+ <li>When the MySQL server is running with a
+ specially-crafted <code>log_bin</code> directive</li>
+ <li>Database tab</li>
+ <li>Replication feature</li>
+ <li>Database search</li>
+ </ul>
+ <h3>Severity</h3>
+ <p>We consider these vulnerabilities to be of
+ moderate severity.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-31/">
+ <h3>Summary</h3>
+ <p>Multiple XSS vulnerabilities</p>
+ <h3>Description</h3>
+ <p>XSS vulnerabilities were discovered in:</p>
+ <ul>
+ <li>The database privilege check</li>
+ <li>The "Remove partitioning" functionality</li>
+ </ul>
+ <p>Specially crafted database names can trigger the XSS
+ attack.</p>
+ <h3>Severity</h3>
+ <p>We consider these vulnerabilities to be of moderate
+ severity.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-32/">
+ <h3>Summary</h3>
+ <p>PHP code injection</p>
+ <h3>Description</h3>
+ <p>A vulnerability was found where a specially crafted
+ database name could be used to run arbitrary PHP
+ commands through the array export feature</p>
+ <h3>Severity</h3>
+ <p>We consider these vulnerabilities to be of
+ moderate severity.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-33/">
+ <h3>Summary</h3>
+ <p>Full path disclosure</p>
+ <h3>Description</h3>
+ <p>A full path disclosure vulnerability was discovered
+ where a user can trigger a particular error in the
+ export mechanism to discover the full path of phpMyAdmin
+ on the disk.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be
+ non-critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-34/">
+ <h3>Summary</h3>
+ <p>SQL injection attack</p>
+ <h3>Description</h3>
+ <p>A vulnerability was reported where a specially
+ crafted database and/or table name can be used to
+ trigger an SQL injection attack through the export
+ functionality.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be serious</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-35/">
+ <h3>Summary</h3>
+ <p>Local file exposure</p>
+ <h3>Description</h3>
+ <p>A vulnerability was discovered where a user can
+ exploit the LOAD LOCAL INFILE functionality to expose
+ files on the server to the database system.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be serious.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-36/">
+ <h3>Summary</h3>
+ <p>Local file exposure through symlinks with
+ UploadDir</p>
+ <h3>Description</h3>
+ <p>A vulnerability was found where a user can
+ specially craft a symlink on disk, to a file which
+ phpMyAdmin is permitted to read but the user is not,
+ which phpMyAdmin will then expose to the user.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be serious,
+ however due to the mitigation factors the
+ default state is not vulnerable.</p>
+ <h3>Mitigation factor</h3>
+ <p>1) The installation must be run with UploadDir configured
+ (not the default) 2) The user must be able to create a
+ symlink in the UploadDir 3) The user running the phpMyAdmin
+ application must be able to read the file</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-37/">
+ <h3>Summary</h3>
+ <p>Path traversal with SaveDir and UploadDir</p>
+ <h3>Description</h3>
+ <p>A vulnerability was reported with the <code>%u</code>
+ username replacement functionality of the SaveDir and
+ UploadDir features. When the username substitution is
+ configured, a specially-crafted user name can be used to
+ circumvent restrictions to traverse the file system.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be serious,
+ however due to the mitigation factors the default
+ state is not vulnerable.</p>
+ <h3>Mitigation factor</h3>
+ <p>1) A system must be configured with the %u username
+ replacement, such as `$cfg['SaveDir'] =
+ 'SaveDir_%u';` 2) The user must be able to create a
+ specially-crafted MySQL user, including the `/.` sequence of
+ characters, such as `/../../`</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-38/">
+ <h3>Summary</h3>
+ <p>Multiple XSS vulnerabilities</p>
+ <h3>Description</h3>
+ <p>Multiple XSS vulnerabilities were found in the following
+ areas:</p>
+ <ul>
+ <li>Navigation pane and database/table hiding
+ feature. A specially-crafted database name can be used
+ to trigger an XSS attack.</li>
+ <li>The "Tracking" feature. A specially-crafted query
+ can be used to trigger an XSS attack.</li>
+ <li>GIS visualization feature. </li>
+ </ul>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be non-critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-39/">
+ <h3>Summary</h3>
+ <p>SQL injection attack</p>
+ <h3>Description</h3>
+ <p>A vulnerability was discovered in the following
+ features where a user can execute an SQL injection
+ attack against the account of the control user:
+ <em>User group</em> Designer</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be serious.</p>
+ <h3>Mitigation factor</h3>
+ <p>The server must have a control user account created in
+ MySQL and configured in phpMyAdmin; installations without a
+ control user are not vulnerable.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-40/">
+ <h3>Summary</h3>
+ <p>SQL injection attack</p>
+ <h3>Description</h3>
+ <p>A vulnerability was reported where a specially
+ crafted database and/or table name can be used to
+ trigger an SQL injection attack through the export
+ functionality.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be serious</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-41/">
+ <h3>Summary</h3>
+ <p>Denial of service (DOS) attack in transformation
+ feature</p>
+ <h3>Description</h3>
+ <p>A vulnerability was found in the transformation feature
+ allowing a user to trigger a denial-of-service (DOS) attack
+ against the server.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be non-critical</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-42/">
+ <h3>Summary</h3>
+ <p>SQL injection attack as control user</p>
+ <h3>Description</h3>
+ <p>A vulnerability was discovered in the user interface
+ preference feature where a user can execute an SQL injection
+ attack against the account of the control user.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be serious.</p>
+ <h3>Mitigation factor</h3>
+ <p>The server must have a control user account created in
+ MySQL and configured in phpMyAdmin; installations without a
+ control user are not vulnerable.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-43/">
+ <h3>Summary</h3>
+ <p>Unvalidated data passed to unserialize()</p>
+ <h3>Description</h3>
+ <p>A vulnerability was reported where some data is passed to
+ the PHP <code>unserialize()</code> function without
+ verification that it's valid serialized data.</p>
+ <p>Due to how the <a href="https://secure.php.net/unserialize">PHP function</a>
+ operates,</p>
+ <blockquote>
+ <p>Unserialization can result in code being loaded and
+ executed due to object instantiation and autoloading, and
+ a malicious user may be able to exploit this.</p>
+ </blockquote>
+ <p>Therefore, a malicious user may be able to manipulate the
+ stored data in a way to exploit this weakness.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be moderately
+ severe.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-45/">
+ <h3>Summary</h3>
+ <p>DOS attack with forced persistent connections</p>
+ <h3>Description</h3>
+ <p>A vulnerability was discovered where an unauthenticated
+ user is able to execute a denial-of-service (DOS) attack by
+ forcing persistent connections when phpMyAdmin is running
+ with <code>$cfg['AllowArbitraryServer']=true;</code>.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be critical, although
+ note that phpMyAdmin is not vulnerable by default.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-46/">
+ <h3>Summary</h3>
+ <p>Denial of service (DOS) attack by for loops</p>
+ <h3>Description</h3>
+ <p>A vulnerability has been reported where a malicious
+ authorized user can cause a denial-of-service (DOS) attack
+ on a server by passing large values to a loop.</p>
+ <h3>Severity</h3>
+ <p>We consider this issue to be of moderate severity.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-47/">
+ <h3>Summary</h3>
+ <p>IPv6 and proxy server IP-based authentication rule
+ circumvention</p>
+ <h3>Description</h3>
+ <p>A vulnerability was discovered where, under certain
+ circumstances, it may be possible to circumvent the
+ phpMyAdmin IP-based authentication rules.</p>
+ <p>When phpMyAdmin is used with IPv6 in a proxy server
+ environment, and the proxy server is in the allowed range
+ but the attacking computer is not allowed, this
+ vulnerability can allow the attacking computer to connect
+ despite the IP rules.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be serious</p>
+ <h3>Mitigation factor</h3>
+ <p>* The phpMyAdmin installation must be running with
+ IP-based allow/deny rules * The phpMyAdmin installation must
+ be running behind a proxy server (or proxy servers) where
+ the proxy server is "allowed" and the attacker is
+ "denied" * The connection between the proxy server
+ and phpMyAdmin must be via IPv6</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-48/">
+ <h3>Summary</h3>
+ <p>Detect if user is logged in</p>
+ <h3>Description</h3>
+ <p>A vulnerability was reported where an attacker can
+ determine whether a user is logged in to phpMyAdmin.</p>
+ <p>The user's session, username, and password are not
+ compromised by this vulnerability.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be non-critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-49/">
+ <h3>Summary</h3>
+ <p>Bypass URL redirect protection</p>
+ <h3>Description</h3>
+ <p>A vulnerability was discovered where an attacker could
+ redirect a user to a malicious web page.</p>
+ <h3>Severity</h3>
+ <p>We consider this to be of moderate severity</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-50/">
+ <h3>Summary</h3>
+ <p>Referrer leak in url.php</p>
+ <h3>Description</h3>
+ <p>A vulnerability was discovered where an attacker can
+ determine the phpMyAdmin host location through the file
+ <code>url.php</code>.</p>
+ <h3>Severity</h3>
+ <p>We consider this to be of moderate severity.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-51/">
+ <h3>Summary</h3>
+ <p>Reflected File Download attack</p>
+ <h3>Description</h3>
+ <p>A vulnerability was discovered where an attacker may be
+ able to trigger a user to download a specially crafted
+ malicious SVG file.</p>
+ <h3>Severity</h3>
+ <p>We consider this issue to be of moderate severity.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-52/">
+ <h3>Summary</h3>
+ <p>ArbitraryServerRegexp bypass</p>
+ <h3>Description</h3>
+ <p>A vulnerability was reported with the
+ <code>$cfg['ArbitraryServerRegexp']</code> configuration
+ directive. An attacker could reuse certain cookie values in
+ a way of bypassing the servers defined by
+ <code>ArbitraryServerRegexp</code>.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be critical.</p>
+ <h3>Mitigation factor</h3>
+ <p>Only servers using
+ `$cfg['ArbitraryServerRegexp']` are vulnerable to
+ this attack.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-53/">
+ <h3>Summary</h3>
+ <p>Denial of service (DOS) attack by changing password to a
+ very long string</p>
+ <h3>Description</h3>
+ <p>An authenticated user can trigger a denial-of-service
+ (DOS) attack by entering a very long password at the change
+ password dialog.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be serious.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-54/">
+ <h3>Summary</h3>
+ <p>Remote code execution vulnerability when run as CGI</p>
+ <h3>Description</h3>
+ <p>A vulnerability was discovered where a user can execute a
+ remote code execution attack against a server when
+ phpMyAdmin is being run as a CGI application. Under certain
+ server configurations, a user can pass a query string which
+ is executed as a command-line argument by the file
+ <code>generator_plugin.sh</code>.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be critical.</p>
+ <h3>Mitigation factor</h3>
+ <p>The file
+ `/libraries/plugins/transformations/generator_plugin.sh` may
+ be removed. Under certain server configurations, it may be
+ sufficient to remove execute permissions for this file.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-55/">
+ <h3>Summary</h3>
+ <p>Denial of service (DOS) attack with dbase extension</p>
+ <h3>Description</h3>
+ <p>A flaw was discovered where, under certain conditions,
+ phpMyAdmin may not delete temporary files during the import
+ of ESRI files.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be non-critical.</p>
+ <h3>Mitigation factor</h3>
+ <p>This vulnerability only exists when PHP is running with
+ the dbase extension, which is not shipped by default, not
+ available in most Linux distributions, and doesn't
+ compile with PHP7.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-56/">
+ <h3>Summary</h3>
+ <p>Remote code execution vulnerability when PHP is running
+ with dbase extension</p>
+ <h3>Description</h3>
+ <p>A vulnerability was discovered where phpMyAdmin can be
+ used to trigger a remote code execution attack against
+ certain PHP installations. </p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be critical.</p>
+ <h3>Mitigation factor</h3>
+ <p>This vulnerability only exists when PHP is running with
+ the dbase extension, which is not shipped by default, not
+ available in most Linux distributions, and doesn't
+ compile with PHP7.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-29/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-30/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-31/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-32/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-33/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-34/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-35/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-36/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-37/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-38/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-39/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-40/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-41/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-42/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-43/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-45/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-46/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-47/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-48/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-49/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-50/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-51/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-52/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-53/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-54/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-55/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-56/</url>
+ <cvename>CVE-2016-6606</cvename>
+ <cvename>CVE-2016-6607</cvename>
+ <cvename>CVE-2016-6608</cvename>
+ <cvename>CVE-2016-6609</cvename>
+ <cvename>CVE-2016-6610</cvename>
+ <cvename>CVE-2016-6611</cvename>
+ <cvename>CVE-2016-6612</cvename>
+ <cvename>CVE-2016-6613</cvename>
+ <cvename>CVE-2016-6614</cvename>
+ <cvename>CVE-2016-6615</cvename>
+ <cvename>CVE-2016-6616</cvename>
+ <cvename>CVE-2016-6617</cvename>
+ <cvename>CVE-2016-6618</cvename>
+ <cvename>CVE-2016-6619</cvename>
+ <cvename>CVE-2016-6620</cvename>
+ <cvename>CVE-2016-6622</cvename>
+ <cvename>CVE-2016-6623</cvename>
+ <cvename>CVE-2016-6624</cvename>
+ <cvename>CVE-2016-6625</cvename>
+ <cvename>CVE-2016-6626</cvename>
+ <cvename>CVE-2016-6627</cvename>
+ <cvename>CVE-2016-6628</cvename>
+ <cvename>CVE-2016-6629</cvename>
+ <cvename>CVE-2016-6630</cvename>
+ <cvename>CVE-2016-6631</cvename>
+ <cvename>CVE-2016-6632</cvename>
+ <cvename>CVE-2016-6633</cvename>
+ </references>
+ <dates>
+ <discovery>2016-08-17</discovery>
+ <entry>2016-08-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f7dd2d09-625e-11e6-828b-fcaa14edc6a6">
+ <topic>TeamSpeak Server 3 -- Multiple vulnerabilities including Remote Code Execution</topic>
+ <affects>
+ <package>
+ <name>teamspeak3-server</name>
+ <range><le>3.0.13_1,1</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Hanz Jenson audit report:</p>
+ <blockquote cite="http://seclists.org/fulldisclosure/2016/Aug/61">
+ <p>I found 10 vulnerabilities. Some of these are critical and allow remote code
+ execution. For the average user, that means that these vulnerabilities can be
+ exploited by a malicious attacker in order to take over any Teamspeak server,
+ not only becoming serveradmin, but getting a shell on the affected machine.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://seclists.org/fulldisclosure/2016/Aug/61</url>
+ </references>
+ <dates>
+ <discovery>2016-08-12</discovery>
+ <entry>2016-08-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="df502a2f-61f6-11e6-a461-643150d3111d">
+ <topic>puppet-agent MCollective plugin -- Remote Code Execution vulnerability</topic>
+ <affects>
+ <package>
+ <name>mcollective-puppet-agent</name>
+ <range><lt>1.11.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Puppet reports:</p>
+ <blockquote cite="https://puppet.com/security/cve/cve-2015-7331">
+ <p>Puppet Enterprise previously included a puppet-agent MCollective plugin that allowed you to pass the `--server` argument to MCollective. This insecure argument enabled remote code execution via connection to an untrusted host. The puppet-agent MCollective version included in PE 2016.2.1, this option is disabled by default.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://puppet.com/security/cve/cve-2015-7331</url>
+ <cvename>CVE-2015-7331</cvename>
+ </references>
+ <dates>
+ <discovery>2016-08-09</discovery>
+ <entry>2016-08-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7d4f4955-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Heap vulnerability in bspatch</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.3</ge><lt>10.3_6</lt></range>
+ <range><ge>10.2</ge><lt>10.2_20</lt></range>
+ <range><ge>10.1</ge><lt>10.1_37</lt></range>
+ <range><ge>9.3</ge><lt>9.3_45</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The implementation of bspatch does not check for a
+ negative value on numbers of bytes read from the diff and
+ extra streams, allowing an attacker who can control the
+ patch file to write at arbitrary locations in the heap.</p>
+ <p>This issue was first discovered by The Chromium Project
+ and reported independently by Lu Tung-Pin to the FreeBSD
+ project.</p>
+ <h1>Impact:</h1>
+ <p>An attacker who can control the patch file can cause a
+ crash or run arbitrary code under the credentials of the
+ user who runs bspatch, in many cases, root.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-9862</cvename>
+ <freebsdsa>SA-16:25.bspatch</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-07-25</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7cfcea05-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Multiple ntp vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.3</ge><lt>10.3_5</lt></range>
+ <range><ge>10.2</ge><lt>10.2_19</lt></range>
+ <range><ge>10.1</ge><lt>10.1_36</lt></range>
+ <range><ge>9.3</ge><lt>9.3_44</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>Multiple vulnerabilities have been discovered in the NTP
+ suite:</p>
+ <p>The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that
+ could cause ntpd to crash. [CVE-2016-4957, Reported by
+ Nicolas Edet of Cisco]</p>
+ <p>An attacker who knows the origin timestamp and can send
+ a spoofed packet containing a CRYPTO-NAK to an ephemeral
+ peer target before any other response is sent can demobilize
+ that association. [CVE-2016-4953, Reported by Miroslav
+ Lichvar of Red Hat]</p>
+ <p>An attacker who is able to spoof packets with correct
+ origin timestamps from enough servers before the expected
+ response packets arrive at the target machine can affect
+ some peer variables and, for example, cause a false leap
+ indication to be set. [CVE-2016-4954, Reported by Jakub
+ Prokes of Red Hat]</p>
+ <p>An attacker who is able to spoof a packet with a correct
+ origin timestamp before the expected response packet arrives
+ at the target machine can send a CRYPTO_NAK or a bad MAC
+ and cause the association's peer variables to be cleared.
+ If this can be done often enough, it will prevent that
+ association from working. [CVE-2016-4955, Reported by
+ Miroslav Lichvar of Red Hat]</p>
+ <p>The fix for NtpBug2978 does not cover broadcast associations,
+ so broadcast clients can be triggered to flip into interleave
+ mode. [CVE-2016-4956, Reported by Miroslav Lichvar of Red
+ Hat.]</p>
+ <h1>Impact:</h1>
+ <p>Malicious remote attackers may be able to break time
+ synchronization, or cause the ntpd(8) daemon to crash.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4953</cvename>
+ <cvename>CVE-2016-4954</cvename>
+ <cvename>CVE-2016-4955</cvename>
+ <cvename>CVE-2016-4956</cvename>
+ <cvename>CVE-2016-4957</cvename>
+ <freebsdsa>SA-16:24.ntp</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-06-04</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7cad4795-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Kernel stack disclosure in 4.3BSD compatibility layer</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.3</ge><lt>10.3_4</lt></range>
+ <range><ge>10.2</ge><lt>10.2_18</lt></range>
+ <range><ge>10.1</ge><lt>10.1_35</lt></range>
+ <range><ge>9.3</ge><lt>9.3_43</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The implementation of historic stat(2) system call does
+ not clear the output struct before copying it out to
+ userland.</p>
+ <h1>Impact:</h1>
+ <p>An unprivileged user can read a portion of uninitialised
+ kernel stack data, which may contain sensitive information,
+ such as the stack guard, portions of the file cache or
+ terminal buffers, which an attacker might leverage to obtain
+ elevated privileges.</p>
+ </body>
+ </description>
+ <references>
+ <freebsdsa>SA-16:21.43bsd</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-05-31</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7c5d64dd-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Kernel stack disclosure in Linux compatibility layer</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.3</ge><lt>10.3_4</lt></range>
+ <range><ge>10.2</ge><lt>10.2_18</lt></range>
+ <range><ge>10.1</ge><lt>10.1_35</lt></range>
+ <range><ge>9.3</ge><lt>9.3_43</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The implementation of the TIOCGSERIAL ioctl(2) does not
+ clear the output struct before copying it out to userland.</p>
+ <p>The implementation of the Linux sysinfo() system call
+ does not clear the output struct before copying it out to
+ userland.</p>
+ <h1>Impact:</h1>
+ <p>An unprivileged user can read a portion of uninitialised
+ kernel stack data, which may contain sensitive information,
+ such as the stack guard, portions of the file cache or
+ terminal buffers, which an attacker might leverage to obtain
+ elevated privileges.</p>
+ </body>
+ </description>
+ <references>
+ <freebsdsa>SA-16:20.linux</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-05-31</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7c0bac69-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Incorrect argument handling in sendmsg(2)</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.3</ge><lt>10.3_3</lt></range>
+ <range><ge>10.2</ge><lt>10.2_17</lt></range>
+ <range><ge>10.1</ge><lt>10.1_34</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>Incorrect argument handling in the socket code allows
+ malicious local user to overwrite large portion of the
+ kernel memory.</p>
+ <h1>Impact:</h1>
+ <p>Malicious local user may crash kernel or execute arbitrary
+ code in the kernel, potentially gaining superuser privileges.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1887</cvename>
+ <freebsdsa>SA-16:19.sendmsg</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-05-17</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7bbc0e8c-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Buffer overflow in keyboard driver</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.3</ge><lt>10.3_3</lt></range>
+ <range><ge>10.2</ge><lt>10.2_17</lt></range>
+ <range><ge>10.1</ge><lt>10.1_34</lt></range>
+ <range><ge>9.3</ge><lt>9.3_42</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>Incorrect signedness comparison in the ioctl(2) handler
+ allows a malicious local user to overwrite a portion of the
+ kernel memory.</p>
+ <h1>Impact:</h1>
+ <p>A local user may crash the kernel, read a portion of
+ kernel memory and execute arbitrary code in kernel context.
+ The result of executing an arbitrary kernel code is privilege
+ escalation.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1886</cvename>
+ <freebsdsa>SA-16:18.atkbd</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-05-17</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7b6a11b5-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Incorrect argument validation in sysarch(2)</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.2</ge><lt>10.2_14</lt></range>
+ <range><ge>10.1</ge><lt>10.1_31</lt></range>
+ <range><ge>9.3</ge><lt>9.3_39</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>A special combination of sysarch(2) arguments, specify
+ a request to uninstall a set of descriptors from the LDT.
+ The start descriptor is cleared and the number of descriptors
+ are provided. Due to invalid use of a signed intermediate
+ value in the bounds checking during argument validity
+ verification, unbound zero'ing of the process LDT and
+ adjacent memory can be initiated from usermode.</p>
+ <h1>Impact:</h1>
+ <p>This vulnerability could cause the kernel to panic. In
+ addition it is possible to perform a local Denial of Service
+ against the system by unprivileged processes.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1885</cvename>
+ <freebsdsa>SA-16:15.sysarch</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-03-16</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7b1a4a27-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Multiple OpenSSL vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.2</ge><lt>10.2_13</lt></range>
+ <range><ge>10.1</ge><lt>10.1_30</lt></range>
+ <range><ge>9.3</ge><lt>9.3_38</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>A cross-protocol attack was discovered that could lead
+ to decryption of TLS sessions by using a server supporting
+ SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA
+ padding oracle. Note that traffic between clients and
+ non-vulnerable servers can be decrypted provided another
+ server supporting SSLv2 and EXPORT ciphers (even with a
+ different protocol such as SMTP, IMAP or POP3) shares the
+ RSA keys of the non-vulnerable server. This vulnerability
+ is known as DROWN. [CVE-2016-0800]</p>
+ <p>A double free bug was discovered when OpenSSL parses
+ malformed DSA private keys and could lead to a DoS attack
+ or memory corruption for applications that receive DSA
+ private keys from untrusted sources. This scenario is
+ considered rare. [CVE-2016-0705]</p>
+ <p>The SRP user database lookup method SRP_VBASE_get_by_user
+ had confusing memory management semantics; the returned
+ pointer was sometimes newly allocated, and sometimes owned
+ by the callee. The calling code has no way of distinguishing
+ these two cases. [CVE-2016-0798]</p>
+ <p>In the BN_hex2bn function, the number of hex digits is
+ calculated using an int value |i|. Later |bn_expand| is
+ called with a value of |i * 4|. For large values of |i|
+ this can result in |bn_expand| not allocating any memory
+ because |i * 4| is negative. This can leave the internal
+ BIGNUM data field as NULL leading to a subsequent NULL
+ pointer dereference. For very large values of |i|, the
+ calculation |i * 4| could be a positive value smaller than
+ |i|. In this case memory is allocated to the internal BIGNUM
+ data field, but it is insufficiently sized leading to heap
+ corruption. A similar issue exists in BN_dec2bn. This could
+ have security consequences if BN_hex2bn/BN_dec2bn is ever
+ called by user applications with very large untrusted hex/dec
+ data. This is anticipated to be a rare occurrence.
+ [CVE-2016-0797]</p>
+ <p>The internal |fmtstr| function used in processing a "%s"
+ formatted string in the BIO_*printf functions could overflow
+ while calculating the length of a string and cause an
+ out-of-bounds read when printing very long strings.
+ [CVE-2016-0799]</p>
+ <p>A side-channel attack was found which makes use of
+ cache-bank conflicts on the Intel Sandy-Bridge microarchitecture
+ which could lead to the recovery of RSA keys. [CVE-2016-0702]</p>
+ <p>s2_srvr.c did not enforce that clear-key-length is 0 for
+ non-export ciphers. If clear-key bytes are present for these
+ ciphers, they displace encrypted-key bytes. [CVE-2016-0703]</p>
+ <p>s2_srvr.c overwrites the wrong bytes in the master key
+ when applying Bleichenbacher protection for export cipher
+ suites. [CVE-2016-0704]</p>
+ <h1>Impact:</h1>
+ <p>Servers that have SSLv2 protocol enabled are vulnerable
+ to the "DROWN" attack which allows a remote attacker to
+ fast attack many recorded TLS connections made to the server,
+ even when the client did not make any SSLv2 connections
+ themselves.</p>
+ <p>An attacker who can supply malformed DSA private keys
+ to OpenSSL applications may be able to cause memory corruption
+ which would lead to a Denial of Service condition.
+ [CVE-2016-0705]</p>
+ <p>An attacker connecting with an invalid username can cause
+ memory leak, which could eventually lead to a Denial of
+ Service condition. [CVE-2016-0798]</p>
+ <p>An attacker who can inject malformed data into an
+ application may be able to cause memory corruption which
+ would lead to a Denial of Service condition. [CVE-2016-0797,
+ CVE-2016-0799]</p>
+ <p>A local attacker who has control of code in a thread
+ running on the same hyper-threaded core as the victim thread
+ which is performing decryptions could recover RSA keys.
+ [CVE-2016-0702]</p>
+ <p>An eavesdropper who can intercept SSLv2 handshake can
+ conduct an efficient divide-and-conquer key recovery attack
+ and use the server as an oracle to determine the SSLv2
+ master-key, using only 16 connections to the server and
+ negligible computation. [CVE-2016-0703]</p>
+ <p>An attacker can use the Bleichenbacher oracle, which
+ enables more efficient variant of the DROWN attack.
+ [CVE-2016-0704]</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-0702</cvename>
+ <cvename>CVE-2016-0703</cvename>
+ <cvename>CVE-2016-0704</cvename>
+ <cvename>CVE-2016-0705</cvename>
+ <cvename>CVE-2016-0797</cvename>
+ <cvename>CVE-2016-0798</cvename>
+ <cvename>CVE-2016-0799</cvename>
+ <cvename>CVE-2016-0800</cvename>
+ <freebsdsa>SA-16:12.openssl</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-03-10</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7ac28df1-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Linux compatibility layer issetugid(2) system call</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.2</ge><lt>10.2_11</lt></range>
+ <range><ge>10.1</ge><lt>10.1_28</lt></range>
+ <range><ge>9.3</ge><lt>9.3_35</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>A programming error in the Linux compatibility layer
+ could cause the issetugid(2) system call to return incorrect
+ information.</p>
+ <h1>Impact:</h1>
+ <p>If an application relies on output of the issetugid(2)
+ system call and that information is incorrect, this could
+ lead to a privilege escalation.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1883</cvename>
+ <freebsdsa>SA-16:10.linux</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-01-27</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7a31dfba-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Insecure default snmpd.config permissions</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.2</ge><lt>10.2_9</lt></range>
+ <range><ge>10.1</ge><lt>10.1_26</lt></range>
+ <range><ge>9.3</ge><lt>9.3_33</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The SNMP protocol supports an authentication model called
+ USM, which relies on a shared secret. The default permission
+ of the snmpd.configiguration file, /etc/snmpd.config, is
+ weak and does not provide adequate protection against local
+ unprivileged users.</p>
+ <h1>Impact:</h1>
+ <p>A local user may be able to read the shared secret, if
+ configured and used by the system administrator.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5677</cvename>
+ <freebsdsa>SA-16:06.bsnmpd</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-01-14</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="79dfc135-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- TCP MD5 signature denial of service</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.2</ge><lt>10.2_9</lt></range>
+ <range><ge>10.1</ge><lt>10.1_26</lt></range>
+ <range><ge>9.3</ge><lt>9.3_33</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>A programming error in processing a TCP connection with
+ both TCP_MD5SIG and TCP_NOOPT socket options may lead to
+ kernel crash.</p>
+ <h1>Impact:</h1>
+ <p>A local attacker can crash the kernel, resulting in a
+ denial-of-service.</p>
+ <p>A remote attack is theoretically possible, if server has
+ a listening socket with TCP_NOOPT set, and server is either
+ out of SYN cache entries, or SYN cache is disabled by
+ configuration.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1882</cvename>
+ <freebsdsa>SA-16:05.tcp</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-01-14</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="798f63e0-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Linux compatibility layer setgroups(2) system call</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.2</ge><lt>10.2_9</lt></range>
+ <range><ge>10.1</ge><lt>10.1_26</lt></range>
+ <range><ge>9.3</ge><lt>9.3_33</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>A programming error in the Linux compatibility layer
+ setgroups(2) system call can lead to an unexpected results,
+ such as overwriting random kernel memory contents.</p>
+ <h1>Impact:</h1>
+ <p>It is possible for a local attacker to overwrite portions
+ of kernel memory, which may result in a privilege escalation
+ or cause a system panic.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1881</cvename>
+ <freebsdsa>SA-16:04.linux</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-01-14</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="793fb19c-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Linux compatibility layer incorrect futex handling</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.2</ge><lt>10.2_9</lt></range>
+ <range><ge>10.1</ge><lt>10.1_26</lt></range>
+ <range><ge>9.3</ge><lt>9.3_33</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>A programming error in the handling of Linux futex robust
+ lists may result in incorrect memory locations being
+ accessed.</p>
+ <h1>Impact:</h1>
+ <p>It is possible for a local attacker to read portions of
+ kernel memory, which may result in a privilege escalation.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1880</cvename>
+ <freebsdsa>SA-16:03.linux</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-01-14</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="78f06a6c-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- SCTP ICMPv6 error message vulnerability</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.2</ge><lt>10.2_9</lt></range>
+ <range><ge>10.1</ge><lt>10.1_26</lt></range>
+ <range><ge>9.3</ge><lt>9.3_33</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>A lack of proper input checks in the ICMPv6 processing
+ in the SCTP stack can lead to either a failed kernel assertion
+ or to a NULL pointer dereference. In either case, a kernel
+ panic will follow.</p>
+ <h1>Impact:</h1>
+ <p>A remote, unauthenticated attacker can reliably trigger
+ a kernel panic in a vulnerable system running IPv6. Any
+ kernel compiled with both IPv6 and SCTP support is vulnerable.
+ There is no requirement to have an SCTP socket open.</p>
+ <p>IPv4 ICMP processing is not impacted by this vulnerability.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1879</cvename>
+ <freebsdsa>SA-16:01.sctp</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-01-14</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0e5d6969-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- rpcbind(8) remote denial of service [REVISED]</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.2</ge><lt>10.2_5</lt></range>
+ <range><ge>10.1</ge><lt>10.1_22</lt></range>
+ <range><ge>9.3</ge><lt>9.3_28</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>In rpcbind(8), netbuf structures are copied directly,
+ which would result in two netbuf structures that reference
+ to one shared address buffer. When one of the two netbuf
+ structures is freed, access to the other netbuf structure
+ would result in an undefined result that may crash the
+ rpcbind(8) daemon.</p>
+ <h1>Impact:</h1>
+ <p>A remote attacker who can send specifically crafted
+ packets to the rpcbind(8) daemon can cause it to crash,
+ resulting in a denial of service condition.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7236</cvename>
+ <freebsdsa>SA-15:24.rpcbind</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2015-09-29</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0dfa5dde-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Local privilege escalation in IRET handler</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.1</ge><lt>10.1_19</lt></range>
+ <range><ge>9.3</ge><lt>9.3_24</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>If the kernel-mode IRET instruction generates an #SS or
+ #NP exception, but the exception handler does not properly
+ ensure that the right GS register base for kernel is reloaded,
+ the userland GS segment may be used in the context of the
+ kernel exception handler.</p>
+ <h1>Impact:</h1>
+ <p>By causing an IRET with #SS or #NP exceptions, a local
+ attacker can cause the kernel to use an arbitrary GS base,
+ which may allow escalated privileges or panic the system.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5675</cvename>
+ <freebsdsa>SA-15:21.amd64</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2015-08-25</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0da8a68e-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Multiple integer overflows in expat (libbsdxml) XML parser</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.1</ge><lt>10.1_18</lt></range>
+ <range><ge>10.2</ge><lt>10.2_1</lt></range>
+ <range><ge>9.3</ge><lt>9.3_23</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>Multiple integer overflows have been discovered in the
+ XML_GetBuffer() function in the expat library.</p>
+ <h1>Impact:</h1>
+ <p>The integer overflows may be exploited by using specifically
+ crafted XML data and lead to infinite loop, or a heap buffer
+ overflow, which results in a Denial of Service condition,
+ or enables remote attackers to execute arbitrary code.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-1283</cvename>
+ <freebsdsa>SA-15:20.expat</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2015-08-18</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0d584493-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- routed(8) remote denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.1</ge><lt>10.1_17</lt></range>
+ <range><ge>9.3</ge><lt>9.3_22</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The input path in routed(8) will accept queries from any
+ source and attempt to answer them. However, the output path
+ assumes that the destination address for the response is
+ on a directly connected network.</p>
+ <h1>Impact:</h1>
+ <p>Upon receipt of a query from a source which is not on a
+ directly connected network, routed(8) will trigger an
+ assertion and terminate. The affected system's routing table
+ will no longer be updated. If the affected system is a
+ router, its routes will eventually expire from other routers'
+ routing tables, and its networks will no longer be reachable
+ unless they are also connected to another router.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5674</cvename>
+ <freebsdsa>SA-15:19.routed</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2015-08-05</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0d090952-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- shell injection vulnerability in patch(1)</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.1</ge><lt>10.1_17</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>Due to insufficient sanitization of the input patch
+ stream, it is possible for a patch file to cause patch(1)
+ to pass certain ed(1) scripts to the ed(1) editor, which
+ would run commands.</p>
+ <h1>Impact:</h1>
+ <p>This issue could be exploited to execute arbitrary
+ commands as the user invoking patch(1) against a specically
+ crafted patch file, which could be leveraged to obtain
+ elevated privileges.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-1418</cvename>
+ <freebsdsa>SA-15:18.bsdpatch</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2015-08-05</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0cb9d5bb-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Resource exhaustion in TCP reassembly</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.1</ge><lt>10.1_16</lt></range>
+ <range><ge>9.3</ge><lt>9.3_21</lt></range>
+ <range><ge>8.4</ge><lt>8.4_35</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>There is a mistake with the introduction of VNET, which
+ converted the global limit on the number of segments that
+ could belong to reassembly queues into a per-VNET limit.
+ Because mbufs are allocated from a global pool, in the
+ presence of a sufficient number of VNETs, the total number
+ of mbufs attached to reassembly queues can grow to the total
+ number of mbufs in the system, at which point all network
+ traffic would cease.</p>
+ <h1>Impact:</h1>
+ <p>An attacker who can establish concurrent TCP connections
+ across a sufficient number of VNETs and manipulate the
+ inbound packet streams such that the maximum number of mbufs
+ are enqueued on each reassembly queue can cause mbuf cluster
+ exhaustion on the target system, resulting in a Denial of
+ Service condition.</p>
+ <p>As the default per-VNET limit on the number of segments
+ that can belong to reassembly queues is 1/16 of the total
+ number of mbuf clusters in the system, only systems that
+ have 16 or more VNET instances are vulnerable.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-1417</cvename>
+ <freebsdsa>SA-15:15.tcp</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2015-07-28</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0c6759dd-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- shell injection vulnerability in patch(1)</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.1</ge><lt>10.1_16</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>Due to insufficient sanitization of the input patch
+ stream, it is possible for a patch file to cause patch(1)
+ to run commands in addition to the desired SCCS or RCS
+ commands.</p>
+ <h1>Impact:</h1>
+ <p>This issue could be exploited to execute arbitrary
+ commands as the user invoking patch(1) against a specically
+ crafted patch file, which could be leveraged to obtain
+ elevated privileges.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-1416</cvename>
+ <freebsdsa>SA-15:14.bsdpatch</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2015-07-28</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0c064c43-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Resource exhaustion due to sessions stuck in LAST_ACK state</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.1</ge><lt>10.1_15</lt></range>
+ <range><ge>9.3</ge><lt>9.3_20</lt></range>
+ <range><ge>8.4</ge><lt>8.4_34</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>TCP connections transitioning to the LAST_ACK state can
+ become permanently stuck due to mishandling of protocol
+ state in certain situations, which in turn can lead to
+ accumulated consumption and eventual exhaustion of system
+ resources, such as mbufs and sockets.</p>
+ <h1>Impact:</h1>
+ <p>An attacker who can repeatedly establish TCP connections
+ to a victim system (for instance, a Web server) could create
+ many TCP connections that are stuck in LAST_ACK state and
+ cause resource exhaustion, resulting in a denial of service
+ condition. This may also happen in normal operation where
+ no intentional attack is conducted, but an attacker who can
+ send specifically crafted packets can trigger this more
+ reliably.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5358</cvename>
+ <freebsdsa>SA-15:13.tcp</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2015-07-21</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0bb55a18-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Denial of Service with IPv6 Router Advertisements</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.1</ge><lt>10.1_9</lt></range>
+ <range><ge>9.3</ge><lt>9.3_13</lt></range>
+ <range><ge>8.4</ge><lt>8.4_27</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The Neighbor Discover Protocol allows a local router to
+ advertise a suggested Current Hop Limit value of a link,
+ which will replace Current Hop Limit on an interface connected
+ to the link on the FreeBSD system.</p>
+ <h1>Impact:</h1>
+ <p>When the Current Hop Limit (similar to IPv4's TTL) is
+ small, IPv6 packets may get dropped before they reached
+ their destinations.</p>
+ <p>By sending specifically crafted Router Advertisement
+ packets, an attacker on the local network can cause the
+ FreeBSD system to lose the ability to communicate with
+ another IPv6 node on a different network.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-2923</cvename>
+ <freebsdsa>SA-15:09.ipv6</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2015-04-07</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0b65f297-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Insecure default GELI keyfile permissions</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.1</ge><lt>10.1_9</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The default permission set by bsdinstall(8) installer
+ when configuring full disk encrypted ZFS is too open.</p>
+ <h1>Impact:</h1>
+ <p>A local attacker may be able to get a copy of the geli(8)
+ provider's keyfile which is located at a fixed location.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-1415</cvename>
+ <freebsdsa>SA-15:08.bsdinstall</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2015-04-07</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0afe8b29-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Integer overflow in IGMP protocol</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.1</ge><lt>10.1_9</lt></range>
+ <range><ge>9.3</ge><lt>9.3_13</lt></range>
+ <range><ge>8.4</ge><lt>8.4_27</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>An integer overflow in computing the size of IGMPv3 data
+ buffer can result in a buffer which is too small for the
+ requested operation.</p>
+ <h1>Impact:</h1>
+ <p>An attacker who can send specifically crafted IGMP packets
+ could cause a denial of service situation by causing the
+ kernel to crash.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-1414</cvename>
+ <freebsdsa>SA-15:04.igmp</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2015-02-25</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0aad3ce5-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- SCTP stream reset vulnerability</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.1</ge><lt>10.1_5</lt></range>
+ <range><ge>10.0</ge><lt>10.0_17</lt></range>
+ <range><ge>9.3</ge><lt>9.3_9</lt></range>
+ <range><ge>8.4</ge><lt>8.4_23</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The input validation of received SCTP RE_CONFIG chunks
+ is insufficient, and can result in a NULL pointer deference
+ later.</p>
+ <h1>Impact:</h1>
+ <p>A remote attacker who can send a malformed SCTP packet
+ to a FreeBSD system that serves SCTP can cause a kernel
+ panic, resulting in a Denial of Service.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-8613</cvename>
+ <freebsdsa>SA-15:03.sctp</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2015-01-27</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0a5cf6d8-600a-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- SCTP SCTP_SS_VALUE kernel memory corruption and disclosure</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.1</ge><lt>10.1_5</lt></range>
+ <range><ge>10.0</ge><lt>10.0_17</lt></range>
+ <range><ge>9.3</ge><lt>9.3_9</lt></range>
+ <range><ge>8.4</ge><lt>8.4_23</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>Due to insufficient validation of the SCTP stream ID,
+ which serves as an array index, a local unprivileged attacker
+ can read or write 16-bits of kernel memory.</p>
+ <h1>Impact:</h1>
+ <p>An unprivileged process can read or modify 16-bits of
+ memory which belongs to the kernel. This smay lead to
+ exposure of sensitive information or allow privilege
+ escalation.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-8612</cvename>
+ <freebsdsa>SA-15:02.kmem</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2015-01-27</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="74ded00e-6007-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Buffer overflow in stdio</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.1</ge><lt>10.1_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>A programming error in the standard I/O library's
+ __sflush() function could erroneously adjust the buffered
+ stream's internal state even when no write actually occurred
+ in the case when write(2) system call returns an error.</p>
+ <h1>Impact:</h1>
+ <p>The accounting mismatch would accumulate, if the caller
+ does not check for stream status and will eventually lead
+ to a heap buffer overflow.</p>
+ <p>Such overflows may lead to data corruption or the execution
+ of arbitrary code at the privilege level of the calling
+ program.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-8611</cvename>
+ <freebsdsa>SA-14:27.stdio</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2014-12-10</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7488378d-6007-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Remote command execution in ftp(1)</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.0</ge><lt>10.0_12</lt></range>
+ <range><ge>9.3</ge><lt>9.3_5</lt></range>
+ <range><ge>9.2</ge><lt>9.2_15</lt></range>
+ <range><ge>9.1</ge><lt>9.1_22</lt></range>
+ <range><ge>8.4</ge><lt>8.4_19</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>A malicious HTTP server could cause ftp(1) to execute
+ arbitrary commands.</p>
+ <h1>Impact:</h1>
+ <p>When operating on HTTP URIs, the ftp(1) client follows
+ HTTP redirects, and uses the part of the path after the
+ last '/' from the last resource it accesses as the output
+ filename if '-o' is not specified.</p>
+ <p>If the output file name provided by the server begins
+ with a pipe ('|'), the output is passed to popen(3), which
+ might be used to execute arbitrary commands on the ftp(1)
+ client machine.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-8517</cvename>
+ <freebsdsa>SA-14:26.ftp</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2014-11-04</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="74389f22-6007-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Kernel stack disclosure in setlogin(2) / getlogin(2)</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.0</ge><lt>10.0_12</lt></range>
+ <range><ge>9.3</ge><lt>9.3_5</lt></range>
+ <range><ge>9.2</ge><lt>9.2_15</lt></range>
+ <range><ge>9.1</ge><lt>9.1_22</lt></range>
+ <range><ge>8.4</ge><lt>8.4_19</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>When setlogin(2) is called while setting up a new login
+ session, the login name is copied into an uninitialized
+ stack buffer, which is then copied into a buffer of the
+ same size in the session structure. The getlogin(2) system
+ call returns the entire buffer rather than just the portion
+ occupied by the login name associated with the session.</p>
+ <h1>Impact:</h1>
+ <p>An unprivileged user can access this memory by calling
+ getlogin(2) and reading beyond the terminating NUL character
+ of the resulting string. Up to 16 (FreeBSD 8) or 32 (FreeBSD
+ 9 and 10) bytes of kernel memory may be leaked in this
+ manner for each invocation of setlogin(2).</p>
+ <p>This memory may contain sensitive information, such as
+ portions of the file cache or terminal buffers, which an
+ attacker might leverage to obtain elevated privileges.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-8476</cvename>
+ <freebsdsa>SA-14:25.setlogin</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2014-11-04</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="73e9a137-6007-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Denial of service attack against sshd(8)</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.0</ge><lt>10.0_12</lt></range>
+ <range><ge>9.2</ge><lt>9.2_15</lt></range>
+ <range><ge>9.1</ge><lt>9.1_22</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>Although OpenSSH is not multithreaded, when OpenSSH is
+ compiled with Kerberos support, the Heimdal libraries bring
+ in the POSIX thread library as a dependency. Due to incorrect
+ library ordering while linking sshd(8), symbols in the C
+ library which are shadowed by the POSIX thread library may
+ not be resolved correctly at run time.</p>
+ <p>Note that this problem is specific to the FreeBSD build
+ system and does not affect other operating systems or the
+ version of OpenSSH available from the FreeBSD ports tree.</p>
+ <h1>Impact:</h1>
+ <p>An incorrectly linked sshd(8) child process may deadlock
+ while handling an incoming connection. The connection may
+ then time out or be interrupted by the client, leaving the
+ deadlocked sshd(8) child process behind. Eventually, the
+ sshd(8) parent process stops accepting new connections.</p>
+ <p>An attacker may take advantage of this by repeatedly
+ connecting and then dropping the connection after having
+ begun, but not completed, the authentication process.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-8475</cvename>
+ <freebsdsa>SA-14:24.sshd</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2014-11-04</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="73964eac-6007-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- memory leak in sandboxed namei lookup</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.0</ge><lt>10.0_10</lt></range>
+ <range><ge>9.3</ge><lt>9.3_3</lt></range>
+ <range><ge>9.2</ge><lt>9.2_13</lt></range>
+ <range><ge>9.1</ge><lt>9.1_20</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The namei facility will leak a small amount of kernel
+ memory every time a sandboxed process looks up a nonexistent
+ path name.</p>
+ <h1>Impact:</h1>
+ <p>A remote attacker that can cause a sandboxed process
+ (for instance, a web server) to look up a large number of
+ nonexistent path names can cause memory exhaustion.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-3711</cvename>
+ <freebsdsa>SA-14:22.namei</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2014-10-21</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="734233f4-6007-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- routed(8) remote denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.0</ge><lt>10.0_10</lt></range>
+ <range><ge>9.3</ge><lt>9.3_3</lt></range>
+ <range><ge>9.2</ge><lt>9.2_13</lt></range>
+ <range><ge>9.1</ge><lt>9.1_20</lt></range>
+ <range><ge>8.4</ge><lt>8.4_17</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The input path in routed(8) will accept queries from any
+ source and attempt to answer them. However, the output path
+ assumes that the destination address for the response is
+ on a directly connected network.</p>
+ <h1>Impact:</h1>
+ <p>Upon receipt of a query from a source which is not on a
+ directly connected network, routed(8) will trigger an
+ assertion and terminate. The affected system's routing table
+ will no longer be updated. If the affected system is a
+ router, its routes will eventually expire from other routers'
+ routing tables, and its networks will no longer be reachable
+ unless they are also connected to another router.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-3955</cvename>
+ <freebsdsa>SA-14:21.routed</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2014-10-21</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="72ee7111-6007-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- rtsold(8) remote buffer overflow vulnerability</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.0</ge><lt>10.0_10</lt></range>
+ <range><ge>9.3</ge><lt>9.3_3</lt></range>
+ <range><ge>9.2</ge><lt>9.2_13</lt></range>
+ <range><ge>9.1</ge><lt>9.1_20</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>Due to a missing length check in the code that handles
+ DNS parameters, a malformed router advertisement message
+ can result in a stack buffer overflow in rtsold(8).</p>
+ <h1>Impact:</h1>
+ <p>Receipt of a router advertisement message with a malformed
+ DNSSL option, for instance from a compromised host on the
+ same network, can cause rtsold(8) to crash.</p>
+ <p>While it is theoretically possible to inject code into
+ rtsold(8) through malformed router advertisement messages,
+ it is normally compiled with stack protection enabled,
+ rendering such an attack extremely difficult.</p>
+ <p>When rtsold(8) crashes, the existing DNS configuration
+ will remain in force, and the kernel will continue to receive
+ and process periodic router advertisements.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-3954</cvename>
+ <freebsdsa>SA-14:20.rtsold</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2014-10-21</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="729c4a9f-6007-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Denial of Service in TCP packet processing</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.0</ge><lt>10.0_9</lt></range>
+ <range><ge>9.3</ge><lt>9.3_2</lt></range>
+ <range><ge>9.2</ge><lt>9.2_12</lt></range>
+ <range><ge>9.1</ge><lt>9.1_19</lt></range>
+ <range><ge>8.4</ge><lt>8.4_16</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>When a segment with the SYN flag for an already existing
+ connection arrives, the TCP stack tears down the connection,
+ bypassing a check that the sequence number in the segment
+ is in the expected window.</p>
+ <h1>Impact:</h1>
+ <p>An attacker who has the ability to spoof IP traffic can
+ tear down a TCP connection by sending only 2 packets, if
+ they know both TCP port numbers. In case one of the two
+ port numbers is unknown, a successful attack requires less
+ than 2**17 packets spoofed, which can be generated within
+ less than a second on a decent connection to the Internet.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2004-0230</cvename>
+ <freebsdsa>SA-14:19.tcp</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2014-09-16</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7240de58-6007-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Kernel memory disclosure in control messages and SCTP</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.0</ge><lt>10.0_7</lt></range>
+ <range><ge>9.2</ge><lt>9.2_10</lt></range>
+ <range><ge>9.1</ge><lt>9.1_17</lt></range>
+ <range><ge>8.4</ge><lt>8.4_14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>Buffer between control message header and data may not
+ be completely initialized before being copied to userland.
