Vulnerabilities > CVE-2019-15903 - XML Entity Expansion vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0302-1.NASL description This update for python36 to version 3.6.10 fixes the following issues : CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ signs (bsc#1149955). CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133448 published 2020-02-04 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133448 title SUSE SLES12 Security Update : python36 (SUSE-SU-2020:0302-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2020:0302-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(133448); script_version("1.2"); script_cvs_date("Date: 2020/02/06"); script_cve_id("CVE-2017-18207", "CVE-2018-1000802", "CVE-2018-1060", "CVE-2018-20852", "CVE-2019-10160", "CVE-2019-15903", "CVE-2019-16056", "CVE-2019-5010", "CVE-2019-9636", "CVE-2019-9947"); script_name(english:"SUSE SLES12 Security Update : python36 (SUSE-SU-2020:0302-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for python36 to version 3.6.10 fixes the following issues : CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ signs (bsc#1149955). CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1027282" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1029377" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1081750" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083507" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1086001" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1088009" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1094814" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1109663" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137942" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1138459" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1141853" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1149121" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1149429" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1149792" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1149955" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1151490" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1159035" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1159622" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=709442" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=951166" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=983582" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-18207/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1000802/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1060/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-20852/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-10160/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-15903/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-16056/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-5010/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9636/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9947/" ); # https://www.suse.com/support/update/announcement/2020/suse-su-20200302-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?68a41617" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 12-SP5 : zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-302=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_6m1_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_6m1_0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python36"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python36-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python36-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python36-base-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python36-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python36-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/01"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"5", reference:"libpython3_6m1_0-3.6.10-4.3.5")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"libpython3_6m1_0-debuginfo-3.6.10-4.3.5")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"python36-3.6.10-4.3.5")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"python36-base-3.6.10-4.3.5")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"python36-base-debuginfo-3.6.10-4.3.5")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"python36-base-debugsource-3.6.10-4.3.5")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"python36-debuginfo-3.6.10-4.3.5")) flag++; if (rpm_check(release:"SLES12", sp:"5", reference:"python36-debugsource-3.6.10-4.3.5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python36"); }NASL family MacOS X Local Security Checks NASL id MACOS_HT210788.NASL description The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6 Security Update 2019-007, 10.14.x prior to 10.14.6 Security Update 2019-002, or 10.15.x prior to 10.15.2. It is, therefore, affected by multiple vulnerabilities : - slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. (CVE-2012-1164) - libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information. (CVE-2012-2668) - The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. (CVE-2013-4449) - The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. (CVE-2015-1545) - tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. (CVE-2017-16808) - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103) - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). (CVE-2018-10105) - The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). (CVE-2018-14461) - The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). (CVE-2018-14462) - The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print(). (CVE-2018-14463) - The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). (CVE-2018-14464) - The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). (CVE-2018-14465) - The Rx parser in tcpdump before 4.9.3 has a buffer over- read in print-rx.c:rx_cache_find() and rx_cache_insert(). (CVE-2018-14466) - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). (CVE-2018-14467) - The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). (CVE-2018-14468) - The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). (CVE-2018-14469) - The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2(). (CVE-2018-14470) - The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). (CVE-2018-14879) - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). (CVE-2018-14880) - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). (CVE-2018-14881) - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882) - The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. (CVE-2018-16227) - The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). (CVE-2018-16228) - The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). (CVE-2018-16229) - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). (CVE-2018-16230) - The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. (CVE-2018-16300) - libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer overflow and/or over-read because of errors in pcapng reading. (CVE-2018-16301) - The SMB parser in tcpdump before 4.9.3 has buffer over- reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. (CVE-2018-16451) - The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. (CVE-2018-16452) - An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.) (CVE-2019-13057) - An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user. (CVE-2019-13565) - rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request. (CVE-2019-15161) - rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames. (CVE-2019-15162) - rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails. (CVE-2019-15163) - rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source. (CVE-2019-15164) - sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. (CVE-2019-15165) - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. (CVE-2019-15166) - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. (CVE-2019-15903) Note that Nessus has not tested for this issue but has instead relied only on the operating system last seen 2020-06-01 modified 2020-06-02 plugin id 131957 published 2019-12-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131957 title macOS 10.15.x < 10.15.2 / 10.14.x < 10.14.6 Security Update 2019-002 / 10.13.x < 10.13.6 Security Update 2019-007 NASL family MacOS X Local Security Checks NASL id MACOS_THUNDERBIRD_68_2.NASL description The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 68.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-35 advisory. - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. (CVE-2019-15903) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 130364 published 2019-10-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130364 title Mozilla Thunderbird < 68.2 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4530.NASL description It was discovered that Expat, an XML parsing C library, did not properly handled internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed. last seen 2020-06-01 modified 2020-06-02 plugin id 129108 published 2019-09-23 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129108 title Debian DSA-4530-1 : expat - security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2103.NASL description According to the version of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.(CVE-2019-15903) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-11-12 plugin id 130812 published 2019-11-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130812 title EulerOS 2.0 SP8 : expat (EulerOS-SA-2019-2103) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0215_THUNDERBIRD.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. (CVE-2019-15903) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 131405 published 2019-12-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131405 title NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0215) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2204.NASL description This update for expat fixes the following issues : Security issues fixed : - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 129456 published 2019-09-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129456 title openSUSE Security Update : expat (openSUSE-2019-2204) NASL family Windows NASL id MOZILLA_THUNDERBIRD_68_2.NASL description The version of Thunderbird installed on the remote Windows host is prior to 68.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-35 advisory. - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. (CVE-2019-15903) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 130365 published 2019-10-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130365 title Mozilla Thunderbird < 68.2 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-3756.NASL description An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-31 modified 2019-11-14 plugin id 130977 published 2019-11-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130977 title CentOS 6 : thunderbird (CESA-2019:3756) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-3237.NASL description From Red Hat Security Advisory 2019:3237 : An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-31 modified 2019-10-31 plugin id 130415 published 2019-10-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130415 title Oracle Linux 8 : thunderbird (ELSA-2019-3237) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2433.NASL description According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.(CVE-2019-15903) - An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.(CVE-2016-9063) - XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.(CVE-2017-9233) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-04 plugin id 131587 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131587 title EulerOS 2.0 SP2 : expat (EulerOS-SA-2019-2433) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-3210.NASL description From Red Hat Security Advisory 2019:3210 : An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-31 modified 2019-10-31 plugin id 130414 published 2019-10-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130414 title Oracle Linux 7 : thunderbird (ELSA-2019-3210) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2019-293-01.NASL description New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 130079 published 2019-10-21 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130079 title Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2019-293-01) NASL family Fedora Local Security Checks NASL id FEDORA_2019-613EDFE68B.NASL description This update of `expat` fixes the following security issue : - **CVE-2019-15903** -- Fix heap overflow triggered by `XML_GetCurrentLineNumber` (or `XML_GetCurrentColumnNumber`), and deny internal entities closing the doctype The following