+ [CVE-2014-3952]</p>
+ <p>Three SCTP cmsgs, SCTP_SNDRCV, SCTP_EXTRCV and SCTP_RCVINFO,
+ have implicit padding that may not be completely initialized
+ before being copied to userland. In addition, three SCTP
+ notifications, SCTP_PEER_ADDR_CHANGE, SCTP_REMOTE_ERROR and
+ SCTP_AUTHENTICATION_EVENT, have padding in the returning
+ data structure that may not be completely initialized before
+ being copied to userland. [CVE-2014-3953]</p>
+ <h1>Impact:</h1>
+ <p>An unprivileged local process may be able to retrieve
+ portion of kernel memory.</p>
+ <p>For the generic control message, the process may be able
+ to retrieve a maximum of 4 bytes of kernel memory.</p>
+ <p>For SCTP, the process may be able to retrieve 2 bytes
+ of kernel memory for all three control messages, plus 92
+ bytes for SCTP_SNDRCV and 76 bytes for SCTP_EXTRCV. If the
+ local process is permitted to receive SCTP notification, a
+ maximum of 112 bytes of kernel memory may be returned to
+ userland.</p>
+ <p>This information might be directly useful, or it might
+ be leveraged to obtain elevated privileges in some way. For
+ example, a terminal buffer might include a user-entered
+ password.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-3952</cvename>
+ <cvename>CVE-2014-3953</cvename>
+ <freebsdsa>SA-14:17.kmem</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2014-07-08</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="70140f20-6007-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3)</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.0</ge><lt>10.0_6</lt></range>
+ <range><ge>9.2</ge><lt>9.2_9</lt></range>
+ <range><ge>9.1</ge><lt>9.1_16</lt></range>
+ <range><ge>8.4</ge><lt>8.4_13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>A specifically crafted Composite Document File (CDF)
+ file can trigger an out-of-bounds read or an invalid pointer
+ dereference. [CVE-2012-1571]</p>
+ <p>A flaw in regular expression in the awk script detector
+ makes use of multiple wildcards with unlimited repetitions.
+ [CVE-2013-7345]</p>
+ <p>A malicious input file could trigger infinite recursion
+ in libmagic(3). [CVE-2014-1943]</p>
+ <p>A specifically crafted Portable Executable (PE) can
+ trigger out-of-bounds read. [CVE-2014-2270]</p>
+ <h1>Impact:</h1>
+ <p>An attacker who can cause file(1) or any other applications
+ using the libmagic(3) library to be run on a maliciously
+ constructed input can the application to crash or consume
+ excessive CPU resources, resulting in a denial-of-service.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2012-1571</cvename>
+ <cvename>CVE-2013-7345</cvename>
+ <cvename>CVE-2014-1943</cvename>
+ <cvename>CVE-2014-2270</cvename>
+ <freebsdsa>SA-14:16.file</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2014-06-24</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6f91a709-6007-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- iconv(3) NULL pointer dereference and out-of-bounds array access</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.0</ge><lt>10.0_6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>A NULL pointer dereference in the initialization code
+ of the HZ module and an out of bounds array access in the
+ initialization code of the VIQR module make iconv_open(3)
+ calls involving HZ or VIQR result in an application crash.</p>
+ <h1>Impact:</h1>
+ <p>Services where an attacker can control the arguments of
+ an iconv_open(3) call can be caused to crash resulting in
+ a denial-of-service. For example, an email encoded in HZ
+ may cause an email delivery service to crash if it converts
+ emails to a more generic encoding like UTF-8 before applying
+ filtering rules.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-3951</cvename>
+ <freebsdsa>SA-14:15.iconv</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2014-06-24</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6e8f9003-6007-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Incorrect error handling in PAM policy parser</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>9.2</ge><lt>9.2_7</lt></range>
+ <range><ge>10.0</ge><lt>10.0_4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The OpenPAM library searches for policy definitions in
+ several locations. While doing so, the absence of a policy
+ file is a soft failure (handled by searching in the next
+ location) while the presence of an invalid file is a hard
+ failure (handled by returning an error to the caller).</p>
+ <p>The policy parser returns the same error code (ENOENT)
+ when a syntactically valid policy references a non-existent
+ module as when the requested policy file does not exist.
+ The search loop regards this as a soft failure and looks
+ for the next similarly-named policy, without discarding the
+ partially-loaded configuration.</p>
+ <p>A similar issue can arise if a policy contains an include
+ directive that refers to a non-existent policy.</p>
+ <h1>Impact:</h1>
+ <p>If a module is removed, or the name of a module is
+ misspelled in the policy file, the PAM library will proceed
+ with a partially loaded configuration. Depending on the
+ exact circumstances, this may result in a fail-open scenario
+ where users are allowed to log in without a password, or
+ with an incorrect password.</p>
+ <p>In particular, if a policy references a module installed
+ by a package or port, and that package or port is being
+ reinstalled or upgraded, there is a brief window of time
+ during which the module is absent and policies that use it
+ may fail open. This can be especially damaging to Internet-facing
+ SSH servers, which are regularly subjected to brute-force
+ scans.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-3879</cvename>
+ <freebsdsa>SA-14:13.pam</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2014-06-03</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6e04048b-6007-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- ktrace kernel memory disclosure</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>9.2</ge><lt>9.2_7</lt></range>
+ <range><ge>9.1</ge><lt>9.1_14</lt></range>
+ <range><ge>8.4</ge><lt>8.4_11</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>Due to an overlooked merge to -STABLE branches, the size
+ for page fault kernel trace entries was set incorrectly.</p>
+ <h1>Impact:</h1>
+ <p>A user who can enable kernel process tracing could end
+ up reading the contents of kernel memory.</p>
+ <p>Such memory might contain sensitive information, such
+ as portions of the file cache or terminal buffers. This
+ information might be directly useful, or it might be leveraged
+ to obtain elevated privileges in some way; for example, a
+ terminal buffer might include a user-entered password.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-3873</cvename>
+ <freebsdsa>SA-14:12.ktrace</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2014-06-03</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6d9eadaf-6007-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- sendmail improper close-on-exec flag handling</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.0</ge><lt>10.0_4</lt></range>
+ <range><ge>9.2</ge><lt>9.2_7</lt></range>
+ <range><ge>9.1</ge><lt>9.1_14</lt></range>
+ <range><ge>8.4</ge><lt>8.4_11</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>There is a programming error in sendmail(8) that prevented
+ open file descriptors have close-on-exec properly set.
+ Consequently a subprocess will be able to access all open
+ files that the parent process have open.</p>
+ <h1>Impact:</h1>
+ <p>A local user who can execute their own program for mail
+ delivery will be able to interfere with an open SMTP
+ connection.</p>
+ </body>
+ </description>
+ <references>
+ <freebsdsa>SA-14:11.sendmail</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2014-06-03</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6d472244-6007-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- TCP reassembly vulnerability</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>8.4</ge><lt>8.4_9</lt></range>
+ <range><ge>8.3</ge><lt>8.3_16</lt></range>
+ <range><ge>9.2</ge><lt>9.2_5</lt></range>
+ <range><ge>9.1</ge><lt>9.1_12</lt></range>
+ <range><ge>10.0</ge><lt>10.0_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>FreeBSD may add a reassemble queue entry on the stack
+ into the segment list when the reassembly queue reaches its
+ limit. The memory from the stack is undefined after the
+ function returns. Subsequent iterations of the reassembly
+ function will attempt to access this entry.</p>
+ <h1>Impact:</h1>
+ <p>An attacker who can send a series of specifically crafted
+ packets with a connection could cause a denial of service
+ situation by causing the kernel to crash.</p>
+ <p>Additionally, because the undefined on stack memory may
+ be overwritten by other kernel threads, while extremely
+ difficult, it may be possible for an attacker to construct
+ a carefully crafted attack to obtain portion of kernel
+ memory via a connected socket. This may result in the
+ disclosure of sensitive information such as login credentials,
+ etc. before or even without crashing the system.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-3000</cvename>
+ <freebsdsa>SA-14:08.tcp</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2014-04-30</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6b6ca5b6-6007-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- devfs rules not applied by default for jails</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.0</ge><lt>10.0_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The default devfs rulesets are not loaded on boot, even
+ when jails are used. Device nodes will be created in the
+ jail with their normal default access permissions, while
+ most of them should be hidden and inaccessible.</p>
+ <h1>Impact:</h1>
+ <p>Jailed processes can get access to restricted resources
+ on the host system. For jailed processes running with
+ superuser privileges this implies access to all devices on
+ the system. This level of access could lead to information
+ leakage and privilege escalation.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-3001</cvename>
+ <freebsdsa>SA-14:07.devfs</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2014-04-30</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6a384960-6007-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Deadlock in the NFS server</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>10.0</ge><lt>10.0_1</lt></range>
+ <range><ge>9.2</ge><lt>9.2_4</lt></range>
+ <range><ge>9.1</ge><lt>9.1_11</lt></range>
+ <range><ge>8.4</ge><lt>8.4_8</lt></range>
+ <range><ge>8.3</ge><lt>8.3_15</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The kernel holds a lock over the source directory vnode
+ while trying to convert the target directory file handle
+ to a vnode, which needs to be returned with the lock held,
+ too. This order may be in violation of normal lock order,
+ which in conjunction with other threads that grab locks in
+ the right order, constitutes a deadlock condition because
+ no thread can proceed.</p>
+ <h1>Impact:</h1>
+ <p>An attacker on a trusted client could cause the NFS
+ server become deadlocked, resulting in a denial of service.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-1453</cvename>
+ <freebsdsa>SA-14:05.nfsserver</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2014-04-08</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4c96ecf2-5fd9-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- bsnmpd remote denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>9.2</ge><lt>9.2_3</lt></range>
+ <range><ge>9.1</ge><lt>9.1_10</lt></range>
+ <range><ge>8.4</ge><lt>8.4_7</lt></range>
+ <range><ge>8.3</ge><lt>8.3_14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Problem Description:</p>
+ <p>The bsnmpd(8) daemon is prone to a stack-based
+ buffer-overflow when it has received a specifically crafted
+ GETBULK PDU request.</p>
+ <p>Impact:</p>
+ <p>This issue could be exploited to execute arbitrary code in
+ the context of the service daemon, or crash the service daemon, causing
+ a denial-of-service.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-1452</cvename>
+ <freebsdsa>SA-14:01.bsnmpd</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2014-01-14</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ca16fd0b-5fd1-11e6-a6f2-6cc21735f730">
+ <topic>PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>postgresql91-server</name>
+ <range><ge>9.1.0</ge><lt>9.1.23</lt></range>
+ </package>
+ <package>
+ <name>postgresql92-server</name>
+ <range><ge>9.2.0</ge><lt>9.2.18</lt></range>
+ </package>
+ <package>
+ <name>postgresql93-server</name>
+ <range><ge>9.3.0</ge><lt>9.3.11</lt></range>
+ </package>
+ <package>
+ <name>postgresql94-server</name>
+ <range><ge>9.4.0</ge><lt>9.4.9</lt></range>
+ </package>
+ <package>
+ <name>postgresql95-server</name>
+ <range><ge>9.5.0</ge><lt>9.5.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PostgreSQL project reports:</p>
+ <blockquote cite="http://www.postgresql.org/about/news/1688/">
+ <p>
+ Security Fixes nested CASE expressions +
+ database and role names with embedded special characters
+ </p>
+ <ul>
+ <li>CVE-2016-5423: certain nested CASE expressions can cause the
+ server to crash.
+ </li>
+ <li>CVE-2016-5424: database and role names with embedded special
+ characters can allow code injection during administrative operations
+ like pg_dumpall.
+ </li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-5423</cvename>
+ <cvename>CVE-2016-5424</cvename>
+ </references>
+ <dates>
+ <discovery>2016-08-11</discovery>
+ <entry>2016-08-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="28bf62ef-5e2c-11e6-a15f-00248c0c745d">
+ <topic>piwik -- XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>piwik</name>
+ <range><lt>2.16.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Piwik reports:</p>
+ <blockquote cite="https://piwik.org/changelog/piwik-2-16-2/">
+ <p>We have identified and fixed several XSS security issues in this release.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>We have identified and fixed several XSS security issues in this release.</url>
+ </references>
+ <dates>
+ <discovery>2016-08-03</discovery>
+ <entry>2016-08-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7d08e608-5e95-11e6-b334-002590263bf5">
+ <topic>BIND,Knot,NSD,PowerDNS -- denial over service via oversized zone transfers</topic>
+ <affects>
+ <package>
+ <name>bind99</name>
+ <range><le>9.9.9P2</le></range>
+ </package>
+ <package>
+ <name>bind910</name>
+ <range><le>9.10.4P2</le></range>
+ </package>
+ <package>
+ <name>bind911</name>
+ <range><le>9.11.0.b2</le></range>
+ </package>
+ <package>
+ <name>bind9-devel</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>knot</name>
+ <name>knot1</name>
+ <range><lt>1.6.8</lt></range>
+ </package>
+ <package>
+ <name>knot2</name>
+ <range><lt>2.3.0</lt></range>
+ </package>
+ <package>
+ <name>nsd</name>
+ <range><lt>4.1.11</lt></range>
+ </package>
+ <package>
+ <name>powerdns</name>
+ <range><lt>4.0.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ISC reports:</p>
+ <blockquote cite="https://kb.isc.org/article/AA-01390">
+ <p>DNS protocols were designed with the assumption that a certain
+ amount of trust could be presumed between the operators of primary
+ and secondary servers for a given zone. However, in current
+ practice some organizations have scenarios which require them to
+ accept zone data from sources that are not fully trusted (for
+ example: providers of secondary name service). A party who is
+ allowed to feed data into a zone (e.g. by AXFR, IXFR, or Dynamic DNS
+ updates) can overwhelm the server which is accepting data by
+ intentionally or accidentally exhausting that server's memory.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-6170</cvename>
+ <cvename>CVE-2016-6171</cvename>
+ <cvename>CVE-2016-6172</cvename>
+ <cvename>CVE-2016-6173</cvename>
+ <url>https://kb.isc.org/article/AA-01390</url>
+ <mlist>http://www.openwall.com/lists/oss-security/2016/07/06/4</mlist>
+ </references>
+ <dates>
+ <discovery>2016-07-06</discovery>
+ <entry>2016-08-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="dd48d9b9-5e7e-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Kernel memory disclosure in sctp(4)</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>9.1</ge><lt>9.1_6</lt></range>
+ <range><ge>8.4</ge><lt>8.4_3</lt></range>
+ <range><ge>8.3</ge><lt>8.3_10</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Problem Description:</p>
+ <p>When initializing the SCTP state cookie being sent in INIT-ACK chunks,
+ a buffer allocated from the kernel stack is not completely initialized.</p>
+ <p>Impact:</p>
+ <p>Fragments of kernel memory may be included in SCTP packets and
+ transmitted over the network. For each SCTP session, there are two
+ separate instances in which a 4-byte fragment may be transmitted.</p>
+ <p>This memory might contain sensitive information, such as portions of the
+ file cache or terminal buffers. This information might be directly
+ useful, or it might be leveraged to obtain elevated privileges in
+ some way. For example, a terminal buffer might include a user-entered
+ password.</p>
+ </body>
+ </description>
+ <references>
+ <freebsdsa>SA-13:10.sctp</freebsdsa>
+ <cvename>CVE-2013-5209</cvename>
+ </references>
+ <dates>
+ <discovery>2013-08-22</discovery>
+ <entry>2016-08-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0844632f-5e78-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- integer overflow in IP_MSFILTER</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>9.1</ge><lt>9.1_6</lt></range>
+ <range><ge>8.4</ge><lt>8.4_3</lt></range>
+ <range><ge>8.3</ge><lt>8.3_10</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Problem Description:</p>
+ <p>An integer overflow in computing the size of a temporary
+ buffer can result in a buffer which is too small for the requested
+ operation.</p>
+ <p>Impact:</p>
+ <p>An unprivileged process can read or write pages of memory
+ which belong to the kernel. These may lead to exposure of sensitive
+ information or allow privilege escalation.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-3077</cvename>
+ <freebsdsa>SA-13:09.ip_multicast</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2013-08-22</discovery>
+ <entry>2016-08-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e5d2442d-5e76-11e6-a6c3-14dae9d210b8">
+ <topic>FreeBSD -- Incorrect privilege validation in the NFS server</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>9.1</ge><lt>9.1_5</lt></range>
+ <range><ge>8.3</ge><lt>8.3_9</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Problem Description:</p>
+ <p>The kernel incorrectly uses client supplied credentials
+ instead of the one configured in exports(5) when filling out the
+ anonymous credential for a NFS export, when -network or -host
+ restrictions are used at the same time.</p>
+ <p>Impact:</p>
+ <p>The remote client may supply privileged credentials (e.g. the
+ root user) when accessing a file under the NFS share, which will bypass
+ the normal access checks.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-4851</cvename>
+ <freebsdsa>SA-13:08.nfsserver</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2013-07-06</discovery>
+ <entry>2016-08-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6da45e38-5b55-11e6-8859-000c292ee6b8">
+ <topic>collectd -- Network plugin heap overflow</topic>
+ <affects>
+ <package>
+ <name>collectd5</name>
+ <range><lt>5.5.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The collectd Project reports:</p>
+ <blockquote cite="http://collectd.org/news.shtml#news98">
+ <p>Emilien Gaspar has identified a heap overflow in collectd's
+ network plugin which can be triggered remotely and is potentially
+ exploitable.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-6254</cvename>
+ <url>http://collectd.org/news.shtml#news98</url>
+ </references>
+ <dates>
+ <discovery>2016-07-26</discovery>
+ <entry>2016-08-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3ddcb42b-5b78-11e6-b334-002590263bf5">
+ <topic>moodle -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>moodle28</name>
+ <range><le>2.8.12</le></range>
+ </package>
+ <package>
+ <name>moodle29</name>
+ <range><lt>2.9.7</lt></range>
+ </package>
+ <package>
+ <name>moodle30</name>
+ <range><lt>3.0.5</lt></range>
+ </package>
+ <package>
+ <name>moodle31</name>
+ <range><lt>3.1.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Marina Glancy reports:</p>
+ <blockquote cite="https://moodle.org/security/">
+ <ul>
+ <li><p>MSA-16-0019: Glossary search displays entries without
+ checking user permissions to view them</p></li>
+ <li><p>MSA-16-0020: Text injection in email headers</p></li>
+ <li><p>MSA-16-0021: Unenrolled user still receives event monitor
+ notifications even though they can no longer access course</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-5012</cvename>
+ <cvename>CVE-2016-5013</cvename>
+ <cvename>CVE-2016-5014</cvename>
+ <url>https://moodle.org/security/</url>
+ </references>
+ <dates>
+ <discovery>2016-07-19</discovery>
+ <entry>2016-08-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7a31e0de-5b6d-11e6-b334-002590263bf5">
+ <topic>bind -- denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>bind99</name>
+ <range><lt>9.9.9P2</lt></range>
+ </package>
+ <package>
+ <name>bind910</name>
+ <range><lt>9.10.4P2</lt></range>
+ </package>
+ <package>
+ <name>bind911</name>
+ <range><lt>9.11.0.b2</lt></range>
+ </package>
+ <package>
+ <name>bind9-devel</name>
+ <range><lt>9.12.0.a.2016.07.14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ISC reports:</p>
+ <blockquote cite="https://kb.isc.org/article/AA-01393">
+ <p>A query name which is too long can cause a segmentation fault in
+ lwresd.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2775</cvename>
+ <url>https://kb.isc.org/article/AA-01393</url>
+ </references>
+ <dates>
+ <discovery>2016-07-18</discovery>
+ <entry>2016-08-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="610101ea-5b6a-11e6-b334-002590263bf5">
+ <topic>wireshark -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wireshark</name>
+ <name>wireshark-lite</name>
+ <name>wireshark-qt5</name>
+ <name>tshark</name>
+ <name>tshark-lite</name>
+ <range><lt>2.0.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Wireshark development team reports:</p>
+ <blockquote cite="https://www.wireshark.org/docs/relnotes/wireshark-2.0.5.html">
+ <p>The following vulnerabilities have been fixed:</p>
+ <ul>
+ <li><p>wnpa-sec-2016-41</p>
+ <p>PacketBB crash. (Bug 12577)</p></li>
+ <li><p>wnpa-sec-2016-42</p>
+ <p>WSP infinite loop. (Bug 12594)</p></li>
+ <li><p>wnpa-sec-2016-44</p>
+ <p>RLC long loop. (Bug 12660)</p></li>
+ <li><p>wnpa-sec-2016-45</p>
+ <p>LDSS dissector crash. (Bug 12662)</p></li>
+ <li><p>wnpa-sec-2016-46</p>
+ <p>RLC dissector crash. (Bug 12664)</p></li>
+ <li><p>wnpa-sec-2016-47</p>
+ <p>OpenFlow long loop. (Bug 12659)</p></li>
+ <li><p>wnpa-sec-2016-48</p>
+ <p>MMSE, WAP, WBXML, and WSP infinite loop. (Bug 12661)</p></li>
+ <li><p>wnpa-sec-2016-49</p>
+ <p>WBXML crash. (Bug 12663)</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-6505</cvename>
+ <cvename>CVE-2016-6506</cvename>
+ <cvename>CVE-2016-6508</cvename>
+ <cvename>CVE-2016-6509</cvename>
+ <cvename>CVE-2016-6510</cvename>
+ <cvename>CVE-2016-6511</cvename>
+ <cvename>CVE-2016-6512</cvename>
+ <cvename>CVE-2016-6513</cvename>
+ <url>https://www.wireshark.org/docs/relnotes/wireshark-2.0.5.html</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/08/01/4</url>
+ </references>
+ <dates>
+ <discovery>2016-07-27</discovery>
+ <entry>2016-08-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3e08047f-5a6c-11e6-a6c3-14dae9d210b8">
+ <topic>p5-XSLoader -- local arbitrary code execution</topic>
+ <affects>
+ <package>
+ <name>p5-XSLoader</name>
+ <range><lt>0.22</lt></range>
+ </package>
+ <package>
+ <name>perl5</name>
+ <name>perl5.18</name>
+ <name>perl5.20</name>
+ <name>perl5.22</name>
+ <name>perl5.24</name>
+ <name>perl5-devel</name>
+ <range><lt>5.18.4_24</lt></range>
+ <range><ge>5.20</ge><lt>5.20.3_15</lt></range>
+ <range><ge>5.21</ge><lt>5.22.3.r2</lt></range>
+ <range><ge>5.23</ge><lt>5.24.1.r2</lt></range>
+ <range><ge>5.25</ge><lt>5.25.2.87</lt></range>
+ </package>
+ <package>
+ <name>perl</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jakub Wilk reports:</p>
+ <blockquote cite="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829578">
+ <p>XSLoader tries to load code from a subdirectory in the cwd when
+ called inside a string eval</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829578</url>
+ <cvename>CVE-2016-6185</cvename>
+ </references>
+ <dates>
+ <discovery>2016-06-30</discovery>
+ <entry>2016-08-04</entry>
+ <modified>2016-08-22</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="72bfbb09-5a6a-11e6-a6c3-14dae9d210b8">
+ <topic>perl -- local arbitrary code execution</topic>
+ <affects>
+ <package>
+ <name>perl5</name>
+ <name>perl5.18</name>
+ <name>perl5.20</name>
+ <name>perl5.22</name>
+ <name>perl5.24</name>
+ <name>perl5-devel</name>
+ <range><lt>5.18.4_23</lt></range>
+ <range><ge>5.20</ge><lt>5.20.3_14</lt></range>
+ <range><ge>5.21</ge><lt>5.22.3.r2</lt></range>
+ <range><ge>5.23</ge><lt>5.24.1.r2</lt></range>
+ <range><ge>5.25</ge><lt>5.25.3.18</lt></range>
+ </package>
+ <package>
+ <name>perl</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Sawyer X reports:</p>
+ <blockquote cite="http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html">
+ <p>Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do
+ not properly remove . (period) characters from the end of the includes
+ directory array, which might allow local users to gain privileges via a
+ Trojan horse module under the current working directory.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html</url>
+ <cvename>CVE-2016-1238</cvename>
+ </references>
+ <dates>
+ <discovery>2016-07-21</discovery>
+ <entry>2016-08-04</entry>
+ <modified>2016-08-22</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="556d2286-5a51-11e6-a6c3-14dae9d210b8">
+ <topic>gd -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>gd</name>
+ <range><lt>2.2.3,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Pierre Joye reports:</p>
+ <blockquote cite="https://github.com/libgd/libgd/releases/tag/gd-2.2.3">
+ <ul>
+ <li><p>fix php bug 72339, Integer Overflow in _gd2GetHeader
+ (CVE-2016-5766)</p></li>
+ <li><p>gd: Buffer over-read issue when parsing crafted TGA
+ file (CVE-2016-6132)</p></li>
+ <li><p>Integer overflow error within _gdContributionsAlloc()
+ (CVE-2016-6207)</p></li>
+ <li><p>fix php bug 72494, invalid color index not handled, can
+ lead to crash ( CVE-2016-6128)</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/libgd/libgd/releases/tag/gd-2.2.3</url>
+ <cvename>CVE-2016-5766</cvename>
+ <cvename>CVE-2016-6132</cvename>
+ <cvename>CVE-2016-6207</cvename>
+ <cvename>CVE-2016-6128</cvename>
+ </references>
+ <dates>
+ <discovery>2016-07-21</discovery>
+ <entry>2016-08-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e4bc70fc-5a2f-11e6-a1bc-589cfc0654e1">
+ <topic>Vulnerabilities in Curl</topic>
+ <affects>
+ <package>
+ <name>curl</name>
+ <range><ge>7.32.0</ge><lt>7.50.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Curl security team reports:</p>
+ <blockquote cite="https://curl.haxx.se/docs/security.html">
+ <p>CVE-2016-5419 - TLS session resumption client cert bypass</p>
+ <p>CVE-2016-5420 - Re-using connections with wrong client cert</p>
+ <p>CVE-2016-5421 - use of connection struct after free</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-5419</cvename>
+ <cvename>CVE-2016-5420</cvename>
+ <cvename>CVE-2016-5421</cvename>
+ <url>https://curl.haxx.se/docs/adv_20160803A.html</url>
+ <url>https://curl.haxx.se/docs/adv_20160803B.html</url>
+ <url>https://curl.haxx.se/docs/adv_20160803C.html</url>
+ </references>
+ <dates>
+ <discovery>2016-08-03</discovery>
+ <entry>2016-08-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ef0033ad-5823-11e6-80cc-001517f335e2">
+ <topic>lighttpd - multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>lighttpd</name>
+ <range><lt>1.4.41</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Lighttpd Project reports:</p>
+ <blockquote cite="http://www.lighttpd.net/2016/7/31/1.4.41/">
+ <p>Security fixes for Lighttpd:</p>
+ <ul>
+ <li><p>security: encode quoting chars in HTML and XML</p></li>
+ <li><p>security: ensure gid != 0 if server.username is set, but not server.groupname</p></li>
+ <li><p>security: disable stat_cache if server.follow-symlink = “disable”</p></li>
+ <li><p>security: httpoxy defense: do not emit HTTP_PROXY to CGI env</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.lighttpd.net/2016/7/31/1.4.41/</url>
+ <freebsdpr>ports/211495</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2016-07-31</discovery>
+ <entry>2016-08-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="06574c62-5854-11e6-b334-002590263bf5">
+ <topic>xen-tools -- virtio: unbounded memory allocation issue</topic>
+ <affects>
+ <package>
+ <name>xen-tools</name>
+ <range><lt>4.7.0_4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-184.html">
+ <p>A guest can submit virtio requests without bothering to wait for
+ completion and is therefore not bound by virtqueue size...</p>
+ <p>A malicious guest administrator can cause unbounded memory
+ allocation in QEMU, which can cause an Out-of-Memory condition
+ in the domain running qemu. Thus, a malicious guest administrator
+ can cause a denial of service affecting the whole host.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-5403</cvename>
+ <freebsdpr>ports/211482</freebsdpr>
+ <url>http://xenbits.xen.org/xsa/advisory-184.html</url>
+ </references>
+ <dates>
+ <discovery>2016-07-27</discovery>
+ <entry>2016-08-02</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="04cf89e3-5854-11e6-b334-002590263bf5">
+ <topic>xen-kernel -- x86: Missing SMAP whitelisting in 32-bit exception / event delivery</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><gt>4.5</gt><lt>4.7.0_3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-183.html">
+ <p>Supervisor Mode Access Prevention is a hardware feature designed
+ to make an Operating System more robust, by raising a pagefault
+ rather than accidentally following a pointer into userspace.
+ However, legitimate accesses into userspace require whitelisting,
+ and the exception delivery mechanism for 32bit PV guests wasn't
+ whitelisted.</p>
+ <p>A malicious 32-bit PV guest kernel can trigger a safety check,
+ crashing the hypervisor and causing a denial of service to other
+ VMs on the host.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-6259</cvename>
+ <freebsdpr>ports/211482</freebsdpr>
+ <url>http://xenbits.xen.org/xsa/advisory-183.html</url>
+ </references>
+ <dates>
+ <discovery>2016-07-26</discovery>
+ <entry>2016-08-02</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="032aa524-5854-11e6-b334-002590263bf5">
+ <topic>xen-kernel -- x86: Privilege escalation in PV guests</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><lt>4.7.0_3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-182.html">
+ <p>The PV pagetable code has fast-paths for making updates to
+ pre-existing pagetable entries, to skip expensive re-validation
+ in safe cases (e.g. clearing only Access/Dirty bits). The bits
+ considered safe were too broad, and not actually safe.</p>
+ <p>A malicous PV guest administrator can escalate their privilege to
+ that of the host.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-6258</cvename>
+ <freebsdpr>ports/211482</freebsdpr>
+ <url>http://xenbits.xen.org/xsa/advisory-182.html</url>
+ </references>
+ <dates>
+ <discovery>2016-07-26</discovery>
+ <entry>2016-08-02</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="cb5189eb-572f-11e6-b334-002590263bf5">
+ <topic>libidn -- mulitiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libidn</name>
+ <range><lt>1.33</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Simon Josefsson reports:</p>
+ <blockquote cite="https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html">
+ <p>libidn: Fix out-of-bounds stack read in idna_to_ascii_4i.</p>
+ <p>idn: Solve out-of-bounds-read when reading one zero byte as input.
+ Also replaced fgets with getline.</p>
+ <p>libidn: stringprep_utf8_nfkc_normalize reject invalid UTF-8. It was
+ always documented to only accept UTF-8 data, but now it doesn't
+ crash when presented with such data.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-6261</cvename>
+ <cvename>CVE-2015-8948</cvename>
+ <cvename>CVE-2016-6262</cvename>
+ <cvename>CVE-2016-6263</cvename>
+ <url>https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/07/21/4</url>
+ </references>
+ <dates>
+ <discovery>2016-07-20</discovery>
+ <entry>2016-07-31</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6fb8a90f-c9d5-4d14-b940-aed3d63c2edc">
+ <topic>The GIMP -- Use after Free vulnerability</topic>
+ <affects>
+ <package>
+ <name>gimp-app</name>
+ <range><lt>2.8.18,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The GIMP team reports:</p>
+ <blockquote cite="https://mail.gnome.org/archives/gimp-developer-list/2016-July/msg00020.html">
+ <p>A Use-after-free vulnerability was found in the xcf_load_image function.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://mail.gnome.org/archives/gimp-developer-list/2016-July/msg00020.html</url>
+ <url>https://bugzilla.gnome.org/show_bug.cgi?id=767873</url>
+ <cvename>CVE-2016-4994</cvename>
+ </references>
+ <dates>
+ <discovery>2016-06-20</discovery>
+ <entry>2016-07-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="cb09a7aa-5344-11e6-a7bd-14dae9d210b8">
+ <topic>xercesi-c3 -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>xerces-c3</name>
+ <range><lt>3.1.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Apache reports:</p>
+ <blockquote cite="https://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt">
+ <p>The Xerces-C XML parser fails to successfully parse a
+ DTD that is deeply nested, and this causes a stack overflow, which
+ makes a denial of service attack against many applications possible
+ by an unauthenticated attacker.</p>
+ <p>Also, CVE-2016-2099: Use-after-free vulnerability in
+ validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier
+ allows context-dependent attackers to have unspecified impact via an
+ invalid character in an XML document.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/05/09/7</url>
+ <cvename>CVE-2016-2099</cvename>
+ <cvename>CVE-2016-4463</cvename>
+ </references>
+ <dates>
+ <discovery>2016-05-09</discovery>
+ <entry>2016-07-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b6402385-533b-11e6-a7bd-14dae9d210b8">
+ <topic>php -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php55</name>
+ <range><lt>5.5.38</lt></range>
+ </package>
+ <package>
+ <name>php56</name>
+ <range><lt>5.6.24</lt></range>
+ </package>
+ <package>
+ <name>php70</name>
+ <range><lt>7.0.9</lt></range>
+ </package>
+ <package>
+ <name>php70-curl</name>
+ <range><lt>7.0.9</lt></range>
+ </package>
+ <package>
+ <name>php55-bz2</name>
+ <range><lt>5.5.38</lt></range>
+ </package>
+ <package>
+ <name>php56-bz2</name>
+ <range><lt>5.6.24</lt></range>
+ </package>
+ <package>
+ <name>php70-bz2</name>
+ <range><lt>7.0.9</lt></range>
+ </package>
+ <package>
+ <name>php55-exif</name>
+ <range><lt>5.5.38</lt></range>
+ </package>
+ <package>
+ <name>php56-exif</name>
+ <range><lt>5.6.24</lt></range>
+ </package>
+ <package>
+ <name>php70-exif</name>
+ <range><lt>7.0.9</lt></range>
+ </package>
+ <package>
+ <name>php55-gd</name>
+ <range><lt>5.5.38</lt></range>
+ </package>
+ <package>
+ <name>php56-gd</name>
+ <range><lt>5.6.24</lt></range>
+ </package>
+ <package>
+ <name>php70-gd</name>
+ <range><lt>7.0.9</lt></range>
+ </package>
+ <package>
+ <name>php70-mcrypt</name>
+ <range><lt>7.0.9</lt></range>
+ </package>
+ <package>
+ <name>php55-odbc</name>
+ <range><lt>5.5.38</lt></range>
+ </package>
+ <package>
+ <name>php56-odbc</name>
+ <range><lt>5.6.24</lt></range>
+ </package>
+ <package>
+ <name>php70-odbc</name>
+ <range><lt>7.0.9</lt></range>
+ </package>
+ <package>
+ <name>php55-snmp</name>
+ <range><lt>5.5.38</lt></range>
+ </package>
+ <package>
+ <name>php56-snmp</name>
+ <range><lt>5.6.24</lt></range>
+ </package>
+ <package>
+ <name>php70-snmp</name>
+ <range><lt>7.0.9</lt></range>
+ </package>
+ <package>
+ <name>php55-xmlrpc</name>
+ <range><lt>5.5.38</lt></range>
+ </package>
+ <package>
+ <name>php56-xmlrpc</name>
+ <range><lt>5.6.24</lt></range>
+ </package>
+ <package>
+ <name>php70-xmlrpc</name>
+ <range><lt>7.0.9</lt></range>
+ </package>
+ <package>
+ <name>php55-zip</name>
+ <range><lt>5.5.38</lt></range>
+ </package>
+ <package>
+ <name>php56-zip</name>
+ <range><lt>5.6.24</lt></range>
+ </package>
+ <package>
+ <name>php70-zip</name>
+ <range><lt>7.0.9</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PHP reports:</p>
+ <blockquote cite="http://www.php.net/ChangeLog-5.php#5.5.38">
+ <ul>
+ <li><p>Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns)</p></li>
+ <li><p>Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()).</p></li>
+ <li><p>Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read access).</p></li>
+ <li><p>Fixed bug #72519 (imagegif/output out-of-bounds access).</p></li>
+ <li><p>Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener).</p></li>
+ <li><p>Fixed bug #72533 (locale_accept_from_http out-of-bounds access).</p></li>
+ <li><p>Fixed bug #72541 (size_t overflow lead to heap corruption).</p></li>
+ <li><p>Fixed bug #72551, bug #72552 (Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic).</p></li>
+ <li><p>Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).</p></li>
+ <li><p>Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications).</p></li>
+ <li><p>Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).</p></li>
+ <li><p>Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).</p></li>
+ <li><p>Fixed bug #72613 (Inadequate error handling in bzread()).</p></li>
+ <li><p>Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.php.net/ChangeLog-5.php#5.5.38</url>
+ <url>http://www.php.net/ChangeLog-5.php#5.6.24</url>
+ <url>http://www.php.net/ChangeLog-7.php#7.0.8</url>
+ <url>http://seclists.org/oss-sec/2016/q3/121</url>
+ <cvename>CVE-2015-8879</cvename>
+ <cvename>CVE-2016-5385</cvename>
+ <cvename>CVE-2016-5399</cvename>
+ <cvename>CVE-2016-6288</cvename>
+ <cvename>CVE-2016-6289</cvename>
+ <cvename>CVE-2016-6290</cvename>
+ <cvename>CVE-2016-6291</cvename>
+ <cvename>CVE-2016-6292</cvename>
+ <cvename>CVE-2016-6294</cvename>
+ <cvename>CVE-2016-6295</cvename>
+ <cvename>CVE-2016-6296</cvename>
+ <cvename>CVE-2016-6297</cvename>
+ </references>
+ <dates>
+ <discovery>2016-07-21</discovery>
+ <entry>2016-07-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6fae9fe1-5048-11e6-8aa7-3065ec8fd3ec">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>52.0.2743.82</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="https://googlechromereleases.blogspot.nl/2016/07/stable-channel-update.html">
+ <p>48 security fixes in this release, including:</p>
+ <ul>
+ <li>[610600] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to
+ Pinkie Pie xisigr of Tencent's Xuanwu Lab</li>
+ <li>[613949] High CVE-2016-1708: Use-after-free in Extensions.
+ Credit to Adam Varsan</li>
+ <li>[614934] High CVE-2016-1709: Heap-buffer-overflow in sfntly.
+ Credit to ChenQin of Topsec Security Team</li>
+ <li>[616907] High CVE-2016-1710: Same-origin bypass in Blink.
+ Credit to Mariusz Mlynski</li>
+ <li>[617495] High CVE-2016-1711: Same-origin bypass in Blink.
+ Credit to Mariusz Mlynski</li>
+ <li>[618237] High CVE-2016-5127: Use-after-free in Blink. Credit
+ to cloudfuzzer</li>
+ <li>[619166] High CVE-2016-5128: Same-origin bypass in V8. Credit
+ to Anonymous</li>
+ <li>[620553] High CVE-2016-5129: Memory corruption in V8. Credit to
+ Jeonghoon Shin</li>
+ <li>[623319] High CVE-2016-5130: URL spoofing. Credit to Wadih
+ Matar</li>
+ <li>[623378] High CVE-2016-5131: Use-after-free in libxml. Credit
+ to Nick Wellnhofer</li>
+ <li>[607543] Medium CVE-2016-5132: Limited same-origin bypass in
+ Service Workers. Credit to Ben Kelly</li>
+ <li>[613626] Medium CVE-2016-5133: Origin confusion in proxy
+ authentication. Credit to Patch Eudor</li>
+ <li>[593759] Medium CVE-2016-5134: URL leakage via PAC script.
+ Credit to Paul Stone</li>
+ <li>[605451] Medium CVE-2016-5135: Content-Security-Policy bypass.
+ Credit to kingxwy</li>
+ <li>[625393] Medium CVE-2016-5136: Use after free in extensions.
+ Credit to Rob Wu</li>
+ <li>[625945] Medium CVE-2016-5137: History sniffing with HSTS and
+ CSP. Credit to Xiaoyin Liu</li>
+ <li>[629852] CVE-2016-1705: Various fixes from internal audits,
+ fuzzing and other initiatives.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1705</cvename>
+ <cvename>CVE-2016-1706</cvename>
+ <cvename>CVE-2016-1708</cvename>
+ <cvename>CVE-2016-1709</cvename>
+ <cvename>CVE-2016-1710</cvename>
+ <cvename>CVE-2016-1711</cvename>
+ <cvename>CVE-2016-5127</cvename>
+ <cvename>CVE-2016-5128</cvename>
+ <cvename>CVE-2016-5129</cvename>
+ <cvename>CVE-2016-5130</cvename>
+ <cvename>CVE-2016-5131</cvename>
+ <cvename>CVE-2016-5132</cvename>
+ <cvename>CVE-2016-5133</cvename>
+ <cvename>CVE-2016-5134</cvename>
+ <cvename>CVE-2016-5135</cvename>
+ <cvename>CVE-2016-5136</cvename>
+ <cvename>CVE-2016-5137</cvename>
+ <url>https://googlechromereleases.blogspot.nl/2016/07/stable-channel-update.html</url>
+ </references>
+ <dates>
+ <discovery>2016-07-20</discovery>
+ <entry>2016-07-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="62d45229-4fa0-11e6-9d13-206a8a720317">
+ <topic>krb5 -- KDC denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>krb5-113</name>
+ <range><lt>1.13.6</lt></range>
+ </package>
+ <package>
+ <name>krb5-114</name>
+ <range><lt>1.14.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Major changes in krb5 1.14.3 and krb5 1.13.6:</p>
+ <blockquote cite="http://web.mit.edu/kerberos/krb5-1.14/">
+ <p>Fix a rare KDC denial of service vulnerability when anonymous
+ client principals are restricted to obtaining TGTs only
+ [CVE-2016-3120] .</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-3120</cvename>
+ <url>http://web.mit.edu/kerberos/krb5-1.14/</url>
+ </references>
+ <dates>
+ <discovery>2016-07-20</discovery>
+ <entry>2016-07-21</entry>
+ <modified>2016-07-26</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="72f71e26-4f69-11e6-ac37-ac9e174be3af">
+ <topic>Apache OpenOffice 4.1.2 -- Memory Corruption Vulnerability (Impress Presentations)</topic>
+ <affects>
+ <package>
+ <name>apache-openoffice</name>
+ <range><lt>4.1.2_8</lt></range>
+ </package>
+ <package>
+ <name>apache-openoffice-devel</name>
+ <range><lt>4.2.1753426,4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Apache OpenOffice Project reports:</p>
+ <blockquote cite="http://www.openoffice.org/security/cves/CVE-2016-1513.html">
+ <p>An OpenDocument Presentation .ODP or Presentation Template
+ .OTP file can contain invalid presentation elements that lead
+ to memory corruption when the document is loaded in Apache
+ OpenOffice Impress. The defect may cause the document to appear
+ as corrupted and OpenOffice may crash in a recovery-stuck mode
+ requiring manual intervention. A crafted exploitation of the
+ defect can allow an attacker to cause denial of service
+ (memory corruption and application crash) and possible
+ execution of arbitrary code.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1513</cvename>
+ <url>http://www.openoffice.org/security/cves/CVE-2015-4551.html</url>
+ </references>
+ <dates>
+ <discovery>2016-07-17</discovery>
+ <entry>2016-07-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ca5cb202-4f51-11e6-b2ec-b499baebfeaf">
+ <topic>MySQL -- Multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mariadb55-server</name>
+ <range><le>5.5.49</le></range>
+ </package>
+ <package>
+ <name>mariadb100-server</name>
+ <range><le>10.0.25</le></range>
+ </package>
+ <package>
+ <name>mariadb101-server</name>
+ <range><le>10.1.14</le></range>
+ </package>
+ <package>
+ <name>mysql55-server</name>
+ <range><le>5.5.49</le></range>
+ </package>
+ <package>
+ <name>mysql56-server</name>
+ <range><lt>5.6.30</lt></range>
+ </package>
+ <package>
+ <name>mysql57-server</name>
+ <range><lt>5.7.12_1</lt></range>
+ </package>
+ <package>
+ <name>percona55-server</name>
+ <range><le>5.5.49</le></range>
+ </package>
+ <package>
+ <name>percona56-server</name>
+ <range><le>5.6.30</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Oracle reports:</p>
+ <blockquote cite="http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL">
+ <p>The quarterly Critical Patch Update contains 22 new security fixes for
+ Oracle MySQL 5.5.49, 5.6.30, 5.7.13 and earlier</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL</url>
+ <cvename>CVE-2016-3477</cvename>
+ <cvename>CVE-2016-3440</cvename>
+ <cvename>CVE-2016-2105</cvename>
+ <cvename>CVE-2016-3471</cvename>
+ <cvename>CVE-2016-3486</cvename>
+ <cvename>CVE-2016-3501</cvename>
+ <cvename>CVE-2016-3518</cvename>
+ <cvename>CVE-2016-3521</cvename>
+ <cvename>CVE-2016-3588</cvename>
+ <cvename>CVE-2016-3615</cvename>
+ <cvename>CVE-2016-3614</cvename>
+ <cvename>CVE-2016-5436</cvename>
+ <cvename>CVE-2016-3459</cvename>
+ <cvename>CVE-2016-5437</cvename>
+ <cvename>CVE-2016-3424</cvename>
+ <cvename>CVE-2016-5439</cvename>
+ <cvename>CVE-2016-5440</cvename>
+ <cvename>CVE-2016-5441</cvename>
+ <cvename>CVE-2016-5442</cvename>
+ <cvename>CVE-2016-5443</cvename>
+ <cvename>CVE-2016-5444</cvename>
+ <cvename>CVE-2016-3452</cvename>
+ </references>
+ <dates>
+ <discovery>2016-07-20</discovery>
+ <entry>2016-07-21</entry>
+ <modified>2016-08-08</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="3caf4e6c-4cef-11e6-a15f-00248c0c745d">
+ <topic>typo3 -- Missing access check in Extbase</topic>
+ <affects>
+ <package>
+ <name>typo3</name>
+ <range><lt>7.6.8</lt></range>
+ </package>
+ <package>
+ <name>typo3-lts</name>
+ <range><lt>6.2.24</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>TYPO3 reports:</p>
+ <blockquote cite="https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/">
+ <p>Extbase request handling fails to implement a proper access check for
+ requested controller/ action combinations, which makes it possible for an
+ attacker to execute arbitrary Extbase actions by crafting a special request. To
+ successfully exploit this vulnerability, an attacker must have access to at
+ least one Extbase plugin or module action in a TYPO3 installation. The missing
+ access check inevitably leads to information disclosure or remote code
+ execution, depending on the action that an attacker is able to execute.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-5091</cvename>
+ <url>https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/</url>
+ <url>https://wiki.typo3.org/TYPO3_CMS_7.6.8</url>
+ <url>https://wiki.typo3.org/TYPO3_CMS_6.2.24</url>
+ </references>
+ <dates>
+ <discovery>2016-05-24</discovery>
+ <entry>2016-07-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="cf0b5668-4d1b-11e6-b2ec-b499baebfeaf">
+ <cancelled/>
+ </vuln>
+
+ <vuln vid="00cb1469-4afc-11e6-97ea-002590263bf5">
+ <topic>atutor -- multiple vulnerabilites</topic>
+ <affects>
+ <package>
+ <name>atutor</name>
+ <range><lt>2.2.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ATutor reports:</p>
+ <blockquote cite="https://github.com/atutor/ATutor/releases/tag/atutor_2_2_2">
+ <p>Security Fixes: Added a new layer of security over all php
+ superglobals, fixed several XSS, CSRF, and SQL injection
+ vulnerabilities.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/atutor/ATutor/releases/tag/atutor_2_2_2</url>
+ </references>
+ <dates>
+ <discovery>2016-07-01</discovery>
+ <entry>2016-07-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ffa8ca79-4afb-11e6-97ea-002590263bf5">
+ <topic>atutor -- multiple vulnerabilites</topic>
+ <affects>
+ <package>
+ <name>atutor</name>
+ <range><lt>2.2.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ATutor reports:</p>
+ <blockquote cite="https://github.com/atutor/ATutor/releases/tag/atutor_2_2_1">
+ <p>Security Fixes: A number of minor XSS vulnerabilities discovered in
+ the previous version of ATutor have been corrected.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/atutor/ATutor/releases/tag/atutor_2_2_1</url>
+ </references>
+ <dates>
+ <discovery>2016-01-30</discovery>
+ <entry>2016-07-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a522d6ac-4aed-11e6-97ea-002590263bf5">
+ <topic>flash -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>linux-c6-flashplugin</name>
+ <name>linux-c6_64-flashplugin</name>
+ <name>linux-f10-flashplugin</name>
+ <range><lt>11.2r202.632</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb16-25.htmL">
+ <p>These updates resolve a race condition vulnerability that could
+ lead to information disclosure (CVE-2016-4247).</p>
+ <p>These updates resolve type confusion vulnerabilities that could
+ lead to code execution (CVE-2016-4223, CVE-2016-4224,
+ CVE-2016-4225).</p>
+ <p>These updates resolve use-after-free vulnerabilities that could
+ lead to code execution (CVE-2016-4173, CVE-2016-4174, CVE-2016-4222,
+ CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229,
+ CVE-2016-4230, CVE-2016-4231, CVE-2016-4248).</p>
+ <p>These updates resolve a heap buffer overflow vulnerability that
+ could lead to code execution (CVE-2016-4249).</p>
+ <p>These updates resolve memory corruption vulnerabilities that could
+ lead to code execution (CVE-2016-4172, CVE-2016-4175, CVE-2016-4179,
+ CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183,
+ CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187,
+ CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217,
+ CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221,
+ CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236,
+ CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240,
+ CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244,
+ CVE-2016-4245, CVE-2016-4246).</p>
+ <p>These updates resolve a memory leak vulnerability (CVE-2016-4232).