bug fixes are also included : - Fix cases where `XML_StopParser` did not have any effect when called from inside of an end element handler - xmlwf: Fix exit code for operation without last seen 2020-06-01 modified 2020-06-02 plugin id 129620 published 2019-10-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129620 title Fedora 31 : expat (2019-613edfe68b) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_9B7491FBF25311E9A50C000C29C4DC65.NASL description Python changelog : bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML. bpo-38174: Update vendorized expat library version to 2.2.8, which resolves CVE-2019-15903. bpo-37764: Fixes email._header_value_parser.get_unstructured going into an infinite loop for a specific case in which the email header does not have trailing whitespace, and the case in which it contains an invalid encoded word. bpo-37461: Fix an infinite loop when parsing specially crafted email headers. bpo-34155: Fix parsing of invalid email addresses with more than one @ (e.g. a@[email protected].) to not return the part before 2nd @ as valid email address. last seen 2020-06-01 modified 2020-06-02 plugin id 130077 published 2019-10-21 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130077 title FreeBSD : python 3.7 -- multiple vulnerabilities (9b7491fb-f253-11e9-a50c-000c29c4dc65) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2019-295-01.NASL description New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 130158 published 2019-10-23 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130158 title Slackware 14.2 / current : mozilla-firefox (SSA:2019-295-01) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-3193.NASL description From Red Hat Security Advisory 2019:3193 : An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-31 modified 2019-10-24 plugin id 130184 published 2019-10-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130184 title Oracle Linux 7 : firefox (ELSA-2019-3193) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2871-1.NASL description This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues : Changes in MozillaFirefox : Security issues fixed : CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). CVE-2019-11759: Fixed a stack-based buffer overflow in HKDF output (bsc#1154738). CVE-2019-11760: Fixed a stack-based buffer overflow in WebRTC networking (bsc#1154738). CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Non-security issues fixed: Added Provides-line for translations-common (bsc#1153423) . Moved some settings from branding-package here (bsc#1153869). Disabled DoH by default. Changes in MozillaFirefox-branding-SLE: Moved extensions preferences to core package (bsc#1153869). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 130449 published 2019-11-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130449 title SUSE SLED15 / SLES15 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2019:2871-1) NASL family Scientific Linux Local Security Checks NASL id SL_20191029_THUNDERBIRD_ON_SL7_X.NASL description This update upgrades Thunderbird to version 68.2.0. Security Fix(es) : - Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) - Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) - Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) - Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) - Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) - Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) - Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) - Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) - expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) last seen 2020-05-31 modified 2019-10-30 plugin id 130386 published 2019-10-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130386 title Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20191029) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4165-1.NASL description Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, bypass content security policy (CSP) protections, or execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 130200 published 2019-10-24 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130200 title Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : firefox vulnerabilities (USN-4165-1) NASL family Misc. NASL id APPLETV_13_3.NASL description According to its banner, the version of Apple TV on the remote device is prior to 13.3. It is therefore affected by multiple vulnerabilities as described in the HT210790 last seen 2020-06-01 modified 2020-06-02 plugin id 132045 published 2019-12-13 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132045 title Apple TV < 13.3 Multiple Vulnerabilities NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2145.NASL description According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.(CVE-2016-9063) - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.(CVE-2019-15903) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-11-12 plugin id 130854 published 2019-11-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130854 title EulerOS 2.0 SP5 : expat (EulerOS-SA-2019-2145) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1987.NASL description Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, cross-site scripting or denial of service. Debian follows the extended support releases (ESR) of Firefox. Support for the 60.x series has ended, so starting with this update we last seen 2020-06-01 modified 2020-06-02 plugin id 130772 published 2019-11-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130772 title Debian DLA-1987-1 : firefox-esr security update NASL family Fedora Local Security Checks NASL id FEDORA_2019-672AE0F060.NASL description This update of `expat` fixes the following security issue : - **CVE-2019-15903** -- Fix heap overflow triggered by `XML_GetCurrentLineNumber` (or `XML_GetCurrentColumnNumber`), and deny internal entities closing the doctype The following bug fixes are also included : - Fix cases where `XML_StopParser` did not have any effect when called from inside of an end element handler - xmlwf: Fix exit code for operation without last seen 2020-06-01 modified 2020-06-02 plugin id 129511 published 2019-10-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129511 title Fedora 29 : expat (2019-672ae0f060) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2440-1.NASL description This update for expat fixes the following issues : Security issue fixed : CVE-2019-15903: Fixed a heap-based buffer over-read caused by crafted XML documents. (bsc#1149429) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129288 published 2019-09-24 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129288 title SUSE SLED12 / SLES12 Security Update : expat (SUSE-SU-2019:2440-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2872-1.NASL description This update for MozillaFirefox to 68.2.0 ESR fixes the following issues : Mozilla Firefox was updated to version 68.2.0 ESR (bsc#1154738). Security issues fixed : CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). CVE-2019-11759: Fixed a stack-based buffer overflow in HKDF output (bsc#1154738). CVE-2019-11760: Fixed a stack-based buffer overflow in WebRTC networking (bsc#1154738). CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Non-security issues fixed: Firefox 60.7 ESR changed the user interface language (bsc#1137990). Wrong Firefox GUI Language (bsc#1120374). Fixed an inadvertent crash report transmission without user opt-in (bsc#1074235). Firefox hangs randomly when browsing and scrolling (bsc#1043008). Firefox stops loading page until mouse is moved (bsc#1025108). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 130450 published 2019-11-01 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130450 title SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:2872-1) NASL family Windows NASL id MOZILLA_FIREFOX_70_0.NASL description The version of Firefox installed on the remote Windows host is prior to 70.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-34 advisory, including the following: - Incorrect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (CVE-2018-6156) - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. (CVE-2019-15903) - When storing a value in IndexedDB, the value last seen 2020-06-01 modified 2020-06-02 plugin id 130170 published 2019-10-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130170 title Mozilla Firefox < 70.0 Multiple Vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4202-2.NASL description USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading, Thunderbird created a new profile for some users. This update fixes the problem. We apologize for the inconvenience. Original advisory details : It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764) A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-15903). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 132011 published 2019-12-12 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132011 title Ubuntu 18.04 LTS / 19.10 : thunderbird regression (USN-4202-2) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4132-1.NASL description It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128874 published 2019-09-16 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128874 title Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : expat vulnerability (USN-4132-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1075.NASL description According to the version of the expat packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.(CVE-2019-15903) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 132829 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132829 title EulerOS Virtualization for ARM 64 3.0.5.0 : expat (EulerOS-SA-2020-1075) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3210.NASL description An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-31 modified 2019-10-30 plugin id 130371 published 2019-10-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130371 title RHEL 7 : thunderbird (RHSA-2019:3210) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2020-0003_THUNDERBIRD.NASL description The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. (CVE-2019-15903) - When following the value last seen 2020-06-01 modified 2020-06-02 plugin id 133071 published 2020-01-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133071 title NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0003) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-3193.NASL description An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-03-17 modified 2019-11-01 plugin id 130434 published 2019-11-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130434 title CentOS 7 : firefox (CESA-2019:3193) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-3210.NASL description An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-31 modified 2019-11-01 plugin id 130436 published 2019-11-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130436 title CentOS 7 : thunderbird (CESA-2019:3210) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4335-1.NASL description Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6825) It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745) It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755) A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-15903) It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792) Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795, CVE-2020-6822) It was discovered that if a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2020-6794) It was discovered that the Devtools last seen 2020-05-08 modified 2020-04-22 plugin id 135896 published 2020-04-22 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135896 title Ubuntu 16.04 LTS : thunderbird vulnerabilities (USN-4335-1) NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_78_0_3904_70.NASL description The version of Google Chrome installed on the remote macOS host is prior to 78.0.3904.70. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_10_stable-channel-update-for-desktop_22 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 130274 published 2019-10-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130274 title Google Chrome < 78.0.3904.70 Multiple Vulnerabilities NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1445.NASL description According to the versions of the expat packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.(CVE-2017-9233) - An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.(CVE-2016-9063) - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.