+ </p>
+ <p>These updates resolve stack corruption vulnerabilities that could
+ lead to code execution (CVE-2016-4176, CVE-2016-4177).</p>
+ <p>These updates resolve a security bypass vulnerability that could
+ lead to information disclosure (CVE-2016-4178).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4172</cvename>
+ <cvename>CVE-2016-4173</cvename>
+ <cvename>CVE-2016-4174</cvename>
+ <cvename>CVE-2016-4175</cvename>
+ <cvename>CVE-2016-4176</cvename>
+ <cvename>CVE-2016-4177</cvename>
+ <cvename>CVE-2016-4178</cvename>
+ <cvename>CVE-2016-4179</cvename>
+ <cvename>CVE-2016-4180</cvename>
+ <cvename>CVE-2016-4181</cvename>
+ <cvename>CVE-2016-4182</cvename>
+ <cvename>CVE-2016-4183</cvename>
+ <cvename>CVE-2016-4184</cvename>
+ <cvename>CVE-2016-4185</cvename>
+ <cvename>CVE-2016-4186</cvename>
+ <cvename>CVE-2016-4187</cvename>
+ <cvename>CVE-2016-4188</cvename>
+ <cvename>CVE-2016-4189</cvename>
+ <cvename>CVE-2016-4190</cvename>
+ <cvename>CVE-2016-4217</cvename>
+ <cvename>CVE-2016-4218</cvename>
+ <cvename>CVE-2016-4219</cvename>
+ <cvename>CVE-2016-4220</cvename>
+ <cvename>CVE-2016-4221</cvename>
+ <cvename>CVE-2016-4222</cvename>
+ <cvename>CVE-2016-4223</cvename>
+ <cvename>CVE-2016-4224</cvename>
+ <cvename>CVE-2016-4225</cvename>
+ <cvename>CVE-2016-4226</cvename>
+ <cvename>CVE-2016-4227</cvename>
+ <cvename>CVE-2016-4228</cvename>
+ <cvename>CVE-2016-4229</cvename>
+ <cvename>CVE-2016-4230</cvename>
+ <cvename>CVE-2016-4231</cvename>
+ <cvename>CVE-2016-4232</cvename>
+ <cvename>CVE-2016-4233</cvename>
+ <cvename>CVE-2016-4234</cvename>
+ <cvename>CVE-2016-4235</cvename>
+ <cvename>CVE-2016-4236</cvename>
+ <cvename>CVE-2016-4237</cvename>
+ <cvename>CVE-2016-4238</cvename>
+ <cvename>CVE-2016-4239</cvename>
+ <cvename>CVE-2016-4240</cvename>
+ <cvename>CVE-2016-4241</cvename>
+ <cvename>CVE-2016-4242</cvename>
+ <cvename>CVE-2016-4243</cvename>
+ <cvename>CVE-2016-4244</cvename>
+ <cvename>CVE-2016-4245</cvename>
+ <cvename>CVE-2016-4246</cvename>
+ <cvename>CVE-2016-4247</cvename>
+ <cvename>CVE-2016-4248</cvename>
+ <cvename>CVE-2016-4249</cvename>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb16-25.html</url>
+ </references>
+ <dates>
+ <discovery>2016-07-12</discovery>
+ <entry>2016-07-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="61b8c359-4aab-11e6-a7bd-14dae9d210b8">
+ <topic>Apache Commons FileUpload -- denial of service</topic>
+ <affects>
+ <package>
+ <name>tomcat6</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>tomcat7</name>
+ <range><lt>7.0.70</lt></range>
+ </package>
+ <package>
+ <name>tomcat8</name>
+ <range><lt>8.0.36</lt></range>
+ </package>
+ <package>
+ <name>apache-struts</name>
+ <range><le>2.5.2</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jochen Wiedmann reports:</p>
+ <blockquote cite="http://jvn.jp/en/jp/JVN89379547/index.html">
+ <p>A malicious client can send file upload requests that cause
+ the HTTP server using the Apache Commons Fileupload library to become
+ unresponsive, preventing the server from servicing other requests.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://jvn.jp/en/jp/JVN89379547/index.html</url>
+ <url>http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E</url>
+ <cvename>CVE-2016-3092</cvename>
+ </references>
+ <dates>
+ <discovery>2016-06-21</discovery>
+ <entry>2016-07-15</entry>
+ <modified>2016-07-15</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="3159cd70-4aaa-11e6-a7bd-14dae9d210b8">
+ <topic>libreoffice -- use-after-free vulnerability</topic>
+ <affects>
+ <package>
+ <name>libreoffice</name>
+ <range><lt>5.1.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Talos reports:</p>
+ <blockquote cite="http://www.talosintelligence.com/reports/TALOS-2016-0126/">
+ <p>An exploitable Use After Free vulnerability exists in the
+ RTF parser LibreOffice. A specially crafted file can cause a use after
+ free resulting in a possible arbitrary code execution. To exploit the
+ vulnerability a malicious file needs to be opened by the user via
+ vulnerable application.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.talosintelligence.com/reports/TALOS-2016-0126/</url>
+ <url>http://www.libreoffice.org/about-us/security/advisories/cve-2016-4324/</url>
+ <cvename>CVE-2016-4324</cvename>
+ </references>
+ <dates>
+ <discovery>2016-06-27</discovery>
+ <entry>2016-07-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c17fe91d-4aa6-11e6-a7bd-14dae9d210b8">
+ <cancelled/>
+ </vuln>
+
+ <vuln vid="0ab66088-4aa5-11e6-a7bd-14dae9d210b8">
+ <topic>tiff -- buffer overflow</topic>
+ <affects>
+ <package>
+ <name>tiff</name>
+ <range><lt>4.0.6_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mathias Svensson reports:</p>
+ <blockquote cite="https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2">
+ <p>potential buffer write overrun in PixarLogDecode() on
+ corrupted/unexpected images</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2</url>
+ <cvename>CVE-2016-5875</cvename>
+ </references>
+ <dates>
+ <discovery>2016-06-28</discovery>
+ <entry>2016-07-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="42ecf370-4aa4-11e6-a7bd-14dae9d210b8">
+ <topic>tiff -- denial of service</topic>
+ <affects>
+ <package>
+ <name>tiff</name>
+ <range><lt>4.0.6_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Aladdin Mubaied reports:</p>
+ <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=1319503">
+ <p>Buffer-overflow in gif2tiff utility</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=1319503</url>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=1319666</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/03/30/2</url>
+ <cvename>CVE-2016-3186</cvename>
+ </references>
+ <dates>
+ <discovery>2016-03-20</discovery>
+ <entry>2016-07-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d706a3a3-4a7c-11e6-97f7-5453ed2e2b49">
+ <topic>p7zip -- out-of-bounds read vulnerability</topic>
+ <affects>
+ <package>
+ <name>p7zip</name>
+ <range><lt>15.14_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Cisco Talos reports:</p>
+ <blockquote cite="http://www.talosintelligence.com/reports/TALOS-2016-0094/">
+ <p>An out-of-bounds read vulnerability exists in the way 7-Zip
+ handles Universal Disk Format (UDF) files.</p>
+ <p>Central to 7-Zip’s processing of UDF files is the
+ CInArchive::ReadFileItem method. Because volumes can have more than
+ one partition map, their objects are kept in an object vector. To
+ start looking for an item, this method tries to reference the proper
+ object using the partition map’s object vector and the "PartitionRef"
+ field from the Long Allocation Descriptor. Lack of checking whether
+ the "PartitionRef" field is bigger than the available amount of
+ partition map objects causes a read out-of-bounds and can lead, in
+ some circumstances, to arbitrary code execution.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2335</cvename>
+ <url>http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html</url>
+ </references>
+ <dates>
+ <discovery>2016-05-11</discovery>
+ <entry>2016-07-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a9bcaf57-4a7b-11e6-97f7-5453ed2e2b49">
+ <topic>p7zip -- heap overflow vulnerability</topic>
+ <affects>
+ <package>
+ <name>p7zip</name>
+ <range><lt>15.14_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Cisco Talos reports:</p>
+ <blockquote cite="http://www.talosintelligence.com/reports/TALOS-2016-0093/">
+ <p>An exploitable heap overflow vulnerability exists in the
+ NArchive::NHfs::CHandler::ExtractZlibFile method functionality of
+ 7zip that can lead to arbitrary code execution.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2334</cvename>
+ <url>http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html</url>
+ </references>
+ <dates>
+ <discovery>2016-05-11</discovery>
+ <entry>2016-07-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4729c849-4897-11e6-b704-000c292e4fd8">
+ <topic>samba -- client side SMB2/3 required signing can be downgraded</topic>
+ <affects>
+ <package>
+ <name>samba4</name>
+ <range><ge>4.0.0</ge><le>4.0.26</le></range>
+ </package>
+ <package>
+ <name>samba41</name>
+ <range><ge>4.1.0</ge><le>4.1.23</le></range>
+ </package>
+ <package>
+ <name>samba42</name>
+ <range><ge>4.2.0</ge><lt>4.2.14</lt></range>
+ </package>
+ <package>
+ <name>samba43</name>
+ <range><ge>4.3.0</ge><lt>4.3.11</lt></range>
+ </package>
+ <package>
+ <name>samba44</name>
+ <range><ge>4.4.0</ge><lt>4.4.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Samba team reports:</p>
+ <blockquote cite="https://www.samba.org/samba/security/CVE-2016-2119.html">
+ <p>A man in the middle attack can disable client signing over
+ SMB2/3, even if enforced by configuration parameters.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2119</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2016-2119.html</url>
+ </references>
+ <dates>
+ <discovery>2016-07-07</discovery>
+ <entry>2016-07-13</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3fcd52b2-4510-11e6-a15f-00248c0c745d">
+ <topic>ruby-saml -- XML signature wrapping attack</topic>
+ <affects>
+ <package>
+ <name>rubygem-ruby-saml</name>
+ <range><lt>1.3.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>RubySec reports:</p>
+ <blockquote cite="http://rubysec.com/advisories/CVE-2016-5697/">
+ <p>ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack
+ in the specific scenario where there was a signature that referenced at the same
+ time 2 elements (but past the scheme validator process since 1 of the element was
+ inside the encrypted assertion).</p>
+ <p>ruby-saml users must update to 1.3.0, which implements 3 extra validations to
+ mitigate this kind of attack.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-5697</cvename>
+ <url>http://rubysec.com/advisories/CVE-2016-5697/</url>
+ <url>https://github.com/onelogin/ruby-saml/commit/a571f52171e6bfd87db59822d1d9e8c38fb3b995</url>
+ </references>
+ <dates>
+ <discovery>2016-06-24</discovery>
+ <entry>2016-07-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7d64d00c-43e3-11e6-ab34-002590263bf5">
+ <topic>quassel -- remote denial of service</topic>
+ <affects>
+ <package>
+ <name>quassel</name>
+ <range><lt>0.12.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mitre reports:</p>
+ <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4414">
+ <p>The onReadyRead function in core/coreauthhandler.cpp in Quassel
+ before 0.12.4 allows remote attackers to cause a denial of service
+ (NULL pointer dereference and crash) via invalid handshake data.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4414</cvename>
+ <url>http://quassel-irc.org/node/129</url>
+ <url>https://github.com/quassel/quassel/commit/e678873</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/04/30/2</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/04/30/4</url>
+ </references>
+ <dates>
+ <discovery>2016-04-24</discovery>
+ <entry>2016-07-07</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e9d1e040-42c9-11e6-9608-20cf30e32f6d">
+ <topic>apache24 -- X509 Client certificate based authentication can be bypassed when HTTP/2 is used</topic>
+ <affects>
+ <package>
+ <name>apache24</name>
+ <range><ge>2.4.18</ge><lt>2.4.23</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Apache Software Foundation reports:</p>
+ <blockquote cite="INSERT URL HERE">
+ <p>The Apache HTTPD web server (from 2.4.18-2.4.20) did not validate a X509
+ client certificate correctly when experimental module for the HTTP/2
+ protocol is used to access a resource.</p>
+ <p>The net result is that a resource that should require a valid client
+ certificate in order to get access can be accessed without that credential.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4979</cvename>
+ <url>http://mail-archives.apache.org/mod_mbox/httpd-announce/201607.mbox/CVE-2016-4979-68283</url>
+ </references>
+ <dates>
+ <discovery>2016-07-01</discovery>
+ <entry>2016-07-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e800cd4b-4212-11e6-942d-bc5ff45d0f28">
+ <topic>xen-tools -- Unrestricted qemu logging</topic>
+ <affects>
+ <package>
+ <name>xen-tools</name>
+ <range><lt>4.7.0_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-180.html">
+ <p>When the libxl toolstack launches qemu for HVM guests, it pipes the
+ output of stderr to a file in /var/log/xen. This output is not
+ rate-limited in any way. The guest can easily cause qemu to print
+ messages to stderr, causing this file to become arbitrarily large.
+ </p>
+ <p>The disk containing the logfile can be exausted, possibly causing a
+ denial-of-service (DoS).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-3672</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-180.html</url>
+ </references>
+ <dates>
+ <discovery>2016-05-23</discovery>
+ <entry>2016-07-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e6ce6f50-4212-11e6-942d-bc5ff45d0f28">
+ <topic>xen-tools -- QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks</topic>
+ <affects>
+ <package>
+ <name>xen-tools</name>
+ <range><lt>4.7.0_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-179.html">
+ <p>Qemu VGA module allows banked access to video memory using the
+ window at 0xa00000 and it supports different access modes with
+ different address calculations.</p>
+ <p>Qemu VGA module allows guest to edit certain registers in 'vbe'
+ and 'vga' modes.</p>
+ <p>A privileged guest user could use CVE-2016-3710 to exceed the bank
+ address window and write beyond the said memory area, potentially
+ leading to arbitrary code execution with privileges of the Qemu
+ process. If the system is not using stubdomains, this will be in
+ domain 0.</p>
+ <p>A privileged guest user could use CVE-2016-3712 to cause potential
+ integer overflow or OOB read access issues in Qemu, resulting in a DoS
+ of the guest itself. More dangerous effect, such as data leakage or
+ code execution, are not known but cannot be ruled out.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-3710</cvename>
+ <cvename>CVE-2016-3712</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-179.html</url>
+ </references>
+ <dates>
+ <discovery>2016-05-09</discovery>
+ <entry>2016-07-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e589ae90-4212-11e6-942d-bc5ff45d0f28">
+ <topic>xen-tools -- Unsanitised driver domain input in libxl device handling</topic>
+ <affects>
+ <package>
+ <name>xen-tools</name>
+ <range><lt>4.7.0_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-178.html">
+ <p>libxl's device-handling code freely uses and trusts information
+ from the backend directories in xenstore.</p>
+ <p>A malicious driver domain can deny service to management tools.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4963</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-178.html</url>
+ </references>
+ <dates>
+ <discovery>2016-06-02</discovery>
+ <entry>2016-07-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e43b210a-4212-11e6-942d-bc5ff45d0f28">
+ <topic>xen-kernel -- x86 software guest page walk PS bit handling flaw</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><lt>4.7.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-176.html">
+ <p>The Page Size (PS) page table entry bit exists at all page table
+ levels other than L1. Its meaning is reserved in L4, and
+ conditionally reserved in L3 and L2 (depending on hardware
+ capabilities). The software page table walker in the hypervisor,
+ however, so far ignored that bit in L4 and (on respective hardware)
+ L3 entries, resulting in pages to be treated as page tables which
+ the guest OS may not have designated as such. If the page in
+ question is writable by an unprivileged user, then that user will
+ be able to map arbitrary guest memory.</p>
+ <p>On vulnerable OSes, guest user mode code may be able to establish
+ mappings of arbitrary memory inside the guest, allowing it to
+ elevate its privileges inside the guest.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4480</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-176.html</url>
+ </references>
+ <dates>
+ <discovery>2016-05-17</discovery>
+ <entry>2016-07-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e2fca11b-4212-11e6-942d-bc5ff45d0f28">
+ <topic>xen-tools -- Unsanitised guest input in libxl device handling code</topic>
+ <affects>
+ <package>
+ <name>xen-tools</name>
+ <range><lt>4.7.0_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-175.html">
+ <p>Various parts of libxl device-handling code inappropriately use
+ information from (partially) guest controlled areas of xenstore.</p>
+ <p>A malicious guest administrator can cause denial of service by
+ resource exhaustion.</p>
+ <p>A malicious guest administrator can confuse and/or deny service to
+ management facilities.</p>
+ <p>A malicious guest administrator of a guest configured with channel
+ devices may be able to escalate their privilege to that of the
+ backend domain (i.e., normally, to that of the host).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4962</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-175.html</url>
+ </references>
+ <dates>
+ <discovery>2016-06-02</discovery>
+ <entry>2016-07-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d51ced72-4212-11e6-942d-bc5ff45d0f28">
+ <topic>xen-kernel -- x86 shadow pagetables: address width overflow</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><ge>3.4</ge><lt>4.7.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-173.html">
+ <p>In the x86 shadow pagetable code, the guest frame number of a
+ superpage mapping is stored in a 32-bit field. If a shadowed guest
+ can cause a superpage mapping of a guest-physical address at or
+ above 2^44 to be shadowed, the top bits of the address will be lost,
+ causing an assertion failure or NULL dereference later on, in code
+ that removes the shadow.</p>
+ <p>A HVM guest using shadow pagetables can cause the host to crash.
+ </p>
+ <p>A PV guest using shadow pagetables (i.e. being migrated) with PV
+ superpages enabled (which is not the default) can crash the host, or
+ corrupt hypervisor memory, and so a privilege escalation cannot be
+ ruled out.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-3960</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-173.html</url>
+ </references>
+ <dates>
+ <discovery>2016-04-18</discovery>
+ <entry>2016-07-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="313e9557-41e8-11e6-ab34-002590263bf5">
+ <topic>wireshark -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wireshark</name>
+ <name>wireshark-lite</name>
+ <name>wireshark-qt5</name>
+ <name>tshark</name>
+ <name>tshark-lite</name>
+ <range><lt>2.0.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Wireshark development team reports:</p>
+ <blockquote cite="https://www.wireshark.org/docs/relnotes/wireshark-2.0.4.html">
+ <p>The following vulnerabilities have been fixed:</p>
+ <ul>
+ <li><p>wnpa-sec-2016-29</p>
+ <p>The SPOOLS dissector could go into an infinite loop. Discovered
+ by the CESG.</p></li>
+ <li><p>wnpa-sec-2016-30</p>
+ <p>The IEEE 802.11 dissector could crash. (Bug 11585)</p></li>
+ <li><p>wnpa-sec-2016-31</p>
+ <p>The IEEE 802.11 dissector could crash. Discovered by Mateusz
+ Jurczyk. (Bug 12175)</p></li>
+ <li><p>wnpa-sec-2016-32</p>
+ <p>The UMTS FP dissector could crash. (Bug 12191)</p></li>
+ <li><p>wnpa-sec-2016-33</p>
+ <p>Some USB dissectors could crash. Discovered by Mateusz
+ Jurczyk. (Bug 12356)</p></li>
+ <li><p>wnpa-sec-2016-34</p>
+ <p>The Toshiba file parser could crash. Discovered by iDefense
+ Labs. (Bug 12394)</p></li>
+ <li><p>wnpa-sec-2016-35</p>
+ <p>The CoSine file parser could crash. Discovered by iDefense
+ Labs. (Bug 12395)</p></li>
+ <li><p>wnpa-sec-2016-36</p>
+ <p>The NetScreen file parser could crash. Discovered by iDefense
+ Labs. (Bug 12396)</p></li>
+ <li><p>wnpa-sec-2016-37</p>
+ <p>The Ethernet dissector could crash. (Bug 12440)</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-5350</cvename>
+ <cvename>CVE-2016-5351</cvename>
+ <cvename>CVE-2016-5352</cvename>
+ <cvename>CVE-2016-5353</cvename>
+ <cvename>CVE-2016-5354</cvename>
+ <cvename>CVE-2016-5355</cvename>
+ <cvename>CVE-2016-5356</cvename>
+ <cvename>CVE-2016-5357</cvename>
+ <cvename>CVE-2016-5358</cvename>
+ <url>https://www.wireshark.org/docs/relnotes/wireshark-2.0.4.html</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/06/09/4</url>
+ </references>
+ <dates>
+ <discovery>2016-06-07</discovery>
+ <entry>2016-07-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="8656cf5f-4170-11e6-8dfe-002590263bf5">
+ <topic>moodle -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>moodle28</name>
+ <range><lt>2.8.12</lt></range>
+ </package>
+ <package>
+ <name>moodle29</name>
+ <range><lt>2.9.6</lt></range>
+ </package>
+ <package>
+ <name>moodle30</name>
+ <range><lt>3.0.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Marina Glancy reports:</p>
+ <blockquote cite="https://moodle.org/security/">
+ <ul>
+ <li><p>MSA-16-0013: Users are able to change profile fields that
+ were locked by the administrator.</p></li>
+ <li><p>MSA-16-0015: Information disclosure of hidden forum names
+ and sub-names.</p></li>
+ <li><p>MSA-16-0016: User can view badges of other users without
+ proper permissions.</p></li>
+ <li><p>MSA-16-0017: Course idnumber not protected from teacher
+ restore.</p></li>
+ <li><p>MSA-16-0018: CSRF in script marking forum posts as read.</p>
+ </li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-3729</cvename>
+ <cvename>CVE-2016-3731</cvename>
+ <cvename>CVE-2016-3732</cvename>
+ <cvename>CVE-2016-3733</cvename>
+ <cvename>CVE-2016-3734</cvename>
+ <url>https://moodle.org/security/</url>
+ </references>
+ <dates>
+ <discovery>2016-05-18</discovery>
+ <entry>2016-07-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ad9b77f6-4163-11e6-b05b-14dae9d210b8">
+ <topic>icingaweb2 -- remote code execution</topic>
+ <affects>
+ <package>
+ <name>icingaweb2</name>
+ <range><lt>2.3.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Eric Lippmann reports:</p>
+ <blockquote cite="https://www.icinga.org/2016/06/23/icinga-web-2-v2-3-4-v2-2-2-and-v2-1-4-releases/">
+ <p>Possibility of remote code execution via the remote command
+ transport.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.icinga.org/2016/06/23/icinga-web-2-v2-3-4-v2-2-2-and-v2-1-4-releases/</url>
+ </references>
+ <dates>
+ <discovery>2016-06-23</discovery>
+ <entry>2016-07-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a5c204b5-4153-11e6-8dfe-002590263bf5">
+ <topic>hive -- authorization logic vulnerability</topic>
+ <affects>
+ <package>
+ <name>hive</name>
+ <range><lt>2.0.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Sushanth Sowmyan reports:</p>
+ <blockquote cite="http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3E">
+ <p>Some partition-level operations exist that do not explicitly also
+ authorize privileges of the parent table. This can lead to issues when
+ the parent table would have denied the operation, but no denial occurs
+ because the partition-level privilege is not checked by the
+ authorization framework, which defines authorization entities only
+ from the table level upwards.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7521</cvename>
+ <url>http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3E</url>
+ </references>
+ <dates>
+ <discovery>2016-01-28</discovery>
+ <entry>2016-07-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="546deeea-3fc6-11e6-a671-60a44ce6887b">
+ <topic>SQLite3 -- Tempdir Selection Vulnerability</topic>
+ <affects>
+ <package>
+ <name>sqlite3</name>
+ <range><lt>3.13.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>KoreLogic security reports:</p>
+ <blockquote cite="https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt">
+ <p>Affected versions of SQLite reject potential tempdir locations if
+ they are not readable, falling back to '.'. Thus, SQLite will favor
+ e.g. using cwd for tempfiles on such a system, even if cwd is an
+ unsafe location. Notably, SQLite also checks the permissions of
+ '.', but ignores the results of that check.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-6153</cvename>
+ <freebsdpr>ports/209827</freebsdpr>
+ <url>https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt</url>
+ <url>http://openwall.com/lists/oss-security/2016/07/01/2</url>
+ <url>http://www.sqlite.org/cgi/src/info/67985761aa93fb61</url>
+ <url>http://www.sqlite.org/cgi/src/info/b38fe522cfc971b3</url>
+ <url>http://www.sqlite.org/cgi/src/info/614bb709d34e1148</url>
+ </references>
+ <dates>
+ <discovery>2016-07-01</discovery>
+ <entry>2016-07-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="8d5368ef-40fe-11e6-b2ec-b499baebfeaf">
+ <topic>Python -- smtplib StartTLS stripping vulnerability</topic>
+ <affects>
+ <package>
+ <name>python27</name>
+ <range><lt>2.7.12</lt></range>
+ </package>
+ <package>
+ <name>python33</name>
+ <range><gt>0</gt></range>
+ </package>
+ <package>
+ <name>python34</name>
+ <range><lt>3.4.5</lt></range>
+ </package>
+ <package>
+ <name>python35</name>
+ <range><lt>3.5.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Red Hat reports:</p>
+ <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0772">
+ <p>A vulnerability in smtplib allowing MITM attacker to perform a
+ startTLS stripping attack. smtplib does not seem to raise an exception
+ when the remote end (smtp server) is capable of negotiating starttls but
+ fails to respond with 220 (ok) to an explicit call of SMTP.starttls().
+ This may allow a malicious MITM to perform a startTLS stripping attack
+ if the client code does not explicitly check the response code for startTLS.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0772</url>
+ <cvename>CVE-2016-0772</cvename>
+ </references>
+ <dates>
+ <discovery>2016-06-14</discovery>
+ <entry>2016-07-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e7028e1d-3f9b-11e6-81f9-6805ca0b3d42">
+ <topic>phpMyAdmin -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>phpmyadmin</name>
+ <range><ge>4.6.0</ge><lt>4.6.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMYAdmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-17/">
+ <h3>Summary</h3>
+ <p>BBCode injection vulnerability</p>
+
+ <h3>Description</h3>
+ <p>A vulnerability was discovered that allows an BBCode
+ injection to setup script in case it's not accessed on
+ https.</p>
+
+ <h3>Severity</h3>
+ <p>We consider this to be non-critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-18/">
+ <h3>Summary</h3>
+ <p>Cookie attribute injection attack</p>
+
+ <h3>Description</h3>
+ <p>A vulnerability was found where, under some
+ circumstances, an attacker can inject arbitrary values
+ in the browser cookies.</p>
+
+ <h3>Severity</h3>
+ <p>We consider this to be non-critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-19/">
+ <h3>Summary</h3>
+ <p>SQL injection attack</p>
+
+ <h3>Description</h3>
+ <p>A vulnerability was discovered that allows an SQL
+ injection attack to run arbitrary commands as the
+ control user.</p>
+
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be serious</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-20/">
+ <h3>Summary</h3>
+ <p>XSS on table structure page</p>
+
+ <h3>Description</h3>
+ <p>An XSS vulnerability was discovered on the table
+ structure page</p>
+
+ <h3>Severity</h3>
+ <p>We consider this to be a serious
+ vulnerability</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-21/">
+ <h3>Summary</h3>
+ <p>Multiple XSS vulnerabilities</p>
+
+ <h3>Description</h3>
+ <ul>
+ <li>An XSS vulnerability was discovered on the user
+ privileges page.</li>
+ <li>An XSS vulnerability was discovered in the error
+ console.</li>
+ <li>An XSS vulnerability was discovered in the central
+ columns feature.</li>
+ <li>An XSS vulnerability was discovered in the query
+ bookmarks feature.</li>
+ <li>An XSS vulnerability was discovered in the user groups
+ feature.</li>
+ </ul>
+
+ <h3>Severity</h3>
+ <p>We consider this to be a serious vulnerability</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-22/">
+ <h3>Summary</h3>
+ <p>DOS attack</p>
+
+ <h3>Description</h3>
+ <p>A Denial Of Service (DOS) attack was discovered in
+ the way phpMyAdmin loads some JavaScript files.</p>
+
+ <h3>Severity</h3>
+ <p>We consider this to be of moderate severity</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-23/">
+ <h3>Summary</h3>
+ <p>Multiple full path disclosure vulnerabilities</p>
+
+ <h3>Description</h3>
+ <p>This PMASA contains information on multiple full-path
+ disclosure vulnerabilities reported in phpMyAdmin.</p>
+ <p>By specially crafting requests in the following
+ areas, it is possible to trigger phpMyAdmin to display a
+ PHP error message which contains the full path of the
+ directory where phpMyAdmin is installed.</p>
+ <ol>
+ <li>Setup script</li>
+ <li>Example OpenID authentication script</li>
+ </ol>
+
+ <h3>Severity</h3>
+ <p>We consider these vulnerabilities to be
+ non-critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-24/">
+ <h3>Summary</h3>
+ <p>XSS through FPD</p>
+
+ <h3>Description</h3>
+ <p>With a specially crafted request, it is possible to
+ trigger an XSS attack through the example OpenID
+ authentication script.</p>
+
+ <h3>Severity</h3>
+ <p>We do not consider this vulnerability to be
+ secure due to the non-standard required PHP setting
+ for html_errors.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-25/">
+ <h3>Summary</h3>
+ <p>XSS in partition range functionality</p>
+
+ <h3>Description</h3>
+ <p>A vulnerability was reported allowing a specially
+ crafted table parameters to cause an XSS attack through
+ the table structure page.</p>
+
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be severe.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-26/">
+ <h3>Summary</h3>
+ <p>Multiple XSS vulnerabilities</p>
+
+ <h3>Description</h3>
+ <ul>
+ <li>A vulnerability was reported allowing a specially
+ crafted table name to cause an XSS attack through the
+ functionality to check database privileges.
+ <ul>
+ <li>This XSS doesn't exist in some translations due to
+ different quotes being used there (eg. Czech).</li>
+ </ul>
+ </li>
+ <li>A vulnerability was reported allowing a
+ specifically-configured MySQL server to execute an XSS
+ attack. This particular attack requires configuring the
+ MySQL server log_bin directive with the payload.</li>
+ <li>Several XSS vulnerabilities were found with the
+ Transformation feature</li>
+ <li>Several XSS vulnerabilities were found in AJAX error
+ handling</li>
+ <li>Several XSS vulnerabilities were found in the Designer
+ feature</li>
+ <li>An XSS vulnerability was found in the charts
+ feature</li>
+ <li>An XSS vulnerability was found in the zoom search
+ feature</li>
+ </ul>
+
+ <h3>Severity</h3>
+ <p>We consider these attacks to be of moderate
+ severity.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-27/">
+ <h3>Summary</h3>
+ <p>Unsafe handling of preg_replace parameters</p>
+
+ <h3>Description</h3>
+ <p>In some versions of PHP, it's possible for an
+ attacker to pass parameters to the
+ <code>preg_replace()</code> function which can allow the
+ execution of arbitrary PHP code. This code is not
+ properly sanitized in phpMyAdmin as part of the table
+ search and replace feature.</p>
+
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be of moderate
+ severity.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-28/">
+ <h3>Summary</h3>
+ <p>Referrer leak in transformations</p>
+
+ <h3>Description</h3>
+ <p>A vulnerability was reported where a specially
+ crafted Transformation could be used to leak information
+ including the authentication token. This could be used
+ to direct a CSRF attack against a user.</p>
+ <p>Furthermore, the CSP code used in version 4.0.x is
+ outdated and has been updated to more modern
+ standards.</p>
+
+ <h3>Severity</h3>
+ <p>We consider this to be of moderate severity</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-17/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-18/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-19/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-20/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-21/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-22/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-23/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-24/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-25/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-26/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-27/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-28/</url>
+ <cvename>CVE-2016-5701</cvename>
+ <cvename>CVE-2016-5702</cvename>
+ <cvename>CVE-2016-5703</cvename>
+ <cvename>CVE-2016-5704</cvename>
+ <cvename>CVE-2016-5705</cvename>
+ <cvename>CVE-2016-5706</cvename>
+ <cvename>CVE-2016-5730</cvename>
+ <cvename>CVE-2016-5731</cvename>
+ <cvename>CVE-2016-5732</cvename>
+ <cvename>CVE-2016-5733</cvename>
+ <cvename>CVE-2016-5734</cvename>
+ <cvename>CVE-2016-5739</cvename>
+ </references>
+ <dates>
+ <discovery>2016-06-23</discovery>
+ <entry>2016-07-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f1c219ba-3f14-11e6-b3c8-14dae9d210b8">
+ <topic>haproxy -- denial of service</topic>
+ <affects>
+ <package>
+ <name>haproxy</name>
+ <range><ge>1.6.0</ge><lt>1.6.5_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>HAproxy reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2016/06/09/5">
+ <p>HAproxy 1.6.x before 1.6.6, when a deny comes from a
+ reqdeny rule, allows remote attackers to cause a denial of service
+ (uninitialized memory access and crash) or possibly have unspecified
+ other impact via unknown vectors.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openwall.com/lists/oss-security/2016/06/09/5</url>
+ <cvename>CVE-2016-5360</cvename>
+ </references>
+ <dates>
+ <discovery>2016-06-09</discovery>
+ <entry>2016-06-30</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="093584f2-3f14-11e6-b3c8-14dae9d210b8">
+ <topic>libtorrent-rasterbar -- denial of service</topic>
+ <affects>
+ <package>
+ <name>libtorrent-rasterbar</name>
+ <range><lt>1.1.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Brandon Perry reports:</p>
+ <blockquote cite="https://github.com/arvidn/libtorrent/issues/780">
+ <p>The parse_chunk_header function in libtorrent before 1.1.1
+ allows remote attackers to cause a denial of service (crash) via a
+ crafted (1) HTTP response or possibly a (2) UPnP broadcast.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/arvidn/libtorrent/issues/780</url>
+ <cvename>CVE-2016-5301</cvename>
+ </references>
+ <dates>
+ <discovery>2016-06-03</discovery>
+ <entry>2016-06-30</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ff76f0e0-3f11-11e6-b3c8-14dae9d210b8">
+ <topic>expat2 -- denial of service</topic>
+ <affects>
+ <package>
+ <name>expat2</name>
+ <range><lt>2.1.1_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adam Maris reports:</p>
+ <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=1344251">
+ <p>It was found that original patch for issues CVE-2015-1283
+ and CVE-2015-2716 used overflow checks that could be optimized out by
+ some compilers applying certain optimization settings, which can cause
+ the vulnerability to remain even after applying the patch.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=1344251</url>
+ <cvename>CVE-2016-4472</cvename>
+ </references>
+ <dates>
+ <discovery>2016-06-09</discovery>
+ <entry>2016-06-30</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="875e4cf8-3f0e-11e6-b3c8-14dae9d210b8">
+ <topic>dnsmasq -- denial of service</topic>
+ <affects>
+ <package>
+ <name>dnsmasq</name>
+ <range><lt>2.76,1</lt></range>
+ </package>
+ <package>
+ <name>dnsmasq-devel</name>
+ <range><lt>2.76.0test1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p> reports:</p>
+ <blockquote cite="http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q2/010479.html">
+ <p>Dnsmasq before 2.76 allows remote servers to cause a denial
+ of service (crash) via a reply with an empty DNS address that has an (1)
+ A or (2) AAAA record defined locally.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q2/010479.html</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/06/03/7</url>
+ <cvename>CVE-2015-8899</cvename>
+ </references>
+ <dates>
+ <discovery>2016-04-18</discovery>
+ <entry>2016-06-30</entry>
+ <modified>2016-06-30</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="a61374fc-3a4d-11e6-a671-60a44ce6887b">
+ <topic>Python -- HTTP Header Injection in Python urllib</topic>
+ <affects>
+ <package>
+ <name>python27</name>
+ <range><lt>2.7.10</lt></range>
+ </package>
+ <package>
+ <name>python33</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>python34</name>
+ <range><lt>3.4.4</lt></range>
+ </package>
+ <package>
+ <name>python35</name>
+ <range><lt>3.5.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Guido Vranken reports:</p>
+ <blockquote cite="https://bugs.python.org/issue22928">
+ <p>HTTP header injection in urrlib2/urllib/httplib/http.client with
+ newlines in header values, where newlines have a semantic consequence of
+ denoting the start of an additional header line.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://bugs.python.org/issue22928</url>
+ <url>http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/06/14/7</url>
+ <cvename>CVE-2016-5699</cvename>
+ </references>
+ <dates>
+ <discovery>2014-11-24</discovery>
+ <entry>2016-06-30</entry>
+ <modified>2016-07-04</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="0ca24682-3f03-11e6-b3c8-14dae9d210b8">
+ <topic>openssl -- denial of service</topic>
+ <affects>
+ <package>
+ <name>openssl</name>
+ <range><lt>1.0.2_14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mitre reports:</p>
+ <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177">
+ <p>OpenSSL through 1.0.2h incorrectly uses pointer arithmetic
+ for heap-buffer boundary checks, which might allow remote attackers to
+ cause a denial of service (integer overflow and application crash) or
+ possibly have unspecified other impact by leveraging unexpected malloc
+ behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177</url>
+ <url>ihttps://bugzilla.redhat.com/show_bug.cgi?id=1341705</url>
+ <url>https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/</url>
+ <cvename>CVE-2016-2177</cvename>
+ </references>
+ <dates>
+ <discovery>2016-06-01</discovery>
+ <entry>2016-06-30</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="cbceeb49-3bc7-11e6-8e82-002590263bf5">
+ <topic>tomcat -- remote DoS in the Apache Commons FileUpload component</topic>
+ <affects>
+ <package>
+ <name>tomcat7</name>
+ <range><lt>7.0.70</lt></range>
+ </package>
+ <package>
+ <name>tomcat8</name>
+ <range><lt>8.0.36</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mark Thomas reports:</p>
+ <blockquote cite="http://mail-archives.apache.org/mod_mbox/tomcat-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832%40apache.org%3E">
+ <p>CVE-2016-3092 is a denial of service vulnerability that has been
+ corrected in the Apache Commons FileUpload component. It occurred
+ when the length of the multipart boundary was just below the size of
+ the buffer (4096 bytes) used to read the uploaded file. This caused
+ the file upload process to take several orders of magnitude longer
+ than if the boundary length was the typical tens of bytes.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-3092</cvename>
+ <freebsdpr>ports/209669</freebsdpr>
+ <url>http://tomcat.apache.org/security-7.html</url>
+ <url>http://tomcat.apache.org/security-8.html</url>
+ <url>http://mail-archives.apache.org/mod_mbox/tomcat-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832%40apache.org%3E</url>
+ </references>
+ <dates>
+ <discovery>2016-06-20</discovery>
+ <entry>2016-06-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="bfcc23b6-3b27-11e6-8e82-002590263bf5">
+ <topic>wordpress -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wordpress</name>
+ <range><lt>4.5.3,1</lt></range>
+ </package>
+ <package>
+ <name>de-wordpress</name>
+ <name>ja-wordpress</name>
+ <name>ru-wordpress</name>
+ <name>zh-wordpress-zh_CN</name>
+ <name>zh-wordpress-zh_TW</name>
+ <range><lt>4.5.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adam Silverstein reports:</p>
+ <blockquote cite="https://wordpress.org/news/2016/06/wordpress-4-5-3/">
+ <p>WordPress 4.5.3 is now available. This is a security release for
+ all previous versions and we strongly encourage you to update your
+ sites immediately.</p>
+ <p>WordPress versions 4.5.2 and earlier are affected by several
+ security issues: redirect bypass in the customizer, reported by
+ Yassine Aboukir; two different XSS problems via attachment names,
+ reported by Jouko Pynnönenand Divyesh Prajapati; revision history
+ information disclosure, reported independently by John Blackbourn
+ from the WordPress security team and by Dan Moen from the Wordfence
+ Research Team; oEmbed denial of service reported by Jennifer Dodd
+ from Automattic; unauthorized category removal from a post, reported
+ by David Herrera from Alley Interactive; password change via stolen
+ cookie, reported by Michael Adams from the WordPress security team;
+ and some less secure sanitize_file_name edge cases reported by Peter
+ Westwood of the WordPress security team.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-5832</cvename>
+ <cvename>CVE-2016-5833</cvename>
+ <cvename>CVE-2016-5834</cvename>
+ <cvename>CVE-2016-5835</cvename>
+ <cvename>CVE-2016-5836</cvename>
+ <cvename>CVE-2016-5837</cvename>
+ <cvename>CVE-2016-5838</cvename>
+ <cvename>CVE-2016-5839</cvename>
+ <freebsdpr>ports/210480</freebsdpr>
+ <freebsdpr>ports/210581</freebsdpr>
+ <url>https://wordpress.org/news/2016/06/wordpress-4-5-3/</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/06/23/9</url>
+ </references>
+ <dates>
+ <discovery>2016-06-18</discovery>
+ <entry>2016-06-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="66d77c58-3b1d-11e6-8e82-002590263bf5">
+ <topic>php -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php55</name>
+ <name>php55-gd</name>
+ <name>php55-mbstring</name>
+ <name>php55-wddx</name>
+ <name>php55-zip</name>
+ <range><lt>5.5.37</lt></range>
+ </package>
+ <package>
+ <name>php56</name>
+ <name>php56-gd</name>
+ <name>php56-mbstring</name>
+ <name>php56-phar</name>
+ <name>php56-wddx</name>
+ <name>php56-zip</name>
+ <range><lt>5.6.23</lt></range>
+ </package>
+ <package>
+ <name>php70</name>
+ <name>php70-gd</name>
+ <name>php70-mbstring</name>
+ <name>php70-phar</name>
+ <name>php70-wddx</name>
+ <name>php70-zip</name>
+ <range><lt>7.0.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The PHP Group reports:</p>
+ <blockquote cite="http://php.net/ChangeLog-5.php#5.5.37">
+ <ul><li>Core:
+ <ul>
+ <li>Fixed bug #72268 (Integer Overflow in nl2br())</li>
+ <li>Fixed bug #72275 (Integer Overflow in json_encode()/
+ json_decode()/ json_utf8_to_utf16())</li>
+ <li>Fixed bug #72400 (Integer Overflow in addcslashes/
+ addslashes)</li>
+ <li>Fixed bug #72403 (Integer Overflow in Length of String-typed
+ ZVAL)</li>
+ </ul></li>
+ <li>GD:
+ <ul>
+ <li>Fixed bug #66387 (Stack overflow with imagefilltoborder)
+ (CVE-2015-8874)</li>
+ <li>Fixed bug #72298 (pass2_no_dither out-of-bounds access)</li>
+ <li>Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting
+ in heap overflow) (CVE-2016-5766)</li>
+ <li>Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert)</li>
+ <li>Fixed bug #72446 (Integer Overflow in
+ gdImagePaletteToTrueColor() resulting in heap overflow)
+ (CVE-2016-5767)</li>
+ </ul></li>
+ <li>mbstring:
+ <ul>
+ <li>Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free)
+ (CVE-2016-5768)</li>
+ </ul></li>
+ <li>mcrypt:
+ <ul>
+ <li>Fixed bug #72455 (Heap Overflow due to integer overflows)
+ (CVE-2016-5769)</li>
+ </ul></li>
+ <li>Phar:
+ <ul>
+ <li>Fixed bug #72321 (invalid free in phar_extract_file()). (PHP
+ 5.6/7.0 only)</li>
+ </ul></li>
+ <li>SPL:
+ <ul>
+ <li>Fixed bug #72262 (int/size_t confusion in SplFileObject::fread)
+ (CVE-2016-5770)</li>
+ <li>Fixed bug #72433 (Use After Free Vulnerability in PHP's GC
+ algorithm and unserialize) (CVE-2016-5771)</li>
+ </ul></li>
+ <li>WDDX:
+ <ul>
+ <li>Fixed bug #72340 (Double Free Courruption in wddx_deserialize)
+ (CVE-2016-5772)</li>
+ </ul></li>
+ <li>zip:
+ <ul>
+ <li>Fixed bug #72434 (ZipArchive class Use After Free Vulnerability
+ in PHP's GC algorithm and unserialize). (CVE-2016-5773)</li>
+ </ul></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8874</cvename>
+ <cvename>CVE-2016-5766</cvename>
+ <cvename>CVE-2016-5767</cvename>
+ <cvename>CVE-2016-5768</cvename>
+ <cvename>CVE-2016-5769</cvename>
+ <cvename>CVE-2016-5770</cvename>
+ <cvename>CVE-2016-5771</cvename>
+ <cvename>CVE-2016-5772</cvename>
+ <cvename>CVE-2016-5773</cvename>
+ <freebsdpr>ports/210491</freebsdpr>
+ <freebsdpr>ports/210502</freebsdpr>
+ <url>http://php.net/ChangeLog-5.php#5.5.37</url>
+ <url>http://php.net/ChangeLog-5.php#5.6.23</url>
+ <url>http://php.net/ChangeLog-7.php#7.0.8</url>
+ </references>
+ <dates>
+ <discovery>2016-06-23</discovery>
+ <entry>2016-06-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4a0d9b53-395d-11e6-b3c8-14dae9d210b8">
+ <topic>libarchive -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libarchive</name>
+ <range><lt>3.2.1,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Hanno Bock and Cisco Talos report:</p>
+ <blockquote cite="http://openwall.com/lists/oss-security/2016/06/23/6">
+ <ul>
+ <li><p>Out of bounds heap read in RAR parser</p></li>
+ <li><p>Signed integer overflow in ISO parser</p></li>
+ <li><p>TALOS-2016-0152 [CVE-2016-4300]: 7-Zip
+ read_SubStreamsInfo Integer Overflow</p></li>
+ <li><p>TALOS-2016-0153 [CVE-2016-4301]: mtree parse_device Stack
+ Based Buffer Overflow</p></li>
+ <li><p>TALOS-2016-0154 [CVE-2016-4302]: Libarchive Rar RestartModel
+ Heap Overflow</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://openwall.com/lists/oss-security/2016/06/23/6</url>
+ <url>https://github.com/libarchive/libarchive/issues/521</url>
+ <url>https://github.com/libarchive/libarchive/issues/717#event-697151157</url>
+ <url>http://blog.talosintel.com/2016/06/the-poisoned-archives.html</url>
+ <cvename>CVE-2015-8934</cvename>
+ <cvename>CVE-2016-4300</cvename>
+ <cvename>CVE-2016-4301</cvename>
+ <cvename>CVE-2016-4302</cvename>
+ </references>
+ <dates>
+ <discovery>2016-06-23</discovery>
+ <entry>2016-06-23</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="22775cdd-395a-11e6-b3c8-14dae9d210b8">
+ <topic>piwik -- XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>piwik</name>
+ <range><lt>2.16.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Piwik reports:</p>
+ <blockquote cite="http://piwik.org/changelog/piwik-2-16-1/">
+ <p>iThe Piwik Security team is grateful for the responsible
+ disclosures by our security researchers: Egidio Romano (granted a
+ critical security bounty), James Kettle and Paweł Bartunek (XSS) and
+ Emanuel Bronshtein (limited XSS).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://piwik.org/changelog/piwik-2-16-1/</url>
+ </references>
+ <dates>
+ <discovery>2016-04-11</discovery>
+ <entry>2016-06-23</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6df56c60-3738-11e6-a671-60a44ce6887b">
+ <topic>wget -- HTTP to FTP redirection file name confusion vulnerability</topic>
+ <affects>
+ <package>
+ <name>wget</name>
+ <range><lt>1.18</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Giuseppe Scrivano reports:</p>
+ <blockquote cite="http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html">
+ <p>On a server redirect from HTTP to a FTP resource, wget would trust the
+ HTTP server and uses the name in the redirected URL as the destination
+ filename.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html</url>
+ <cvename>CVE-2016-4971</cvename>
+ </references>
+ <dates>
+ <discovery>2016-06-09</discovery>
+ <entry>2016-06-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="1a2aa04f-3718-11e6-b3c8-14dae9d210b8">
+ <topic>libxslt -- Denial of Service</topic>
+ <affects>
+ <package>
+ <name>libxslt</name>
+ <range><lt>1.1.29</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google reports:</p>
+ <blockquote cite="http://seclists.org/bugtraq/2016/Jun/81">
+ <ul>
+ <li>[583156] Medium CVE-2016-1683: Out-of-bounds access in libxslt.
+ Credit to Nicolas Gregoire.</li>
+ <li>[583171] Medium CVE-2016-1684: Integer overflow in libxslt.
+ Credit to Nicolas Gregoire.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html</url>
+ <cvename>CVE-2016-1683</cvename>
+ <cvename>CVE-2016-1684</cvename>
+ </references>
+ <dates>
+ <discovery>2016-05-25</discovery>
+ <entry>2016-06-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0e3dfdde-35c4-11e6-8e82-002590263bf5">
+ <topic>flash -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>linux-c6-flashplugin</name>
+ <name>linux-c6_64-flashplugin</name>
+ <name>linux-f10-flashplugin</name>
+ <range><lt>11.2r202.626</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb16-18.html">
+ <p>These updates resolve type confusion vulnerabilities that could
+ lead to code execution (CVE-2016-4144, CVE-2016-4149).</p>
+ <p>These updates resolve use-after-free vulnerabilities that could
+ lead to code execution (CVE-2016-4142, CVE-2016-4143, CVE-2016-4145,
+ CVE-2016-4146, CVE-2016-4147, CVE-2016-4148).</p>
+ <p>These updates resolve heap buffer overflow vulnerabilities that
+ could lead to code execution (CVE-2016-4135, CVE-2016-4136,
+ CVE-2016-4138).</p>
+ <p>These updates resolve memory corruption vulnerabilities that could
+ lead to code execution (CVE-2016-4122, CVE-2016-4123, CVE-2016-4124,
+ CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129,
+ CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133,
+ CVE-2016-4134, CVE-2016-4137, CVE-2016-4141, CVE-2016-4150,
+ CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154,
+ CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171).</p>
+ <p>These updates resolve a vulnerability in the directory search path
+ used to find resources that could lead to code execution
+ (CVE-2016-4140).</p>
+ <p>These updates resolve a vulnerability that could be exploited to
+ bypass the same-origin-policy and lead to information disclosure
+ (CVE-2016-4139).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4122</cvename>
+ <cvename>CVE-2016-4123</cvename>
+ <cvename>CVE-2016-4124</cvename>
+ <cvename>CVE-2016-4125</cvename>
+ <cvename>CVE-2016-4127</cvename>
+ <cvename>CVE-2016-4128</cvename>
+ <cvename>CVE-2016-4129</cvename>
+ <cvename>CVE-2016-4130</cvename>
+ <cvename>CVE-2016-4131</cvename>
+ <cvename>CVE-2016-4132</cvename>
+ <cvename>CVE-2016-4133</cvename>
+ <cvename>CVE-2016-4134</cvename>
+ <cvename>CVE-2016-4135</cvename>
+ <cvename>CVE-2016-4136</cvename>
+ <cvename>CVE-2016-4137</cvename>
+ <cvename>CVE-2016-4138</cvename>
+ <cvename>CVE-2016-4139</cvename>
+ <cvename>CVE-2016-4140</cvename>
+ <cvename>CVE-2016-4141</cvename>
+ <cvename>CVE-2016-4142</cvename>
+ <cvename>CVE-2016-4143</cvename>
+ <cvename>CVE-2016-4144</cvename>
+ <cvename>CVE-2016-4145</cvename>
+ <cvename>CVE-2016-4146</cvename>
+ <cvename>CVE-2016-4147</cvename>
+ <cvename>CVE-2016-4148</cvename>
+ <cvename>CVE-2016-4149</cvename>
+ <cvename>CVE-2016-4150</cvename>
+ <cvename>CVE-2016-4151</cvename>
+ <cvename>CVE-2016-4152</cvename>
+ <cvename>CVE-2016-4153</cvename>
+ <cvename>CVE-2016-4154</cvename>
+ <cvename>CVE-2016-4155</cvename>
+ <cvename>CVE-2016-4156</cvename>
+ <cvename>CVE-2016-4166</cvename>
+ <cvename>CVE-2016-4171</cvename>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb16-18.html</url>
+ </references>
+ <dates>
+ <discovery>2016-06-16</discovery>
+ <entry>2016-06-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0c6b008d-35c4-11e6-8e82-002590263bf5">
+ <topic>flash -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>linux-c6-flashplugin</name>
+ <name>linux-c6_64-flashplugin</name>
+ <name>linux-f10-flashplugin</name>
+ <range><lt>11.2r202.621</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb16-15.html">
+ <p>These updates resolve type confusion vulnerabilities that could
+ lead to code execution (CVE-2016-1105, CVE-2016-4117).</p>
+ <p>These updates resolve use-after-free vulnerabilities that could
+ lead to code execution (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107,
+ CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108,
+ CVE-2016-4110, CVE-2016-4121).</p>
+ <p>These updates resolve a heap buffer overflow vulnerability that
+ could lead to code execution (CVE-2016-1101).</p>
+ <p>These updates resolve a buffer overflow vulnerability that could
+ lead to code execution (CVE-2016-1103).</p>
+ <p>These updates resolve memory corruption vulnerabilities that could
+ lead to code execution (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099,
+ CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109,
+ CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114,
+ CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161,
+ CVE-2016-4162, CVE-2016-4163).</p>
+ <p>These updates resolve a vulnerability in the directory search path
+ used to find resources that could lead to code execution
+ (CVE-2016-4116).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1096</cvename>
+ <cvename>CVE-2016-1097</cvename>
+ <cvename>CVE-2016-1098</cvename>
+ <cvename>CVE-2016-1099</cvename>
+ <cvename>CVE-2016-1100</cvename>
+ <cvename>CVE-2016-1101</cvename>
+ <cvename>CVE-2016-1102</cvename>
+ <cvename>CVE-2016-1103</cvename>
+ <cvename>CVE-2016-1104</cvename>
+ <cvename>CVE-2016-1105</cvename>
+ <cvename>CVE-2016-1106</cvename>
+ <cvename>CVE-2016-1107</cvename>
+ <cvename>CVE-2016-1108</cvename>
+ <cvename>CVE-2016-1109</cvename>
+ <cvename>CVE-2016-1110</cvename>
+ <cvename>CVE-2016-4108</cvename>
+ <cvename>CVE-2016-4109</cvename>
+ <cvename>CVE-2016-4110</cvename>
+ <cvename>CVE-2016-4111</cvename>
+ <cvename>CVE-2016-4112</cvename>
+ <cvename>CVE-2016-4113</cvename>
+ <cvename>CVE-2016-4114</cvename>
+ <cvename>CVE-2016-4115</cvename>
+ <cvename>CVE-2016-4116</cvename>
+ <cvename>CVE-2016-4117</cvename>
+ <cvename>CVE-2016-4120</cvename>
+ <cvename>CVE-2016-4121</cvename>
+ <cvename>CVE-2016-4160</cvename>
+ <cvename>CVE-2016-4161</cvename>
+ <cvename>CVE-2016-4162</cvename>
+ <cvename>CVE-2016-4163</cvename>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb16-15.html</url>
+ </references>
+ <dates>
+ <discovery>2016-05-12</discovery>
+ <entry>2016-06-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="07888b49-35c4-11e6-8e82-002590263bf5">
+ <topic>flash -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>linux-c6-flashplugin</name>
+ <name>linux-c6_64-flashplugin</name>
+ <name>linux-f10-flashplugin</name>
+ <range><lt>11.2r202.616</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb16-10.html">
+ <p>These updates harden a mitigation against JIT spraying attacks that
+ could be used to bypass memory layout randomization mitigations
+ (CVE-2016-1006).</p>
+ <p>These updates resolve type confusion vulnerabilities that could
+ lead to code execution (CVE-2016-1015, CVE-2016-1019).</p>
+ <p>These updates resolve use-after-free vulnerabilities that could
+ lead to code execution (CVE-2016-1011, CVE-2016-1013, CVE-2016-1016,
+ CVE-2016-1017, CVE-2016-1031).</p>
+ <p>These updates resolve memory corruption vulnerabilities that could
+ lead to code execution (CVE-2016-1012, CVE-2016-1020, CVE-2016-1021,
+ CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025,
+ CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029,
+ CVE-2016-1032, CVE-2016-1033).</p>
+ <p>These updates resolve a stack overflow vulnerability that could
+ lead to code execution (CVE-2016-1018).</p>
+ <p>These updates resolve a security bypass vulnerability
+ (CVE-2016-1030).</p>
+ <p>These updates resolve a vulnerability in the directory search path
+ used to find resources that could lead to code execution
+ (CVE-2016-1014).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1006</cvename>
+ <cvename>CVE-2016-1011</cvename>
+ <cvename>CVE-2016-1012</cvename>
+ <cvename>CVE-2016-1013</cvename>
+ <cvename>CVE-2016-1014</cvename>
+ <cvename>CVE-2016-1015</cvename>
+ <cvename>CVE-2016-1016</cvename>
+ <cvename>CVE-2016-1017</cvename>
+ <cvename>CVE-2016-1018</cvename>
+ <cvename>CVE-2016-1019</cvename>
+ <cvename>CVE-2016-1020</cvename>
+ <cvename>CVE-2016-1021</cvename>
+ <cvename>CVE-2016-1022</cvename>
+ <cvename>CVE-2016-1023</cvename>
+ <cvename>CVE-2016-1024</cvename>
+ <cvename>CVE-2016-1025</cvename>
+ <cvename>CVE-2016-1026</cvename>
+ <cvename>CVE-2016-1027</cvename>
+ <cvename>CVE-2016-1028</cvename>
+ <cvename>CVE-2016-1029</cvename>
+ <cvename>CVE-2016-1030</cvename>
+ <cvename>CVE-2016-1031</cvename>
+ <cvename>CVE-2016-1032</cvename>
+ <cvename>CVE-2016-1033</cvename>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb16-10.html</url>
+ </references>
+ <dates>
+ <discovery>2016-04-07</discovery>
+ <entry>2016-06-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d59ebed4-34be-11e6-be25-3065ec8fd3ec">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>51.0.2704.103</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="https://googlechromereleases.blogspot.nl/2016/06/stable-channel-update_16.html">
+ <p>3 security fixes in this release, including:</p>
+ <ul>
+ <li>[620742] CVE-2016-1704: Various fixes from internal audits,
+ fuzzing and other initiatives.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1704</cvename>
+ <url>https://googlechromereleases.blogspot.nl/2016/06/stable-channel-update_16.html</url>
+ </references>
+ <dates>
+ <discovery>2016-06-16</discovery>
+ <entry>2016-06-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="1d0f6852-33d8-11e6-a671-60a44ce6887b">
+ <topic>Python -- Integer overflow in zipimport module</topic>
+ <affects>
+ <package>
+ <name>python35</name>
+ <range><lt>3.5.1_3</lt></range>
+ </package>
+ <package>
+ <name>python34</name>
+ <range><lt>3.4.4_3</lt></range>
+ </package>
+ <package>
+ <name>python33</name>
+ <range><lt>3.3.6_5</lt></range>
+ </package>
+ <package>
+ <name>python27</name>
+ <range><lt>2.7.11_3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Python reports:</p>
+ <blockquote cite="http://bugs.python.org/issue26171">
+ <p>Possible integer overflow and heap corruption in
+ zipimporter.get_data()</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://bugs.python.org/issue26171</url>
+ <cvename>CVE-2016-5636</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-21</discovery>
+ <entry>2016-06-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7932548e-3427-11e6-8e82-002590263bf5">
+ <topic>drupal -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>drupal7</name>
+ <range><lt>7.44</lt></range>
+ </package>
+ <package>
+ <name>drupal8</name>
+ <range><lt>8.1.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Drupal Security Team reports:</p>
+ <blockquote cite="https://www.drupal.org/SA-CORE-2016-002">
+ <ul>
+ <li><p>Saving user accounts can sometimes grant the user all roles
+ (User module - Drupal 7 - Moderately Critical)</p></li>
+ <li><p>Views can allow unauthorized users to see Statistics
+ information (Views module - Drupal 8 - Less Critical)</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-6211</cvename>
+ <cvename>CVE-2016-6212</cvename>
+ <url>https://www.drupal.org/SA-CORE-2016-002</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/07/13/7</url>
+ </references>
+ <dates>
+ <discovery>2016-06-15</discovery>
+ <entry>2016-06-17</entry>
+ <modified>2016-07-16</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="ac0900df-31d0-11e6-8e82-002590263bf5">
+ <topic>botan -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>botan110</name>
+ <range><lt>1.10.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jack Lloyd reports:</p>
+ <blockquote cite="https://lists.randombit.net/pipermail/botan-devel/2016-April/002101.html">
+ <p>Botan 1.10.13 has been released backporting some side channel
+ protections for ECDSA signatures (CVE-2016-2849) and PKCS #1 RSA
+ decryption (CVE-2015-7827).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2849</cvename>
+ <cvename>CVE-2015-7827</cvename>
+ <url>https://lists.randombit.net/pipermail/botan-devel/2016-April/002101.html</url>
+ </references>
+ <dates>
+ <discovery>2016-04-28</discovery>
+ <entry>2016-06-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f771880c-31cf-11e6-8e82-002590263bf5">
+ <topic>botan -- cryptographic vulnerability</topic>
+ <affects>
+ <package>
+ <name>botan110</name>
+ <range><lt>1.10.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MITRE reports:</p>
+ <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9742">
+ <p>The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x
+ before 1.11.9 improperly uses a single random base, which makes it
+ easier for remote attackers to defeat cryptographic protection
+ mechanisms via a DH group.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-9742</cvename>
+ </references>
+ <dates>
+ <discovery>2014-04-11</discovery>
+ <entry>2016-06-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6d402857-2fba-11e6-9f31-5404a68ad561">
+ <topic>VLC -- Possibly remote code execution via crafted file</topic>
+ <affects>
+ <package>
+ <name>vlc</name>
+ <range><lt>2.2.4,4</lt></range>
+ </package>
+ <package>
+ <name>vlc-qt4</name>
+ <range><lt>2.2.4,4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The VLC project reports:</p>
+ <blockquote cite="https://www.videolan.org/developers/vlc-branch/NEWS">
+ <p>Fix out-of-bound write in adpcm QT IMA codec (CVE-2016-5108)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-5108</cvename>
+ </references>
+ <dates>
+ <discovery>2016-05-25</discovery>
+ <entry>2016-06-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="97e86d10-2ea7-11e6-ae88-002590263bf5">
+ <topic>roundcube -- XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>roundcube</name>
+ <range><lt>1.1.5_1,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Roundcube reports:</p>
+ <blockquote cite="https://github.com/roundcube/roundcubemail/wiki/Changelog">
+ <p>Fix XSS issue in href attribute on area tag (#5240).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-5103</cvename>
+ <freebsdpr>ports/209841</freebsdpr>
+ <url>https://github.com/roundcube/roundcubemail/issues/5240</url>
+ <url>http://seclists.org/oss-sec/2016/q2/414</url>
+ </references>
+ <dates>
+ <discovery>2016-05-06</discovery>
+ <entry>2016-06-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6f0529e2-2e82-11e6-b2ec-b499baebfeaf">
+ <topic>OpenSSL -- vulnerability in DSA signing</topic>
+ <affects>
+ <package>
+ <name>openssl</name>
+ <range><lt>1.0.2_13</lt></range>
+ </package>
+ <package>
+ <name>openssl-devel</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>libressl</name>
+ <range><lt>2.2.9</lt></range>
+ <range><ge>2.3.0</ge><lt>2.3.6</lt></range>
+ </package>
+ <package>
+ <name>libressl-devel</name>
+ <range><lt>2.4.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OpenSSL team reports:</p>
+ <blockquote cite="https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2">
+ <p>Operations in the DSA signing algorithm should run in constant time
+ in order to avoid side channel attacks. A flaw in the OpenSSL DSA
+ implementation means that a non-constant time codepath is followed for
+ certain operations. This has been demonstrated through a cache-timing
+ attack to be sufficient for an attacker to recover the private DSA key.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2</url>
+ <cvename>CVE-2016-2178</cvename>
+ </references>
+ <dates>
+ <discovery>2016-06-09</discovery>
+ <entry>2016-06-09</entry>
+ <modified>2016-06-19</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="c9c252f5-2def-11e6-ae88-002590263bf5">
+ <topic>expat -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>expat</name>
+ <range><lt>2.1.1_1</lt></range>
+ </package>
+ <package>
+ <name>linux-c6-expat</name>
+ <name>linux-f10-expat</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Sebastian Pipping reports:</p>
+ <blockquote cite="https://sourceforge.net/p/expat/code_git/ci/07cc2fcacf81b32b2e06aa918df51756525240c0/">
+ <p>CVE-2012-6702 -- Resolve troublesome internal call to srand that
+ was introduced with Expat 2.1.0 when addressing CVE-2012-0876
+ (issue #496)</p>
+ <p>CVE-2016-5300 -- Use more entropy for hash initialization than the
+ original fix to CVE-2012-0876.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2012-6702</cvename>
+ <cvename>CVE-2016-5300</cvename>
+ <freebsdpr>ports/210155</freebsdpr>
+ <url>https://sourceforge.net/p/expat/code_git/ci/07cc2fcacf81b32b2e06aa918df51756525240c0/</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/03/18/3</url>
+ </references>
+ <dates>
+ <discovery>2016-03-18</discovery>
+ <entry>2016-06-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d6bbf2d8-2cfc-11e6-800b-080027468580">
+ <topic>iperf3 -- buffer overflow</topic>
+ <affects>
+ <package>
+ <name>iperf3</name>
+ <range><ge>3.1</ge><lt>3.1.3</lt></range>
+ <range><ge>3.0</ge><lt>3.0.12</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ESnet reports:</p>
+ <blockquote cite="https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc">
+ <p>A malicious process can connect to an iperf3 server and,
+ by sending a malformed message on the control channel,
+ corrupt the server process's heap area. This can lead to a
+ crash (and a denial of service), or theoretically a remote
+ code execution as the user running the iperf3 server. A
+ malicious iperf3 server could potentially mount a similar
+ attack on an iperf3 client.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4303</cvename>
+ <url>https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc</url>
+ </references>
+ <dates>
+ <discovery>2016-06-08</discovery>
+ <entry>2016-06-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="9c196cfd-2ccc-11e6-94b0-0011d823eebd">
+ <topic>gnutls -- file overwrite by setuid programs</topic>
+ <affects>
+ <package>
+ <name>gnutls</name>
+ <range><ge>3.4.12</ge><lt>3.4.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>gnutls.org reports:</p>
+ <blockquote cite="https://gnutls.org/security.html#GNUTLS-SA-2016-1">
+ <p>Setuid programs using GnuTLS 3.4.12 could potentially allow an
+ attacker to overwrite and corrupt arbitrary files in the
+ filesystem.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://gnutls.org/security.html#GNUTLS-SA-2016-1</url>
+ </references>
+ <dates>
+ <discovery>2016-06-06</discovery>
+ <entry>2016-06-07</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="32166082-53fa-41fa-b081-207e7a989a0a">
+ <topic>NSS -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>nss</name>
+ <name>linux-c6-nss</name>
+ <range><ge>3.22</ge><lt>3.23</lt></range>
+ </package>
+ <package>
+ <name>linux-seamonkey</name>
+ <range><lt>2.44</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-61/">
+ <p>Mozilla has updated the version of Network Security
+ Services (NSS) library used in Firefox to NSS 3.23. This
+ addresses four moderate rated networking security issues
+ reported by Mozilla engineers Tyson Smith and Jed Davis.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2834</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-61/</url>
+ <url>https://hg.mozilla.org/projects/nss/rev/1ba7cd83c672</url>
+ <url>https://hg.mozilla.org/projects/nss/rev/8d78a5ae260a</url>
+ <url>https://hg.mozilla.org/projects/nss/rev/5fde729fdbff</url>
+ <url>https://hg.mozilla.org/projects/nss/rev/329932eb1700</url>
+ </references>
+ <dates>
+ <discovery>2016-06-07</discovery>
+ <entry>2016-06-07</entry>
+ <modified>2016-06-10</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="8065d37b-8e7c-4707-a608-1b0a2b8509c3">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>47.0,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.44</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>45.2.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>45.2.0,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>45.2.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47">
+ <p>MFSA 2016-49 Miscellaneous memory safety hazards (rv:47.0 /
+ rv:45.2)</p>
+ <p>MFSA 2016-50 Buffer overflow parsing HTML5 fragments</p>
+ <p>MFSA 2016-51 Use-after-free deleting tables from a
+ contenteditable document</p>
+ <p>MFSA 2016-52 Addressbar spoofing though the SELECT element</p>
+ <p>MFSA 2016-54 Partial same-origin-policy through setting
+ location.host through data URI</p>
+ <p>MFSA 2016-56 Use-after-free when textures are used in WebGL
+ operations after recycle pool destruction</p>
+ <p>MFSA 2016-57 Incorrect icon displayed on permissions
+ notifications</p>
+ <p>MFSA 2016-58 Entering fullscreen and persistent pointerlock
+ without user permission</p>
+ <p>MFSA 2016-59 Information disclosure of disabled plugins
+ through CSS pseudo-classes</p>
+ <p>MFSA 2016-60 Java applets bypass CSP protections</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2815</cvename>
+ <cvename>CVE-2016-2818</cvename>
+ <cvename>CVE-2016-2819</cvename>
+ <cvename>CVE-2016-2821</cvename>
+ <cvename>CVE-2016-2822</cvename>
+ <cvename>CVE-2016-2825</cvename>
+ <cvename>CVE-2016-2828</cvename>
+ <cvename>CVE-2016-2829</cvename>
+ <cvename>CVE-2016-2831</cvename>
+ <cvename>CVE-2016-2832</cvename>
+ <cvename>CVE-2016-2833</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-49/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-50/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-51/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-52/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-54/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-56/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-57/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-58/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-59/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-60/</url>
+ </references>
+ <dates>
+ <discovery>2016-06-07</discovery>
+ <entry>2016-06-07</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c039a761-2c29-11e6-8912-3065ec8fd3ec">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>51.0.2704.79</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.nl/2016/06/stable-channel-update.html">
+ <p>15 security fixes in this release, including:</p>
+ <ul>
+ <li>601073] High CVE-2016-1696: Cross-origin bypass in Extension
+ bindings. Credit to anonymous.</li>
+ <li>[613266] High CVE-2016-1697: Cross-origin bypass in Blink.
+ Credit to Mariusz Mlynski.</li>
+ <li>[603725] Medium CVE-2016-1698: Information leak in Extension
+ bindings. Credit to Rob Wu.</li>
+ <li>[607939] Medium CVE-2016-1699: Parameter sanitization failure
+ in DevTools. Credit to Gregory Panakkal.</li>
+ <li>[608104] Medium CVE-2016-1700: Use-after-free in Extensions.
+ Credit to Rob Wu.</li>
+ <li>[608101] Medium CVE-2016-1701: Use-after-free in Autofill.
+ Credit to Rob Wu.</li>
+ <li>[609260] Medium CVE-2016-1702: Out-of-bounds read in Skia.
+ Credit to cloudfuzzer.</li>
+ <li>[616539] CVE-2016-1703: Various fixes from internal audits,
+ fuzzing and other initiatives.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1695</cvename>
+ <cvename>CVE-2016-1696</cvename>
+ <cvename>CVE-2016-1697</cvename>
+ <cvename>CVE-2016-1698</cvename>
+ <cvename>CVE-2016-1699</cvename>
+ <cvename>CVE-2016-1700</cvename>
+ <cvename>CVE-2016-1701</cvename>
+ <cvename>CVE-2016-1702</cvename>
+ <cvename>CVE-2016-1703</cvename>
+ <url>http://googlechromereleases.blogspot.nl/2016/06/stable-channel-update.html</url>
+ </references>
+ <dates>
+ <discovery>2016-06-01</discovery>
+ <entry>2016-06-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="bcbd3fe0-2b46-11e6-ae88-002590263bf5">
+ <topic>openafs -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>openafs</name>
+ <range><lt>1.6.17</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OpenAFS development team reports:</p>
+ <blockquote cite="http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt">
+ <p>Foreign users can bypass access controls to create groups as
+ system:administrators, including in the user namespace and the
+ system: namespace.</p>
+ </blockquote>
+ <blockquote cite="http://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt">
+ <p>The contents of uninitialized memory are sent on the wire when
+ clients perform certain RPCs. Depending on the RPC, the information
+ leaked may come from kernel memory or userspace.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2860</cvename>
+ <cvename>CVE-2016-4536</cvename>
+ <freebsdpr>ports/209534</freebsdpr>
+ <url>http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt</url>
+ <url>http://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt</url>
+ </references>
+ <dates>
+ <discovery>2016-03-16</discovery>
+ <entry>2016-06-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2e8fe57e-2b46-11e6-ae88-002590263bf5">
+ <topic>openafs -- local DoS vulnerability</topic>
+ <affects>
+ <package>
+ <name>openafs</name>
+ <range><lt>1.6.16</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OpenAFS development team reports:</p>
+ <blockquote cite="https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16">
+ <p>Avoid a potential denial of service issue, by fixing a bug in
+ pioctl logic that allowed a local user to overrun a kernel buffer
+ with a single NUL byte.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8312</cvename>
+ <url>https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16</url>
+ </references>
+ <dates>
+ <discovery>2016-03-16</discovery>
+ <entry>2016-06-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0297b260-2b3b-11e6-ae88-002590263bf5">
+ <topic>ikiwiki -- XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>ikiwiki</name>
+ <range><lt>3.20160509</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mitre reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4561">
+ <p>Cross-site scripting (XSS) vulnerability in the cgierror function
+ in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers
+ to inject arbitrary web script or HTML via unspecified vectors
+ involving an error message.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4561</cvename>
+ <freebsdpr>ports/209593</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2016-05-04</discovery>
+ <entry>2016-06-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="65bb1858-27de-11e6-b714-74d02b9a84d5">
+ <topic>h2o -- use after free on premature connection close</topic>
+ <affects>
+ <package>
+ <name>h2o</name>
+ <range><lt>1.7.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Tim Newsha reports:</p>
+ <blockquote cite="http://h2o.examp1e.net/vulnerabilities.html">
+ <p>When H2O tries to disconnect a premature HTTP/2 connection, it
+ calls free(3) to release memory allocated for the connection and
+ immediately after then touches the memory. No malloc-related
+ operation is performed by the same thread between the time it calls
+ free and the time the memory is touched. Fixed by Frederik
+ Deweerdt.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://h2o.examp1e.net/vulnerabilities.html</url>
+ </references>
+ <dates>
+ <discovery>2016-05-17</discovery>
+ <entry>2016-06-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="36cf7670-2774-11e6-af29-f0def16c5c1b">
+ <topic>nginx -- a specially crafted request might result in worker process crash</topic>
+ <affects>
+ <package>
+ <name>nginx</name>
+ <range><ge>1.4.0</ge><lt>1.8.1_3,2</lt></range>
+ <range><ge>1.10.0,2</ge><lt>1.10.1,2</lt></range>
+ </package>
+ <package>
+ <name>nginx-devel</name>
+ <range><ge>1.3.9</ge><lt>1.9.15_1</lt></range>
+ <range><ge>1.10.0</ge><lt>1.11.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Maxim Dounin reports:</p>
+ <blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html">
+ <p>A problem was identified in nginx code responsible for saving
+ client request body to a temporary file. A specially crafted
+ request might result in worker process crash due to a NULL
+ pointer dereference while writing client request body to a
+ temporary file.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html</url>
+ <cvename>CVE-2016-4450</cvename>
+ </references>
+ <dates>
+ <discovery>2016-05-31</discovery>
+ <entry>2016-05-31</entry>
+ <modified>2016-06-05</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="6167b341-250c-11e6-a6fb-003048f2e514">
+ <topic>cacti -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>cacti</name>
+ <range><lt>0.8.8h</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Cacti Group, Inc. reports:</p>
+ <blockquote cite="http://www.cacti.net/release_notes_0_8_8h.php">
+ <p>Changelog</p>
+ <ul>
+ <li>bug:0002667: Cacti SQL Injection Vulnerability</li>
+ <li>bug:0002673: CVE-2016-3659 - Cacti graph_view.php SQL Injection
+ Vulnerability</li>
+ <li>bug:0002656: Authentication using web authentication as a user
+ not in the cacti database allows complete access (regression)</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-3659</cvename>
+ <url>http://www.cacti.net/release_notes_0_8_8h.php</url>
+ <url>http://bugs.cacti.net/view.php?id=2673</url>
+ <url>http://seclists.org/fulldisclosure/2016/Apr/4</url>
+ <url>http://packetstormsecurity.com/files/136547/Cacti-0.8.8g-SQL-Injection.html</url>
+ </references>
+ <dates>
+ <discovery>2016-04-04</discovery>
+ <entry>2016-05-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b53bbf58-257f-11e6-9f4d-20cf30e32f6d">
+ <topic>openvswitch -- MPLS buffer overflow</topic>
+ <affects>
+ <package>
+ <name>openvswitch</name>
+ <range><ge>2.2.0</ge><lt>2.3.3</lt></range>
+ <range><ge>2.4.0</ge><lt>2.4.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Open vSwitch reports:</p>
+ <blockquote cite="http://openvswitch.org/pipermail/announce/2016-March/000082.html">
+ <p>Multiple versions of Open vSwitch are vulnerable to remote buffer
+ overflow attacks, in which crafted MPLS packets could overflow the
+ buffer reserved for MPLS labels in an OVS internal data structure.
+ The MPLS packets that trigger the vulnerability and the potential for
+ exploitation vary depending on version:</p>
+ <p>Open vSwitch 2.1.x and earlier are not vulnerable.</p>
+ <p>In Open vSwitch 2.2.x and 2.3.x, the MPLS buffer overflow can be
+ exploited for arbitrary remote code execution.</p>
+ <p>In Open vSwitch 2.4.x, the MPLS buffer overflow does not obviously lead
+ to a remote code execution exploit, but testing shows that it can allow a
+ remote denial of service. See the mitigation section for details.</p>
+ <p>Open vSwitch 2.5.x is not vulnerable.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2074</cvename>
+ <url>http://openvswitch.org/pipermail/announce/2016-March/000082.html</url>
+ <url>http://openvswitch.org/pipermail/announce/2016-March/000083.html</url>
+ </references>
+ <dates>
+ <discovery>2016-03-28</discovery>
+ <entry>2016-05-29</entry>
+ <modified>2016-07-03</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="1a6bbb95-24b8-11e6-bd31-3065ec8fd3ec">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>51.0.2704.63</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.nl/2016/05/stable-channel-update_25.html">
+ <p>42 security fixes in this release, including:</p>
+ <ul>
+ <li>[590118] High CVE-2016-1672: Cross-origin bypass in extension
+ bindings. Credit to Mariusz Mlynski.</li>
+ <li>[597532] High CVE-2016-1673: Cross-origin bypass in Blink.
+ Credit to Mariusz Mlynski.</li>
+ <li>[598165] High CVE-2016-1674: Cross-origin bypass in extensions.i
+ Credit to Mariusz Mlynski.</li>
+ <li>[600182] High CVE-2016-1675: Cross-origin bypass in Blink.
+ Credit to Mariusz Mlynski.</li>
+ <li>[604901] High CVE-2016-1676: Cross-origin bypass in extension
+ bindings. Credit to Rob Wu.</li>
+ <li>[602970] Medium CVE-2016-1677: Type confusion in V8. Credit to
+ Guang Gong of Qihoo 360.</li>
+ <li>[595259] High CVE-2016-1678: Heap overflow in V8. Credit to
+ Christian Holler.</li>
+ <li>[606390] High CVE-2016-1679: Heap use-after-free in V8
+ bindings. Credit to Rob Wu.</li>
+ <li>[589848] High CVE-2016-1680: Heap use-after-free in Skia.
+ Credit to Atte Kettunen of OUSPG.</li>
+ <li>[613160] High CVE-2016-1681: Heap overflow in PDFium. Credit to
+ Aleksandar Nikolic of Cisco Talos.</li>
+ <li>[579801] Medium CVE-2016-1682: CSP bypass for ServiceWorker.
+ Credit to KingstonTime.</li>
+ <li>[601362] Medium CVE-2016-1685: Out-of-bounds read in PDFium.
+ Credit to Ke Liu of Tencent's Xuanwu LAB.</li>
+ <li>[603518] Medium CVE-2016-1686: Out-of-bounds read in PDFium.
+ Credit to Ke Liu of Tencent's Xuanwu LAB.</li>
+ <li>[603748] Medium CVE-2016-1687: Information leak in extensions.
+ Credit to Rob Wu.</li>
+ <li>[604897] Medium CVE-2016-1688: Out-of-bounds read in V8.
+ Credit to Max Korenko.</li>
+ <li>[606185] Medium CVE-2016-1689: Heap buffer overflow in media.
+ Credit to Atte Kettunen of OUSPG.</li>
+ <li>[608100] Medium CVE-2016-1690: Heap use-after-free in Autofill.
+ Credit to Rob Wu.</li>
+ <li>[597926] Low CVE-2016-1691: Heap buffer-overflow in Skia.
+ Credit to Atte Kettunen of OUSPG.</li>
+ <li>[598077] Low CVE-2016-1692: Limited cross-origin bypass in
+ ServiceWorker. Credit to Til Jasper Ullrich.</li>
+ <li>[598752] Low CVE-2016-1693: HTTP Download of Software Removal
+ Tool. Credit to Khalil Zhani.</li>
+ <li>[603682] Low CVE-2016-1694: HPKP pins removed on cache
+ clearance. Credit to Ryan Lester and Bryant Zadegan.</li>
+ <li>[614767] CVE-2016-1695: Various fixes from internal audits,
+ fuzzing and other initiatives.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1672</cvename>
+ <cvename>CVE-2016-1673</cvename>
+ <cvename>CVE-2016-1674</cvename>
+ <cvename>CVE-2016-1675</cvename>
+ <cvename>CVE-2016-1672</cvename>
+ <cvename>CVE-2016-1677</cvename>
+ <cvename>CVE-2016-1678</cvename>
+ <cvename>CVE-2016-1679</cvename>
+ <cvename>CVE-2016-1680</cvename>
+ <cvename>CVE-2016-1681</cvename>
+ <cvename>CVE-2016-1682</cvename>
+ <cvename>CVE-2016-1685</cvename>
+ <cvename>CVE-2016-1686</cvename>
+ <cvename>CVE-2016-1687</cvename>
+ <cvename>CVE-2016-1688</cvename>
+ <cvename>CVE-2016-1689</cvename>
+ <cvename>CVE-2016-1690</cvename>
+ <cvename>CVE-2016-1691</cvename>
+ <cvename>CVE-2016-1692</cvename>
+ <cvename>CVE-2016-1693</cvename>
+ <cvename>CVE-2016-1694</cvename>
+ <cvename>CVE-2016-1695</cvename>
+ <url>http://googlechromereleases.blogspot.nl/2016/05/stable-channel-update_25.html</url>
+ </references>
+ <dates>
+ <discovery>2016-05-25</discovery>
+ <entry>2016-05-28</entry>
+ <modified>2016-06-20</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="4dfafa16-24ba-11e6-bd31-3065ec8fd3ec">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>50.0.2661.102</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.nl/2016/05/stable-channel-update.html">
+ <p>5 security fixes in this release, including:</p>
+ <ul>
+ <li>[605766] High CVE-2016-1667: Same origin bypass in DOM. Credit
+ to Mariusz Mlynski.</li>
+ <li>[605910] High CVE-2016-1668: Same origin bypass in Blink V8
+ bindings. Credit to Mariusz Mlynski.</li>
+ <li>[606115] High CVE-2016-1669: Buffer overflow in V8. Credit to
+ Choongwoo Han.</li>
+ <li>[578882] Medium CVE-2016-1670: Race condition in loader. Credit
+ to anonymous.</li>
+ <li>[586657] Medium CVE-2016-1671: Directory traversal using the
+ file scheme on Android. Credit to Jann Horn.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1667</cvename>
+ <cvename>CVE-2016-1668</cvename>
+ <cvename>CVE-2016-1669</cvename>
+ <cvename>CVE-2016-1670</cvename>
+ <cvename>CVE-2016-1671</cvename>
+ <url>http://googlechromereleases.blogspot.nl/2016/05/stable-channel-update.html</url>
+ </references>
+ <dates>
+ <discovery>2016-05-11</discovery>
+ <entry>2016-05-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7da1da96-24bb-11e6-bd31-3065ec8fd3ec">
+ <topic>chromium -- multiple vulnerablities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>50.0.2661.94</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.nl/2016/04/stable-channel-update_28.html">
+ <p>9 security fixes in this release, including:</p>
+ <ul>
+ <li>[574802] High CVE-2016-1660: Out-of-bounds write in Blink.
+ Credit to Atte Kettunen of OUSPG.</li>
+ <li>[601629] High CVE-2016-1661: Memory corruption in cross-process
+ frames. Credit to Wadih Matar.</li>
+ <li>[603732] High CVE-2016-1662: Use-after-free in extensions.
+ Credit to Rob Wu.</li>
+ <li>[603987] High CVE-2016-1663: Use-after-free in Blink's V8
+ bindings. Credit to anonymous.</li>
+ <li>[597322] Medium CVE-2016-1664: Address bar spoofing. Credit to
+ Wadih Matar.</li>
+ <li>[606181] Medium CVE-2016-1665: Information leak in V8. Credit
+ to HyungSeok Han.</li>
+ <li>[607652] CVE-2016-1666: Various fixes from internal audits,
+ fuzzing and other initiatives.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1660</cvename>
+ <cvename>CVE-2016-1661</cvename>
+ <cvename>CVE-2016-1662</cvename>
+ <cvename>CVE-2016-1663</cvename>
+ <cvename>CVE-2016-1664</cvename>
+ <cvename>CVE-2016-1665</cvename>
+ <cvename>CVE-2016-1666</cvename>
+ <url>http://googlechromereleases.blogspot.nl/2016/04/stable-channel-update_28.html</url>
+ </references>
+ <dates>
+ <discovery>2016-04-28</discovery>
+ <entry>2016-05-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6b110175-246d-11e6-8dd3-002590263bf5">
+ <topic>php -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php70-gd</name>
+ <name>php70-intl</name>
+ <range><lt>7.0.7</lt></range>
+ </package>
+ <package>
+ <name>php56</name>
+ <name>php56-gd</name>
+ <range><lt>5.6.22</lt></range>
+ </package>
+ <package>
+ <name>php55</name>
+ <name>php55-gd</name>
+ <name>php55-phar</name>
+ <range><lt>5.5.36</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The PHP Group reports:</p>
+ <blockquote cite="http://php.net/ChangeLog-5.php#5.5.36">
+ <ul><li>Core:
+ <ul>
+ <li>Fixed bug #72114 (Integer underflow / arbitrary null write in
+ fread/gzread). (CVE-2016-5096) (PHP 5.5/5.6 only)</li>
+ <li>Fixed bug #72135 (Integer Overflow in php_html_entities).
+ (CVE-2016-5094) (PHP 5.5/5.6 only)</li>
+ </ul></li>
+ <li>GD:
+ <ul>
+ <li>Fixed bug #72227 (imagescale out-of-bounds read).
+ (CVE-2013-7456)</li>
+ </ul></li>
+ <li>Intl:
+ <ul>
+ <li>Fixed bug #72241 (get_icu_value_internal out-of-bounds read).
+ (CVE-2016-5093)</li>
+ </ul></li>
+ <li>Phar:
+ <ul>
+ <li>Fixed bug #71331 (Uninitialized pointer in
+ phar_make_dirstream()). (CVE-2016-4343) (PHP 5.5 only)</li>
+ </ul></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-5096</cvename>
+ <cvename>CVE-2016-5094</cvename>
+ <cvename>CVE-2013-7456</cvename>
+ <cvename>CVE-2016-5093</cvename>
+ <cvename>CVE-2016-4343</cvename>
+ <freebsdpr>ports/209779</freebsdpr>
+ <url>http://php.net/ChangeLog-7.php#7.0.7</url>
+ <url>http://php.net/ChangeLog-5.php#5.6.22</url>
+ <url>http://php.net/ChangeLog-5.php#5.5.36</url>
+ </references>
+ <dates>
+ <discovery>2016-05-26</discovery>
+ <entry>2016-05-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="00ec1be1-22bb-11e6-9ead-6805ca0b3d42">
+ <topic>phpmyadmin -- XSS and sensitive data leakage</topic>
+ <affects>
+ <package>
+ <name>phpmyadmin</name>
+ <range><ge>4.6.0</ge><lt>4.6.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpmyadmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-14/">
+ <h2>Description</h2>
+ <p>Because user SQL queries are part of the URL, sensitive
+ information made as part of a user query can be exposed by
+ clicking on external links to attackers monitoring user GET
+ query parameters or included in the webserver logs.</p>
+ <h2>Severity</h2>
+ <p>We consider this to be non-critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-16/">
+ <h2>Description</h2>
+ <p>A specially crafted attack could allow for special HTML
+ characters to be passed as URL encoded values and displayed
+ back as special characters in the page.</p>
+ <h2>Severity</h2>
+ <p>We consider this to be non-critical.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-14/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-16/</url>
+ <cvename>CVE-2016-5097</cvename>
+ <cvename>CVE-2016-5099</cvename>
+ </references>
+ <dates>
+ <discovery>2016-05-25</discovery>
+ <entry>2016-05-25</entry>
+ <modified>2016-05-26</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="b50f53ce-2151-11e6-8dd3-002590263bf5">
+ <topic>mediawiki -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mediawiki123</name>
+ <range><lt>1.23.14</lt></range>
+ </package>
+ <package>
+ <name>mediawiki124</name>
+ <range><le>1.24.6</le></range>
+ </package>
+ <package>
+ <name>mediawiki125</name>
+ <range><lt>1.25.6</lt></range>
+ </package>
+ <package>
+ <name>mediawiki126</name>
+ <range><lt>1.26.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mediawiki reports:</p>
+ <blockquote cite="https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-May/000188.html">
+ <p>Security fixes:</p>
+ <p>T122056: Old tokens are remaining valid within a new session</p>
+ <p>T127114: Login throttle can be tricked using non-canonicalized
+ usernames</p>
+ <p>T123653: Cross-domain policy regexp is too narrow</p>
+ <p>T123071: Incorrectly identifying http link in a's href
+ attributes, due to m modifier in regex</p>
+ <p>T129506: MediaWiki:Gadget-popups.js isn't renderable</p>
+ <p>T125283: Users occasionally logged in as different users after
+ SessionManager deployment</p>
+ <p>T103239: Patrol allows click catching and patrolling of any
+ page</p>
+ <p>T122807: [tracking] Check php crypto primatives</p>
+ <p>T98313: Graphs can leak tokens, leading to CSRF</p>
+ <p>T130947: Diff generation should use PoolCounter</p>
+ <p>T133507: Careless use of $wgExternalLinkTarget is insecure</p>
+ <p>T132874: API action=move is not rate limited</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-May/000188.html</url>
+ </references>
+ <dates>
+ <discovery>2016-05-20</discovery>
+ <entry>2016-05-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="967b852b-1e28-11e6-8dd3-002590263bf5">
+ <topic>wpa_supplicant -- psk configuration parameter update allowing arbitrary data to be written</topic>
+ <affects>
+ <package>
+ <name>wpa_supplicant</name>
+ <range><lt>2.5_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jouni Malinen reports:</p>
+ <blockquote cite="http://w1.fi/security/2016-1/psk-parameter-config-update.txt">
+ <p>psk configuration parameter update allowing arbitrary data to be
+ written (2016-1 - CVE-2016-4476/CVE-2016-4477).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4476</cvename>
+ <cvename>CVE-2016-4477</cvename>
+ <freebsdpr>/ports/209564</freebsdpr>
+ <url>http://w1.fi/security/2016-1/psk-parameter-config-update.txt</url>
+ </references>
+ <dates>
+ <discovery>2016-05-02</discovery>
+ <entry>2016-05-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="57b3aba7-1e25-11e6-8dd3-002590263bf5">
+ <topic>expat -- denial of service vulnerability on malformed input</topic>
+ <affects>
+ <package>
+ <name>expat</name>
+ <range><lt>2.1.1</lt></range>
+ </package>
+ <package>
+ <name>linux-c6-expat</name>
+ <range><lt>2.1.1</lt></range>
+ </package>
+ <package>
+ <name>linux-f10-expat</name>
+ <range><lt>2.1.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Gustavo Grieco reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2016/05/17/12">
+ <p>The Expat XML parser mishandles certain kinds of malformed input
+ documents, resulting in buffer overflows during processing and error
+ reporting. The overflows can manifest as a segmentation fault or as
+ memory corruption during a parse operation. The bugs allow for a
+ denial of service attack in many applications by an unauthenticated
+ attacker, and could conceivably result in remote code execution.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-0718</cvename>
+ <freebsdpr>ports/209360</freebsdpr>
+ <url>http://www.openwall.com/lists/oss-security/2016/05/17/12</url>
+ </references>
+ <dates>
+ <discovery>2016-05-17</discovery>
+ <entry>2016-05-20</entry>
+ <modified>2016-06-05</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="036d6c38-1c5b-11e6-b9e0-20cf30e32f6d">
+ <topic>Bugzilla security issues</topic>
+ <affects>
+ <package>
+ <name>bugzilla44</name>
+ <range><lt>4.4.12</lt></range>
+ </package>
+ <package>
+ <name>bugzilla50</name>
+ <range><lt>5.0.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Bugzilla Security Advisory</p>
+ <blockquote cite="https://www.bugzilla.org/security/4.4.11/">
+ <p>A specially crafted bug summary could trigger XSS in dependency graphs.
+ Due to an incorrect parsing of the image map generated by the dot script,
+ a specially crafted bug summary could trigger XSS in dependency graphs.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2803</cvename>
+ <url>https://bugzilla.mozilla.org/show_bug.cgi?id=1253263</url>
+ </references>
+ <dates>
+ <discovery>2016-03-03</discovery>
+ <entry>2016-05-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0dc8be9e-19af-11e6-8de0-080027ef73ec">
+ <topic>OpenVPN -- Buffer overflow in PAM authentication and DoS through port sharing</topic>
+ <affects>
+ <package>
+ <name>openvpn</name>
+ <range><lt>2.3.11</lt></range>
+ </package>
+ <package>
+ <name>openvpn-polarssl</name>
+ <range><lt>2.3.11</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Samuli Seppänen reports:</p>
+ <blockquote cite="https://sourceforge.net/p/openvpn/mailman/message/35076507/">
+ <p>OpenVPN 2.3.11 [...] fixes two vulnerabilities: a port-share bug
+ with DoS potential and a buffer overflow by user supplied data when
+ using pam authentication.[...]</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://sourceforge.net/p/openvpn/mailman/message/35076507/</url>
+ <url>https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11</url>
+ </references>
+ <dates>
+ <discovery>2016-03-03</discovery>
+ <entry>2016-05-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="82b702e0-1907-11e6-857b-00221503d280">
+ <topic>imagemagick -- buffer overflow</topic>
+ <affects>
+ <package>
+ <name>ImageMagick</name>
+ <name>ImageMagick-nox11</name>
+ <range><lt>6.9.4.1,1</lt></range>
+ </package>
+ <package>
+ <name>ImageMagick7</name>
+ <name>ImageMagick7-nox11</name>
+ <range><ge>7.0.0.0.b20150715</ge><lt>7.0.1.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ImageMagick reports:</p>
+ <blockquote cite="http://legacy.imagemagick.org/script/changelog.php">
+ <p>Fix a buffer overflow in magick/drag.c/DrawStrokePolygon().</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://legacy.imagemagick.org/script/changelog.php</url>
+ </references>
+ <dates>
+ <discovery>2016-05-09</discovery>
+ <entry>2016-05-13</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e387834a-17ef-11e6-9947-7054d2909b71">
+ <topic>jenkins -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>jenkins</name>
+ <range><le>2.2</le></range>
+ </package>
+ <package>
+ <name>jenkins2</name>
+ <range><le>2.2</le></range>
+ </package>
+ <package>
+ <name>jenkins-lts</name>
+ <range><le>1.651.1</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jenkins Security Advisory:</p>
+ <blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11">
+ <h1>Description</h1>
+ <h5>SECURITY-170 / CVE-2016-3721</h5>
+ <p>Arbitrary build parameters are passed to build scripts as environment variables</p>
+ <h5>SECURITY-243 / CVE-2016-3722</h5>
+ <p>Malicious users with multiple user accounts can prevent other users from logging in</p>
+ <h5>SECURITY-250 / CVE-2016-3723</h5>
+ <p>Information on installed plugins exposed via API</p>
+ <h5>SECURITY-266 / CVE-2016-3724</h5>
+ <p>Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration</p>
+ <h5>SECURITY-273 / CVE-2016-3725</h5>
+ <p>Regular users can trigger download of update site metadata</p>
+ <h5>SECURITY-276 / CVE-2016-3726</h5>
+ <p>Open redirect to scheme-relative URLs</p>
+ <h5>SECURITY-281 / CVE-2016-3727</h5>
+ <p>Granting the permission to read node configurations allows access to overall system configuration</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-3721</cvename>
+ <cvename>CVE-2016-3722</cvename>
+ <cvename>CVE-2016-3723</cvename>
+ <cvename>CVE-2016-3724</cvename>
+ <cvename>CVE-2016-3725</cvename>
+ <cvename>CVE-2016-3726</cvename>
+ <cvename>CVE-2016-3727</cvename>
+ <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11</url>
+ </references>
+ <dates>
+ <discovery>2016-05-11</discovery>
+ <entry>2016-05-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d9f99491-1656-11e6-94fa-002590263bf5">
+ <topic>perl5 -- taint mechanism bypass vulnerability</topic>
+ <affects>
+ <package>
+ <name>perl5</name>
+ <range><lt>5.18.4_21</lt></range>
+ <range><ge>5.20.0</ge><lt>5.20.3_12</lt></range>
+ <range><ge>5.22.0</ge><lt>5.22.1_8</lt></range>
+ </package>
+ <package>
+ <name>perl5.18</name>
+ <range><ge>5.18.0</ge><lt>5.18.4_21</lt></range>
+ </package>
+ <package>
+ <name>perl5.20</name>
+ <range><ge>5.20.0</ge><lt>5.20.3_12</lt></range>
+ </package>
+ <package>
+ <name>perl5.22</name>
+ <range><ge>5.22.0</ge><lt>5.22.1_8</lt></range>
+ </package>
+ <package>
+ <name>perl</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MITRE reports:</p>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2381">
+ <p>Perl might allow context-dependent attackers to bypass the taint
+ protection mechanism in a child process via duplicate environment
+ variables in envp.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2381</cvename>
+ <freebsdpr>ports/208879</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2016-04-08</discovery>
+ <entry>2016-05-10</entry>
+ <modified>2016-08-22</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="3686917b-164d-11e6-94fa-002590263bf5">
+ <topic>wordpress -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wordpress</name>
+ <range><lt>4.5.2,1</lt></range>
+ </package>
+ <package>
+ <name>de-wordpress</name>
+ <name>ja-wordpress</name>
+ <name>ru-wordpress</name>
+ <name>zh-wordpress-zh_CN</name>
+ <name>zh-wordpress-zh_TW</name>
+ <range><lt>4.5.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Helen Hou-Sandi reports:</p>
+ <blockquote cite="https://wordpress.org/news/2016/05/wordpress-4-5-2/">
+ <p>WordPress 4.5.2 is now available. This is a security release for
+ all previous versions and we strongly encourage you to update your
+ sites immediately.</p>
+ <p>WordPress versions 4.5.1 and earlier are affected by a SOME
+ vulnerability through Plupload, the third-party library WordPress
+ uses for uploading files. WordPress versions 4.2 through 4.5.1 are
+ vulnerable to reflected XSS using specially crafted URIs through
+ MediaElement.js, the third-party library used for media players.