(CVE-2019-15903) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-30 modified 2020-04-16 plugin id 135607 published 2020-04-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135607 title EulerOS Virtualization 3.0.2.2 : expat (EulerOS-SA-2020-1445) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-3196.NASL description From Red Hat Security Advisory 2019:3196 : An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-31 modified 2019-10-25 plugin id 130247 published 2019-10-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130247 title Oracle Linux 8 : firefox (ELSA-2019-3196) NASL family Scientific Linux Local Security Checks NASL id SL_20191106_THUNDERBIRD_ON_SL6_X.NASL description This update upgrades Thunderbird to version 68.2.0. Security Fix(es) : - Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) - Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) - Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) - Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) - Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) - Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) - Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) - Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) - expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) last seen 2020-05-31 modified 2019-11-08 plugin id 130750 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130750 title Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20191106) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2420.NASL description This update for chromium, re2 fixes the following issues : Chromium was updated to 78.0.3904.70 boo#1154806 : - CVE-2019-13699: Use-after-free in media - CVE-2019-13700: Buffer overrun in Blink - CVE-2019-13701: URL spoof in navigation - CVE-2019-13702: Privilege elevation in Installer - CVE-2019-13703: URL bar spoofing - CVE-2019-13704: CSP bypass - CVE-2019-13705: Extension permission bypass - CVE-2019-13706: Out-of-bounds read in PDFium - CVE-2019-13707: File storage disclosure - CVE-2019-13708: HTTP authentication spoof - CVE-2019-13709: File download protection bypass - CVE-2019-13710: File download protection bypass - CVE-2019-13711: Cross-context information leak - CVE-2019-15903: Buffer overflow in expat - CVE-2019-13713: Cross-origin data leak - CVE-2019-13714: CSS injection - CVE-2019-13715: Address bar spoofing - CVE-2019-13716: Service worker state error - CVE-2019-13717: Notification obscured - CVE-2019-13718: IDN spoof - CVE-2019-13719: Notification obscured - Various fixes from internal audits, fuzzing and other initiatives - Use internal resources for icon and appdata last seen 2020-05-31 modified 2019-11-04 plugin id 130500 published 2019-11-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130500 title openSUSE Security Update : chromium / re2 (openSUSE-2019-2420) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1376.NASL description Several memory safety bugs were discovered in Mozilla Firefox and Thunderbird. Memory corruption and arbitrary code execution are possible with these vulnerabilities. These bugs can be exploited over the network.(CVE-2019-11764) A flaw was discovered in both Firefox and Thunderbird where 4 bytes of a HMAC output could be written past the end of a buffer stored on the memory stack. This could allow an attacker to execute arbitrary code or lead to a crash. This flaw can be exploited over the network.(CVE-2019-11759) A flaw was found in Mozilla Firefox and Thunderbird where null bytes were incorrectly parsed in HTML entities. This could lead to HTML comments being treated as code which could lead to XSS in a web application or HTML entities being masked from filters.(CVE-2019-11763) A vulnerability was found in Mozilla Firefox and Thunderbird. Privileged JSONView objects that have been cloned into content can be accessed using a form with a data URI. This flaw bypasses existing defense-in-depth mechanisms and can be exploited over the network.(CVE-2019-11761) A flaw was discovered in Mozilla Firefox and Thunderbird where a fixed-stack buffer overflow could occur during WebRTC signalling. The vulnerability could lead to an exploitable crash or leak data.(CVE-2019-11760) A use-after-free flaw was found in Mozilla Firefox and Thunderbird. When following a value last seen 2020-05-31 modified 2019-12-19 plugin id 132264 published 2019-12-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132264 title Amazon Linux 2 : thunderbird (ALAS-2019-1376) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2205.NASL description This update for expat fixes the following issues : Security issues fixed : - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 129457 published 2019-09-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129457 title openSUSE Security Update : expat (openSUSE-2019-2205) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2429-1.NASL description This update for expat fixes the following issues : Security issues fixed : CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129283 published 2019-09-24 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129283 title SUSE SLED15 / SLES15 Security Update : expat (SUSE-SU-2019:2429-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2464.NASL description This update for MozillaThunderbird to version 68.2.1 provides the following fixes : - Security issues fixed (bsc#1154738) : - CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). - CVE-2019-11759: Fixed a stack-based buffer overflow in HKDF output (bsc#1154738). - CVE-2019-11760: Fixed a stack-based buffer overflow in WebRTC networking (bsc#1154738). - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). - CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). - CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Other fixes (bsc#1153879) : - Some attachments couldn last seen 2020-06-01 modified 2020-06-02 plugin id 130937 published 2019-11-13 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130937 title openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2464) NASL family MacOS X Local Security Checks NASL id MACOS_FIREFOX_68_2_ESR.NASL description The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-33 advisory, including the following: - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) could then result in a heap-based buffer over-read. (CVE-2019-15903) - A use-after-free vulnerability exists in IndexedDB when creating updates. When following the value last seen 2020-06-01 modified 2020-06-02 plugin id 130171 published 2019-10-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130171 title Mozilla Firefox ESR 68.x < 68.2 Multiple Vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1997.NASL description Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 60.x series has ended, so starting with this update we last seen 2020-06-01 modified 2020-06-02 plugin id 131136 published 2019-11-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131136 title Debian DLA-1997-1 : thunderbird security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2459.NASL description This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues : Changes in MozillaFirefox : Security issues fixed : - CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). - CVE-2019-11759: Fixed a stack-based buffer overflow in HKDF output (bsc#1154738). - CVE-2019-11760: Fixed a stack-based buffer overflow in WebRTC networking (bsc#1154738). - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). - CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). - CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Non-security issues fixed : - Added Provides-line for translations-common (bsc#1153423) . - Moved some settings from branding-package here (bsc#1153869). - Disabled DoH by default. Changes in MozillaFirefox-branding-SLE : - Moved extensions preferences to core package (bsc#1153869). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-05-31 modified 2019-11-12 plugin id 130890 published 2019-11-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130890 title openSUSE Security Update : MozillaFirefox / MozillaFirefox-branding-SLE (openSUSE-2019-2459) NASL family MacOS X Local Security Checks NASL id MACOS_FIREFOX_70_0.NASL description The version of Firefox installed on the remote macOS or Mac OS X host is prior to 70.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-34 advisory, including the following: - Incorrect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (CVE-2018-6156) - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. (CVE-2019-15903) - When storing a value in IndexedDB, the value last seen 2020-06-01 modified 2020-06-02 plugin id 130169 published 2019-10-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130169 title Mozilla Firefox < 70.0 Multiple Vulnerabilities NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2019-259-01.NASL description New expat packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 128963 published 2019-09-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128963 title Slackware 14.0 / 14.1 / 14.2 / current : expat (SSA:2019-259-01) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2020-0022_THUNDERBIRD.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user last seen 2020-03-18 modified 2020-03-11 plugin id 134410 published 2020-03-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134410 title NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0022) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0114-1.NASL description This update for python3 to version 3.6.10 fixes the following issues : CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133036 published 2020-01-17 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133036 title SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0114-1) (BEAST) (httpoxy) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1217.NASL description According to the versions of the expat packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.(CVE-2016-9063) - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.(CVE-2019-15903) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2020-03-13 plugin id 134506 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134506 title EulerOS Virtualization for ARM 64 3.0.2.0 : expat (EulerOS-SA-2020-1217) NASL family Windows NASL id ITUNES_12_10_3.NASL description The version of Apple iTunes installed on the remote Windows host is prior to 12.10.3. It is, therefore, affected by multiple vulnerabilities as referenced in the HT210793 advisory. - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. (CVE-2019-15903) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 132416 published 2019-12-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132416 title Apple iTunes < 12.10.3 Multiple Vulnerabilities (credentialed check) NASL family Windows NASL id MOZILLA_FIREFOX_68_2_ESR.NASL description The version of Firefox ESR installed on the remote Windows host is prior to 68.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-33 advisory, including the following: - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) could then result in a heap-based buffer over-read. (CVE-2019-15903) - A use-after-free vulnerability exists in IndexedDB when creating updates. When following the value last seen 2020-06-01 modified 2020-06-02 plugin id 130172 published 2019-10-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130172 title Mozilla Firefox ESR 68.x < 68.2 Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3237.NASL description An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-31 modified 2019-10-30 plugin id 130382 published 2019-10-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130382 title RHEL 8 : thunderbird (RHSA-2019:3237) NASL family Windows NASL id GOOGLE_CHROME_78_0_3904_70.NASL description The version of Google Chrome installed on the remote Windows host is prior to 78.0.3904.70. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_10_stable-channel-update-for-desktop_22 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 130275 published 2019-10-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130275 title Google Chrome < 78.0.3904.70 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201911-08.NASL description The remote host is affected by the vulnerability described in GLSA-201911-08 (Expat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 131268 published 2019-11-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131268 title GLSA-201911-08 : Expat: Multiple vulnerabilities NASL family Peer-To-Peer File Sharing NASL id ITUNES_12_10_3_BANNER.NASL description The version of Apple iTunes installed on the remote Windows host is prior to 12.10.3. It is, therefore, affected by multiple vulnerabilities as referenced in the HT210793 advisory. - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. (CVE-2019-15903) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 132415 published 2019-12-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132415 title Apple iTunes < 