+ MediaElement.js and Plupload have also released updates fixing
+ these issues.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4566</cvename>
+ <cvename>CVE-2016-4567</cvename>
+ <url>https://wordpress.org/news/2016/05/wordpress-4-5-2/</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/05/07/7</url>
+ </references>
+ <dates>
+ <discovery>2016-05-06</discovery>
+ <entry>2016-05-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2b4c8e1f-1609-11e6-b55e-b499baebfeaf">
+ <topic>libarchive -- RCE vulnerability</topic>
+ <affects>
+ <package>
+ <name>libarchive</name>
+ <range><lt>3.2.0,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The libarchive project reports:</p>
+ <blockquote cite="https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7">
+ <p>Heap-based buffer overflow in the zip_read_mac_metadata function
+ in archive_read_support_format_zip.c in libarchive before 3.2.0
+ allows remote attackers to execute arbitrary code via crafted
+ entry-size values in a ZIP archive.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1541</cvename>
+ <url>https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7</url>
+ </references>
+ <dates>
+ <discovery>2016-05-01</discovery>
+ <entry>2016-05-09</entry>
+ <modified>2016-05-10</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="25e5205b-1447-11e6-9ead-6805ca0b3d42">
+ <topic>squid -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>squid</name>
+ <range><ge>3.0.0</ge><lt>3.5.18</lt></range>
+ </package>
+ <package>
+ <name>squid-devel</name>
+ <range><ge>4.0.0</ge><lt>4.0.10</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The squid development team reports:</p>
+ <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_7.txt">
+ <dl>
+ <dt>Problem Description:</dt>
+ <dd>Due to incorrect data validation of intercepted HTTP
+ Request messages Squid is vulnerable to clients bypassing
+ the protection against CVE-2009-0801 related issues. This
+ leads to cache poisoning.</dd>
+ <dt>Severity:</dt>
+ <dd>This problem is serious because it allows any client,
+ including browser scripts, to bypass local security and
+ poison the proxy cache and any downstream caches with
+ content from an arbitrary source.</dd>
+ </dl>
+ </blockquote>
+ <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_8.txt">
+ <dl>
+ <dt>Problem Description:</dt>
+ <dd>Due to incorrect input validation Squid is vulnerable
+ to a header smuggling attack leading to cache poisoning
+ and to bypass of same-origin security policy in Squid and
+ some client browsers.</dd>
+ <dt>Severity:</dt>
+ <dd>This problem allows a client to smuggle Host header
+ value past same-origin security protections to cause Squid
+ operating as interception or reverse-proxy to contact the
+ wrong origin server. Also poisoning any downstream cache
+ which stores the response.</dd>
+ <dd>However, the cache poisoning is only possible if the
+ caching agent (browser or explicit/forward proxy) is not
+ following RFC 7230 processing guidelines and lets the
+ smuggled value through.</dd>
+ </dl>
+ </blockquote>
+ <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_9.txt">
+ <dl>
+ <dt>Problem Description:</dt>
+ <dd>Due to incorrect pointer handling and reference
+ counting Squid is vulnerable to a denial of service attack
+ when processing ESI responses.</dd>
+ <dt>Severity:</dt>
+ <dd>These problems allow a remote server delivering
+ certain ESI response syntax to trigger a denial of service
+ for all clients accessing the Squid service.</dd>
+ <dd>Due to unrelated changes Squid-3.5 has become
+ vulnerable to some regular ESI server responses also
+ triggering one or more of these issues.</dd>
+ </dl>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4553</cvename>
+ <cvename>CVE-2016-4554</cvename>
+ <cvename>CVE-2016-4555</cvename>
+ <cvename>CVE-2016-4556</cvename>
+ <url>http://www.squid-cache.org/Advisories/SQUID-2016_7.txt</url>
+ <url>http://www.squid-cache.org/Advisories/SQUID-2016_8.txt</url>
+ <url>http://www.squid-cache.org/Advisories/SQUID-2016_9.txt</url>
+ </references>
+ <dates>
+ <discovery>2016-05-06</discovery>
+ <entry>2016-05-07</entry>
+ <modified>2016-05-09</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="0d724b05-687f-4527-9c03-af34d3b094ec">
+ <topic>ImageMagick -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>ImageMagick</name>
+ <name>ImageMagick-nox11</name>
+ <range><lt>6.9.3.9_1,1</lt></range>
+ </package>
+ <package>
+ <name>ImageMagick7</name>
+ <name>ImageMagick7-nox11</name>
+ <range><ge>7.0.0.0.b20150715</ge><lt>7.0.1.0_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Openwall reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2016/05/03/18">
+ <p>Insufficient filtering for filename passed to delegate's command
+ allows remote code execution during conversion of several file
+ formats. Any service which uses ImageMagick to process user
+ supplied images and uses default delegates.xml / policy.xml,
+ may be vulnerable to this issue.</p>
+ <p>It is possible to make ImageMagick perform a HTTP GET or FTP
+ request</p>
+ <p>It is possible to delete files by using ImageMagick's 'ephemeral'
+ pseudo protocol which deletes files after reading.</p>
+ <p>It is possible to move image files to file with any extension
+ in any folder by using ImageMagick's 'msl' pseudo protocol.
+ msl.txt and image.gif should exist in known location - /tmp/
+ for PoC (in real life it may be web service written in PHP,
+ which allows to upload raw txt files and process images with
+ ImageMagick).</p>
+ <p>It is possible to get content of the files from the server
+ by using ImageMagick's 'label' pseudo protocol.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-3714</cvename>
+ <cvename>CVE-2016-3715</cvename>
+ <cvename>CVE-2016-3716</cvename>
+ <cvename>CVE-2016-3717</cvename>
+ <cvename>CVE-2016-3718</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2016/05/03/18</url>
+ <url>https://imagetragick.com/</url>
+ </references>
+ <dates>
+ <discovery>2016-05-03</discovery>
+ <entry>2016-05-06</entry>
+ <modified>2016-05-07</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="a6cd01fa-11bd-11e6-bb3c-9cb654ea3e1c">
+ <topic>jansson -- local denial of service vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>jansson</name>
+ <range><lt>2.7_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>QuickFuzz reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2016/05/01/5">
+ <p>A crash caused by stack exhaustion parsing a JSON was found.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openwall.com/lists/oss-security/2016/05/01/5</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/05/02/1</url>
+ <cvename>CVE-2016-4425</cvename>
+ </references>
+ <dates>
+ <discovery>2016-05-01</discovery>
+ <entry>2016-05-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="01d729ca-1143-11e6-b55e-b499baebfeaf">
+ <topic>OpenSSL -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>openssl</name>
+ <range><lt>1.0.2_11</lt></range>
+ </package>
+ <package>
+ <name>linux-c6-openssl</name>
+ <range><lt>1.0.1e_8</lt></range>
+ </package>
+ <package>
+ <name>libressl</name>
+ <range><ge>2.3.0</ge><lt>2.3.4</lt></range>
+ <range><lt>2.2.7</lt></range>
+ </package>
+ <package>
+ <name>libressl-devel</name>
+ <range><lt>2.3.4</lt></range>
+ </package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.3</ge><lt>10.3_2</lt></range>
+ <range><ge>10.2</ge><lt>10.2_16</lt></range>
+ <range><ge>10.1</ge><lt>10.1_33</lt></range>
+ <range><ge>9.3</ge><lt>9.3_41</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>OpenSSL reports:</p>
+ <blockquote cite="https://www.openssl.org/news/secadv/20160503.txt">
+ <p>Memory corruption in the ASN.1 encoder</p>
+ <p>Padding oracle in AES-NI CBC MAC check</p>
+ <p>EVP_EncodeUpdate overflow</p>
+ <p>EVP_EncryptUpdate overflow</p>
+ <p>ASN.1 BIO excessive memory allocation</p>
+ <p>EBCDIC overread (OpenSSL only)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.openssl.org/news/secadv/20160503.txt</url>
+ <url>https://marc.info/?l=openbsd-tech&m=146228598730414</url>
+ <cvename>CVE-2016-2105</cvename>
+ <cvename>CVE-2016-2106</cvename>
+ <cvename>CVE-2016-2107</cvename>
+ <cvename>CVE-2016-2108</cvename>
+ <cvename>CVE-2016-2109</cvename>
+ <cvename>CVE-2016-2176</cvename>
+ <freebsdsa>SA-16:17.openssl</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-05-03</discovery>
+ <entry>2016-05-03</entry>
+ <modified>2016-08-09</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="95564990-1138-11e6-b55e-b499baebfeaf">
+ <cancelled superseded="01d729ca-1143-11e6-b55e-b499baebfeaf"/>
+ </vuln>
+
+ <vuln vid="be72e773-1131-11e6-94fa-002590263bf5">
+ <topic>gitlab -- privilege escalation via "impersonate" feature</topic>
+ <affects>
+ <package>
+ <name>gitlab</name>
+ <range><ge>8.2.0</ge><lt>8.2.5</lt></range>
+ <range><ge>8.3.0</ge><lt>8.3.9</lt></range>
+ <range><ge>8.4.0</ge><lt>8.4.10</lt></range>
+ <range><ge>8.5.0</ge><lt>8.5.12</lt></range>
+ <range><ge>8.6.0</ge><lt>8.6.8</lt></range>
+ <range><ge>8.7.0</ge><lt>8.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>GitLab reports:</p>
+ <blockquote cite="https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/">
+ <p>During an internal code review, we discovered a critical security
+ flaw in the "impersonate" feature of GitLab. Added in GitLab 8.2,
+ this feature was intended to allow an administrator to simulate
+ being logged in as any other user.</p>
+ <p>A part of this feature was not properly secured and it was possible
+ for any authenticated user, administrator or not, to "log in" as any
+ other user, including administrators. Please see the issue for more
+ details.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4340</cvename>
+ <freebsdpr>ports/209225</freebsdpr>
+ <url>https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/</url>
+ <url>https://gitlab.com/gitlab-org/gitlab-ce/issues/15548</url>
+ </references>
+ <dates>
+ <discovery>2016-05-02</discovery>
+ <entry>2016-05-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5764c634-10d2-11e6-94fa-002590263bf5">
+ <topic>php -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php70</name>
+ <name>php70-bcmath</name>
+ <name>php70-exif</name>
+ <name>php70-gd</name>
+ <name>php70-xml</name>
+ <range><lt>7.0.6</lt></range>
+ </package>
+ <package>
+ <name>php56</name>
+ <name>php56-bcmath</name>
+ <name>php56-exif</name>
+ <name>php56-gd</name>
+ <name>php56-xml</name>
+ <range><lt>5.6.21</lt></range>
+ </package>
+ <package>
+ <name>php55</name>
+ <name>php55-bcmath</name>
+ <name>php55-exif</name>
+ <name>php55-gd</name>
+ <name>php55-xml</name>
+ <range><lt>5.5.35</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The PHP Group reports:</p>
+ <blockquote cite="http://www.php.net/ChangeLog-5.php#5.5.35">
+ <ul><li>BCMath:
+ <ul>
+ <li>Fixed bug #72093 (bcpowmod accepts negative scale and corrupts
+ _one_ definition).</li>
+ </ul></li>
+ <li>Exif:
+ <ul>
+ <li>Fixed bug #72094 (Out of bounds heap read access in exif header
+ processing).</li>
+ </ul></li>
+ <li>GD:
+ <ul>
+ <li>Fixed bug #71912 (libgd: signedness vulnerability).
+ (CVE-2016-3074)</li>
+ </ul></li>
+ <li>Intl:
+ <ul>
+ <li>Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos
+ with negative offset).</li>
+ </ul></li>
+ <li>XML:
+ <ul>
+ <li>Fixed bug #72099 (xml_parse_into_struct segmentation fault).
+ </li>
+ </ul></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-3074</cvename>
+ <freebsdpr>ports/209145</freebsdpr>
+ <url>http://www.php.net/ChangeLog-7.php#7.0.6</url>
+ <url>http://www.php.net/ChangeLog-5.php#5.6.21</url>
+ <url>http://www.php.net/ChangeLog-5.php#5.5.35</url>
+ </references>
+ <dates>
+ <discovery>2016-04-28</discovery>
+ <entry>2016-05-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a1134048-10c6-11e6-94fa-002590263bf5">
+ <topic>libksba -- local denial of service vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libksba</name>
+ <range><lt>1.3.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Martin Prpic, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2016/04/29/5">
+ <p>Denial of Service due to stack overflow in src/ber-decoder.c.</p>
+ <p>Integer overflow in the BER decoder src/ber-decoder.c.</p>
+ <p>Integer overflow in the DN decoder src/dn.c.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4353</cvename>
+ <cvename>CVE-2016-4354</cvename>
+ <cvename>CVE-2016-4355</cvename>
+ <cvename>CVE-2016-4356</cvename>
+ <url>http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a</url>
+ <url>http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887</url>
+ <url>http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3</url>
+ <url>https://security.gentoo.org/glsa/201604-04</url>
+ <mlist>http://www.openwall.com/lists/oss-security/2016/04/29/5</mlist>
+ </references>
+ <dates>
+ <discovery>2015-04-08</discovery>
+ <entry>2016-05-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7e36c369-10c0-11e6-94fa-002590263bf5">
+ <topic>wireshark -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wireshark</name>
+ <name>wireshark-lite</name>
+ <name>wireshark-qt5</name>
+ <name>tshark</name>
+ <name>tshark-lite</name>
+ <range><lt>2.0.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Wireshark development team reports:</p>
+ <blockquote cite="https://www.wireshark.org/docs/relnotes/wireshark-2.0.3.html">
+ <p>The following vulnerabilities have been fixed:</p>
+ <ul>
+ <li><p>wnpa-sec-2016-19</p>
+ <p>The NCP dissector could crash. (Bug 11591)</p></li>
+ <li><p>wnpa-sec-2016-20</p>
+ <p>TShark could crash due to a packet reassembly bug. (Bug 11799)
+ </p></li>
+ <li><p>wnpa-sec-2016-21</p>
+ <p>The IEEE 802.11 dissector could crash. (Bug 11824, Bug 12187)
+ </p></li>
+ <li><p>wnpa-sec-2016-22</p>
+ <p>The PKTC dissector could crash. (Bug 12206)</p></li>
+ <li><p>wnpa-sec-2016-23</p>
+ <p>The PKTC dissector could crash. (Bug 12242)</p></li>
+ <li><p>wnpa-sec-2016-24</p>
+ <p>The IAX2 dissector could go into an infinite loop. (Bug
+ 12260)</p></li>
+ <li><p>wnpa-sec-2016-25</p>
+ <p>Wireshark and TShark could exhaust the stack. (Bug 12268)</p>
+ </li>
+ <li><p>wnpa-sec-2016-26</p>
+ <p>The GSM CBCH dissector could crash. (Bug 12278)</p></li>
+ <li><p>wnpa-sec-2016-27</p>
+ <p>MS-WSP dissector crash. (Bug 12341)</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4076</cvename>
+ <cvename>CVE-2016-4077</cvename>
+ <cvename>CVE-2016-4078</cvename>
+ <cvename>CVE-2016-4079</cvename>
+ <cvename>CVE-2016-4080</cvename>
+ <cvename>CVE-2016-4081</cvename>
+ <cvename>CVE-2016-4006</cvename>
+ <cvename>CVE-2016-4082</cvename>
+ <cvename>CVE-2016-4083</cvename>
+ <cvename>CVE-2016-4084</cvename>
+ <url>https://www.wireshark.org/docs/relnotes/wireshark-2.0.3.html</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/04/25/2</url>
+ </references>
+ <dates>
+ <discovery>2016-04-22</discovery>
+ <entry>2016-05-02</entry>
+ <modified>2016-07-04</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="78abc022-0fee-11e6-9a1c-0014a5a57822">
+ <topic>mercurial -- arbitrary code execution vulnerability</topic>
+ <affects>
+ <package>
+ <name>mercurial</name>
+ <range><lt>3.8.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mercurial reports:</p>
+ <blockquote cite="https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29">
+ <p>CVE-2016-3105: Arbitrary code execution when converting
+ Git repos</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-3105</cvename>
+ <url>https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29</url>
+ </references>
+ <dates>
+ <discovery>2016-05-01</discovery>
+ <entry>2016-05-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="8c2b2f11-0ebe-11e6-b55e-b499baebfeaf">
+ <topic>MySQL -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mariadb55-server</name>
+ <range><lt>5.5.49</lt></range>
+ </package>
+ <package>
+ <name>mariadb100-server</name>
+ <range><lt>10.0.25</lt></range>
+ </package>
+ <package>
+ <name>mariadb101-server</name>
+ <range><lt>10.1.12</lt></range>
+ </package>
+ <package>
+ <name>mysql55-server</name>
+ <range><lt>5.5.49</lt></range>
+ </package>
+ <package>
+ <name>mysql56-server</name>
+ <range><lt>5.6.30</lt></range>
+ </package>
+ <package>
+ <name>mysql57-server</name>
+ <range><lt>5.7.12</lt></range>
+ </package>
+ <package>
+ <name>percona55-server</name>
+ <range><lt>5.5.49</lt></range>
+ </package>
+ <package>
+ <name>percona-server</name>
+ <range><lt>5.6.30</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Oracle reports reports:</p>
+ <blockquote cite="http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html#AppendixMSQL">
+ <p>Critical Patch Update contains 31 new security fixes for Oracle MySQL
+ 5.5.48, 5.6.29, 5.7.11 and earlier</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html#AppendixMSQL</url>
+ <url>https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/</url>
+ <url>https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/</url>
+ <url>https://mariadb.com/kb/en/mariadb/mariadb-10112-release-notes/</url>
+ <cvename>CVE-2016-0705</cvename>
+ <cvename>CVE-2016-0639</cvename>
+ <cvename>CVE-2015-3194</cvename>
+ <cvename>CVE-2016-0640</cvename>
+ <cvename>CVE-2016-0641</cvename>
+ <cvename>CVE-2016-3461</cvename>
+ <cvename>CVE-2016-2047</cvename>
+ <cvename>CVE-2016-0642</cvename>
+ <cvename>CVE-2016-0643</cvename>
+ <cvename>CVE-2016-0644</cvename>
+ <cvename>CVE-2016-0646</cvename>
+ <cvename>CVE-2016-0647</cvename>
+ <cvename>CVE-2016-0648</cvename>
+ <cvename>CVE-2016-0649</cvename>
+ <cvename>CVE-2016-0650</cvename>
+ <cvename>CVE-2016-0652</cvename>
+ <cvename>CVE-2016-0653</cvename>
+ <cvename>CVE-2016-0654</cvename>
+ <cvename>CVE-2016-0655</cvename>
+ <cvename>CVE-2016-0656</cvename>
+ <cvename>CVE-2016-0657</cvename>
+ <cvename>CVE-2016-0658</cvename>
+ <cvename>CVE-2016-0651</cvename>
+ <cvename>CVE-2016-0659</cvename>
+ <cvename>CVE-2016-0661</cvename>
+ <cvename>CVE-2016-0662</cvename>
+ <cvename>CVE-2016-0663</cvename>
+ <cvename>CVE-2016-0665</cvename>
+ <cvename>CVE-2016-0666</cvename>
+ <cvename>CVE-2016-0667</cvename>
+ <cvename>CVE-2016-0668</cvename>
+ </references>
+ <dates>
+ <discovery>2016-04-19</discovery>
+ <entry>2016-04-30</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f2d4f879-0d7c-11e6-925f-6805ca0b3d42">
+ <topic>logstash -- password disclosure vulnerability</topic>
+ <affects>
+ <package>
+ <name>logstash</name>
+ <range><ge>2.1.0</ge><lt>2.3.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Logstash developers report:</p>
+ <blockquote cite="https://www.elastic.co/blog/logstash-2.3.1-and-2.2.4-released#Passwords_Printed_in_Log_Files_under_Some_Conditions_18">
+ <h2>Passwords Printed in Log Files under Some Conditions</h2>
+ <p>It was discovered that, in Logstash 2.1.0+, log messages
+ generated by a stalled pipeline during shutdown will print
+ plaintext contents of password fields. While investigating
+ this issue we also discovered that debug logging has
+ included this data for quite some time. Our latest releases
+ fix both leaks. You will want to scrub old log files if this
+ is of particular concern to you. This was fixed in issue
+ #4965</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.elastic.co/blog/logstash-2.3.1-and-2.2.4-released#Passwords_Printed_in_Log_Files_under_Some_Conditions_18</url>
+ <url>https://github.com/elastic/logstash/pull/4965</url>
+ </references>
+ <dates>
+ <discovery>2016-04-01</discovery>
+ <entry>2016-04-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c8174b63-0d3a-11e6-b06e-d43d7eed0ce2">
+ <topic>subversion -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>subversion</name>
+ <range><ge>1.9.0</ge><lt>1.9.4</lt></range>
+ <range><ge>1.0.0</ge><lt>1.8.15</lt></range>
+ </package>
+ <package>
+ <name>subversion18</name>
+ <range><ge>1.0.0</ge><lt>1.8.15</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Subversion project reports:</p>
+ <blockquote cite="http://subversion.apache.org/security/CVE-2016-2167-advisory.txt">
+ <p>svnserve, the svn:// protocol server, can optionally use the Cyrus
+ SASL library for authentication, integrity protection, and encryption.
+ Due to a programming oversight, authentication against Cyrus SASL
+ would permit the remote user to specify a realm string which is
+ a prefix of the expected realm string.</p>
+ </blockquote>
+ <blockquote cite="http://subversion.apache.org/security/CVE-2016-2168-advisory.txt">
+ <p>Subversion's httpd servers are vulnerable to a remotely triggerable crash
+ in the mod_authz_svn module. The crash can occur during an authorization
+ check for a COPY or MOVE request with a specially crafted header value.</p>
+ <p>This allows remote attackers to cause a denial of service.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2167</cvename>
+ <url>http://subversion.apache.org/security/CVE-2016-2167-advisory.txt</url>
+ <cvename>CVE-2016-2168</cvename>
+ <url>http://subversion.apache.org/security/CVE-2016-2168-advisory.txt</url>
+ </references>
+ <dates>
+ <discovery>2016-04-21</discovery>
+ <entry>2016-04-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b2487d9a-0c30-11e6-acd0-d050996490d0">
+ <topic>ntp -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>ntp</name>
+ <range><lt>4.2.8p7</lt></range>
+ </package>
+ <package>
+ <name>ntp-devel</name>
+ <range><lt>4.3.92</lt></range>
+ </package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.3</ge><lt>10.3_1</lt></range>
+ <range><ge>10.2</ge><lt>10.2_15</lt></range>
+ <range><ge>10.1</ge><lt>10.1_32</lt></range>
+ <range><ge>9.3</ge><lt>9.3_40</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Network Time Foundation reports:</p>
+ <blockquote cite="http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security">
+ <p>NTF's NTP Project has been notified of the following low-
+ and medium-severity vulnerabilities that are fixed in
+ ntp-4.2.8p7, released on Tuesday, 26 April 2016:</p>
+ <ul>
+ <li>Bug 3020 / CVE-2016-1551: Refclock impersonation
+ vulnerability, AKA: refclock-peering. Reported by
+ Matt Street and others of Cisco ASIG</li>
+ <li>Bug 3012 / CVE-2016-1549: Sybil vulnerability:
+ ephemeral association attack, AKA: ntp-sybil -
+ MITIGATION ONLY. Reported by Matthew Van Gundy
+ of Cisco ASIG</li>
+ <li>Bug 3011 / CVE-2016-2516: Duplicate IPs on
+ unconfig directives will cause an assertion botch.
+ Reported by Yihan Lian of the Cloud Security Team,
+ Qihoo 360</li>
+ <li>Bug 3010 / CVE-2016-2517: Remote configuration
+ trustedkey/requestkey values are not properly
+ validated. Reported by Yihan Lian of the Cloud
+ Security Team, Qihoo 360</li>
+ <li>Bug 3009 / CVE-2016-2518: Crafted addpeer with
+ hmode > 7 causes array wraparound with MATCH_ASSOC.
+ Reported by Yihan Lian of the Cloud Security Team,
+ Qihoo 360</li>
+ <li>Bug 3008 / CVE-2016-2519: ctl_getitem() return
+ value not always checked. Reported by Yihan Lian
+ of the Cloud Security Team, Qihoo 360</li>
+ <li>Bug 3007 / CVE-2016-1547: Validate crypto-NAKs,
+ AKA: nak-dos. Reported by Stephen Gray and
+ Matthew Van Gundy of Cisco ASIG</li>
+ <li>Bug 2978 / CVE-2016-1548: Interleave-pivot -
+ MITIGATION ONLY. Reported by Miroslav Lichvar of
+ RedHat and separately by Jonathan Gardner of
+ Cisco ASIG.</li>
+ <li>Bug 2952 / CVE-2015-7704: KoD fix: peer
+ associations were broken by the fix for
+ NtpBug2901, AKA: Symmetric active/passive mode
+ is broken. Reported by Michael Tatarinov,
+ NTP Project Developer Volunteer</li>
+ <li>Bug 2945 / Bug 2901 / CVE-2015-8138: Zero
+ Origin Timestamp Bypass, AKA: Additional KoD Checks.
+ Reported by Jonathan Gardner of Cisco ASIG</li>
+ <li>Bug 2879 / CVE-2016-1550: Improve NTP security
+ against buffer comparison timing attacks,
+ authdecrypt-timing, AKA: authdecrypt-timing.
+ Reported independently by Loganaden Velvindron,
+ and Matthew Van Gundy and Stephen Gray of
+ Cisco ASIG.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdsa>SA-16:16.ntp</freebsdsa>
+ <cvename>CVE-2015-7704</cvename>
+ <cvename>CVE-2015-8138</cvename>
+ <cvename>CVE-2016-1547</cvename>
+ <cvename>CVE-2016-1548</cvename>
+ <cvename>CVE-2016-1549</cvename>
+ <cvename>CVE-2016-1550</cvename>
+ <cvename>CVE-2016-1551</cvename>
+ <cvename>CVE-2016-2516</cvename>
+ <cvename>CVE-2016-2517</cvename>
+ <cvename>CVE-2016-2518</cvename>
+ <cvename>CVE-2016-2519</cvename>
+ <url>http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security</url>
+ </references>
+ <dates>
+ <discovery>2016-04-26</discovery>
+ <entry>2016-04-27</entry>
+ <modified>2016-08-09</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="92d44f83-a7bf-41cf-91ee-3d1b8ecf579f">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <name>linux-firefox</name>
+ <range><lt>46.0,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.43</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><ge>39.0,1</ge><lt>45.1.0,1</lt></range>
+ <range><lt>38.8.0,1</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><ge>39.0</ge><lt>45.1.0</lt></range>
+ <range><lt>38.8.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox46">
+ <p>MFSA 2016-39 Miscellaneous memory safety hazards (rv:46.0 /
+ rv:45.1 / rv:38.8)</p>
+ <p>MFSA 2016-42 Use-after-free and buffer overflow
+ in Service Workers</p>
+ <p>MFSA 2016-44 Buffer overflow in libstagefright with
+ CENC offsets</p>
+ <p>MFSA 2016-45 CSP not applied to pages sent with
+ multipart/x-mixed-replace</p>
+ <p>MFSA 2016-46 Elevation of privilege with
+ chrome.tabs.update API in web extensions</p>
+ <p>MFSA 2016-47 Write to invalid HashMap entry through
+ JavaScript.watch()</p>
+ <p>MFSA 2016-48 Firefox Health Reports could accept events
+ from untrusted domains</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2804</cvename>
+ <cvename>CVE-2016-2805</cvename>
+ <cvename>CVE-2016-2806</cvename>
+ <cvename>CVE-2016-2807</cvename>
+ <cvename>CVE-2016-2808</cvename>
+ <cvename>CVE-2016-2811</cvename>
+ <cvename>CVE-2016-2812</cvename>
+ <cvename>CVE-2016-2814</cvename>
+ <cvename>CVE-2016-2816</cvename>
+ <cvename>CVE-2016-2817</cvename>
+ <cvename>CVE-2016-2820</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-39/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-42/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-44/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-45/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-46/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-47/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-48/</url>
+ </references>
+ <dates>
+ <discovery>2016-04-26</discovery>
+ <entry>2016-04-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f87a9376-0943-11e6-8fc4-00a0986f28c4">
+ <topic>phpmyfaq -- cross-site request forgery vulnerability</topic>
+ <affects>
+ <package>
+ <name>phpmyfaq</name>
+ <range><lt>2.8.27</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMyFAQ team reports:</p>
+ <blockquote cite="http://www.phpmyfaq.de/security/advisory-2016-04-11">
+ <p>The vulnerability exists due to application does not properly
+ verify origin of HTTP requests in "Interface Translation"
+ functionality.: A remote unauthenticated attacker can create
+ a specially crafted malicious web page with CSRF exploit, trick
+ a logged-in administrator to visit the page, spoof the HTTP
+ request, as if it was coming from the legitimate user, inject
+ and execute arbitrary PHP code on the target system with privileges
+ of the webserver.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.phpmyfaq.de/security/advisory-2016-04-11</url>
+ <url>https://www.htbridge.com/advisory/HTB23300</url>
+ </references>
+ <dates>
+ <discovery>2016-04-11</discovery>
+ <entry>2016-04-23</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="1b0d2938-0766-11e6-94fa-002590263bf5">
+ <topic>libtasn1 -- denial of service parsing malicious DER certificates</topic>
+ <affects>
+ <package>
+ <name>libtasn1</name>
+ <range><lt>4.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>GNU Libtasn1 NEWS reports:</p>
+ <blockquote cite="http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=blob_plain;f=NEWS;hb=e9bcdc86b920d72c9cffc2570d14eea2f6365b37">
+ <p>Fixes to avoid an infinite recursion when decoding without the
+ ASN1_DECODE_FLAG_STRICT_DER flag. Reported by Pascal Cuoq.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4008</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2016/04/13/3</url>
+ <url>http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=blob_plain;f=NEWS;hb=e9bcdc86b920d72c9cffc2570d14eea2f6365b37</url>
+ </references>
+ <dates>
+ <discovery>2016-04-11</discovery>
+ <entry>2016-04-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e05bfc92-0763-11e6-94fa-002590263bf5">
+ <topic>squid -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>squid</name>
+ <range><lt>3.5.17</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Squid security advisory 2016:5 reports:</p>
+ <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_5.txt">
+ <p>Due to incorrect buffer management Squid cachemgr.cgi tool is
+ vulnerable to a buffer overflow when processing remotely supplied
+ inputs relayed to it from Squid.</p>
+ <p>This problem allows any client to seed the Squid manager reports
+ with data that will cause a buffer overflow when processed by the
+ cachemgr.cgi tool. However, this does require manual administrator
+ actions to take place. Which greatly reduces the impact and
+ possible uses.</p>
+ </blockquote>
+ <p>Squid security advisory 2016:6 reports:</p>
+ <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_6.txt">
+ <p>Due to buffer overflow issues Squid is vulnerable to a denial of
+ service attack when processing ESI responses. Due to incorrect input
+ validation Squid is vulnerable to public information disclosure of
+ the server stack layout when processing ESI responses. Due to
+ incorrect input validation and buffer overflow Squid is vulnerable
+ to remote code execution when processing ESI responses.</p>
+ <p>These problems allow ESI components to be used to perform a denial
+ of service attack on the Squid service and all other services on the
+ same machine. Under certain build conditions these problems allow
+ remote clients to view large sections of the server memory. However,
+ the bugs are exploitable only if you have built and configured the
+ ESI features to be used by a reverse-proxy and if the ESI components
+ being processed by Squid can be controlled by an attacker.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-4051</cvename>
+ <cvename>CVE-2016-4052</cvename>
+ <cvename>CVE-2016-4053</cvename>
+ <cvename>CVE-2016-4054</cvename>
+ <freebsdpr>ports/208939</freebsdpr>
+ <url>http://www.squid-cache.org/Advisories/SQUID-2016_5.txt</url>
+ <url>http://www.squid-cache.org/Advisories/SQUID-2016_6.txt</url>
+ </references>
+ <dates>
+ <discovery>2016-04-20</discovery>
+ <entry>2016-04-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="253c6889-06f0-11e6-925f-6805ca0b3d42">
+ <topic>ansible -- use of predictable paths in lxc_container</topic>
+ <affects>
+ <package>
+ <name>ansible</name>
+ <range><ge>2.0.0.0</ge><lt>2.0.2.0</lt></range>
+ </package>
+ <package>
+ <name>ansible1</name>
+ <range><lt>1.9.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Ansible developers report:</p>
+ <blockquote cite="https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4">
+ <p>CVE-2016-3096: do not use predictable paths in lxc_container</p>
+
+ <ul>
+ <li>do not use a predictable filename for the LXC attach
+ script</li>
+ <li>don't use predictable filenames for LXC attach script
+ logging</li>
+ <li>don't set a predictable archive_path</li>
+ </ul>
+
+ <p>this should prevent symlink attacks which could result
+ in</p>
+
+ <ul>
+ <li>data corruption</li>
+ <li>data leakage</li>
+ <li>privilege escalation</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-3096</cvename>
+ <url>https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4</url>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=1322925</url>
+ </references>
+ <dates>
+ <discovery>2016-04-02</discovery>
+ <entry>2016-04-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a733b5ca-06eb-11e6-817f-3085a9a4510d">
+ <topic>proftpd -- vulnerability in mod_tls</topic>
+ <affects>
+ <package>
+ <name>proftpd</name>
+ <range><lt>1.3.5b</lt></range>
+ <range><eq>1.3.6.r1</eq></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MITRE reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3125">
+ <p>The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before
+ 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which
+ might cause a weaker than intended Diffie-Hellman (DH) key to be used
+ and consequently allow attackers to have unspecified impact via
+ unknown vectors.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-3125</cvename>
+ </references>
+ <dates>
+ <discovery>2016-03-08</discovery>
+ <entry>2016-04-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6d8505f0-0614-11e6-b39c-00262d5ed8ee">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>50.0.2661.75</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.nl/2016/04/stable-channel-update_13.html">
+ <p>20 security fixes in this release, including:</p>
+ <ul>
+ <li>[590275] High CVE-2016-1652: Universal XSS in extension
+ bindings. Credit to anonymous.</li>
+ <li>[589792] High CVE-2016-1653: Out-of-bounds write in V8. Credit
+ to Choongwoo Han.</li>
+ <li>[591785] Medium CVE-2016-1651: Out-of-bounds read in Pdfium
+ JPEG2000 decoding. Credit to kdot working with HP's Zero Day
+ Initiative.</li>
+ <li>[589512] Medium CVE-2016-1654: Uninitialized memory read in
+ media. Credit to Atte Kettunen of OUSPG.</li>
+ <li>[582008] Medium CVE-2016-1655: Use-after-free related to
+ extensions. Credit to Rob Wu.</li>
+ <li>[570750] Medium CVE-2016-1656: Android downloaded file path
+ restriction bypass. Credit to Dzmitry Lukyanenko.</li>
+ <li>[567445] Medium CVE-2016-1657: Address bar spoofing. Credit to
+ Luan Herrera.</li>
+ <li>[573317] Low CVE-2016-1658: Potential leak of sensitive
+ information to malicious extensions. Credit to Antonio Sanso
+ (@asanso) of Adobe.</li>
+ <li>[602697] CVE-2016-1659: Various fixes from internal audits,
+ fuzzing and other initiatives.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1651</cvename>
+ <cvename>CVE-2016-1652</cvename>
+ <cvename>CVE-2016-1653</cvename>
+ <cvename>CVE-2016-1654</cvename>
+ <cvename>CVE-2016-1655</cvename>
+ <cvename>CVE-2016-1656</cvename>
+ <cvename>CVE-2016-1657</cvename>
+ <cvename>CVE-2016-1658</cvename>
+ <cvename>CVE-2016-1659</cvename>
+ <url>http://googlechromereleases.blogspot.nl/2016/04/stable-channel-update_13.html</url>
+ </references>
+ <dates>
+ <discovery>2016-04-13</discovery>
+ <entry>2016-04-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="976567f6-05c5-11e6-94fa-002590263bf5">
+ <topic>wpa_supplicant -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wpa_supplicant</name>
+ <range><lt>2.5_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jouni Malinen reports:</p>
+ <blockquote cite="http://w1.fi/security/2015-6/wpa_supplicant-unauthorized-wnm-sleep-mode-gtk-control.txt">
+ <p>wpa_supplicant unauthorized WNM Sleep Mode GTK control. (2015-6 -
+ CVE-2015-5310)</p>
+ </blockquote>
+ <blockquote cite="http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt">
+ <p>EAP-pwd missing last fragment length validation. (2015-7 -
+ CVE-2015-5315)</p>
+ </blockquote>
+ <blockquote cite="http://w1.fi/security/2015-8/eap-pwd-unexpected-confirm.txt">
+ <p>EAP-pwd peer error path failure on unexpected Confirm message.
+ (2015-8 - CVE-2015-5316)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5310</cvename>
+ <cvename>CVE-2015-5315</cvename>
+ <cvename>CVE-2015-5316</cvename>
+ <freebsdpr>ports/208482</freebsdpr>
+ <url>http://w1.fi/security/2015-6/wpa_supplicant-unauthorized-wnm-sleep-mode-gtk-control.txt</url>
+ <url>http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt</url>
+ <url>http://w1.fi/security/2015-8/eap-pwd-unexpected-confirm.txt</url>
+ </references>
+ <dates>
+ <discovery>2015-11-10</discovery>
+ <entry>2016-04-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="092156c9-04d7-11e6-b1ce-002590263bf5">
+ <topic>dhcpcd -- remote code execution/denial of service</topic>
+ <affects>
+ <package>
+ <name>dhcpcd</name>
+ <range><lt>6.9.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MITRE reports:</p>
+ <blockquote cite="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7912">
+ <p>The get_option function in dhcp.c in dhcpcd before 6.2.0, as used
+ in dhcpcd 5.x in Android before 5.1 and other products, does not
+ validate the relationship between length fields and the amount of
+ data, which allows remote DHCP servers to execute arbitrary code or
+ cause a denial of service (memory corruption) via a large length
+ value of an option in a DHCPACK message.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-7912</cvename>
+ <url>http://roy.marples.name/projects/dhcpcd/info/d71cfd8aa203bffe</url>
+ </references>
+ <dates>
+ <discovery>2015-06-19</discovery>
+ <entry>2016-04-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6ec9f210-0404-11e6-9aee-bc5ff4fb5ea1">
+ <topic>dhcpcd -- remote code execution/denial of service</topic>
+ <affects>
+ <package>
+ <name>dhcpcd</name>
+ <range><lt>6.10.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MITRE reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7913">
+ <p>The print_option function in dhcp-common.c in dhcpcd through 6.9.1,
+ as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other
+ products, misinterprets the return value of the snprintf function,
+ which allows remote DHCP servers to execute arbitrary code or cause
+ a denial of service (memory corruption) via a crafted message.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-7913</cvename>
+ <freebsdpr>ports/208702</freebsdpr>
+ <url>http://roy.marples.name/projects/dhcpcd/info/528541c4c619520e</url>
+ </references>
+ <dates>
+ <discovery>2016-01-22</discovery>
+ <entry>2016-04-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e21474c6-031a-11e6-aa86-001999f8d30b">
+ <topic>PJSIP -- TCP denial of service in PJProject</topic>
+ <affects>
+ <package>
+ <name>pjsip</name>
+ <range><le>2.4.5</le></range>
+ </package>
+ <package>
+ <name>pjsip-extsrtp</name>
+ <range><le>2.4.5</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Asterisk project reports:</p>
+ <blockquote cite="http://www.asterisk.org/downloads/security-advisories">
+ <p>PJProject has a limit on the number of TCP connections
+ that it can accept. Furthermore, PJProject does not close
+ TCP connections it accepts. By default, this value is
+ approximately 60.</p>
+ <p>An attacker can deplete the number of allowed TCP
+ connections by opening TCP connections and sending no
+ data to Asterisk.</p>
+ <p>If PJProject has been compiled in debug mode, then
+ once the number of allowed TCP connections has been
+ depleted, the next attempted TCP connection to Asterisk
+ will crash due to an assertion in PJProject.</p>
+ <p>If PJProject has not been compiled in debug mode, then
+ any further TCP connection attempts will be rejected.
+ This makes Asterisk unable to process TCP SIP traffic.</p>
+ <p>Note that this only affects TCP/TLS, since UDP is
+ connectionless.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://downloads.asterisk.org/pub/security/AST-2016-005.html</url>
+ </references>
+ <dates>
+ <discovery>2016-02-15</discovery>
+ <entry>2016-04-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ee50726e-0319-11e6-aa86-001999f8d30b">
+ <topic>asterisk -- Long Contact URIs in REGISTER requests can crash Asterisk</topic>
+ <affects>
+ <package>
+ <name>asterisk13</name>
+ <range><lt>13.8.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Asterisk project reports:</p>
+ <blockquote cite="http://www.asterisk.org/downloads/security-advisories">
+ <p>Asterisk may crash when processing an incoming REGISTER
+ request if that REGISTER contains a Contact header with
+ a lengthy URI.</p>
+ <p>This crash will only happen for requests that pass
+ authentication. Unauthenticated REGISTER requests will
+ not result in a crash occurring.</p>
+ <p>This vulnerability only affects Asterisk when using
+ PJSIP as its SIP stack. The chan_sip module does not have
+ this problem.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://downloads.asterisk.org/pub/security/AST-2016-004.html</url>
+ </references>
+ <dates>
+ <discovery>2016-01-19</discovery>
+ <entry>2016-04-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f2217cdf-01e4-11e6-b1ce-002590263bf5">
+ <topic>go -- remote denial of service</topic>
+ <affects>
+ <package>
+ <name>go</name>
+ <range><lt>1.6.1,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jason Buberel reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2016/04/05/2">
+ <p>Go has an infinite loop in several big integer routines that makes
+ Go programs vulnerable to remote denial of service attacks. Programs
+ using HTTPS client authentication or the Go ssh server libraries are
+ both exposed to this vulnerability.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-3959</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2016/04/05/2</url>
+ <url>https://golang.org/cl/21533</url>
+ </references>
+ <dates>
+ <discovery>2016-04-05</discovery>
+ <entry>2016-04-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a636fc26-00d9-11e6-b704-000c292e4fd8">
+ <topic>samba -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>samba36</name>
+ <range><ge>3.6.0</ge><le>3.6.25_3</le></range>
+ </package>
+ <package>
+ <name>samba4</name>
+ <range><ge>4.0.0</ge><le>4.0.26</le></range>
+ </package>
+ <package>
+ <name>samba41</name>
+ <range><ge>4.1.0</ge><le>4.1.23</le></range>
+ </package>
+ <package>
+ <name>samba42</name>
+ <range><ge>4.2.0</ge><lt>4.2.11</lt></range>
+ </package>
+ <package>
+ <name>samba43</name>
+ <range><ge>4.3.0</ge><lt>4.3.8</lt></range>
+ </package>
+ <package>
+ <name>samba44</name>
+ <range><ge>4.4.0</ge><lt>4.4.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Samba team reports:</p>
+ <blockquote cite="https://www.samba.org/samba/latest_news.html#4.4.2">
+ <p>[CVE-2015-5370] Errors in Samba DCE-RPC code can lead to denial of service
+ (crashes and high cpu consumption) and man in the middle attacks.</p>
+ <p>[CVE-2016-2110] The feature negotiation of NTLMSSP is not downgrade protected.
+ A man in the middle is able to clear even required flags, especially
+ NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.</p>
+ <p>[CVE-2016-2111] When Samba is configured as Domain Controller it allows remote
+ attackers to spoof the computer name of a secure channel's endpoints, and obtain
+ sensitive session information, by running a crafted application and leveraging
+ the ability to sniff network traffic.</p>
+ <p>[CVE-2016-2112] A man in the middle is able to downgrade LDAP connections
+ to no integrity protection.</p>
+ <p>[CVE-2016-2113] Man in the middle attacks are possible for client triggered LDAP
+ connections (with ldaps://) and ncacn_http connections (with https://).</p>
+ <p>[CVE-2016-2114] Due to a bug Samba doesn't enforce required smb signing, even if explicitly configured.</p>
+ <p>[CVE-2016-2115] The protection of DCERPC communication over ncacn_np (which is
+ the default for most the file server related protocols) is inherited from the underlying SMB connection.</p>
+ <p>[CVE-2016-2118] a.k.a. BADLOCK. A man in the middle can intercept any DCERPC traffic
+ between a client and a server in order to impersonate the client and get the same privileges
+ as the authenticated user account. This is most problematic against active directory domain controllers.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5370</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2015-5370.html</url>
+ <cvename>CVE-2016-2110</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2016-2110.html</url>
+ <cvename>CVE-2016-2111</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2016-2111.html</url>
+ <cvename>CVE-2016-2112</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2016-2112.html</url>
+ <cvename>CVE-2016-2113</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2016-2113.html</url>
+ <cvename>CVE-2016-2114</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2016-2114.html</url>
+ <cvename>CVE-2016-2115</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2016-2115.html</url>
+ <cvename>CVE-2016-2118</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2016-2118.html</url>
+ </references>
+ <dates>
+ <discovery>2016-04-12</discovery>
+ <entry>2016-04-12</entry>
+ <modified>2016-04-12</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="482d40cb-f9a3-11e5-92ce-002590263bf5">
+ <topic>php -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php70</name>
+ <name>php70-fileinfo</name>
+ <name>php70-mbstring</name>
+ <name>php70-phar</name>
+ <name>php70-snmp</name>
+ <range><lt>7.0.5</lt></range>
+ </package>
+ <package>
+ <name>php56</name>
+ <name>php56-fileinfo</name>
+ <name>php56-mbstring</name>
+ <name>php56-phar</name>
+ <name>php56-snmp</name>
+ <range><lt>5.6.20</lt></range>
+ </package>
+ <package>
+ <name>php55</name>
+ <name>php55-fileinfo</name>
+ <name>php55-mbstring</name>
+ <name>php55-phar</name>
+ <name>php55-snmp</name>
+ <range><lt>5.5.34</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The PHP Group reports:</p>
+ <blockquote cite="http://php.net/ChangeLog-7.php#7.0.5">
+ <ul><li>Fileinfo:
+ <ul>
+ <li>Fixed bug #71527 (Buffer over-write in finfo_open with
+ malformed magic file).</li>
+ </ul></li>
+ <li>mbstring:
+ <ul>
+ <li>Fixed bug #71906 (AddressSanitizer: negative-size-param (-1)
+ in mbfl_strcut).</li>
+ </ul></li>
+ <li>Phar:
+ <ul>
+ <li>Fixed bug #71860 (Invalid memory write in phar on filename with
+ \0 in name).</li>
+ </ul></li>
+ <li>SNMP:
+ <ul>
+ <li>Fixed bug #71704 (php_snmp_error() Format String Vulnerability).
+ </li>
+ </ul></li>
+ <li>Standard:
+ <ul>
+ <li>Fixed bug #71798 (Integer Overflow in php_raw_url_encode).</li>
+ </ul></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/208465</freebsdpr>
+ <url>http://php.net/ChangeLog-7.php#7.0.5</url>
+ <url>http://php.net/ChangeLog-5.php#5.6.20</url>
+ <url>http://php.net/ChangeLog-5.php#5.5.34</url>
+ </references>
+ <dates>
+ <discovery>2016-03-31</discovery>
+ <entry>2016-04-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="497b82e0-f9a0-11e5-92ce-002590263bf5">
+ <topic>pcre -- heap overflow vulnerability</topic>
+ <affects>
+ <package>
+ <name>pcre</name>
+ <range><lt>8.38_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mitre reports:</p>
+ <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1283">
+ <p>The pcre_compile2 function in pcre_compile.c in PCRE 8.38
+ mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/
+ pattern and related patterns with named subgroups, which allows
+ remote attackers to cause a denial of service (heap-based buffer
+ overflow) or possibly have unspecified other impact via a crafted
+ regular expression, as demonstrated by a JavaScript RegExp object
+ encountered by Konqueror.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1283</cvename>
+ <freebsdpr>ports/208260</freebsdpr>
+ <url>https://bugs.exim.org/show_bug.cgi?id=1767</url>
+ </references>
+ <dates>
+ <discovery>2016-02-27</discovery>
+ <entry>2016-04-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="df328fac-f942-11e5-92ce-002590263bf5">
+ <topic>py-djblets -- Self-XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>py27-djblets</name>
+ <name>py32-djblets</name>
+ <name>py33-djblets</name>
+ <name>py34-djblets</name>
+ <name>py35-djblets</name>
+ <range><lt>0.9.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Djblets Release Notes reports:</p>
+ <blockquote cite="https://www.reviewboard.org/docs/releasenotes/djblets/0.9.2/">
+ <p>A recently-discovered vulnerability in the datagrid templates allows an
+ attacker to generate a URL to any datagrid page containing malicious code
+ in a column sorting value. If the user visits that URL and then clicks
+ that column, the code will execute.</p>
+ <p>The cause of the vulnerability was due to a template not escaping
+ user-provided values.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.reviewboard.org/docs/releasenotes/djblets/0.9.2/</url>
+ </references>
+ <dates>
+ <discovery>2016-03-01</discovery>
+ <entry>2016-04-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a430e15d-f93f-11e5-92ce-002590263bf5">
+ <topic>moodle -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>moodle28</name>
+ <range><lt>2.8.11</lt></range>
+ </package>
+ <package>
+ <name>moodle29</name>
+ <range><lt>2.9.5</lt></range>
+ </package>
+ <package>
+ <name>moodle30</name>
+ <range><lt>3.0.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Marina Glancy reports:</p>
+ <blockquote cite="https://moodle.org/security/">
+ <ul>
+ <li><p>MSA-16-0003: Incorrect capability check when displaying
+ users emails in Participants list</p></li>
+ <li><p>MSA-16-0004: XSS from profile fields from external db</p>
+ </li>
+ <li><p>MSA-16-0005: Reflected XSS in mod_data advanced search</p>
+ </li>
+ <li><p>MSA-16-0006: Hidden courses are shown to students in Event
+ Monitor</p></li>
+ <li><p>MSA-16-0007: Non-Editing Instructor role can edit exclude
+ checkbox in Single View</p></li>
+ <li><p>MSA-16-0008: External function get_calendar_events return
+ events that pertains to hidden activities</p></li>
+ <li><p>MSA-16-0009: CSRF in Assignment plugin management page</p>
+ </li>
+ <li><p>MSA-16-0010: Enumeration of category details possible without
+ authentication</p></li>
+ <li><p>MSA-16-0011: Add no referrer to links with _blank target
+ attribute</p></li>
+ <li><p>MSA-16-0012: External function mod_assign_save_submission
+ does not check due dates</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2151</cvename>
+ <cvename>CVE-2016-2152</cvename>
+ <cvename>CVE-2016-2153</cvename>
+ <cvename>CVE-2016-2154</cvename>
+ <cvename>CVE-2016-2155</cvename>
+ <cvename>CVE-2016-2156</cvename>
+ <cvename>CVE-2016-2157</cvename>
+ <cvename>CVE-2016-2158</cvename>
+ <cvename>CVE-2016-2190</cvename>
+ <cvename>CVE-2016-2159</cvename>
+ <url>https://moodle.org/security/</url>
+ </references>
+ <dates>
+ <discovery>2016-03-21</discovery>
+ <entry>2016-04-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="297117ba-f92d-11e5-92ce-002590263bf5">
+ <topic>squid -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>squid</name>
+ <range><lt>3.5.16</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Squid security advisory 2016:3 reports:</p>
+ <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_3.txt">
+ <p>Due to a buffer overrun Squid pinger binary is vulnerable to
+ denial of service or information leak attack when processing
+ ICMPv6 packets.</p>
+ <p>This bug also permits the server response to manipulate other
+ ICMP and ICMPv6 queries processing to cause information leak.</p>
+ <p>This bug allows any remote server to perform a denial of service
+ attack on the Squid service by crashing the pinger. This may
+ affect Squid HTTP routing decisions. In some configurations,
+ sub-optimal routing decisions may result in serious service
+ degradation or even transaction failures.</p>
+ <p>If the system does not contain buffer-overrun protection leading
+ to that crash this bug will instead allow attackers to leak
+ arbitrary amounts of information from the heap into Squid log
+ files. This is of higher importance than usual because the pinger
+ process operates with root priviliges.</p>
+ </blockquote>
+ <p>Squid security advisory 2016:4 reports:</p>
+ <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_4.txt">
+ <p>Due to incorrect bounds checking Squid is vulnerable to a denial
+ of service attack when processing HTTP responses.</p>
+ <p>This problem allows a malicious client script and remote server
+ delivering certain unusual HTTP response syntax to trigger a
+ denial of service for all clients accessing the Squid service.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-3947</cvename>
+ <cvename>CVE-2016-3948</cvename>
+ <freebsdpr>ports/208463</freebsdpr>
+ <url>http://www.squid-cache.org/Advisories/SQUID-2016_3.txt</url>
+ <url>http://www.squid-cache.org/Advisories/SQUID-2016_4.txt</url>
+ </references>
+ <dates>
+ <discovery>2016-03-28</discovery>
+ <entry>2016-04-02</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="97a24d2e-f74c-11e5-8458-6cc21735f730">
+ <topic>PostgreSQL -- minor security problems.</topic>
+ <affects>
+ <package>
+ <name>postgresql95-server</name>
+ <name>postgresql95-contrib</name>
+ <range><ge>9.5.0</ge><lt>9.5.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PostgreSQL project reports:</p>
+ <blockquote cite="http://www.postgresql.org/about/news/1656/">
+ <p>Security Fixes for RLS, BRIN</p>
+ <p>
+ This release closes security hole CVE-2016-2193
+ (https://access.redhat.com/security/cve/CVE-2016-2193), where a query
+ plan might get reused for more than one ROLE in the same session.
+ This could cause the wrong set of Row Level Security (RLS) policies to
+ be used for the query.</p>
+ <p>
+ The update also fixes CVE-2016-3065
+ (https://access.redhat.com/security/cve/CVE-2016-3065), a server crash
+ bug triggered by using `pageinspect` with BRIN index pages. Since an
+ attacker might be able to expose a few bytes of server memory, this
+ crash is being treated as a security issue.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2193</cvename>
+ <cvename>CVE-2016-3065</cvename>
+ </references>
+ <dates>
+ <discovery>2016-03-01</discovery>
+ <entry>2016-03-31</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f7b3d1eb-f738-11e5-a710-0011d823eebd">
+ <topic>flash -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>linux-c6-flashplugin</name>
+ <name>linux-f10-flashplugin</name>
+ <name>linux-c6_64-flashplugin</name>
+ <range><lt>11.2r202.577</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb16-08.html">
+ <p>These updates resolve integer overflow vulnerabilities that
+ could lead to code execution (CVE-2016-0963, CVE-2016-0993,
+ CVE-2016-1010).</p>
+ <p>These updates resolve use-after-free vulnerabilities that could
+ lead to code execution (CVE-2016-0987, CVE-2016-0988,
+ CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995,
+ CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999,
+ CVE-2016-1000).</p>
+ <p>These updates resolve a heap overflow vulnerability that could
+ lead to code execution (CVE-2016-1001).</p>
+ <p>These updates resolve memory corruption vulnerabilities that
+ could lead to code execution (CVE-2016-0960, CVE-2016-0961,
+ CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992,
+ CVE-2016-1002, CVE-2016-1005).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-0960</cvename>
+ <cvename>CVE-2016-0961</cvename>
+ <cvename>CVE-2016-0962</cvename>
+ <cvename>CVE-2016-0963</cvename>
+ <cvename>CVE-2016-0986</cvename>
+ <cvename>CVE-2016-0987</cvename>
+ <cvename>CVE-2016-0988</cvename>
+ <cvename>CVE-2016-0989</cvename>
+ <cvename>CVE-2016-0990</cvename>
+ <cvename>CVE-2016-0991</cvename>
+ <cvename>CVE-2016-0992</cvename>
+ <cvename>CVE-2016-0993</cvename>
+ <cvename>CVE-2016-0994</cvename>
+ <cvename>CVE-2016-0995</cvename>
+ <cvename>CVE-2016-0996</cvename>
+ <cvename>CVE-2016-0997</cvename>
+ <cvename>CVE-2016-0998</cvename>
+ <cvename>CVE-2016-0999</cvename>
+ <cvename>CVE-2016-1000</cvename>
+ <cvename>CVE-2016-1001</cvename>
+ <cvename>CVE-2016-1002</cvename>
+ <cvename>CVE-2016-1005</cvename>
+ <cvename>CVE-2016-1010</cvename>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb16-08.html</url>
+ </references>
+ <dates>
+ <discovery>2016-03-10</discovery>
+ <entry>2016-03-31</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4cd9b19f-f66d-11e5-b94c-001999f8d30b">
+ <topic>Multiple vulnerabilities in Botan</topic>
+ <affects>
+ <package>
+ <name>botan110</name>
+ <range><lt>1.10.11</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The botan developers reports:</p>
+ <blockquote cite="http://botan.randombit.net/security.html">
+ <p>Infinite loop in modular square root algorithm - The ressol function implements the Tonelli-Shanks algorithm for finding square roots could be sent into a nearly infinite loop due to a misplaced conditional check. This could occur if a composite modulus is provided, as this algorithm is only defined for primes. This function is exposed to attacker controlled input via the OS2ECP function during ECC point decompression.</p>
+ <p>Heap overflow on invalid ECC point - The PointGFp constructor did not check that the affine coordinate arguments were less than the prime, but then in curve multiplication assumed that both arguments if multiplied would fit into an integer twice the size of the prime.</p>
+ <p>The bigint_mul and bigint_sqr functions received the size of the output buffer, but only used it to dispatch to a faster algorithm in cases where there was sufficient output space to call an unrolled multiplication function.</p>
+ <p>The result is a heap overflow accessible via ECC point decoding, which accepted untrusted inputs. This is likely exploitable for remote code execution.</p>
+ <p>On systems which use the mlock pool allocator, it would allow an attacker to overwrite memory held in secure_vector objects. After this point the write will hit the guard page at the end of the mmapped region so it probably could not be used for code execution directly, but would allow overwriting adjacent key material.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://botan.randombit.net/security.html</url>
+ <cvename>CVE-2016-2194</cvename>
+ <cvename>CVE-2016-2195</cvename>
+ </references>
+ <dates>
+ <discovery>2016-02-01</discovery>
+ <entry>2016-03-31</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2004616d-f66c-11e5-b94c-001999f8d30b">
+ <topic>Botan BER Decoder vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>botan110</name>
+ <range><lt>1.10.10</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The botan developers reports:</p>
+ <blockquote cite="http://botan.randombit.net/">
+ <p>Excess memory allocation in BER decoder - The BER decoder would allocate a fairly arbitrary amount of memory in a length field, even if there was no chance the read request would succeed. This might cause the process to run out of memory or invoke the OOM killer.</p>
+ <p>Crash in BER decoder - The BER decoder would crash due to reading from offset 0 of an empty vector if it encountered a BIT STRING which did not contain any data at all. This can be used to easily crash applications reading untrusted ASN.1 data, but does not seem exploitable for code execution.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://botan.randombit.net/security.html</url>
+ <cvename>CVE-2015-5726</cvename>
+ <cvename>CVE-2015-5727</cvename>
+ </references>
+ <dates>
+ <discovery>2015-08-03</discovery>
+ <entry>2016-03-31</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e1085b15-f609-11e5-a230-0014a5a57822">
+ <topic>mercurial -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mercurial</name>
+ <range><lt>2.7.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mercurial reports:</p>
+ <blockquote cite="https://www.mercurial-scm.org/pipermail/mercurial/2016-March/049452.html">
+ <p>CVE-2016-3630: Remote code execution in binary delta decoding</p>
+ <p>CVE-2016-3068: Arbitrary code execution with Git subrepos</p>
+ <p>CVE-2016-3069: Arbitrary code execution when converting
+ Git repos</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-3630</cvename>
+ <cvename>CVE-2016-3068</cvename>
+ <cvename>CVE-2016-3069</cvename>
+ <url>https://www.mercurial-scm.org/pipermail/mercurial/2016-March/049452.html</url>
+ </references>
+ <dates>
+ <discovery>2016-03-29</discovery>
+ <entry>2016-03-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="8be8ca39-ae70-4422-bf1a-d8fae6911c5e">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>49.0.2623.108</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_24.html">
+ <p>[594574] High CVE-2016-1646: Out-of-bounds read in V8.</p>
+ <p>[590284] High CVE-2016-1647: Use-after-free in Navigation.</p>
+ <p>[590455] High CVE-2016-1648: Use-after-free in Extensions.</p>
+ <p>[597518] CVE-2016-1650: Various fixes from internal audits,
+ fuzzing and other initiatives.</p>
+ <p>Multiple vulnerabilities in V8 fixed at the tip of the
+ 4.9 branch</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1646</cvename>
+ <cvename>CVE-2016-1647</cvename>
+ <cvename>CVE-2016-1648</cvename>
+ <cvename>CVE-2016-1649</cvename>
+ <cvename>CVE-2016-1650</cvename>
+ <url>http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_24.html</url>
+ </references>
+ <dates>
+ <discovery>2016-03-24</discovery>
+ <entry>2016-03-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5c288f68-c7ca-4c0d-b7dc-1ec6295200b3">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>49.0.2623.87</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_8.html">
+ <p>[589838] High CVE-2016-1643: Type confusion in Blink.</p>
+ <p>[590620] High CVE-2016-1644: Use-after-free in Blink.</p>
+ <p>[587227] High CVE-2016-1645: Out-of-bounds write in PDFium.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1643</cvename>
+ <cvename>CVE-2016-1644</cvename>
+ <cvename>CVE-2016-1645</cvename>
+ <url>http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_8.html</url>
+ </references>
+ <dates>
+ <discovery>2016-03-08</discovery>
+ <entry>2016-03-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="cd409df7-f483-11e5-92ce-002590263bf5">
+ <topic>bind -- denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>bind910</name>
+ <range><ge>9.10.0</ge><lt>9.10.3P4</lt></range>
+ </package>
+ <package>
+ <name>bind9-devel</name>
+ <range><lt>9.11.0.a20160309</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ISC reports:</p>
+ <blockquote cite="https://kb.isc.org/article/AA-01351">
+ <p>A response containing multiple DNS cookies causes servers with
+ cookie support enabled to exit with an assertion failure.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2088</cvename>
+ <url>https://kb.isc.org/article/AA-01351</url>
+ </references>
+ <dates>
+ <discovery>2016-03-09</discovery>
+ <entry>2016-03-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="cba246d2-f483-11e5-92ce-002590263bf5">
+ <topic>bind -- denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>bind98</name>
+ <range><le>9.8.8</le></range>
+ </package>
+ <package>
+ <name>bind99</name>
+ <range><ge>9.9.0</ge><lt>9.9.8P4</lt></range>
+ </package>
+ <package>
+ <name>bind910</name>
+ <range><ge>9.10.0</ge><lt>9.10.3P4</lt></range>
+ </package>
+ <package>
+ <name>bind9-devel</name>
+ <range><lt>9.11.0.a20160309</lt></range>
+ </package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>9.3</ge><lt>9.3_38</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ISC reports:</p>
+ <blockquote cite="https://kb.isc.org/article/AA-01353">
+ <p>A problem parsing resource record signatures for DNAME resource
+ records can lead to an assertion failure in resolver.c or db.c</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1286</cvename>
+ <freebsdsa>SA-16:13.bind</freebsdsa>
+ <url>https://kb.isc.org/article/AA-01353</url>
+ </references>
+ <dates>
+ <discovery>2016-03-09</discovery>
+ <entry>2016-03-28</entry>
+ <modified>2016-08-09</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="c9075321-f483-11e5-92ce-002590263bf5">
+ <topic>bind -- denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>bind98</name>
+ <range><le>9.8.8</le></range>
+ </package>
+ <package>
+ <name>bind99</name>
+ <range><ge>9.9.0</ge><lt>9.9.8P4</lt></range>
+ </package>
+ <package>
+ <name>bind910</name>
+ <range><ge>9.10.0</ge><lt>9.10.3P4</lt></range>
+ </package>
+ <package>
+ <name>bind9-devel</name>
+ <range><lt>9.11.0.a20160309</lt></range>
+ </package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>9.3</ge><lt>9.3_38</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ISC reports:</p>
+ <blockquote cite="https://kb.isc.org/article/AA-01352">
+ <p>An error parsing input received by the rndc control channel can
+ cause an assertion failure in sexpr.c or alist.c.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1285</cvename>
+ <freebsdsa>SA-16:13.bind</freebsdsa>
+ <url>https://kb.isc.org/article/AA-01352</url>
+ </references>
+ <dates>
+ <discovery>2016-03-09</discovery>
+ <entry>2016-03-28</entry>
+ <modified>2016-08-09</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="6d25c306-f3bb-11e5-92ce-002590263bf5">
+ <topic>salt -- Insecure configuration of PAM external authentication service</topic>
+ <affects>
+ <package>
+ <name>py27-salt</name>
+ <name>py32-salt</name>
+ <name>py33-salt</name>
+ <name>py34-salt</name>
+ <name>py35-salt</name>
+ <range><lt>2015.5.10</lt></range>
+ <range><ge>2015.8.0</ge><lt>2015.8.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>SaltStack reports:</p>
+ <blockquote cite="https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html">
+ <p>This issue affects all Salt versions prior to 2015.8.8/2015.5.10
+ when PAM external authentication is enabled. This issue involves
+ passing an alternative PAM authentication service with a command
+ that is sent to LocalClient, enabling the attacker to bypass the
+ configured authentication service.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-3176</cvename>
+ <url>https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html</url>
+ </references>
+ <dates>
+ <discovery>2016-03-17</discovery>
+ <entry>2016-03-27</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a258604d-f2aa-11e5-b4a9-ac220bdcec59">
+ <topic>activemq -- Unsafe deserialization</topic>
+ <affects>
+ <package>
+ <name>activemq</name>
+ <range><lt>5.13.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Alvaro Muatoz, Matthias Kaiser and Christian Schneider reports:</p>
+ <blockquote cite="http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt">
+ <p>JMS Object messages depends on Java Serialization for
+ marshaling/unmashaling of the message payload. There are a couple of places
+ inside the broker where deserialization can occur, like web console or stomp
+ object message transformation. As deserialization of untrusted data can leaed to
+ security flaws as demonstrated in various reports, this leaves the broker
+ vunerable to this attack vector. Additionally, applications that consume
+ ObjectMessage type of messages can be vunerable as they deserlize objects on
+ ObjectMessage.getObject() calls.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt</url>
+ <cvename>CVE-2015-5254</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-08</discovery>
+ <entry>2016-03-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="950b2d60-f2a9-11e5-b4a9-ac220bdcec59">
+ <topic>activemq -- Web Console Clickjacking</topic>
+ <affects>
+ <package>
+ <name>activemq</name>
+ <range><lt>5.13.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Michael Furman reports:</p>
+ <blockquote cite="http://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt">
+ <p>The web based administration console does not set the
+ X-Frame-Options header in HTTP responses. This allows the console to be embedded
+ in a frame or iframe which could then be used to cause a user to perform an
+ unintended action in the console.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt</url>
+ <cvename>CVE-2016-0734</cvename>
+ </references>
+ <dates>
+ <discovery>2016-03-10</discovery>
+ <entry>2016-03-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a6cc5753-f29e-11e5-b4a9-ac220bdcec59">
+ <topic>activemq -- Web Console Cross-Site Scripting</topic>
+ <affects>
+ <package>
+ <name>activemq</name>
+ <range><lt>5.13.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Vladimir Ivanov (Positive Technologies) reports:</p>
+ <blockquote cite="http://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt">
+ <p>Several instances of cross-site scripting vulnerabilities were
+ identified to be present in the web based administration console as well as the
+ ability to trigger a Java memory dump into an arbitrary folder. The root cause
+ of these issues are improper user data output validation and incorrect
+ permissions configured on Jolokia.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt</url>
+ <cvename>CVE-2016-0782</cvename>
+ </references>
+ <dates>
+ <discovery>2016-03-10</discovery>
+ <entry>2016-03-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7033b42d-ef09-11e5-b766-14dae9d210b8">
+ <topic>pcre -- stack buffer overflow</topic>
+ <affects>
+ <package>
+ <name>pcre</name>
+ <range><lt>8.38</lt></range>
+ </package>
+ <package>
+ <name>pcre2</name>
+ <range><lt>10.20_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Philip Hazel reports:</p>
+ <blockquote cite="https://bugs.exim.org/show_bug.cgi?id=1791">
+ <p>PCRE does not validate that handling the (*ACCEPT) verb
+ will occur within the bounds of the cworkspace stack buffer, leading to
+ a stack buffer overflow.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://bugs.exim.org/show_bug.cgi?id=1791</url>
+ <cvename>CVE-2016-3191</cvename>
+ </references>
+ <dates>
+ <discovery>2016-02-09</discovery>
+ <entry>2016-03-21</entry>
+ <modified>2016-03-21</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="c428de09-ed69-11e5-92ce-002590263bf5">
+ <topic>kamailio -- SEAS Module Heap overflow</topic>
+ <affects>
+ <package>
+ <name>kamailio</name>
+ <range><lt>4.3.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Stelios Tsampas reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2016/q1/338">
+ <p>A (remotely exploitable) heap overflow vulnerability was found in
+ Kamailio v4.3.4.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2385</cvename>
+ <url>https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643</url>
+ <url>https://census-labs.com/news/2016/03/30/kamailio-seas-heap-overflow/</url>
+ <url>http://seclists.org/oss-sec/2016/q1/338</url>
+ </references>
+ <dates>
+ <discovery>2016-02-15</discovery>
+ <entry>2016-03-19</entry>
+ <modified>2016-04-03</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="5dd39f26-ed68-11e5-92ce-002590263bf5">
+ <topic>hadoop2 -- unauthorized disclosure of data vulnerability</topic>
+ <affects>
+ <package>
+ <name>hadoop2</name>
+ <range><ge>2.6</ge><lt>2.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Arun Suresh reports:</p>
+ <blockquote cite="http://mail-archives.apache.org/mod_mbox/hadoop-general/201602.mbox/browser">
+ <p>RPC traffic from clients, potentially including authentication
+ credentials, may be intercepted by a malicious user with access to
+ run tasks or containers on a cluster.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-1776</cvename>
+ <url>http://mail-archives.apache.org/mod_mbox/hadoop-general/201602.mbox/browser</url>
+ </references>
+ <dates>
+ <discovery>2016-02-15</discovery>
+ <entry>2016-03-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d2a84feb-ebe0-11e5-92ce-002590263bf5">
+ <topic>git -- integer overflow</topic>
+ <affects>
+ <package>
+ <name>git</name>
+ <range><lt>2.4.11</lt></range>
+ <range><ge>2.5.0</ge><lt>2.5.5</lt></range>
+ <range><ge>2.6.0</ge><lt>2.6.6</lt></range>
+ <range><ge>2.7.0</ge><lt>2.7.4</lt></range>
+ </package>
+ <package>
+ <name>git-gui</name>
+ <range><lt>2.4.11</lt></range>
+ <range><ge>2.5.0</ge><lt>2.5.5</lt></range>
+ <range><ge>2.6.0</ge><lt>2.6.6</lt></range>
+ <range><ge>2.7.0</ge><lt>2.7.4</lt></range>
+ </package>
+ <package>
+ <name>git-lite</name>
+ <range><lt>2.4.11</lt></range>
+ <range><ge>2.5.0</ge><lt>2.5.5</lt></range>
+ <range><ge>2.6.0</ge><lt>2.6.6</lt></range>
+ <range><ge>2.7.0</ge><lt>2.7.4</lt></range>
+ </package>
+ <package>
+ <name>git-subversion</name>
+ <range><lt>2.4.11</lt></range>
+ <range><ge>2.5.0</ge><lt>2.5.5</lt></range>
+ <range><ge>2.6.0</ge><lt>2.6.6</lt></range>
+ <range><ge>2.7.0</ge><lt>2.7.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Debian reports:</p>
+ <blockquote cite="https://security-tracker.debian.org/tracker/CVE-2016-2324">
+ <p>integer overflow due to a loop which adds more to "len".</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2324</cvename>
+ <url>https://security-tracker.debian.org/tracker/CVE-2016-2324</url>
+ <url>https://github.com/git/git/commit/9831e92bfa833ee9c0ce464bbc2f941ae6c2698d</url>
+ </references>
+ <dates>
+ <discovery>2016-02-24</discovery>
+ <entry>2016-03-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="93ee802e-ebde-11e5-92ce-002590263bf5">
+ <topic>git -- potential code execution</topic>
+ <affects>
+ <package>
+ <name>git</name>
+ <range><lt>2.7.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Debian reports:</p>
+ <blockquote cite="https://security-tracker.debian.org/tracker/CVE-2016-2315">
+ <p>"int" is the wrong data type for ... nlen assignment.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2315</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2016/03/15/6</url>
+ <url>https://marc.info/?l=oss-security&m=145809217306686&w=2</url>
+ <url>https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305</url>
+ <url>https://security-tracker.debian.org/tracker/CVE-2016-2315</url>
+ </references>
+ <dates>
+ <discovery>2015-09-24</discovery>
+ <entry>2016-03-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6d33b3e5-ea03-11e5-85be-14dae9d210b8">
+ <topic>node -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>node</name>
+ <range><lt>5.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jeremiah Senkpiel reports:</p>
+ <blockquote cite="https://github.com/nodejs/node/commit/805f054cc7791c447dbb960fbf3b179ea05294ac">
+ <ul>
+ <li><p>Fix a double-free defect in parsing malformed DSA keys
+ that may potentially be used for DoS or memory corruption attacks.</p></li>
+ <li><p>Fix a defect that can cause memory corruption in
+ certain very rare cases</p></li>
+ <li><p>Fix a defect that makes the CacheBleed Attack possible</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/nodejs/node/commit/805f054cc7791c447dbb960fbf3b179ea05294ac</url>
+ <cvename>CVE-2016-0702</cvename>
+ <cvename>CVE-2016-0705</cvename>
+ <cvename>CVE-2016-0797</cvename>
+ </references>
+ <dates>
+ <discovery>2016-03-02</discovery>
+ <entry>2016-03-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="8eb78cdc-e9ec-11e5-85be-14dae9d210b8">
+ <topic>dropbear -- authorized_keys command= bypass</topic>
+ <affects>
+ <package>
+ <name>dropbear</name>
+ <range><lt>2016.72</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Matt Johnson reports:</p>
+ <blockquote cite="https://matt.ucc.asn.au/dropbear/CHANGES">
+ <p>Validate X11 forwarding input. Could allow bypass of
+ authorized_keys command= restrictions</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://matt.ucc.asn.au/dropbear/CHANGES</url>
+ <cvename>CVE-2016-3116</cvename>
+ </references>
+ <dates>
+ <discovery>2016-03-11</discovery>
+ <entry>2016-03-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="77b7ffb7-e937-11e5-8bed-5404a68ad561">
+ <topic>jpgraph2 -- XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>jpgraph2</name>
+ <range><lt>3.0.7_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Martin Barbella reports:</p>
+ <blockquote cite="http://www.securityfocus.com/archive/1/archive/1/508586/100/0/threaded">
+ <p>JpGraph is an object oriented library for PHP that can be used to create
+ various types of graphs which also contains support for client side
+ image maps.
+
+ The GetURLArguments function for the JpGraph's Graph class does not
+ properly sanitize the names of get and post variables, leading to a
+ cross site scripting vulnerability.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.securityfocus.com/archive/1/archive/1/508586/100/0/threaded</url>
+ </references>
+ <dates>
+ <discovery>2009-12-22</discovery>
+ <entry>2016-03-13</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5af511e5-e928-11e5-92ce-002590263bf5">
+ <topic>php7 -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php70</name>
+ <name>php70-soap</name>
+ <range><lt>7.0.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The PHP Group reports:</p>
+ <blockquote cite="http://php.net/ChangeLog-7.php#7.0.4">
+ <ul><li>Core:
+ <ul>
+ <li>Fixed bug #71637 (Multiple Heap Overflow due to integer
+ overflows in xml/filter_url/addcslashes).</li>
+ </ul></li>
+ <li>SOAP:
+ <ul>
+ <li>Fixed bug #71610 (Type Confusion Vulnerability - SOAP /
+ make_http_soap_request()).</li>
+ </ul></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://php.net/ChangeLog-7.php#7.0.4</url>
+ </references>
+ <dates>
+ <discovery>2016-03-03</discovery>
+ <entry>2016-03-13</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e991ef79-e920-11e5-92ce-002590263bf5">
+ <topic>php5 -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php55-phar</name>
+ <name>php55-wddx</name>
+ <range><lt>5.5.33</lt></range>
+ </package>
+ <package>
+ <name>php56-phar</name>
+ <name>php56-wddx</name>
+ <range><lt>5.6.19</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The PHP Group reports:</p>
+ <blockquote cite="http://php.net/ChangeLog-5.php#5.6.19">
+ <ul><li>Phar:
+ <ul>
+ <li>Fixed bug #71498 (Out-of-Bound Read in phar_parse_zipfile()).
+ </li>
+ </ul></li>
+ <li>WDDX:
+ <ul>
+ <li>Fixed bug #71587 (Use-After-Free / Double-Free in WDDX
+ Deserialize).</li>
+ </ul></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://php.net/ChangeLog-5.php#5.6.19</url>
+ <url>http://php.net/ChangeLog-5.php#5.5.33</url>
+ </references>
+ <dates>
+ <discovery>2016-03-03</discovery>
+ <entry>2016-03-13</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e4644df8-e7da-11e5-829d-c80aa9043978">
+ <topic>openssh -- command injection when X11Forwarding is enabled</topic>
+ <affects>
+ <package>
+ <name>openssh-portable</name>
+ <range><lt>7.2.p2,1</lt></range>
+ </package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.2</ge><lt>10.2_14</lt></range>
+ <range><ge>10.1</ge><lt>10.1_31</lt></range>
+ <range><ge>9.3</ge><lt>9.3_39</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OpenSSH project reports:</p>
+ <blockquote cite="http://www.openssh.com/txt/x11fwd.adv">
+ <p>Missing sanitisation of untrusted input allows an
+ authenticated user who is able to request X11 forwarding
+ to inject commands to xauth(1).
+ </p>
+ <p>Injection of xauth commands grants the ability to read
+ arbitrary files under the authenticated user's privilege,
+ Other xauth commands allow limited information leakage,
+ file overwrite, port probing and generally expose xauth(1),
+ which was not written with a hostile user in mind, as an
+ attack surface.
+ </p>
+ <p>Mitigation:</p>
+ <p>Set X11Forwarding=no in sshd_config. This is the default.</p>
+ <p>For authorized_keys that specify a "command" restriction,
+ also set the "restrict" (available in OpenSSH >=7.2) or
+ "no-x11-forwarding" restrictions.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openssh.com/txt/x11fwd.adv</url>
+ <cvename>CVE-2016-3115</cvename>
+ <freebsdsa>SA-16:14.openssh</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-03-11</discovery>
+ <entry>2016-03-11</entry>
+ <modified>2016-08-09</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="70c44cd0-e717-11e5-85be-14dae9d210b8">
+ <topic>quagga -- stack based buffer overflow vulnerability</topic>
+ <affects>
+ <package>
+ <name>quagga</name>
+ <range><lt>1.0.20160309</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Donald Sharp reports:</p>
+ <blockquote cite="https://www.kb.cert.org/vuls/id/270232">
+ <p>A malicious BGP peer may execute arbitrary code in
+ particularly configured remote bgpd hosts.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.kb.cert.org/vuls/id/270232</url>
+ <url>http://savannah.nongnu.org/forum/forum.php?forum_id=8476</url>
+ <cvename>CVE-2016-2342</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-27</discovery>
+ <entry>2016-03-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d71831ef-e6f8-11e5-85be-14dae9d210b8">
+ <topic>ricochet -- information disclosure</topic>
+ <affects>
+ <package>
+ <name>ricochet</name>
+ <range><lt>1.1.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>special reports:</p>
+ <blockquote cite="https://github.com/ricochet-im/ricochet/releases/tag/v1.1.2">
+ <p>By sending a nickname with some HTML tags in a contact
+ request, an attacker could cause Ricochet to make network requests
+ without Tor after the request is accepted, which would reveal the user's
+ IP address.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/ricochet-im/ricochet/releases/tag/v1.1.2</url>
+ </references>
+ <dates>
+ <discovery>2016-02-15</discovery>
+ <entry>2016-03-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="77e0b631-e6cf-11e5-85be-14dae9d210b8">
+ <topic>pidgin-otr -- use after free</topic>
+ <affects>
+ <package>
+ <name>pidgin-otr</name>
+ <range><lt>4.0.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Hanno Bock reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2016/q1/572">
+ <p>The pidgin-otr plugin version 4.0.2 fixes a heap use after
+ free error.
+ The bug is triggered when a user tries to authenticate a buddy and
+ happens in the function create_smp_dialog.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://seclists.org/oss-sec/2016/q1/572</url>
+ <url>https://bugs.otr.im/issues/88</url>
+ <url>https://bugs.otr.im/issues/128</url>
+ <cvename>CVE-2015-8833</cvename>
+ </references>
+ <dates>
+ <discovery>2015-04-04</discovery>
+ <entry>2016-03-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c2b1652c-e647-11e5-85be-14dae9d210b8">
+ <topic>libotr -- integer overflow</topic>
+ <affects>
+ <package>
+ <name>libotr</name>
+ <range><lt>4.1.1</lt></range>
+ </package>
+ <package>
+ <name>libotr3</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>X41 D-Sec reports:</p>
+ <blockquote cite="https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/">
+ <p>A remote attacker may crash or execute arbitrary code in
+ libotr by sending large OTR messages.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/</url>
+ <cvename>CVE-2016-2851</cvename>
+ </references>
+ <dates>
+ <discovery>2016-02-17</discovery>
+ <entry>2016-03-09</entry>
+ <modified>2016-03-09</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="1bcfd963-e483-41b8-ab8e-bad5c3ce49c9">
+ <topic>brotli -- buffer overflow</topic>
+ <affects>
+ <package>
+ <name>brotli</name>
+ <range><ge>0.3.0</ge><lt>0.3.0_1</lt></range>
+ <range><lt>0.2.0_2</lt></range>
+ </package>
+ <package>
+ <name>libbrotli</name>
+ <range><lt>0.3.0_3</lt></range>
+ </package>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>48.0.2564.109</lt></range>
+ </package>
+ <package>
+ <name>firefox</name>
+ <name>linux-firefox</name>
+ <range><lt>45.0,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.42</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>38.7.0,1</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>38.7.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.nl/2016/02/stable-channel-update_9.html">
+ <p>[583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli.</p>
+ </blockquote>
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/">
+ <p>Security researcher Luke Li reported a pointer underflow
+ bug in the Brotli library's decompression that leads to a
+ buffer overflow. This results in a potentially exploitable
+ crash when triggered.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1624</cvename>
+ <cvename>CVE-2016-1968</cvename>
+ <url>https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade</url>
+ <url>https://chromium.googlesource.com/chromium/src/+/7716418a27d561ee295a99f11fd3865580748de2%5E!/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-30/</url>
+ <url>https://hg.mozilla.org/releases/mozilla-release/rev/4a5d8ade4e3e</url>
+ </references>
+ <dates>
+ <discovery>2016-02-08</discovery>
+ <entry>2016-03-08</entry>
+ <modified>2016-03-08</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="2225c5b4-1e5a-44fc-9920-b3201c384a15">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <name>linux-firefox</name>
+ <range><lt>45.0,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.42</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>38.7.0,1</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>38.7.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45">
+ <p>MFSA 2016-16 Miscellaneous memory safety hazards (rv:45.0
+ / rv:38.7)</p>
+ <p>MFSA 2016-17 Local file overwriting and potential
+ privilege escalation through CSP reports</p>
+ <p>MFSA 2016-18 CSP reports fail to strip location
+ information for embedded iframe pages</p>
+ <p>MFSA 2016-19 Linux video memory DOS with Intel
+ drivers</p>
+ <p>MFSA 2016-20 Memory leak in libstagefright when deleting
+ an array during MP4 processing</p>
+ <p>MFSA 2016-21 Displayed page address can be overridden</p>
+ <p>MFSA 2016-22 Service Worker Manager out-of-bounds read in
+ Service Worker Manager</p>
+ <p>MFSA 2016-23 Use-after-free in HTML5 string parser</p>
+ <p>MFSA 2016-24 Use-after-free in SetBody</p>
+ <p>MFSA 2016-25 Use-after-free when using multiple WebRTC
+ data channels</p>
+ <p>MFSA 2016-26 Memory corruption when modifying a file
+ being read by FileReader</p>
+ <p>MFSA 2016-27 Use-after-free during XML
+ transformations</p>
+ <p>MFSA 2016-28 Addressbar spoofing though history
+ navigation and Location protocol property</p>
+ <p>MFSA 2016-29 Same-origin policy violation using
+ perfomance.getEntries and history navigation with session
+ restore</p>
+ <p>MFSA 2016-31 Memory corruption with malicious NPAPI
+ plugin</p>
+ <p>MFSA 2016-32 WebRTC and LibVPX vulnerabilities found
+ through code inspection</p>
+ <p>MFSA 2016-33 Use-after-free in GetStaticInstance in
+ WebRTC</p>
+ <p>MFSA 2016-34 Out-of-bounds read in HTML parser following
+ a failed allocation</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1952</cvename>
+ <cvename>CVE-2016-1953</cvename>
+ <cvename>CVE-2016-1954</cvename>
+ <cvename>CVE-2016-1955</cvename>
+ <cvename>CVE-2016-1956</cvename>
+ <cvename>CVE-2016-1957</cvename>
+ <cvename>CVE-2016-1958</cvename>
+ <cvename>CVE-2016-1959</cvename>
+ <cvename>CVE-2016-1960</cvename>
+ <cvename>CVE-2016-1961</cvename>
+ <cvename>CVE-2016-1962</cvename>
+ <cvename>CVE-2016-1963</cvename>
+ <cvename>CVE-2016-1964</cvename>
+ <cvename>CVE-2016-1965</cvename>
+ <cvename>CVE-2016-1966</cvename>
+ <cvename>CVE-2016-1967</cvename>
+ <cvename>CVE-2016-1970</cvename>
+ <cvename>CVE-2016-1971</cvename>
+ <cvename>CVE-2016-1972</cvename>
+ <cvename>CVE-2016-1973</cvename>
+ <cvename>CVE-2016-1974</cvename>
+ <cvename>CVE-2016-1975</cvename>
+ <cvename>CVE-2016-1976</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-16/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-17/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-18/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-19/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-20/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-21/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-22/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-23/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-24/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-25/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-26/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-27/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-28/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-29/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-31/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-32/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-33/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-34/</url>
+ </references>
+ <dates>
+ <discovery>2016-03-08</discovery>
+ <entry>2016-03-08</entry>
+ <modified>2016-03-08</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="adffe823-e692-4921-ae9c-0b825c218372">
+ <topic>graphite2 -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>graphite2</name>
+ <range><lt>1.3.6</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>45.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-thunderbird</name>
+ <range><lt>38.7.0</lt></range>
+ </package>
+ <package>
+ <name>linux-seamonkey</name>
+ <range><lt>2.42</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/">
+ <p>Security researcher Holger Fuhrmannek and Mozilla
+ security engineer Tyson Smith reported a number of security
+ vulnerabilities in the Graphite 2 library affecting version
+ 1.3.5.
+
+ The issue reported by Holger Fuhrmannek is a mechanism to
+ induce stack corruption with a malicious graphite font. This
+ leads to a potentially exploitable crash when the font is
+ loaded.
+
+ Tyson Smith used the Address Sanitizer tool in concert with
+ a custom software fuzzer to find a series of uninitialized
+ memory, out-of-bounds read, and out-of-bounds write errors
+ when working with fuzzed graphite fonts.</p>
+ </blockquote>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/">
+ <p>Security researcher James Clawson used the Address
+ Sanitizer tool to discover an out-of-bounds write in the
+ Graphite 2 library when loading a crafted Graphite font
+ file. This results in a potentially exploitable crash.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-37/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-38/</url>
+ <cvename>CVE-2016-1969</cvename>
+ <cvename>CVE-2016-1977</cvename>
+ <cvename>CVE-2016-2790</cvename>
+ <cvename>CVE-2016-2791</cvename>
+ <cvename>CVE-2016-2792</cvename>
+ <cvename>CVE-2016-2793</cvename>
+ <cvename>CVE-2016-2794</cvename>
+ <cvename>CVE-2016-2795</cvename>
+ <cvename>CVE-2016-2796</cvename>
+ <cvename>CVE-2016-2797</cvename>
+ <cvename>CVE-2016-2798</cvename>
+ <cvename>CVE-2016-2799</cvename>
+ <cvename>CVE-2016-2800</cvename>
+ <cvename>CVE-2016-2801</cvename>
+ <cvename>CVE-2016-2802</cvename>
+ </references>
+ <dates>
+ <discovery>2016-03-08</discovery>
+ <entry>2016-03-08</entry>
+ <modified>2016-03-14</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="c4292768-5273-4f17-a267-c5fe35125ce4">
+ <topic>NSS -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>nss</name>
+ <name>linux-c6-nss</name>
+ <range><ge>3.20</ge><lt>3.21.1</lt></range>
+ <range><lt>3.19.2.3</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>45.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-thunderbird</name>
+ <range><lt>38.7.0</lt></range>
+ </package>
+ <package>
+ <name>linux-seamonkey</name>
+ <range><lt>2.42</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/">
+ <p>Security researcher Francis Gabriel reported a heap-based
+ buffer overflow in the way the Network Security Services
+ (NSS) libraries parsed certain ASN.1 structures. An attacker
+ could create a specially-crafted certificate which, when
+ parsed by NSS, would cause it to crash or execute arbitrary
+ code with the permissions of the user.</p>
+ </blockquote>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/">
+ <p>Mozilla developer Tim Taubert used the Address Sanitizer
+ tool and software fuzzing to discover a use-after-free
+ vulnerability while processing DER encoded keys in the
+ Network Security Services (NSS) libraries. The vulnerability
+ overwrites the freed memory with zeroes.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1950</cvename>
+ <cvename>CVE-2016-1979</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-35/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-36/</url>
+ <url>https://hg.mozilla.org/projects/nss/rev/b9a31471759d</url>
+ <url>https://hg.mozilla.org/projects/nss/rev/7033b1193c94</url>
+ </references>
+ <dates>
+ <discovery>2016-03-08</discovery>
+ <entry>2016-03-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="75091516-6f4b-4059-9884-6727023dc366">
+ <topic>NSS -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>nss</name>
+ <name>linux-c6-nss</name>
+ <range><lt>3.21</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>44.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-seamonkey</name>
+ <range><lt>2.41</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/">
+ <p>Security researcher Hanno Böck reported that calculations
+ with mp_div and mp_exptmod in Network Security Services
+ (NSS) can produce wrong results in some circumstances. These
+ functions are used within NSS for a variety of cryptographic
+ division functions, leading to potential cryptographic
+ weaknesses.</p>
+ </blockquote>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-15/">
+ <p>Mozilla developer Eric Rescorla reported that a failed
+ allocation during DHE and ECDHE handshakes would lead to a
+ use-after-free vulnerability.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1938</cvename>
+ <cvename>CVE-2016-1978</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-07/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-15/</url>
+ <url>https://hg.mozilla.org/projects/nss/rev/a555bf0fc23a</url>
+ <url>https://hg.mozilla.org/projects/nss/rev/a245a4ccd354</url>
+ </references>
+ <dates>
+ <discovery>2016-01-26</discovery>
+ <entry>2016-03-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f9e6c0d1-e4cc-11e5-b2bd-002590263bf5">
+ <topic>django -- multiple vulnerabilies</topic>
+ <affects>
+ <package>
+ <name>py27-django</name>
+ <name>py32-django</name>
+ <name>py33-django</name>
+ <name>py34-django</name>
+ <name>py35-django</name>
+ <range><lt>1.8.10</lt></range>
+ </package>
+ <package>
+ <name>py27-django18</name>
+ <name>py32-django18</name>
+ <name>py33-django18</name>
+ <name>py34-django18</name>
+ <name>py35-django18</name>
+ <range><lt>1.8.10</lt></range>
+ </package>
+ <package>
+ <name>py27-django19</name>
+ <name>py32-django19</name>
+ <name>py33-django19</name>
+ <name>py34-django19</name>
+ <name>py35-django19</name>
+ <range><lt>1.9.3</lt></range>
+ </package>
+ <package>
+ <name>py27-django-devel</name>
+ <name>py32-django-devel</name>
+ <name>py33-django-devel</name>
+ <name>py34-django-devel</name>
+ <name>py35-django-devel</name>
+ <range><le>20150709,1</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Tim Graham reports:</p>
+ <blockquote cite="https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/">
+ <p>Malicious redirect and possible XSS attack via user-supplied
+ redirect URLs containing basic auth</p>
+ <p>User enumeration through timing difference on password hasher work
+ factor upgrade</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2512</cvename>
+ <cvename>CVE-2016-2513</cvename>
+ <url>https://www.djangoproject.com/weblog/2016/mar/01/security-releases/</url>
+ </references>
+ <dates>
+ <discovery>2016-03-01</discovery>
+ <entry>2016-03-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="fef03980-e4c6-11e5-b2bd-002590263bf5">
+ <topic>wordpress -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wordpress</name>
+ <range><lt>4.4.2,1</lt></range>
+ </package>
+ <package>
+ <name>de-wordpress</name>
+ <name>ja-wordpress</name>
+ <name>ru-wordpress</name>
+ <name>zh-wordpress-zh_CN</name>
+ <name>zh-wordpress-zh_TW</name>
+ <range><lt>4.4.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Samuel Sidler reports:</p>
+ <blockquote cite="https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/">
+ <p>WordPress 4.4.2 is now available. This is a security release for
+ all previous versions and we strongly encourage you to update your
+ sites immediately.</p>
+ <p>WordPress versions 4.4.1 and earlier are affected by two security
+ issues: a possible SSRF for certain local URIs, reported by Ronni
+ Skansing; and an open redirection attack, reported by Shailesh
+ Suthar.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2221</cvename>
+ <cvename>CVE-2016-2222</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2016/02/04/6</url>
+ <url>https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/</url>
+ </references>
+ <dates>
+ <discovery>2016-02-02</discovery>
+ <entry>2016-03-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7f0fbb30-e462-11e5-a3f3-080027ef73ec">
+ <topic>PuTTY - old-style scp downloads may allow remote code execution</topic>
+ <affects>
+ <package>
+ <name>putty</name>
+ <range><lt>0.67</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Simon G. Tatham reports:</p>
+ <blockquote cite="http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html">
+ <p>Many versions of PSCP prior to 0.67 have a stack corruption
+ vulnerability in their treatment of the 'sink' direction (i.e.
+ downloading from server to client) of the old-style SCP protocol.
+ </p>
+ <p>In order for this vulnerability to be exploited, the user must
+ connect to a malicious server and attempt to download any file.[...]
+ you can work around it in a vulnerable PSCP by using the -sftp
+ option to force the use of the newer SFTP protocol, provided your
+ server supports that protocol.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html</url>
+ <cvename>CVE-2016-2563</cvename>
+ <url>https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563</url>
+ </references>
+ <dates>
+ <discovery>2016-02-26</discovery>
+ <entry>2016-03-07</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="12d1b5a6-e39d-11e5-9f77-5453ed2e2b49">
+ <topic>websvn -- reflected cross-site scripting</topic>
+ <affects>
+ <package>
+ <name>websvn</name>
+ <range><lt>2.3.3_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Sebastien Delafond reports:</p>
+ <blockquote cite="https://lists.debian.org/debian-security-announce/2016/msg00060.html">
+ <p>Jakub Palaczynski discovered that websvn, a web viewer for
+ Subversion repositories, does not correctly sanitize user-supplied
+ input, which allows a remote user to run reflected cross-site
+ scripting attacks.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2511</cvename>
+ <url>https://lists.debian.org/debian-security-announce/2016/msg00060.html</url>
+ <url>http://seclists.org/fulldisclosure/2016/Feb/99</url>
+ </references>
+ <dates>
+ <discovery>2016-02-22</discovery>
+ <entry>2016-03-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f69e1f09-e39b-11e5-9f77-5453ed2e2b49">
+ <topic>websvn -- information disclosure</topic>
+ <affects>
+ <package>
+ <name>websvn</name>
+ <range><lt>2.3.3_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Thijs Kinkhorst reports:</p>
+ <blockquote cite="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775682">
+ <p>James Clawson reported:</p>
+ <p>"Arbitrary files with a known path can be accessed in websvn by
+ committing a symlink to a repository and then downloading the file
+ (using the download link).</p>
+ <p>An attacker must have write access to the repo, and the download
+ option must have been enabled in the websvn config file."</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-6892</cvename>
+ <url>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6892</url>
+ <url>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775682</url>
+ </references>
+ <dates>
+ <discovery>2015-01-18</discovery>
+ <entry>2016-03-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5a016dd0-8aa8-490e-a596-55f4cc17e4ef">
+ <topic>rails -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>rubygem-actionpack</name>
+ <range><lt>3.2.22.2</lt></range>
+ </package>
+ <package>
+ <name>rubygem-actionpack4</name>
+ <range><lt>4.2.5.2</lt></range>
+ </package>
+ <package>
+ <name>rubygem-actionview</name>
+ <range><lt>4.2.5.2</lt></range>
+ </package>
+ <package>
+ <name>rubygem-rails</name>
+ <range><lt>3.2.22.2</lt></range>
+ </package>
+ <package>
+ <name>rubygem-rails4</name>
+ <range><lt>4.2.5.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Ruby on Rails blog:</p>
+ <blockquote cite="http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/">
+ <p>Rails 4.2.5.2, 4.1.14.2, and 3.2.22.2 have been released! These
+ contain the following important security fixes, and it is
+ recommended that users upgrade as soon as possible.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2097</cvename>
+ <cvename>CVE-2016-2098</cvename>
+ <url>https://groups.google.com/d/msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ</url>
+ <url>https://groups.google.com/d/msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ</url>
+ <url>http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/</url>
+ </references>
+ <dates>
+ <discovery>2016-02-29</discovery>
+ <entry>2016-03-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f85fa236-e2a6-412e-b5c7-c42120892de5">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>49.0.2623.75</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.de/2016/03/stable-channel-update.html">
+ <p>[560011] High CVE-2016-1630: Same-origin bypass in Blink.</p>
+ <p>[569496] High CVE-2016-1631: Same-origin bypass in Pepper Plugin.</p>
+ <p>[549986] High CVE-2016-1632: Bad cast in Extensions.</p>
+ <p>[572537] High CVE-2016-1633: Use-after-free in Blink.</p>
+ <p>[559292] High CVE-2016-1634: Use-after-free in Blink.</p>
+ <p>[585268] High CVE-2016-1635: Use-after-free in Blink.</p>
+ <p>[584155] High CVE-2016-1636: SRI Validation Bypass.</p>
+ <p>[555544] Medium CVE-2016-1637: Information Leak in Skia.</p>
+ <p>[585282] Medium CVE-2016-1638: WebAPI Bypass.</p>
+ <p>[572224] Medium CVE-2016-1639: Use-after-free in WebRTC.</p>
+ <p>[550047] Medium CVE-2016-1640: Origin confusion in Extensions UI.</p>
+ <p>[583718] Medium CVE-2016-1641: Use-after-free in Favicon.</p>
+ <p>[591402] CVE-2016-1642: Various fixes from internal audits, fuzzing and other initiatives.</p>
+ <p>Multiple vulnerabilities in V8 fixed.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1630</cvename>
+ <cvename>CVE-2016-1631</cvename>
+ <cvename>CVE-2016-1632</cvename>
+ <cvename>CVE-2016-1633</cvename>
+ <cvename>CVE-2016-1634</cvename>
+ <cvename>CVE-2016-1635</cvename>
+ <cvename>CVE-2016-1636</cvename>
+ <cvename>CVE-2016-1637</cvename>
+ <cvename>CVE-2016-1638</cvename>
+ <cvename>CVE-2016-1639</cvename>
+ <cvename>CVE-2016-1640</cvename>
+ <cvename>CVE-2016-1641</cvename>
+ <cvename>CVE-2016-1642</cvename>
+ <url>http://googlechromereleases.blogspot.de/2016/03/stable-channel-update.html</url>
+ </references>
+ <dates>
+ <discovery>2016-03-02</discovery>
+ <entry>2016-03-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6b3591ea-e2d2-11e5-a6be-5453ed2e2b49">
+ <topic>libssh -- weak Diffie-Hellman secret generation</topic>
+ <affects>
+ <package>
+ <name>libssh</name>
+ <range><lt>0.7.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Andreas Schneider reports:</p>
+ <blockquote cite="https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/">
+ <p>libssh versions 0.1 and above have a bits/bytes confusion bug and
+ generate the an anormaly short ephemeral secret for the
+ diffie-hellman-group1 and diffie-hellman-group14 key exchange
+ methods. The resulting secret is 128 bits long, instead of the
+ recommended sizes of 1024 and 2048 bits respectively. There are
+ practical algorithms (Baby steps/Giant steps, Pollard’s rho) that can
+ solve this problem in O(2^63) operations.</p>
+ <p>Both client and server are are vulnerable, pre-authentication.
+ This vulnerability could be exploited by an eavesdropper with enough
+ resources to decrypt or intercept SSH sessions. The bug was found
+ during an internal code review by Aris Adamantiadis of the libssh
+ team.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-0739</cvename>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0739</url>
+ <url>https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/</url>
+ </references>
+ <dates>
+ <discovery>2016-02-23</discovery>
+ <entry>2016-03-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7d09b9ee-e0ba-11e5-abc4-6fb07af136d2">
+ <topic>exim -- local privilleges escalation</topic>
+ <affects>
+ <package>
+ <name>exim</name>
+ <range><lt>4.86.2</lt></range>
+ <range><lt>4.85.2</lt></range>
+ <range><lt>4.84.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Exim development team reports:</p>
+ <blockquote cite="https://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html">
+ <p>All installations having Exim set-uid root and using 'perl_startup' are
+ vulnerable to a local privilege escalation. Any user who can start an
+ instance of Exim (and this is normally <strong>any</strong> user) can gain root
+ privileges. If you do not use 'perl_startup' you <strong>should</strong> be safe.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1531</cvename>
+ <url>https://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html</url>
+ </references>
+ <dates>
+ <discovery>2016-02-26</discovery>
+ <entry>2016-03-02</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="db3301be-e01c-11e5-b2bd-002590263bf5">
+ <topic>cacti -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>cacti</name>
+ <range><lt>0.8.8g</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Cacti Group, Inc. reports:</p>
+ <blockquote cite="http://www.cacti.net/release_notes_0_8_8g.php">
+ <p>Changelog</p>
+ <ul>
+ <li>bug:0002652: CVE-2015-8604: SQL injection in graphs_new.php</li>
+ <li>bug:0002655: CVE-2015-8377: SQL injection vulnerability in the
+ host_new_graphs_save function in graphs_new.php</li>
+ <li>bug:0002656: Authentication using web authentication as a user
+ not in the cacti database allows complete access</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8377</cvename>
+ <cvename>CVE-2015-8604</cvename>
+ <cvename>CVE-2016-2313</cvename>
+ <url>http://www.cacti.net/release_notes_0_8_8g.php</url>
+ <url>http://bugs.cacti.net/view.php?id=2652</url>
+ <url>http://bugs.cacti.net/view.php?id=2655</url>
+ <url>http://bugs.cacti.net/view.php?id=2656</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/02/09/3</url>
+ </references>
+ <dates>
+ <discovery>2016-02-21</discovery>
+ <entry>2016-03-02</entry>
+ </dates>
+ </vuln>
+
<vuln vid="f682a506-df7c-11e5-81e4-6805ca0b3d42">
<topic>phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability</topic>
<affects>
@@ -195,11 +10846,20 @@
<cvename>CVE-2016-2530</cvename>
<cvename>CVE-2016-2531</cvename>
<cvename>CVE-2016-2532</cvename>
- <url>https://www.wireshark.org/docs/relnotes/wireshark-2.0.1.html</url>
+ <cvename>CVE-2016-4415</cvename>
+ <cvename>CVE-2016-4416</cvename>
+ <cvename>CVE-2016-4417</cvename>
+ <cvename>CVE-2016-4418</cvename>
+ <cvename>CVE-2016-4419</cvename>
+ <cvename>CVE-2016-4420</cvename>
+ <cvename>CVE-2016-4421</cvename>
+ <url>https://www.wireshark.org/docs/relnotes/wireshark-2.0.2.html</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/05/01/1</url>
</references>
<dates>
<discovery>2016-02-26</discovery>
<entry>2016-03-01</entry>
+ <modified>2016-07-04</modified>
</dates>
</vuln>
@@ -1460,8 +12120,6 @@
Credit to anonymous.</li>
<li>[577105] High CVE-2016-1623: Same-origin bypass in DOM. Credit
to Mariusz Mlynski.</li>
- <li>[583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit
- to lukezli.</li>
<li>[509313] Medium CVE-2016-1625: Navigation bypass in Chrome
Instant. Credit to Jann Horn.</li>
<li>[571480] Medium CVE-2016-1626: Out-of-bounds read in PDFium.
@@ -1475,7 +12133,6 @@
<references>
<cvename>CVE-2016-1622</cvename>
<cvename>CVE-2016-1623</cvename>
- <cvename>CVE-2016-1624</cvename>
<cvename>CVE-2016-1625</cvename>
<cvename>CVE-2016-1626</cvename>
<cvename>CVE-2016-1627</cvename>
@@ -1484,6 +12141,7 @@
<dates>
<discovery>2016-02-08</discovery>
<entry>2016-02-09</entry>
+ <modified>2016-03-08</modified>
</dates>
</vuln>
@@ -1498,6 +12156,10 @@
<name>silgraphite</name>
<range><lt>2.3.1_4</lt></range>
</package>
+ <package>
+ <name>linux-thunderbird</name>
+ <range><lt>38.6.0</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -1520,6 +12182,8 @@
</description>
<references>
<url>http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html</url>
+ <url>http://www.talosintel.com/reports/TALOS-2016-0061/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-14/</url>
<cvename>CVE-2016-1521</cvename>
<cvename>CVE-2016-1522</cvename>
<cvename>CVE-2016-1523</cvename>
@@ -1528,7 +12192,7 @@
<dates>
<discovery>2016-02-05</discovery>
<entry>2016-02-09</entry>
- <modified>2016-02-18</modified>
+ <modified>2016-03-08</modified>
</dates>
</vuln>
@@ -1575,14 +12239,18 @@
</vuln>
<vuln vid="85eb4e46-cf16-11e5-840f-485d605f4717">
- <topic>php -- pcre vulnerability</topic>
+ <topic>php -- multiple vulnerabilities</topic>
<affects>
<package>
<name>php55</name>
+ <name>php55-phar</name>
+ <name>php55-wddx</name>
<range><lt>5.5.32</lt></range>
</package>
<package>
<name>php56</name>
+ <name>php56-phar</name>
+ <name>php56-wddx</name>
<range><lt>5.6.18</lt></range>
</package>
</affects>
@@ -1590,12 +12258,33 @@
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PHP reports:</p>
<blockquote cite="http://php.net/ChangeLog-5.php#5.6.18">
- <ul><li>PCRE:
+ <ul><li>Core:
<ul>
- <li>Upgraded bundled PCRE library to 8.38.(CVE-2015-8383,
- CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390,
- CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)</li>
+ <li>Fixed bug #71039 (exec functions ignore length but look for NULL
+ termination).</li>
+ <li>Fixed bug #71323 (Output of stream_get_meta_data can be
+ falsified by its input).</li>
+ <li>Fixed bug #71459 (Integer overflow in iptcembed()).</li>
</ul></li>
+ <li>PCRE:
+ <ul>
+ <li>Upgraded bundled PCRE library to 8.38.(CVE-2015-8383,
+ CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390,
+ CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)</li>
+ </ul></li>
+ <li>Phar:
+ <ul>
+ <li>Fixed bug #71354 (Heap corruption in tar/zip/phar parser).</li>
+ <li>Fixed bug #71391 (NULL Pointer Dereference in
+ phar_tar_setupmetadata()).</li>
+ <li>Fixed bug #71488 (Stack overflow when decompressing tar
+ archives). (CVE-2016-2554)</li>
+ </ul></li>
+ <li>WDDX:
+ <ul>
+ <li>Fixed bug #71335 (Type Confusion in WDDX Packet
+ Deserialization).</li>
+ </ul></li>
</ul>
</blockquote>
</body>
@@ -1609,6 +12298,7 @@
<cvename>CVE-2015-8391</cvename>
<cvename>CVE-2015-8393</cvename>
<cvename>CVE-2015-8394</cvename>
+ <cvename>CVE-2016-2554</cvename>
<url>http://php.net/ChangeLog-5.php#5.6.18</url>
<url>http://php.net/ChangeLog-5.php#5.5.32</url>
</references>
@@ -1615,6 +12305,7 @@
<dates>
<discovery>2016-02-04</discovery>
<entry>2016-02-09</entry>
+ <modified>2016-03-13</modified>
</dates>
</vuln>
@@ -1942,12 +12633,16 @@
</description>
<references>
<url>http://downloads.asterisk.org/pub/security/AST-2016-001.html</url>
+ <cvename>CVE-2011-3389</cvename>
<url>http://downloads.asterisk.org/pub/security/AST-2016-002.html</url>
+ <cvename>CVE-2016-2316</cvename>
<url>http://downloads.asterisk.org/pub/security/AST-2016-003.html</url>
+ <cvename>CVE-2016-2232</cvename>
</references>
<dates>
<discovery>2016-02-03</discovery>
<entry>2016-02-04</entry>
+ <modified>2016-03-07</modified>
</dates>
</vuln>
@@ -2123,8 +12818,6 @@
set in cookie names</p>
<p>MFSA 2016-06 Missing delay following user click events in
protocol handler dialog</p>
- <p>MFSA 2016-07 Errors in mp_div and mp_exptmod
- cryptographic functions in NSS</p>
<p>MFSA 2016-09 Addressbar spoofing attacks</p>
<p>MFSA 2016-10 Unsafe memory manipulation found through
code inspection</p>
@@ -2140,7 +12833,6 @@
<cvename>CVE-2016-1933</cvename>
<cvename>CVE-2016-1935</cvename>
<cvename>CVE-2016-1937</cvename>
- <cvename>CVE-2016-1938</cvename>
<cvename>CVE-2016-1939</cvename>
<cvename>CVE-2016-1942</cvename>
<cvename>CVE-2016-1943</cvename>
@@ -2153,7 +12845,6 @@
<url>https://www.mozilla.org/security/advisories/mfsa2016-03/</url>
<url>https://www.mozilla.org/security/advisories/mfsa2016-04/</url>
<url>https://www.mozilla.org/security/advisories/mfsa2016-06/</url>
- <url>https://www.mozilla.org/security/advisories/mfsa2016-07/</url>
<url>https://www.mozilla.org/security/advisories/mfsa2016-09/</url>
<url>https://www.mozilla.org/security/advisories/mfsa2016-10/</url>
<url>https://www.mozilla.org/security/advisories/mfsa2016-11/</url>
@@ -2161,6 +12852,7 @@
<dates>
<discovery>2016-01-26</discovery>
<entry>2016-02-01</entry>
+ <modified>2016-03-08</modified>
</dates>
</vuln>
@@ -2702,6 +13394,12 @@
<name>mingw32-openssl</name>
<range><ge>1.0.1</ge><lt>1.0.2f</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.2</ge><lt>10.2_12</lt></range>
+ <range><ge>10.1</ge><lt>10.1_29</lt></range>
+ <range><ge>9.3</ge><lt>9.3_36</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -2734,6 +13432,7 @@
</body>
</description>
<references>
+ <freebsdsa>SA-16:11.openssl</freebsdsa>
<cvename>CVE-2016-0701</cvename>
<cvename>CVE-2015-3197</cvename>
<url>https://www.openssl.org/news/secadv/20160128.txt</url>
@@ -2741,6 +13440,7 @@
<dates>
<discovery>2016-01-22</discovery>
<entry>2016-01-28</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -2802,7 +13502,7 @@
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Aaron Jorbin reports:</p>
- <blockquote cite="INSERT URL HERE">
+ <blockquote cite="https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/">
<p>WordPress 4.4.1 is now available. This is a security release for
all previous versions and we strongly encourage you to update your
sites immediately.</p>
@@ -2820,6 +13520,7 @@
<dates>
<discovery>2016-01-06</discovery>
<entry>2016-01-26</entry>
+ <modified>2016-03-08</modified>
</dates>
</vuln>
@@ -3046,6 +13747,10 @@
<name>bind910</name>
<range><lt>9.10.3P3</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>9.3</ge><lt>9.3_35</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -3058,10 +13763,12 @@
<references>
<url>https://kb.isc.org/article/AA-01335</url>
<cvename>CVE-2015-8704</cvename>
+ <freebsdsa>SA-16:08.bind</freebsdsa>
</references>
<dates>
<discovery>2016-01-19</discovery>
<entry>2016-01-22</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -3129,6 +13836,12 @@
<name>ntp-devel</name>
<range><lt>4.3.90</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.2</ge><lt>10.2_11</lt></range>
+ <range><ge>10.1</ge><lt>10.1_28</lt></range>
+ <range><ge>9.3</ge><lt>9.3_35</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -3173,6 +13886,7 @@
</body>
</description>
<references>
+ <freebsdsa>SA-16:09.ntp</freebsdsa>
<cvename>CVE-2015-7973</cvename>
<cvename>CVE-2015-7974</cvename>
<cvename>CVE-2015-7975</cvename>
@@ -3189,6 +13903,7 @@
<dates>
<discovery>2016-01-20</discovery>
<entry>2016-01-21</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -3294,6 +14009,13 @@
<name>libarchive</name>
<range><lt>3.1.2_5,1</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.3</ge><lt>10.3_4</lt></range>
+ <range><ge>10.2</ge><lt>10.2_18</lt></range>
+ <range><ge>10.1</ge><lt>10.1_35</lt></range>
+ <range><ge>9.3</ge><lt>9.3_43</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -3325,6 +14047,8 @@
<cvename>CVE-2013-0211</cvename>
<cvename>CVE-2015-2304</cvename>
<freebsdpr>ports/200176</freebsdpr>
+ <freebsdsa>SA-16:22.libarchive</freebsdsa>
+ <freebsdsa>SA-16:23.libarchive</freebsdsa>
<url>https://github.com/libarchive/libarchive/pull/110</url>
<url>https://github.com/libarchive/libarchive/commit/5935715</url>
<url>https://github.com/libarchive/libarchive/commit/2253154</url>
@@ -3336,6 +14060,7 @@
<dates>
<discovery>2012-12-06</discovery>
<entry>2016-01-18</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -3570,6 +14295,12 @@
<lt>7.1.p2,1</lt>
</range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.2</ge><lt>10.2_10</lt></range>
+ <range><ge>10.1</ge><lt>10.1_27</lt></range>
+ <range><ge>9.3</ge><lt>9.3_34</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -3585,11 +14316,12 @@
<url>http://www.openssh.com/security.html</url>
<cvename>CVE-2016-0777</cvename>
<cvename>CVE-2016-0778</cvename>
+ <freebsdsa>SA-16:07</freebsdsa>
</references>
<dates>
<discovery>2016-01-14</discovery>
<entry>2016-01-14</entry>
- <modified>2016-01-15</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -3672,6 +14404,15 @@
<lt>3.6200</lt>
</range>
</package>
+ <package>
+ <name>perl5</name>
+ <name>perl5.20</name>
+ <name>perl5.22</name>
+ <name>perl5-devel</name>
+ <range><ge>5.19.9</ge><lt>5.20.2</lt></range>
+ <range><ge>5.21.0</ge><lt>5.22.2</lt></range>
+ <range><ge>5.23.0</ge><lt>5.23.7</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -3693,6 +14434,7 @@
<dates>
<discovery>2016-01-11</discovery>
<entry>2016-01-12</entry>
+ <modified>2016-08-22</modified>
</dates>
</vuln>
@@ -3878,6 +14620,12 @@
<name>ntp-devel</name>
<range><lt>4.3.78</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.2</ge><lt>10.2_9</lt></range>
+ <range><ge>10.1</ge><lt>10.1_26</lt></range>
+ <range><ge>9.3</ge><lt>9.3_33</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -3891,6 +14639,7 @@
</body>
</description>
<references>
+ <freebsdsa>SA-16:02.ntp</freebsdsa>
<cvename>CVE-2015-5300</cvename>
<url>https://www.cs.bu.edu/~goldbe/NTPattack.html</url>
<url>http://support.ntp.org/bin/view/Main/NtpBug2956</url>
@@ -3899,6 +14648,7 @@
<dates>
<discovery>2015-10-21</discovery>
<entry>2016-01-08</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -4322,7 +15072,7 @@
<package>
<name>qemu</name>
<name>qemu-devel</name>
- <range><ge>0</ge></range>
+ <range><lt>2.5.50</lt></range>
</package>
<package>
<name>qemu-sbruno</name>
@@ -4357,7 +15107,7 @@
<dates>
<discovery>2015-12-28</discovery>
<entry>2016-01-03</entry>
- <modified>2016-02-13</modified>
+ <modified>2016-07-06</modified>
</dates>
</vuln>
@@ -4367,7 +15117,7 @@
<package>
<name>qemu</name>
<name>qemu-devel</name>
- <range><lt>2.5.0</lt></range>
+ <range><lt>2.5.50</lt></range>
</package>
<package>
<name>qemu-sbruno</name>
@@ -4398,6 +15148,7 @@
<dates>
<discovery>2015-11-19</discovery>
<entry>2016-01-03</entry>
+ <modified>2016-07-06</modified>
</dates>
</vuln>
@@ -4407,7 +15158,7 @@
<package>
<name>qemu</name>
<name>qemu-devel</name>
- <range><ge>0</ge></range>
+ <range><lt>2.5.0</lt></range>
</package>
<package>
<name>qemu-sbruno</name>
@@ -4440,7 +15191,7 @@
<dates>
<discovery>2015-12-23</discovery>
<entry>2016-01-03</entry>
- <modified>2016-02-13</modified>
+ <modified>2016-07-06</modified>
</dates>
</vuln>
@@ -4450,7 +15201,7 @@
<package>
<name>qemu</name>
<name>qemu-devel</name>
- <range><ge>0</ge></range>
+ <range><lt>2.5.0</lt></range>
</package>
<package>
<name>qemu-sbruno</name>
@@ -4482,7 +15233,7 @@
<dates>
<discovery>2015-12-21</discovery>
<entry>2016-01-03</entry>
- <modified>2016-02-13</modified>
+ <modified>2016-07-06</modified>
</dates>
</vuln>
@@ -4492,7 +15243,7 @@
<package>
<name>qemu</name>
<name>qemu-devel</name>
- <range><ge>0</ge></range>
+ <range><lt>2.5.0</lt></range>
</package>
<package>
<name>qemu-sbruno</name>
@@ -4525,7 +15276,7 @@
<dates>
<discovery>2015-12-15</discovery>
<entry>2016-01-03</entry>
- <modified>2016-02-13</modified>
+ <modified>2016-07-06</modified>
</dates>
</vuln>
@@ -4535,7 +15286,7 @@
<package>
<name>qemu</name>
<name>qemu-devel</name>
- <range><ge>0</ge></range>
+ <range><lt>2.5.0</lt></range>
</package>
<package>
<name>qemu-sbruno</name>
@@ -4718,7 +15469,7 @@
<package>
<name>qemu</name>
<name>qemu-devel</name>
- <range><ge>0</ge></range>
+ <range><lt>2.5.50</lt></range>
</package>
<package>
<name>qemu-sbruno</name>
@@ -4753,7 +15504,7 @@
<dates>
<discovery>2015-10-16</discovery>
<entry>2016-01-03</entry>
- <modified>2016-02-13</modified>
+ <modified>2016-07-06</modified>
</dates>
</vuln>
@@ -6023,6 +16774,10 @@
<name>bind9-devel</name>
<range><lt>9.11.0.a20151215</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>9.3</ge><lt>9.3_32</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -6046,10 +16801,12 @@
<cvename>CVE-2015-3193</cvename>
<cvename>CVE-2015-8000</cvename>
<cvename>CVE-2015-8461</cvename>
+ <freebsdsa>SA-15:27.bind</freebsdsa>
</references>
<dates>
<discovery>2015-11-24</discovery>
<entry>2015-12-16</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -7018,6 +17775,12 @@
<name>linux-c6-openssl</name>
<range><lt>1.0.1e_7</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.2</ge><lt>10.2_8</lt></range>
+ <range><ge>10.1</ge><lt>10.1_25</lt></range>
+ <range><ge>9.3</ge><lt>9.3_31</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -7038,6 +17801,7 @@
</body>
</description>
<references>
+ <freebsdsa>SA-15:26.openssl</freebsdsa>
<cvename>CVE-2015-1794</cvename>
<cvename>CVE-2015-3193</cvename>
<cvename>CVE-2015-3194</cvename>
@@ -7048,7 +17812,7 @@
<dates>
<discovery>2015-12-03</discovery>
<entry>2015-12-05</entry>
- <modified>2016-01-31</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -7643,6 +18407,10 @@
<range><lt>4.10.10</lt></range>
</package>
<package>
+ <name>linux-c6-nspr</name>
+ <range><lt>4.10.10</lt></range>
+ </package>
+ <package>
<name>nss</name>
<range><ge>3.20</ge><lt>3.20.1</lt></range>
<range><ge>3.19.3</ge><lt>3.19.4</lt></range>
@@ -7769,6 +18537,7 @@
<dates>
<discovery>2015-11-03</discovery>
<entry>2015-11-19</entry>
+ <modified>2016-04-13</modified>
</dates>
</vuln>
@@ -9182,6 +19951,12 @@
<name>ntp-devel</name>
<range><lt>4.3.76</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.2</ge><lt>10.2_7</lt></range>
+ <range><ge>10.1</ge><lt>10.1_24</lt></range>
+ <range><ge>9.3</ge><lt>9.3_30</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -9237,6 +20012,7 @@
</body>
</description>
<references>
+ <freebsdsa>SA-15:25.ntp</freebsdsa>
<cvename>CVE-2015-7691</cvename>
<cvename>CVE-2015-7692</cvename>
<cvename>CVE-2015-7701</cvename>
@@ -9258,7 +20034,7 @@
<dates>
<discovery>2015-10-21</discovery>
<entry>2015-10-21</entry>
- <modified>2015-10-23</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -11699,7 +22475,7 @@
</package>
<package>
<name>FreeBSD</name>
- <range><gt>9.3</gt><le>9.3_25</le></range>
+ <range><ge>9.3</ge><lt>9.3_25</lt></range>
</package>
</affects>
<description>
@@ -11717,10 +22493,12 @@
<references>
<url>https://www.isc.org/blogs/cve-2015-5722-parsing-malformed-keys-may-cause-bind-to-exit-due-to-a-failed-assertion-in-buffer-c/</url>
<cvename>CVE-2015-5722</cvename>
+ <freebsdsa>SA-15:23.bind</freebsdsa>
</references>
<dates>
<discovery>2015-08-19</discovery>
<entry>2015-09-03</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -12345,6 +23123,12 @@
<name>openssh-portable</name>
<range><lt>7.0.p1,1</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.2</ge><lt>10.2_2</lt></range>
+ <range><ge>10.1</ge><lt>10.1_19</lt></range>
+ <range><ge>9.3</ge><lt>9.3_24</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -12370,11 +23154,12 @@
<cvename>CVE-2015-6563</cvename>
<cvename>CVE-2015-6564</cvename>
<cvename>CVE-2015-6565</cvename>
+ <freebsdsa>SA-15:22.openssh</freebsdsa>
</references>
<dates>
<discovery>2015-08-11</discovery>
<entry>2015-08-21</entry>
- <modified>2016-02-14</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -13884,8 +24669,8 @@
</package>
<package>
<name>FreeBSD</name>
- <range><gt>9.3</gt><le>9.3_20</le></range>
- <range><gt>8.4</gt><le>8.4_34</le></range>
+ <range><ge>9.3</ge><lt>9.3_21</lt></range>
+ <range><ge>8.4</ge><lt>8.4_35</lt></range>
</package>
</affects>
<description>
@@ -13900,6 +24685,7 @@
</body>
</description>
<references>
+ <freebsdsa>SA-15:17.bind</freebsdsa>
<cvename>CVE-2015-5477</cvename>
<url>https://kb.isc.org/article/AA-01272/</url>
</references>
@@ -13906,6 +24692,7 @@
<dates>
<discovery>2015-07-21</discovery>
<entry>2015-07-28</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -13916,6 +24703,12 @@
<name>openssh-portable</name>
<range><lt>6.9.p1_2,1</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.1</ge><lt>10.1_16</lt></range>
+ <range><ge>9.3</ge><lt>9.3_21</lt></range>
+ <range><ge>8.4</ge><lt>8.4_36</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -13930,10 +24723,12 @@
<references>
<url>https://access.redhat.com/security/cve/CVE-2015-5600</url>
<cvename>CVE-2015-5600</cvename>
+ <freebsdsa>SA-15:16.openssh</freebsdsa>
</references>
<dates>
<discovery>2015-07-21</discovery>
<entry>2015-07-27</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -16018,8 +26813,8 @@
</package>
<package>
<name>FreeBSD</name>
- <range><gt>9.3</gt><lt>9.3_19</lt></range>
- <range><gt>8.4</gt><lt>8.4_33</lt></range>
+ <range><ge>9.3</ge><lt>9.3_19</lt></range>
+ <range><ge>8.4</ge><lt>8.4_33</lt></range>
</package>
</affects>
<description>
@@ -16039,6 +26834,7 @@
</body>
</description>
<references>
+ <freebsdsa>SA-15:11.bind</freebsdsa>
<cvename>CVE-2015-4620</cvename>
<url>https://kb.isc.org/article/AA-01267/</url>
</references>
@@ -16045,7 +26841,7 @@
<dates>
<discovery>2015-07-07</discovery>
<entry>2015-07-07</entry>
- <modified>2015-07-07</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -17866,6 +28662,12 @@
<name>libressl</name>
<range><lt>2.1.7</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.1</ge><lt>10.1_12</lt></range>
+ <range><ge>9.3</ge><lt>9.3_16</lt></range>
+ <range><ge>8.4</ge><lt>8.4_30</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -17893,12 +28695,14 @@
<cvename>CVE-2015-1790</cvename>
<cvename>CVE-2015-1791</cvename>
<cvename>CVE-2015-1792</cvename>
+ <cvename>CVE-2015-4000</cvename>
+ <freebsdsa>SA-15:10.openssl</freebsdsa>
<url>https://www.openssl.org/news/secadv_20150611.txt</url>
</references>
<dates>
<discovery>2015-06-11</discovery>
<entry>2015-06-11</entry>
- <modified>2015-07-03</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -20942,6 +31746,12 @@
<name>ntp-devel</name>
<range><lt>4.3.14</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.1</ge><lt>10.1_9</lt></range>
+ <range><ge>9.3</ge><lt>9.3_13</lt></range>
+ <range><ge>8.4</ge><lt>8.4_27</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -20957,6 +31767,7 @@
</body>
</description>
<references>
+ <freebsdsa>SA-15:07.ntp</freebsdsa>
<cvename>CVE-2015-1798</cvename>
<cvename>CVE-2015-1799</cvename>
<url>http://archive.ntp.org/ntp4/ChangeLog-stable</url>
@@ -21616,6 +32427,12 @@
<name>libressl</name>
<range><le>2.1.5_1</le></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.1</ge><lt>10.1_8</lt></range>
+ <range><ge>9.3</ge><lt>9.3_12</lt></range>
+ <range><ge>8.4</ge><lt>8.4_26</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -21638,6 +32455,7 @@
</body>
</description>
<references>
+ <freebsdsa>SA-15:06.openssl</freebsdsa>
<freebsdpr>ports/198681</freebsdpr>
<cvename>CVE-2015-0204</cvename>
<cvename>CVE-2015-0286</cvename>
@@ -21652,7 +32470,7 @@
<dates>
<discovery>2015-03-19</discovery>
<entry>2015-03-19</entry>
- <modified>2015-03-24</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -22435,8 +33253,8 @@
</package>
<package>
<name>FreeBSD</name>
- <range><gt>9.3</gt><lt>9.3_10</lt></range>
- <range><gt>8.4</gt><lt>8.4_24</lt></range>
+ <range><ge>9.3</ge><lt>9.3_10</lt></range>
+ <range><ge>8.4</ge><lt>8.4_24</lt></range>
</package>
</affects>
<description>
@@ -22450,6 +33268,7 @@
</body>
</description>
<references>
+ <freebsdsa>SA-15:05.bind</freebsdsa>
<cvename>CVE-2015-1349</cvename>
<url>https://kb.isc.org/article/AA-01235</url>
</references>
@@ -22456,6 +33275,7 @@
<dates>
<discovery>2015-02-18</discovery>
<entry>2015-02-23</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -23801,6 +34621,13 @@
<name>linux-c6-openssl</name>
<range><lt>1.0.1e_3</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.1</ge><lt>10.1_4</lt></range>
+ <range><ge>10.0</ge><lt>10.0_16</lt></range>
+ <range><ge>9.3</ge><lt>9.3_8</lt></range>
+ <range><ge>8.4</ge><lt>8.4_22</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -23818,6 +34645,7 @@
</body>
</description>
<references>
+ <freebsdsa>SA-15:01.openssl</freebsdsa>
<cvename>CVE-2014-3569</cvename>
<cvename>CVE-2014-3570</cvename>
<cvename>CVE-2014-3571</cvename>
@@ -23831,7 +34659,7 @@
<dates>
<discovery>2015-01-08</discovery>
<entry>2015-01-08</entry>
- <modified>2015-01-22</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -23976,7 +34804,7 @@
<name>file</name>
<range><lt>5.21</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>8.4</ge><lt>8.4_20</lt></range>
<range><ge>9.1</ge><lt>9.1_23</lt></range>
@@ -23984,7 +34812,7 @@
<range><ge>9.3</ge><lt>9.3_6</lt></range>
<range><ge>10.0</ge><lt>10.0_13</lt></range>
<range><ge>10.1</ge><lt>10.1_1</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -24002,7 +34830,7 @@
<cvename>CVE-2014-3710</cvename>
<cvename>CVE-2014-8116</cvename>
<cvename>CVE-2014-8117</cvename>
- <freebsdsa>FreeBSD-SA-14:28.file</freebsdsa>
+ <freebsdsa>SA-14:28.file</freebsdsa>
<url>http://seclists.org/oss-sec/2014/q4/1056</url>
</references>
<dates>
@@ -24280,10 +35108,10 @@
</package>
<package>
<name>FreeBSD</name>
- <range><gt>9.3</gt><lt>9.3_6</lt></range>
- <range><gt>9.2</gt><lt>9.2_16</lt></range>
- <range><gt>9.1</gt><lt>9.1_23</lt></range>
- <range><gt>8.4</gt><lt>8.4_20</lt></range>
+ <range><ge>9.3</ge><lt>9.3_6</lt></range>
+ <range><ge>9.2</ge><lt>9.2_16</lt></range>
+ <range><ge>9.1</ge><lt>9.1_23</lt></range>
+ <range><ge>8.4</ge><lt>8.4_20</lt></range>
</package>
</affects>
<description>
@@ -24317,6 +35145,7 @@
</body>
</description>
<references>
+ <freebsdsa>SA-14:29.bind</freebsdsa>
<cvename>CVE-2014-8500</cvename>
<cvename>CVE-2014-8680</cvename>
<url>https://www.isc.org/blogs/important-security-advisory-posted/</url>
@@ -24324,6 +35153,7 @@
<dates>
<discovery>2014-12-08</discovery>
<entry>2014-12-11</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -24437,6 +35267,11 @@
<name>unbound</name>
<range><lt>1.5.1</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.0</ge><lt>10.0_14</lt></range>
+ <range><ge>10.1</ge><lt>10.1_2</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -24449,11 +35284,13 @@
</description>
<references>
<url>http://unbound.net/downloads/CVE-2014-8602.txt</url>
+ <freebsdsa>SA-14:30.unbound</freebsdsa>
<cvename>CVE-2014-8602</cvename>
</references>
<dates>
<discovery>2014-12-08</discovery>
<entry>2014-12-09</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -25412,6 +36249,14 @@
<name>linux-c6-openssl</name>
<range><lt>1.0.1e_1</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>8.4</ge><lt>8.4_17</lt></range>
+ <range><ge>9.1</ge><lt>9.1_20</lt></range>
+ <range><ge>9.2</ge><lt>9.2_13</lt></range>
+ <range><ge>9.3</ge><lt>9.3_3</lt></range>
+ <range><ge>10.0</ge><lt>10.0_10</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -25450,6 +36295,7 @@
</body>
</description>
<references>
+ <freebsdsa>SA-14:23.openssl</freebsdsa>
<cvename>CVE-2014-3513</cvename>
<cvename>CVE-2014-3566</cvename>
<cvename>CVE-2014-3567</cvename>
@@ -25459,6 +36305,7 @@
<dates>
<discovery>2014-10-15</discovery>
<entry>2014-10-15</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -26925,6 +37772,14 @@
<name>mingw32-openssl</name>
<range><ge>1.0.1</ge><lt>1.0.1i</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>8.4</ge><lt>8.4_15</lt></range>
+ <range><ge>9.1</ge><lt>9.1_18</lt></range>
+ <range><ge>9.2</ge><lt>9.2_11</lt></range>
+ <range><ge>9.3</ge><lt>9.3_1</lt></range>
+ <range><ge>10.0</ge><lt>10.0_8</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -26974,6 +37829,7 @@
</description>
<references>
<url>https://www.openssl.org/news/secadv_20140806.txt</url>
+ <freebsdsa>SA-14:18.openssl</freebsdsa>
<cvename>CVE-2014-3505</cvename>
<cvename>CVE-2014-3506</cvename>
<cvename>CVE-2014-3507</cvename>
@@ -26987,6 +37843,7 @@
<dates>
<discovery>2014-08-06</discovery>
<entry>2014-08-06</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -28170,13 +39027,13 @@
<name>mingw32-openssl</name>
<range><ge>1.0.1</ge><lt>1.0.1h</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>8.0</ge><lt>8.4_12</lt></range>
<range><ge>9.1</ge><lt>9.1_15</lt></range>
<range><ge>9.2</ge><lt>9.2_8</lt></range>
<range><ge>10.0</ge><lt>10.0_5</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -28204,7 +39061,7 @@
<cvename>CVE-2014-0221</cvename>
<cvename>CVE-2014-0224</cvename>
<cvename>CVE-2014-3470</cvename>
- <url>http://www.freebsd.org/security/advisories/FreeBSD-SA-14:14.openssl.asc</url>
+ <freebsdsa>SA-14:14.openssl</freebsdsa>
<url>http://www.openssl.org/news/secadv_20140605.txt</url>
</references>
<dates>
@@ -28636,6 +39493,10 @@
<name>openssl</name>
<range><ge>1.0.1</ge><lt>1.0.1_12</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.0</ge><lt>10.0_3</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -28650,11 +39511,13 @@
<references>
<url>http://www.openwall.com/lists/oss-security/2014/05/02/5</url>
<url>https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321</url>
+ <freebsdsa>SA-14:10.openssl</freebsdsa>
<cvename>CVE-2014-0198</cvename>
</references>
<dates>
<discovery>2014-05-02</discovery>
<entry>2014-05-03</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -29017,6 +39880,10 @@
<name>mingw32-openssl</name>
<range><ge>1.0.1</ge><le>1.0.1g</le></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>10.0</ge><lt>10.0_2</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -29028,11 +39895,13 @@
<references>
<url>https://rt.openssl.org/Ticket/Display.html?id=2167</url>
<url>http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse</url>
+ <freebsdsa>SA-14:09.openssl</freebsdsa>
<cvename>CVE-2010-5298</cvename>
</references>
<dates>
<discovery>2010-02-09</discovery>
<entry>2014-04-23</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -29337,7 +40206,7 @@
<name>mingw32-openssl</name>
<range><ge>1.0.1</ge><lt>1.0.1g</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>8.3</ge><lt>8.3_15</lt></range>
<range><ge>8.4</ge><lt>8.4_8</lt></range>
@@ -29344,7 +40213,7 @@
<range><ge>9.1</ge><lt>9.1_11</lt></range>
<range><ge>9.2</ge><lt>9.2_4</lt></range>
<range><ge>10.0</ge><lt>10.0_1</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -29359,7 +40228,7 @@
</description>
<references>
<cvename>CVE-2014-0076</cvename>
- <freebsdsa>FreeBSD-SA-14:06.openssl</freebsdsa>
+ <freebsdsa>SA-14:06.openssl</freebsdsa>
<url>https://www.openssl.org/news/vulnerabilities.html#2014-0076</url>
</references>
<dates>
@@ -29479,10 +40348,10 @@
<name>mingw32-openssl</name>
<range><ge>1.0.1</ge><lt>1.0.1g</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>10.0</ge><lt>10.0_1</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -29511,7 +40380,7 @@
</description>
<references>
<cvename>CVE-2014-0160</cvename>
- <freebsdsa>FreeBSD-SA-14:06.openssl</freebsdsa>
+ <freebsdsa>SA-14:06.openssl</freebsdsa>
<url>https://www.openssl.org/news/secadv_20140407.txt</url>
<url>https://www.openssl.org/news/vulnerabilities.html#2014-0076</url>
<url>http://www.heartbleed.com</url>
@@ -31453,6 +42322,13 @@
<name>ntp</name>
<range><lt>4.2.7p26</lt></range>
</package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>8.3</ge><lt>8.3_14</lt></range>
+ <range><ge>8.4</ge><lt>8.4_7</lt></range>
+ <range><ge>9.1</ge><lt>9.1_10</lt></range>
+ <range><ge>9.2</ge><lt>9.2_3</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -31479,6 +42355,7 @@
<dates>
<discovery>2014-01-01</discovery>
<entry>2014-01-14</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -31541,10 +42418,10 @@
</package>
<package>
<name>FreeBSD</name>
- <range><gt>9.2</gt><lt>9.2_3</lt></range>
- <range><gt>9.1</gt><lt>9.1_10</lt></range>
- <range><gt>8.4</gt><lt>8.4_7</lt></range>
- <range><gt>8.3</gt><lt>8.3_14</lt></range>
+ <range><ge>9.2</ge><lt>9.2_3</lt></range>
+ <range><ge>9.1</ge><lt>9.1_10</lt></range>
+ <range><ge>8.4</ge><lt>8.4_7</lt></range>
+ <range><ge>8.3</ge><lt>8.3_14</lt></range>
</package>
</affects>
<description>
@@ -31562,13 +42439,13 @@
</description>
<references>
<cvename>CVE-2014-0591</cvename>
- <freebsdsa>SA-13:07.bind</freebsdsa>
+ <freebsdsa>SA-14:04.bind</freebsdsa>
<url>https://kb.isc.org/article/AA-01078/74/</url>
</references>
<dates>
<discovery>2014-01-08</discovery>
<entry>2014-01-13</entry>
- <modified>2014-04-30</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -31628,6 +42505,7 @@
</body>
</description>
<references>
+ <freebsdsa>SA-14:03.openssl</freebsdsa>
<cvename>CVE-2013-4353</cvename>
<cvename>CVE-2013-6449</cvename>
<cvename>CVE-2013-6450</cvename>
@@ -31636,6 +42514,7 @@
<dates>
<discovery>2014-01-06</discovery>
<entry>2014-01-06</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -33551,12 +44430,12 @@
<vuln vid="b72bad1c-20ed-11e3-be06-000c29ee3065">
<topic>FreeBSD -- Cross-mount links between nullfs(5) mounts</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>9.1</gt><lt>9.1_7</lt></range>
- <range><gt>8.4</gt><lt>8.4_4</lt></range>
- <range><gt>8.3</gt><lt>8.3_11</lt></range>
- </system>
+ <range><ge>9.1</ge><lt>9.1_7</lt></range>
+ <range><ge>8.4</ge><lt>8.4_4</lt></range>
+ <range><ge>8.3</ge><lt>8.3_11</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -33585,6 +44464,7 @@
<dates>
<discovery>2013-09-10</discovery>
<entry>2013-09-19</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -33591,12 +44471,12 @@
<vuln vid="4d87d357-202c-11e3-be06-000c29ee3065">
<topic>FreeBSD -- Insufficient credential checks in network ioctl(2)</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>9.1</gt><lt>9.1_7</lt></range>
- <range><gt>8.4</gt><lt>8.4_4</lt></range>
- <range><gt>8.3</gt><lt>8.3_11</lt></range>
- </system>
+ <range><ge>9.1</ge><lt>9.1_7</lt></range>
+ <range><ge>8.4</ge><lt>8.4_4</lt></range>
+ <range><ge>8.3</ge><lt>8.3_11</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -33633,6 +44513,7 @@
<dates>
<discovery>2013-09-10</discovery>
<entry>2013-09-19</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -34690,8 +45571,8 @@
</package>
<package>
<name>FreeBSD</name>
- <range><gt>9.0</gt><lt>9.1_5</lt></range>
- <range><gt>8.4</gt><lt>8.4_2</lt></range>
+ <range><ge>9.0</ge><lt>9.1_5</lt></range>
+ <range><ge>8.4</ge><lt>8.4_2</lt></range>
</package>
</affects>
<description>
@@ -34712,7 +45593,7 @@
<dates>
<discovery>2013-07-26</discovery>
<entry>2013-07-26</entry>
- <modified>2013-07-27</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -35544,7 +46425,7 @@
<affects>
<package>
<name>FreeBSD</name>
- <range><gt>9.0</gt><lt>9.1_4</lt></range>
+ <range><ge>9.0</ge><lt>9.1_4</lt></range>
</package>
</affects>
<description>
@@ -35564,6 +46445,7 @@
<dates>
<discovery>2013-06-18</discovery>
<entry>2013-06-18</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -37021,8 +47903,8 @@
<affects>
<package>
<name>FreeBSD</name>
- <range><gt>8.3</gt><lt>8.3_8</lt></range>
- <range><gt>9.1</gt><lt>9.1_3</lt></range>
+ <range><ge>8.3</ge><lt>8.3_8</lt></range>
+ <range><ge>9.1</ge><lt>9.1_3</lt></range>
</package>
</affects>
<description>
@@ -37041,6 +47923,7 @@
<dates>
<discovery>2013-04-21</discovery>
<entry>2013-04-29</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -37717,8 +48600,8 @@
<affects>
<package>
<name>FreeBSD</name>
- <range><gt>9.0</gt><lt>9.0_7</lt></range>
- <range><gt>9.1</gt><lt>9.1_2</lt></range>
+ <range><ge>9.0</ge><lt>9.0_7</lt></range>
+ <range><ge>9.1</ge><lt>9.1_2</lt></range>
</package>
</affects>
<description>
@@ -37740,6 +48623,7 @@
<dates>
<discovery>2013-04-02</discovery>
<entry>2013-04-02</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -37748,9 +48632,9 @@
<affects>
<package>
<name>FreeBSD</name>
- <range><gt>8.3</gt><lt>8.3_7</lt></range>
- <range><gt>9.0</gt><lt>9.0_7</lt></range>
- <range><gt>9.1</gt><lt>9.1_2</lt></range>
+ <range><ge>8.3</ge><lt>8.3_7</lt></range>
+ <range><ge>9.0</ge><lt>9.0_7</lt></range>
+ <range><ge>9.1</ge><lt>9.1_2</lt></range>
</package>
</affects>
<description>
@@ -37768,12 +48652,13 @@
<references>
<cvename>CVE-2013-0166</cvename>
<cvename>CVE-2013-0169</cvename>
- <freebsdsa>SA-13:04.openssl</freebsdsa>
+ <freebsdsa>SA-13:03.openssl</freebsdsa>
<url>http://www.openssl.org/news/secadv_20130205.txt</url>
</references>
<dates>
<discovery>2013-04-02</discovery>
<entry>2013-04-02</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -38352,11 +49237,6 @@
<affects>
<package>
<name>perl</name>
- <range><lt>5.12.4_5</lt></range>
- <range><ge>5.14.0</ge><lt>5.14.2_3</lt></range>
- <range><ge>5.16.0</ge><lt>5.16.2_1</lt></range>
- </package>
- <package>
<name>perl-threaded</name>
<range><lt>5.12.4_5</lt></range>
<range><ge>5.14.0</ge><lt>5.14.2_3</lt></range>
@@ -38390,6 +49270,7 @@
<dates>
<discovery>2013-03-04</discovery>
<entry>2013-03-10</entry>
+ <modified>2016-08-22</modified>
</dates>
</vuln>
@@ -39165,10 +50046,10 @@
<affects>
<package>
<name>FreeBSD</name>
- <range><gt>7.4</gt><lt>7.4_12</lt></range>
- <range><gt>8.3</gt><lt>8.3_6</lt></range>
- <range><gt>9.0</gt><lt>9.0_6</lt></range>
- <range><gt>9.1</gt><lt>9.1_1</lt></range>
+ <range><ge>7.4</ge><lt>7.4_12</lt></range>
+ <range><ge>8.3</ge><lt>8.3_6</lt></range>
+ <range><ge>9.0</ge><lt>9.0_6</lt></range>
+ <range><ge>9.1</ge><lt>9.1_1</lt></range>
</package>
</affects>
<description>
@@ -39187,6 +50068,7 @@
<dates>
<discovery>2013-02-19</discovery>
<entry>2013-02-21</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -54634,13 +65516,13 @@
<name>bind98</name>
<range><lt>9.8.0.2</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>7.3</gt><lt>7.3_6</lt></range>
- <range><gt>7.4</gt><lt>7.4_2</lt></range>
- <range><gt>8.1</gt><lt>8.1_4</lt></range>
- <range><gt>8.2</gt><lt>8.2_2</lt></range>
- </system>
+ <range><ge>7.3</ge><lt>7.3_6</lt></range>
+ <range><ge>7.4</ge><lt>7.4_2</lt></range>
+ <range><ge>8.1</ge><lt>8.1_4</lt></range>
+ <range><ge>8.2</ge><lt>8.2_2</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -54661,6 +65543,7 @@
<dates>
<discovery>2011-05-26</discovery>
<entry>2011-06-04</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -59665,11 +70548,11 @@
<affects>
<package>
<name>FreeBSD</name>
- <range><gt>6.4</gt><lt>6.4_11</lt></range>
- <range><gt>7.1</gt><lt>7.1_14</lt></range>
- <range><gt>7.3</gt><lt>7.3_3</lt></range>
- <range><gt>8.0</gt><lt>8.0_5</lt></range>
- <range><gt>8.1</gt><lt>8.1_1</lt></range>
+ <range><ge>6.4</ge><lt>6.4_11</lt></range>
+ <range><ge>7.1</ge><lt>7.1_14</lt></range>
+ <range><ge>7.3</ge><lt>7.3_3</lt></range>
+ <range><ge>8.0</ge><lt>8.0_5</lt></range>
+ <range><ge>8.1</ge><lt>8.1_1</lt></range>
</package>
</affects>
<description>
@@ -59685,6 +70568,7 @@
<dates>
<discovery>2010-09-20</discovery>
<entry>2010-10-24</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -59693,10 +70577,9 @@
<affects>
<package>
<name>FreeBSD</name>
- <range><gt>7.1</gt><lt>7.1_13</lt></range>
- <range><gt>7.3</gt><lt>7.3_2</lt></range>
- <range><gt>8.0</gt><lt>8.0_4</lt></range>
- <range><gt>8.1</gt><lt>8.1</lt></range>
+ <range><ge>7.1</ge><lt>7.1_13</lt></range>
+ <range><ge>7.3</ge><lt>7.3_2</lt></range>
+ <range><ge>8.0</ge><lt>8.0_4</lt></range>
</package>
</affects>
<description>
@@ -59715,6 +70598,7 @@
<dates>
<discovery>2010-07-13</discovery>
<entry>2010-10-24</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -59723,9 +70607,9 @@
<affects>
<package>
<name>FreeBSD</name>
- <range><gt>7.2</gt><lt>7.2_8</lt></range>
- <range><gt>7.3</gt><lt>7.3_1</lt></range>
- <range><gt>8.0</gt><lt>8.0_3</lt></range>
+ <range><ge>7.2</ge><lt>7.2_8</lt></range>
+ <range><ge>7.3</ge><lt>7.3_1</lt></range>
+ <range><ge>8.0</ge><lt>8.0_3</lt></range>
</package>
</affects>
<description>
@@ -59741,6 +70625,7 @@
<dates>
<discovery>2010-05-27</discovery>
<entry>2010-10-24</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -59749,11 +70634,11 @@
<affects>
<package>
<name>FreeBSD</name>
- <range><gt>6.4</gt><lt>6.4_10</lt></range>
- <range><gt>7.1</gt><lt>7.1_12</lt></range>
- <range><gt>7.2</gt><lt>7.2_8</lt></range>
- <range><gt>7.3</gt><lt>7.3_1</lt></range>
- <range><gt>8.0</gt><lt>8.0_3</lt></range>
+ <range><ge>6.4</ge><lt>6.4_10</lt></range>
+ <range><ge>7.1</ge><lt>7.1_12</lt></range>
+ <range><ge>7.2</ge><lt>7.2_8</lt></range>
+ <range><ge>7.3</ge><lt>7.3_1</lt></range>
+ <range><ge>8.0</ge><lt>8.0_3</lt></range>
</package>
</affects>
<description>
@@ -59770,6 +70655,7 @@
<dates>
<discovery>2010-05-27</discovery>
<entry>2010-10-24</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -59778,7 +70664,7 @@
<affects>
<package>
<name>FreeBSD</name>
- <range><gt>8.0</gt><lt>8.0_3</lt></range>
+ <range><ge>8.0</ge><lt>8.0_3</lt></range>
</package>
</affects>
<description>
@@ -59795,6 +70681,7 @@
<dates>
<discovery>2010-05-27</discovery>
<entry>2010-10-24</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -59803,9 +70690,9 @@
<affects>
<package>
<name>FreeBSD</name>
- <range><gt>7.1</gt><lt>7.1_10</lt></range>
- <range><gt>7.2</gt><lt>7.2_6</lt></range>
- <range><gt>8.0</gt><lt>8.0_2</lt></range>
+ <range><ge>7.1</ge><lt>7.1_10</lt></range>
+ <range><ge>7.2</ge><lt>7.2_6</lt></range>
+ <range><ge>8.0</ge><lt>8.0_2</lt></range>
</package>
</affects>
<description>
@@ -59822,6 +70709,7 @@
<dates>
<discovery>2010-01-06</discovery>
<entry>2010-10-24</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -59830,11 +70718,11 @@
<affects>
<package>
<name>FreeBSD</name>
- <range><gt>6.3</gt><lt>6.3_15</lt></range>
- <range><gt>6.4</gt><lt>6.4_9</lt></range>
- <range><gt>7.1</gt><lt>7.1_10</lt></range>
- <range><gt>7.2</gt><lt>7.2_6</lt></range>
- <range><gt>8.0</gt><lt>8.0_2</lt></range>
+ <range><ge>6.3</ge><lt>6.3_15</lt></range>
+ <range><ge>6.4</ge><lt>6.4_9</lt></range>
+ <range><ge>7.1</ge><lt>7.1_10</lt></range>
+ <range><ge>7.2</ge><lt>7.2_6</lt></range>
+ <range><ge>8.0</ge><lt>8.0_2</lt></range>
</package>
</affects>
<description>
@@ -59852,6 +70740,7 @@
<dates>
<discovery>2010-01-06</discovery>
<entry>2010-10-24</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -59860,11 +70749,11 @@
<affects>
<package>
<name>FreeBSD</name>
- <range><gt>6.3</gt><lt>6.3_15</lt></range>
- <range><gt>6.4</gt><lt>6.4_9</lt></range>
- <range><gt>7.1</gt><lt>7.1_10</lt></range>
- <range><gt>7.2</gt><lt>7.2_6</lt></range>
- <range><gt>8.0</gt><lt>8.0_2</lt></range>
+ <range><ge>6.3</ge><lt>6.3_15</lt></range>
+ <range><ge>6.4</ge><lt>6.4_9</lt></range>
+ <range><ge>7.1</ge><lt>7.1_10</lt></range>
+ <range><ge>7.2</ge><lt>7.2_6</lt></range>
+ <range><ge>8.0</ge><lt>8.0_2</lt></range>
</package>
</affects>
<description>
@@ -59882,6 +70771,7 @@
<dates>
<discovery>2010-01-06</discovery>
<entry>2010-10-24</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -59890,11 +70780,11 @@
<affects>
<package>
<name>FreeBSD</name>
- <range><gt>6.3</gt><lt>6.3_14</lt></range>
- <range><gt>6.4</gt><lt>6.4_8</lt></range>
- <range><gt>7.1</gt><lt>7.1_9</lt></range>
- <range><gt>7.2</gt><lt>7.2_5</lt></range>
- <range><gt>8.0</gt><lt>8.0_1</lt></range>
+ <range><ge>6.3</ge><lt>6.3_14</lt></range>
+ <range><ge>6.4</ge><lt>6.4_8</lt></range>
+ <range><ge>7.1</ge><lt>7.1_9</lt></range>
+ <range><ge>7.2</ge><lt>7.2_5</lt></range>
+ <range><ge>8.0</ge><lt>8.0_1</lt></range>
</package>
</affects>
<description>
@@ -59919,6 +70809,7 @@
<dates>
<discovery>2009-12-03</discovery>
<entry>2010-10-24</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -59927,9 +70818,9 @@
<affects>
<package>
<name>FreeBSD</name>
- <range><gt>7.1</gt><lt>7.1_9</lt></range>
- <range><gt>7.2</gt><lt>7.2_5</lt></range>
- <range><gt>8.0</gt><lt>8.0_1</lt></range>
+ <range><ge>7.1</ge><lt>7.1_9</lt></range>
+ <range><ge>7.2</ge><lt>7.2_5</lt></range>
+ <range><ge>8.0</ge><lt>8.0_1</lt></range>
</package>
</affects>
<description>
@@ -59947,6 +70838,7 @@
<dates>
<discovery>2009-12-03</discovery>
<entry>2010-10-24</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -59955,11 +70847,11 @@
<affects>
<package>
<name>FreeBSD</name>
- <range><gt>6.3</gt><lt>6.3_14</lt></range>
- <range><gt>6.4</gt><lt>6.4_8</lt></range>
- <range><gt>7.1</gt><lt>7.1_9</lt></range>
- <range><gt>7.2</gt><lt>7.2_5</lt></range>
- <range><gt>8.0</gt><lt>8.0_1</lt></range>
+ <range><ge>6.3</ge><lt>6.3_14</lt></range>
+ <range><ge>6.4</ge><lt>6.4_8</lt></range>
+ <range><ge>7.1</ge><lt>7.1_9</lt></range>
+ <range><ge>7.2</ge><lt>7.2_5</lt></range>
+ <range><ge>8.0</ge><lt>8.0_1</lt></range>
</package>
</affects>
<description>
@@ -59976,6 +70868,7 @@
<dates>
<discovery>2009-12-03</discovery>
<entry>2010-10-24</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -65452,13 +76345,13 @@
<vuln vid="50383bde-b25b-11de-8c83-02e0185f8d72">
<topic>FreeBSD -- Devfs / VFS NULL pointer race condition</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.3</gt><lt>6.3_13</lt></range>
- <range><gt>6.4</gt><lt>6.4_7</lt></range>
- <range><gt>7.1</gt><lt>7.1_8</lt></range>
- <range><gt>7.2</gt><lt>7.2_4</lt></range>
- </system>
+ <range><ge>6.3</ge><lt>6.3_13</lt></range>
+ <range><ge>6.4</ge><lt>6.4_7</lt></range>
+ <range><ge>7.1</ge><lt>7.1_8</lt></range>
+ <range><ge>7.2</ge><lt>7.2_4</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -65485,6 +76378,7 @@
<dates>
<discovery>2009-10-02</discovery>
<entry>2009-10-06</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -65491,11 +76385,11 @@
<vuln vid="90d2e58f-b25a-11de-8c83-02e0185f8d72">
<topic>FreeBSD -- kqueue pipe race conditions</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.3</gt><lt>6.4_7</lt></range>
- <range><gt>6.4</gt><lt>6.3_13</lt></range>
- </system>
+ <range><ge>6.3</ge><lt>6.4_7</lt></range>
+ <range><ge>6.4</ge><lt>6.3_13</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -65525,6 +76419,7 @@
<dates>
<discovery>2009-10-02</discovery>
<entry>2009-10-06</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -66484,13 +77379,13 @@
<name>bind9-sdb-ldap</name>
<range><lt>9.4.3.3</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>6.3</ge><lt>6.3_12</lt></range>
<range><ge>6.4</ge><lt>6.4_6</lt></range>
<range><ge>7.1</ge><lt>7.1_7</lt></range>
<range><ge>7.2</ge><lt>7.2_3</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -68044,13 +78939,13 @@
<vuln vid="fbc8413f-2f7a-11de-9a3f-001b77d09812">
<topic>FreeBSD -- remotely exploitable crash in OpenSSL</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>6.3</ge><lt>6.3_10</lt></range>
<range><ge>6.4</ge><lt>6.4_4</lt></range>
<range><ge>7.0</ge><lt>7.0_12</lt></range>
<range><ge>7.1</ge><lt>7.1_5</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -70570,12 +81465,12 @@
<vuln vid="c702944a-db0f-11dd-aa56-000bcdf0a03b">
<topic>FreeBSD -- netgraph / bluetooth privilege escalation</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.3</gt><lt>6.3_7</lt></range>
- <range><gt>6.4</gt><lt>6.4_1</lt></range>
- <range><gt>7.0</gt><lt>7.0_7</lt></range>
- </system>
+ <range><ge>6.3</ge><lt>6.3_7</lt></range>
+ <range><ge>6.4</ge><lt>6.4_1</lt></range>
+ <range><ge>7.0</ge><lt>7.0_7</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -70607,6 +81502,7 @@
<dates>
<discovery>2008-12-23</discovery>
<entry>2009-01-05</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -70613,12 +81509,12 @@
<vuln vid="e9ecaceb-db0d-11dd-aa56-000bcdf0a03b">
<topic>FreeBSD -- Cross-site request forgery in ftpd(8)</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.3</gt><lt>6.3_7</lt></range>
- <range><gt>6.4</gt><lt>6.4_1</lt></range>
- <range><gt>7.0</gt><lt>7.0_7</lt></range>
- </system>
+ <range><ge>6.3</ge><lt>6.3_7</lt></range>
+ <range><ge>6.4</ge><lt>6.4_1</lt></range>
+ <range><ge>7.0</ge><lt>7.0_7</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -70647,6 +81543,7 @@
<dates>
<discovery>2008-12-23</discovery>
<entry>2009-01-05</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -70653,11 +81550,11 @@
<vuln vid="6b8cadce-db0b-11dd-aa56-000bcdf0a03b">
<topic>FreeBSD -- IPv6 Neighbor Discovery Protocol routing vulnerability</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.3</gt><lt>6.3_5</lt></range>
- <range><gt>7.0</gt><lt>7.0_5</lt></range>
- </system>
+ <range><ge>6.3</ge><lt>6.3_5</lt></range>
+ <range><ge>7.0</ge><lt>7.0_5</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -70693,6 +81590,7 @@
<dates>
<discovery>2008-10-01</discovery>
<entry>2009-01-05</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -70699,11 +81597,11 @@
<vuln vid="5796858d-db0b-11dd-aa56-000bcdf0a03b">
<topic>FreeBSD -- arc4random(9) predictable sequence vulnerability</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.3</gt><lt>6.3_6</lt></range>
- <range><gt>7.0</gt><lt>7.0_6</lt></range>
- </system>
+ <range><ge>6.3</ge><lt>6.3_6</lt></range>
+ <range><ge>7.0</ge><lt>7.0_6</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -70760,6 +81658,7 @@
<dates>
<discovery>2008-11-24</discovery>
<entry>2009-01-05</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -73905,11 +84804,11 @@
<vuln vid="2f794295-7b69-11dd-80ba-000bcdf0a03b">
<topic>FreeBSD -- Remote kernel panics on IPv6 connections</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.3</gt><lt>6.3_4</lt></range>
- <range><gt>7.0</gt><lt>7.0_4</lt></range>
- </system>
+ <range><ge>6.3</ge><lt>6.3_4</lt></range>
+ <range><ge>7.0</ge><lt>7.0_4</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -73938,6 +84837,7 @@
<dates>
<discovery>2008-09-03</discovery>
<entry>2008-09-05</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -73944,11 +84844,11 @@
<vuln vid="7dbb7197-7b68-11dd-80ba-000bcdf0a03b">
<topic>FreeBSD -- nmount(2) local arbitrary code execution</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.3</gt><lt>6.3_4</lt></range>
- <range><gt>7.0</gt><lt>7.0_4</lt></range>
- </system>
+ <range><ge>6.3</ge><lt>6.3_4</lt></range>
+ <range><ge>7.0</ge><lt>7.0_4</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -73977,6 +84877,7 @@
<dates>
<discovery>2008-09-03</discovery>
<entry>2008-09-05</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -73983,11 +84884,11 @@
<vuln vid="6d4e4759-7b67-11dd-80ba-000bcdf0a03b">
<topic>FreeBSD -- amd64 swapgs local privilege escalation</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.3</gt><lt>6.3_4</lt></range>
- <range><gt>7.0</gt><lt>7.0_4</lt></range>
- </system>
+ <range><ge>6.3</ge><lt>6.3_4</lt></range>
+ <range><ge>7.0</ge><lt>7.0_4</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -74020,6 +84921,7 @@
<dates>
<discovery>2008-09-03</discovery>
<entry>2008-09-05</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -74547,11 +85449,11 @@
<vuln vid="655ee1ec-511b-11dd-80ba-000bcdf0a03b">
<topic>FreeBSD -- DNS cache poisoning</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.3</gt><lt>6.3_3</lt></range>
- <range><gt>7.0</gt><lt>7.0_3</lt></range>
- </system>
+ <range><ge>6.3</ge><lt>6.3_3</lt></range>
+ <range><ge>7.0</ge><lt>7.0_3</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -74588,6 +85490,7 @@
<dates>
<discovery>2008-07-08</discovery>
<entry>2008-07-13</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -80498,12 +91401,12 @@
<name>tcpdump</name>
<range><lt>3.9.6</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.2</gt><lt>6.2_7</lt></range>
- <range><gt>6.1</gt><lt>6.1_19</lt></range>
- <range><gt>5.5</gt><lt>5.5_15</lt></range>
- </system>
+ <range><ge>6.2</ge><lt>6.2_7</lt></range>
+ <range><ge>6.1</ge><lt>6.1_19</lt></range>
+ <range><ge>5.5</ge><lt>5.5_15</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -80530,6 +91433,7 @@
<dates>
<discovery>2007-08-01</discovery>
<entry>2007-08-02</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -80538,15 +91442,15 @@
<affects>
<package>
<name>named</name>
- <range><gt>9.4</gt><lt>9.4.1.1</lt></range>
- <range><gt>9.3</gt><lt>9.3.4.1</lt></range>
+ <range><ge>9.4</ge><lt>9.4.1.1</lt></range>
+ <range><ge>9.3</ge><lt>9.3.4.1</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.2</gt><lt>6.2_7</lt></range>
- <range><gt>6.1</gt><lt>6.1_19</lt></range>
- <range><gt>5.5</gt><lt>5.5_15</lt></range>
- </system>
+ <range><ge>6.2</ge><lt>6.2_7</lt></range>
+ <range><ge>6.1</ge><lt>6.1_19</lt></range>
+ <range><ge>5.5</ge><lt>5.5_15</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -80569,6 +91473,7 @@
<dates>
<discovery>2007-07-24</discovery>
<entry>2007-08-02</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -81907,12 +92812,12 @@
<name>file</name>
<range><lt>4.21</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.2</gt><lt>6.2_5</lt></range>
- <range><gt>6.1</gt><lt>6.1_17</lt></range>
- <range><gt>5.5</gt><lt>5.5_13</lt></range>
- </system>
+ <range><ge>6.2</ge><lt>6.2_5</lt></range>
+ <range><ge>6.1</ge><lt>6.1_17</lt></range>
+ <range><ge>5.5</ge><lt>5.5_13</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -81941,7 +92846,7 @@
<dates>
<discovery>2007-05-23</discovery>
<entry>2007-05-23</entry>
- <modified>2007-08-02</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -82264,12 +93169,12 @@
<vuln vid="275b845e-f56c-11db-8163-000e0c2e438a">
<topic>FreeBSD -- IPv6 Routing Header 0 is dangerous</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.2</gt><lt>6.2_4</lt></range>
- <range><gt>6.1</gt><lt>6.1_16</lt></range>
- <range><gt>5.5</gt><lt>5.5_12</lt></range>
- </system>
+ <range><ge>6.2</ge><lt>6.2_4</lt></range>
+ <range><ge>6.1</ge><lt>6.1_16</lt></range>
+ <range><ge>5.5</ge><lt>5.5_12</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -82302,6 +93207,7 @@
<dates>
<discovery>2007-04-26</discovery>
<entry>2007-04-28</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -82907,12 +93813,12 @@
<name>named</name>
<range><lt>9.3.4</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.2</gt><lt>6.2_1</lt></range>
- <range><gt>6.1</gt><lt>6.1_13</lt></range>
- <range><gt>5.5</gt><lt>5.5_11</lt></range>
- </system>
+ <range><ge>6.2</ge><lt>6.2_1</lt></range>
+ <range><ge>6.1</ge><lt>6.1_13</lt></range>
+ <range><ge>5.5</ge><lt>5.5_11</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -82947,6 +93853,7 @@
<dates>
<discovery>2007-02-09</discovery>
<entry>2007-02-27</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -82953,12 +93860,12 @@
<vuln vid="46b922a8-c69c-11db-9f82-000e0c2e438a">
<topic>FreeBSD -- Jail rc.d script privilege escalation</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.1</gt><lt>6.1_12</lt></range>
- <range><gt>6.0</gt><lt>6.0_17</lt></range>
- <range><gt>5.5</gt><lt>5.5_15</lt></range>
- </system>
+ <range><ge>6.1</ge><lt>6.1_12</lt></range>
+ <range><ge>6.0</ge><lt>6.0_17</lt></range>
+ <range><ge>5.5</ge><lt>5.5_15</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -83007,7 +93914,7 @@
<dates>
<discovery>2007-01-11</discovery>
<entry>2007-02-27</entry>
- <modified>2007-08-02</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -83014,11 +93921,11 @@
<vuln vid="44449bf7-c69b-11db-9f82-000e0c2e438a">
<topic>gtar -- name mangling symlink vulnerability</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>5.5</gt><lt>5.5_9</lt></range>
- <range><gt>4.11</gt><lt>4.11_26</lt></range>
- </system>
+ <range><ge>5.5</ge><lt>5.5_9</lt></range>
+ <range><ge>4.11</ge><lt>4.11_26</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -83047,6 +93954,7 @@
<dates>
<discovery>2006-12-06</discovery>
<entry>2007-02-27</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -83053,13 +93961,13 @@
<vuln vid="5c554c0f-c69a-11db-9f82-000e0c2e438a">
<topic>FreeBSD -- Kernel memory disclosure in firewire(4)</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.1</gt><lt>6.1_11</lt></range>
- <range><gt>6.0</gt><lt>6.2_16</lt></range>
- <range><gt>5.5</gt><lt>5.5_9</lt></range>
- <range><gt>4.11</gt><lt>4.11_26</lt></range>
- </system>
+ <range><ge>6.1</ge><lt>6.1_11</lt></range>
+ <range><ge>6.0</ge><lt>6.2_16</lt></range>
+ <range><ge>5.5</ge><lt>5.5_9</lt></range>
+ <range><ge>4.11</ge><lt>4.11_26</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -83094,6 +94002,7 @@
<dates>
<discovery>2006-12-06</discovery>
<entry>2007-02-27</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -83139,17 +94048,17 @@
<package>
<name>openssl</name>
<range><lt>0.9.7l_0</lt></range>
- <range><gt>0.9.8</gt><lt>0.9.8d_0</lt></range>
+ <range><ge>0.9.8</ge><lt>0.9.8d_0</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.1</gt><lt>6.1_9</lt></range>
- <range><gt>6.0</gt><lt>6.0_14</lt></range>
- <range><gt>5.5</gt><lt>5.5_7</lt></range>
- <range><gt>5.4</gt><lt>5.4_21</lt></range>
- <range><gt>5.3</gt><lt>5.3_36</lt></range>
- <range><gt>4.11</gt><lt>4.11_24</lt></range>
- </system>
+ <range><ge>6.1</ge><lt>6.1_9</lt></range>
+ <range><ge>6.0</ge><lt>6.0_14</lt></range>
+ <range><ge>5.5</ge><lt>5.5_7</lt></range>
+ <range><ge>5.4</ge><lt>5.4_21</lt></range>
+ <range><ge>5.3</ge><lt>5.3_36</lt></range>
+ <range><ge>4.11</ge><lt>4.11_24</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -83193,6 +94102,7 @@
<dates>
<discovery>2006-09-28</discovery>
<entry>2007-02-26</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -83899,15 +94809,15 @@
<vuln vid="11a84092-8f9f-11db-ab33-000e0c2e438a">
<topic>gzip -- multiple vulnerabilities</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.1</gt><lt>6.1_7</lt></range>
- <range><gt>6.0</gt><lt>6.0_12</lt></range>
- <range><gt>5.5</gt><lt>5.5_5</lt></range>
- <range><gt>5.4</gt><lt>5.4_19</lt></range>
- <range><gt>5.3</gt><lt>5.3_34</lt></range>
+ <range><ge>6.1</ge><lt>6.1_7</lt></range>
+ <range><ge>6.0</ge><lt>6.0_12</lt></range>
+ <range><ge>5.5</ge><lt>5.5_5</lt></range>
+ <range><ge>5.4</ge><lt>5.4_19</lt></range>
+ <range><ge>5.3</ge><lt>5.3_34</lt></range>
<range><lt>4.11_22</lt></range>
- </system>
+ </package>
<package>
<name>gzip</name>
<range><lt>1.3.12</lt></range>
@@ -83941,7 +94851,7 @@
<dates>
<discovery>2006-09-19</discovery>
<entry>2006-12-19</entry>
- <modified>2007-06-05</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -83948,17 +94858,17 @@
<vuln vid="ef3306fc-8f9b-11db-ab33-000e0c2e438a">
<topic>bind9 -- Denial of Service in named(8)</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.1</gt><lt>6.1_6</lt></range>
- <range><gt>6.0</gt><lt>6.0_11</lt></range>
- <range><gt>5.5</gt><lt>5.5_4</lt></range>
- <range><gt>5.4</gt><lt>5.4_18</lt></range>
- <range><gt>5.0</gt><lt>5.3_33</lt></range>
- </system>
+ <range><ge>6.1</ge><lt>6.1_6</lt></range>
+ <range><ge>6.0</ge><lt>6.0_11</lt></range>
+ <range><ge>5.5</ge><lt>5.5_4</lt></range>
+ <range><ge>5.4</ge><lt>5.4_18</lt></range>
+ <range><ge>5.0</ge><lt>5.3_33</lt></range>
+ </package>
<package>
<name>bind9</name>
- <range><gt>9.0</gt><lt>9.3.2.1</lt></range>
+ <range><ge>9.0</ge><lt>9.3.2.1</lt></range>
</package>
</affects>
<description>
@@ -83997,6 +94907,7 @@
<dates>
<discovery>2006-09-06</discovery>
<entry>2006-12-19</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -84003,15 +94914,15 @@
<vuln vid="077c2dca-8f9a-11db-ab33-000e0c2e438a">
<topic>openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3)</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.1</gt><lt>6.1_6</lt></range>
- <range><gt>6.0</gt><lt>6.0_11</lt></range>
- <range><gt>5.5</gt><lt>5.5_4</lt></range>
- <range><gt>5.4</gt><lt>5.4_18</lt></range>
- <range><gt>5.3</gt><lt>5.3_33</lt></range>
+ <range><ge>6.1</ge><lt>6.1_6</lt></range>
+ <range><ge>6.0</ge><lt>6.0_11</lt></range>
+ <range><ge>5.5</ge><lt>5.5_4</lt></range>
+ <range><ge>5.4</ge><lt>5.4_18</lt></range>
+ <range><ge>5.3</ge><lt>5.3_33</lt></range>
<range><lt>4.11_21</lt></range>
- </system>
+ </package>
<package>
<name>openssl</name>
<range><gt>0.9.8</gt><lt>0.9.8c_9</lt></range>
@@ -84042,6 +94953,7 @@
<dates>
<discovery>2006-09-06</discovery>
<entry>2006-12-19</entry>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -86008,7 +96920,7 @@
<vuln vid="32db37a5-50c3-11db-acf3-000c6ec775d9">
<topic>openssh -- multiple vulnerabilities</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>6.1</ge><lt>6.1_10</lt></range>
<range><ge>6.0</ge><lt>6.0_15</lt></range>
@@ -86016,7 +96928,7 @@
<range><ge>5.4</ge><lt>5.4_22</lt></range>
<range><ge>5.0</ge><lt>5.3_37</lt></range>
<range><lt>4.11_25</lt></range>
- </system>
+ </package>
<package>
<name>openssh</name>
<range><lt>4.4,1</lt></range>
@@ -86938,7 +97850,7 @@
<vuln vid="c9d2e361-32fb-11db-a6e2-000e0c2e438a">
<topic>sppp -- buffer overflow vulnerability</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><lt>4.11_20</lt></range>
<range><ge>5.3</ge><lt>5.3_32</lt></range>
@@ -86946,7 +97858,7 @@
<range><ge>5.5</ge><lt>5.5_3</lt></range>
<range><ge>6.0</ge><lt>6.0_10</lt></range>
<range><ge>6.1</ge><lt>6.1_4</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -88259,7 +99171,7 @@
<vuln vid="c611be81-fbc2-11da-9156-000e0c2e438a">
<topic>sendmail -- Incorrect multipart message handling</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>4.11</ge><lt>4.11_19</lt></range>
<range><ge>5.3</ge><lt>5.3_31</lt></range>
@@ -88267,7 +99179,7 @@
<range><ge>5.5</ge><lt>5.5_2</lt></range>
<range><ge>6.0</ge><lt>6.0_9</lt></range>
<range><ge>6.1</ge><lt>6.1_2</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -88362,7 +99274,7 @@
<vuln vid="cf3b9a96-f7bb-11da-9156-000e0c2e438a">
<topic>smbfs -- chroot escape</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>4.10</ge><lt>4.10_24</lt></range>
<range><ge>4.11</ge><lt>4.11_18</lt></range>
@@ -88371,7 +99283,7 @@
<range><ge>5.5</ge><lt>5.5_1</lt></range>
<range><ge>6.0</ge><lt>6.0_8</lt></range>
<range><ge>6.1</ge><lt>6.1_1</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -88405,7 +99317,7 @@
<vuln vid="0ac1aace-f7b9-11da-9156-000e0c2e438a">
<topic>ypserv -- Inoperative access controls in ypserv</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.3</ge><lt>5.3_30</lt></range>
<range><ge>5.4</ge><lt>5.4_15</lt></range>
@@ -88412,7 +99324,7 @@
<range><ge>5.5</ge><lt>5.5_1</lt></range>
<range><ge>6.0</ge><lt>6.0_8</lt></range>
<range><ge>6.1</ge><lt>6.1_1</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -89663,16 +100575,16 @@
<vuln vid="1fa4c9f1-cfca-11da-a672-000e0c2e438a">
<topic>FreeBSD -- FPU information disclosure</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.0</gt><lt>6.0_7</lt></range>
- <range><gt>5.4</gt><lt>5.4_14</lt></range>
- <range><gt>5.3</gt><lt>5.3_29</lt></range>
- <range><gt>5</gt><lt>5.3</lt></range>
- <range><gt>4.11</gt><lt>4.11_17</lt></range>
- <range><gt>4.10</gt><lt>4.10_23</lt></range>
+ <range><ge>6.0</ge><lt>6.0_7</lt></range>
+ <range><ge>5.4</ge><lt>5.4_14</lt></range>
+ <range><ge>5.3</ge><lt>5.3_29</lt></range>
+ <range><ge>5</ge><lt>5.3</lt></range>
+ <range><ge>4.11</ge><lt>4.11_17</lt></range>
+ <range><ge>4.10</ge><lt>4.10_23</lt></range>
<range><lt>4.10</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -89709,7 +100621,7 @@
<dates>
<discovery>2006-04-19</discovery>
<entry>2006-04-19</entry>
- <modified>2006-06-09</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -90611,7 +101523,7 @@
<name>sendmail</name>
<range><gt>8.13</gt><lt>8.13.6</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>6.0</ge><lt>6.0_6</lt></range>
<range><ge>5.4</ge><lt>5.4_13</lt></range>
@@ -90618,7 +101530,7 @@
<range><ge>5.3</ge><lt>5.3_28</lt></range>
<range><ge>4.11</ge><lt>4.11_16</lt></range>
<range><ge>4.10</ge><lt>4.10_22</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -90648,7 +101560,7 @@
<vuln vid="e93bc5b0-bb2e-11da-b2fb-000e0c2e438a">
<topic>OPIE -- arbitrary password change</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>6.0</ge><lt>6.0_6</lt></range>
<range><ge>5.4</ge><lt>5.4_13</lt></range>
@@ -90655,7 +101567,7 @@
<range><ge>5.3</ge><lt>5.3_28</lt></range>
<range><ge>4.11</ge><lt>4.11_16</lt></range>
<range><ge>4.10</ge><lt>4.10_22</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -90699,7 +101611,7 @@
<vuln vid="e50a7476-bb2d-11da-b2fb-000e0c2e438a">
<topic>ipsec -- reply attack vulnerability</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>6.0</ge><lt>6.0_6</lt></range>
<range><ge>5.4</ge><lt>5.4_13</lt></range>
@@ -90706,7 +101618,7 @@
<range><ge>5.3</ge><lt>5.3_28</lt></range>
<range><ge>4.11</ge><lt>4.11_16</lt></range>
<range><ge>4.10</ge><lt>4.10_22</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -90980,14 +101892,14 @@
<vuln vid="6111ecb8-b20d-11da-b2fb-000e0c2e438a">
<topic>nfs -- remote denial of service</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.0</gt><lt>6.0_5</lt></range>
- <range><gt>5.4</gt><lt>5.4_12</lt></range>
- <range><gt>5.3</gt><lt>5.3_27</lt></range>
- <range><gt>4.11</gt><lt>4.11_15</lt></range>
- <range><gt>4.10</gt><lt>4.10_21</lt></range>
- </system>
+ <range><ge>6.0</ge><lt>6.0_5</lt></range>
+ <range><ge>5.4</ge><lt>5.4_12</lt></range>
+ <range><ge>5.3</ge><lt>5.3_27</lt></range>
+ <range><ge>4.11</ge><lt>4.11_15</lt></range>
+ <range><ge>4.10</ge><lt>4.10_21</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -91025,7 +101937,7 @@
<dates>
<discovery>2006-03-01</discovery>
<entry>2006-03-12</entry>
- <modified>2006-06-09</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -91032,11 +101944,11 @@
<vuln vid="6a308e8e-b1b4-11da-b2fb-000e0c2e438a">
<topic>openssh -- remote denial of service</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>5.4</gt><lt>5.4_12</lt></range>
- <range><gt>5.3</gt><lt>5.3_27</lt></range>
- </system>
+ <range><ge>5.4</ge><lt>5.4_12</lt></range>
+ <range><ge>5.3</ge><lt>5.3_27</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -91097,7 +102009,7 @@
<dates>
<discovery>2006-03-01</discovery>
<entry>2006-03-12</entry>
- <modified>2006-06-09</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -91856,11 +102768,11 @@
<vuln vid="dfb71c00-9d44-11da-8c1d-000e0c2e438a">
<topic>FreeBSD -- Infinite loop in SACK handling</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>5.4</gt><lt>5.4_11</lt></range>
- <range><gt>5.3</gt><lt>5.3_26</lt></range>
- </system>
+ <range><ge>5.4</ge><lt>5.4_11</lt></range>
+ <range><ge>5.3</ge><lt>5.3_26</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -91886,7 +102798,7 @@
<dates>
<discovery>2006-02-01</discovery>
<entry>2006-02-14</entry>
- <modified>2006-06-09</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -91893,12 +102805,12 @@
<vuln vid="52ba7713-9d42-11da-8c1d-000e0c2e438a">
<topic>pf -- IP fragment handling panic</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.0</gt><lt>6.0_4</lt></range>
- <range><gt>5.4</gt><lt>5.4_10</lt></range>
- <range><gt>5.3</gt><lt>5.3_25</lt></range>
- </system>
+ <range><ge>6.0</ge><lt>6.0_4</lt></range>
+ <range><ge>5.4</ge><lt>5.4_10</lt></range>
+ <range><ge>5.3</ge><lt>5.3_25</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -91928,7 +102840,7 @@
<dates>
<discovery>2006-01-25</discovery>
<entry>2006-02-14</entry>
- <modified>2006-06-09</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -91935,10 +102847,10 @@
<vuln vid="7a4f2aca-9d40-11da-8c1d-000e0c2e438a">
<topic>FreeBSD -- Local kernel memory disclosure</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.0</gt><lt>6.0_4</lt></range>
- </system>
+ <range><ge>6.0</ge><lt>6.0_4</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -91967,7 +102879,7 @@
<dates>
<discovery>2006-01-25</discovery>
<entry>2006-02-14</entry>
- <modified>2006-06-09</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -91974,10 +102886,10 @@
<vuln vid="dade3316-9d31-11da-8c1d-000e0c2e438a">
<topic>IEEE 802.11 -- buffer overflow</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.0</gt><lt>6.0_3</lt></range>
- </system>
+ <range><ge>6.0</ge><lt>6.0_3</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -92003,7 +102915,7 @@
<dates>
<discovery>2006-01-18</discovery>
<entry>2006-02-14</entry>
- <modified>2006-06-09</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -92010,10 +102922,10 @@
<vuln vid="d7c1d00d-9d2e-11da-8c1d-000e0c2e438a">
<topic>ipfw -- IP fragment denial of service</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><gt>6.0</gt><lt>6.0_2</lt></range>
- </system>
+ <range><ge>6.0</ge><lt>6.0_2</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -92040,7 +102952,7 @@
<dates>
<discovery>2006-01-11</discovery>
<entry>2006-02-14</entry>
- <modified>2006-06-09</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -92088,7 +103000,7 @@
<vuln vid="6b0215ae-8f26-11da-8c1d-000e0c2e438a">
<topic>cpio -- multiple vulnerabilities</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>6.0</ge><lt>6.0_2</lt></range>
<range><ge>5.4</ge><lt>5.4_9</lt></range>
@@ -92095,7 +103007,7 @@
<range><ge>5.3</ge><lt>5.3_24</lt></range>
<range><ge>4.11</ge><lt>4.11_14</lt></range>
<range><ge>4.10</ge><lt>4.10_20</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -92144,7 +103056,7 @@
<vuln vid="726dd9bd-8f25-11da-8c1d-000e0c2e438a">
<topic>ee -- temporary file privilege escalation</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>6.0</ge><lt>6.0_2</lt></range>
<range><ge>5.4</ge><lt>5.4_9</lt></range>
@@ -92151,7 +103063,7 @@
<range><ge>5.3</ge><lt>5.3_24</lt></range>
<range><ge>4.11</ge><lt>4.11_14</lt></range>
<range><ge>4.10</ge><lt>4.10_20</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -92188,7 +103100,7 @@
<vuln vid="c01a25f5-8f20-11da-8c1d-000e0c2e438a">
<topic>texindex -- temporary file privilege escalation</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>6.0</ge><lt>6.0_2</lt></range>
<range><ge>5.4</ge><lt>5.4_9</lt></range>
@@ -92195,7 +103107,7 @@
<range><ge>5.3</ge><lt>5.3_24</lt></range>
<range><ge>4.11</ge><lt>4.11_14</lt></range>
<range><ge>4.10</ge><lt>4.10_20</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -92230,13 +103142,13 @@
<vuln vid="c5c17ead-8f23-11da-8c1d-000e0c2e438a">
<topic>cvsbug -- race condition</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.4</ge><lt>5.4_7</lt></range>
<range><ge>5.3</ge><lt>5.3_22</lt></range>
<range><ge>4.11</ge><lt>4.11_12</lt></range>
<range><ge>4.10</ge><lt>4.10_18</lt></range>
- </system>
+ </package>
<package>
<name>cvs+ipv6</name>
<range><lt>1.11.17_1</lt></range>
@@ -94085,13 +104997,13 @@
<name>compat5x-sparc64</name>
<range><lt>5.4.0.8</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
<range><lt>4.10_19</lt></range>
<range><ge>4.11</ge><lt>4.11_13</lt></range>
<range><ge>5.3</ge><lt>5.3_23</lt></range>
<range><ge>5.4</ge><lt>5.4_8</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -94992,10 +105904,10 @@
<name>bind9</name>
<range><eq>9.3.0</eq></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.3</ge><lt>5.3_16</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -95883,11 +106795,11 @@
<vuln vid="2b6e47b1-0598-11da-86bc-000e0c2e438a">
<topic>ipsec -- Incorrect key usage in AES-XCBC-MAC</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.4</ge><lt>5.4_6</lt></range>
<range><ge>5.*</ge><lt>5.3_20</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -95923,11 +106835,11 @@
<name>linux_base-suse</name>
<range><lt>9.3_1</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.4</ge><lt>5.4_6</lt></range>
<range><ge>5.3</ge><lt>5.3_20</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -95958,11 +106870,11 @@
<vuln vid="7257b26f-0597-11da-86bc-000e0c2e438a">
<topic>devfs -- ruleset bypass</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.4</ge><lt>5.4_5</lt></range>
<range><ge>5.*</ge><lt>5.3_19</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -97412,11 +108324,11 @@
<name>zsync</name>
<range><lt>0.4.1</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.4</ge><lt>5.4_4</lt></range>
<range><ge>5.3</ge><lt>5.3_18</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -97710,10 +108622,10 @@
<vuln vid="f70f8860-e8ee-11d9-b875-0001020eed82">
<topic>kernel -- ipfw packet matching errors with address tables</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.4</ge><lt>5.4_3</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -97756,13 +108668,13 @@
<vuln vid="197f444f-e8ef-11d9-b875-0001020eed82">
<topic>bzip2 -- denial of service and permission race vulnerabilities</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.4</ge><lt>5.4_3</lt></range>
- <range><ge>5.*</ge><lt>5.3_17</lt></range>
+ <range><ge>5.0</ge><lt>5.3_17</lt></range>
<range><ge>4.11</ge><lt>4.11_11</lt></range>
<range><lt>4.10_16</lt></range>
- </system>
+ </package>
<package>
<name>bzip2</name>
<range><lt>1.0.3_1</lt></range>
@@ -97802,7 +108714,7 @@
<dates>
<discovery>2005-03-30</discovery>
<entry>2005-06-29</entry>
- <modified>2005-07-06</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -97809,13 +108721,13 @@
<vuln vid="3ec8f43b-e8ef-11d9-b875-0001020eed82">
<topic>kernel -- TCP connection stall denial of service</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.4</ge><lt>5.4_3</lt></range>
- <range><ge>5.*</ge><lt>5.3_17</lt></range>
+ <range><ge>5.0</ge><lt>5.3_17</lt></range>
<range><ge>4.11</ge><lt>4.11_11</lt></range>
<range><lt>4.10_16</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -97850,7 +108762,7 @@
<dates>
<discovery>2005-06-29</discovery>
<entry>2005-06-29</entry>
- <modified>2005-07-06</modified>
+ <modified>2016-08-09</modified>
</dates>
</vuln>
@@ -98427,7 +109339,7 @@
<vuln vid="63bd4bad-dffe-11d9-b875-0001020eed82">
<topic>gzip -- directory traversal and permission race vulnerabilities</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.4</ge><lt>5.4_2</lt></range>
<range><ge>5.0</ge><lt>5.3_16</lt></range>
@@ -98435,7 +109347,7 @@
<range><ge>4.10</ge><lt>4.10_15</lt></range>
<range><ge>4.9</ge><lt>4.9_18</lt></range>
<range><lt>4.8_33</lt></range>
- </system>
+ </package>
<package>
<name>gzip</name>
<range><lt>1.3.5_2</lt></range>
@@ -98483,11 +109395,11 @@
<vuln vid="9fae0f1f-df82-11d9-b875-0001020eed82">
<topic>tcpdump -- infinite loops in protocol decoding</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.4</ge><lt>5.4_2</lt></range>
<range><ge>5.3</ge><lt>5.3_16</lt></range>
- </system>
+ </package>
<package>
<name>tcpdump</name>
<range><lt>3.8.3_2</lt></range>
@@ -99532,13 +110444,13 @@
<vuln vid="180e9a38-060f-4c16-a6b7-49f3505ff22a">
<topic>kernel -- information disclosure when using HTT</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.4</ge><lt>5.4_1</lt></range>
<range><ge>5.0</ge><lt>5.3_15</lt></range>
<range><ge>4.11</ge><lt>4.11_9</lt></range>
<range><lt>4.10_14</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -106928,7 +117840,7 @@
<vuln vid="759b8dfe-3972-11d9-a9e7-0001020eed82">
<topic>Overflow error in fetch</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.3</ge><lt>5.3_1</lt></range>
<range><ge>5.2.1</ge><lt>5.2.1_12</lt></range>
@@ -106938,7 +117850,7 @@
<range><ge>4.9</ge><lt>4.9_13</lt></range>
<range><ge>4.8</ge><lt>4.8_26</lt></range>
<range><lt>4.7_28</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -109074,10 +119986,10 @@
<vuln vid="67710833-1626-11d9-bc4a-000c41e2cdad">
<topic>Boundary checking errors in syscons</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.0</ge><lt>5.2.1_11</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -110163,13 +121075,13 @@
<name>cvs+ipv6</name>
<range><lt>1.11.17</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.2</ge><lt>5.2.1_10</lt></range>
<range><ge>4.10</ge><lt>4.10_3</lt></range>
<range><ge>4.9</ge><lt>4.9_12</lt></range>
<range><ge>4.8</ge><lt>4.8_25</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -111007,10 +121919,10 @@
<name>lukemftpd</name>
<range><ge>0</ge></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><ge>4.7</ge></range>
- </system>
+ <range><le>4.7</le></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -111044,7 +121956,7 @@
<dates>
<discovery>2004-08-17</discovery>
<entry>2004-08-17</entry>
- <modified>2004-08-28</modified>
+ <modified>2016-08-11</modified>
</dates>
</vuln>
@@ -112381,11 +123293,11 @@
<vuln vid="8ecaaca2-cc07-11d8-858d-000d610a3b12">
<topic>Linux binary compatibility mode input validation error</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>4.9</ge><lt>4.9_10</lt></range>
<range><ge>4.8</ge><lt>4.8_23</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -112909,11 +123821,11 @@
<vuln vid="fb5e227e-b8c6-11d8-b88c-000d610a3b12">
<topic>jailed processes can manipulate host routing tables</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>4.9</ge><lt>4.9_10</lt></range>
<range><ge>4.8</ge><lt>4.8_23</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -112941,12 +123853,12 @@
<vuln vid="1db1ed59-af07-11d8-acb9-000d610a3b12">
<topic>buffer cache invalidation implementation issues</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.0</ge><lt>5.2_8</lt></range>
<range><ge>4.9</ge><lt>4.9_9</lt></range>
<range><ge>4.0</ge><lt>4.8_22</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -113132,7 +124044,7 @@
<vuln vid="f93be979-a992-11d8-aecc-000d610a3b12">
<topic>cvs pserver remote heap buffer overflow</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.2</ge><lt>5.2_7</lt></range>
<range><ge>5.1</ge><lt>5.1_17</lt></range>
@@ -113140,7 +124052,7 @@
<range><ge>4.9</ge><lt>4.9_8</lt></range>
<range><ge>4.8</ge><lt>4.8_21</lt></range>
<range><ge>4.0</ge><lt>4.7_27</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -113385,11 +124297,11 @@
<name>heimdal</name>
<range><lt>0.6.1_1</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>4.9</ge><lt>4.9_7</lt></range>
<range><ge>4.0</ge><lt>4.8_20</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -113428,12 +124340,12 @@
<name>cvs+ipv6</name>
<range><le>1.11.5_1</le></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.2</ge><lt>5.2.1_5</lt></range>
<range><ge>4.9</ge><lt>4.9_5</lt></range>
<range><ge>4.8</ge><lt>4.8_18</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -113470,11 +124382,11 @@
<vuln vid="7229d900-88af-11d8-90d1-0020ed76ef5a">
<topic>mksnap_ffs clears file system options</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.2</ge><lt>5.2_1</lt></range>
<range><ge>5.1</ge><lt>5.1_12</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -113514,7 +124426,7 @@
<vuln vid="f95a9005-88ae-11d8-90d1-0020ed76ef5a">
<topic>shmat reference counting bug</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.2</ge><lt>5.2_2</lt></range>
<range><ge>5.1</ge><lt>5.1_14</lt></range>
@@ -113522,7 +124434,7 @@
<range><ge>4.9</ge><lt>4.9_2</lt></range>
<range><ge>4.8</ge><lt>4.8_15</lt></range>
<range><lt>4.7_25</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -113552,11 +124464,11 @@
<vuln vid="9082a85a-88ae-11d8-90d1-0020ed76ef5a">
<topic>jailed processes can attach to other jails</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.1</ge><lt>5.1_14</lt></range>
<range><ge>5.2</ge><lt>5.2.1</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -113586,7 +124498,7 @@
<vuln vid="e289f7fd-88ac-11d8-90d1-0020ed76ef5a">
<topic>many out-of-sequence TCP packets denial-of-service</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.2</ge><lt>5.2.1_2</lt></range>
<range><ge>5.0</ge><lt>5.1_15</lt></range>
@@ -113593,7 +124505,7 @@
<range><ge>4.9</ge><lt>4.9_3</lt></range>
<range><ge>4.8</ge><lt>4.8_16</lt></range>
<range><lt>4.7_26</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -113622,10 +124534,10 @@
<vuln vid="2c6acefd-8194-11d8-9645-0020ed76ef5a">
<topic>setsockopt(2) IPv6 sockets input validation error</topic>
<affects>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.2</ge><lt>5.2.1_4</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -113661,13 +124573,13 @@
<name>openssl-beta</name>
<range><lt>0.9.7d</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>4.0</ge><lt>4.8_17</lt></range>
<range><ge>4.9</ge><lt>4.9_4</lt></range>
<range><ge>5.0</ge><lt>5.1_16</lt></range>
<range><ge>5.2</ge><lt>5.2.1_3</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -113697,7 +124609,7 @@
<range><ge>8.3</ge><lt>8.3.7</lt></range>
<range><ge>8.4</ge><lt>8.4.3</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.1</ge><lt>5.1_11</lt></range>
<range><ge>5.0</ge><lt>5.0_19</lt></range>
@@ -113707,7 +124619,7 @@
<range><ge>4.6</ge><lt>4.6.2_27</lt></range>
<range><ge>4.5</ge><lt>4.5_37</lt></range>
<range><lt>4.4_47</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -113740,12 +124652,12 @@
<name>heimdal</name>
<range><lt>0.6.1</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
<range><ge>5.0</ge><lt>5.2_6</lt></range>
<range><ge>4.9</ge><lt>4.9_6</lt></range>
<range><ge>4.0</ge><lt>4.8_19</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -113943,31 +124855,7 @@
</vuln>
<vuln vid="c7705712-92e6-11d8-8b29-0020ed76ef5a">
- <topic>TCP denial-of-service attacks against long lived connections</topic>
- <affects>
- <system>
- <name>FreeBSD</name>
- <range><ge>0</ge></range>
- </system>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p><a href="http://www.niscc.gov.uk/">NISCC</a> /
- <a href="http://www.uniras.gov.uk/">UNIRAS</a> has published
- an advisory that re-visits the long discussed spoofed TCP RST
- denial-of-service vulnerability. This new look emphasizes
- the fact that for some applications such attacks are
- practically feasible.</p>
- </body>
- </description>
- <references>
- <cvename>CVE-2004-0230</cvename>
- <url>http://www.uniras.gov.uk/vuls/2004/236929/index.htm</url>
- </references>
- <dates>
- <discovery>1995-06-01</discovery>
- <entry>2004-04-23</entry>
- </dates>
+ <cancelled superseded="729c4a9f-6007-11e6-a6c3-14dae9d210b8"/>
</vuln>
<vuln vid="99230277-8fb4-11d8-8b29-0020ed76ef5a">
@@ -114087,10 +124975,10 @@
<name>racoon</name>
<range><lt>20040408a</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
- <range><ge>0</ge></range>
- </system>
+ <range><lt>5.2.1</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -114114,7 +125002,7 @@
<dates>
<discovery>2004-03-12</discovery>
<entry>2004-03-31</entry>
- <modified>2004-04-14</modified>
+ <modified>2016-08-11</modified>
</dates>
</vuln>
@@ -115517,10 +126405,10 @@
<name>tcpdump</name>
<range><lt>3.8.1_351</lt></range>
</package>
- <system>
+ <package>
<name>FreeBSD</name>
<range><lt>5.2.1</lt></range>
- </system>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
More information about the Midnightbsd-cvs
mailing list