12.10.3 Multiple Vulnerabilities (uncredentialed check) NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-86.NASL description This update for python3 to version 3.6.10 fixes the following issues : - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 133172 published 2020-01-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133172 title openSUSE Security Update : python3 (openSUSE-2020-86) (BEAST) (httpoxy) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3196.NASL description An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-31 modified 2019-10-25 plugin id 130248 published 2019-10-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130248 title RHEL 8 : firefox (RHSA-2019:3196) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4571.NASL description Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 60.x series has ended, so starting with this update we last seen 2020-06-01 modified 2020-06-02 plugin id 131139 published 2019-11-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131139 title Debian DSA-4571-1 : thunderbird - security update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4549.NASL description Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, cross-site scripting or denial of service. Debian follows the extended support releases (ESR) of Firefox. Support for the 60.x series has ended, so starting with this update we last seen 2020-06-01 modified 2020-06-02 plugin id 130288 published 2019-10-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130288 title Debian DSA-4549-1 : firefox-esr - security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2256.NASL description According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.(CVE-2016-9063) - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.(CVE-2019-15903) - XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.(CVE-2017-9233) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-11-08 plugin id 130718 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130718 title EulerOS 2.0 SP3 : expat (EulerOS-SA-2019-2256) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2452.NASL description This update for MozillaThunderbird to version 68.2.1 provides the following fixes : - Security issues fixed (bsc#1154738) : - CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). - CVE-2019-11759: Fixed a stack-based buffer overflow in HKDF output (bsc#1154738). - CVE-2019-11760: Fixed a stack-based buffer overflow in WebRTC networking (bsc#1154738). - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). - CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). - CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Other fixes (bsc#1153879) : - Some attachments couldn last seen 2020-06-01 modified 2020-06-02 plugin id 130936 published 2019-11-13 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130936 title openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2452) NASL family Fedora Local Security Checks NASL id FEDORA_2019-9505C6B555.NASL description This update of `expat` fixes the following security issue : - **CVE-2019-15903** -- Fix heap overflow triggered by `XML_GetCurrentLineNumber` (or `XML_GetCurrentColumnNumber`), and deny internal entities closing the doctype The following bug fixes are also included : - Fix cases where `XML_StopParser` did not have any effect when called from inside of an end element handler - xmlwf: Fix exit code for operation without last seen 2020-06-01 modified 2020-06-02 plugin id 129322 published 2019-09-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129322 title Fedora 30 : expat (2019-9505c6b555) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3756.NASL description An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-31 modified 2019-11-08 plugin id 130742 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130742 title RHEL 6 : thunderbird (RHSA-2019:3756) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3193.NASL description An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-31 modified 2019-10-24 plugin id 130190 published 2019-10-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130190 title RHEL 7 : firefox (RHSA-2019:3193) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2451.NASL description This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues : Changes in MozillaFirefox : Security issues fixed : - CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). - CVE-2019-11759: Fixed a stack-based buffer overflow in HKDF output (bsc#1154738). - CVE-2019-11760: Fixed a stack-based buffer overflow in WebRTC networking (bsc#1154738). - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). - CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). - CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Non-security issues fixed : - Added Provides-line for translations-common (bsc#1153423) . - Moved some settings from branding-package here (bsc#1153869). - Disabled DoH by default. Changes in MozillaFirefox-branding-SLE : - Moved extensions preferences to core package (bsc#1153869). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-05-31 modified 2019-11-12 plugin id 130885 published 2019-11-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130885 title openSUSE Security Update : MozillaFirefox / MozillaFirefox-branding-SLE (openSUSE-2019-2451)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://github.com/libexpat/libexpat/pull/318
- https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
- https://github.com/libexpat/libexpat/issues/317
- https://usn.ubuntu.com/4132-1/
- https://github.com/libexpat/libexpat/issues/342
- https://seclists.org/bugtraq/2019/Sep/30
- http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html
- https://usn.ubuntu.com/4132-2/
- https://www.debian.org/security/2019/dsa-4530
- https://seclists.org/bugtraq/2019/Sep/37
- https://security.netapp.com/advisory/ntap-20190926-0004/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html
- https://seclists.org/bugtraq/2019/Oct/29
- http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html
- http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html
- https://usn.ubuntu.com/4165-1/
- https://www.debian.org/security/2019/dsa-4549
- https://access.redhat.com/errata/RHSA-2019:3237
- https://access.redhat.com/errata/RHSA-2019:3210
- https://seclists.org/bugtraq/2019/Nov/1
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html
- https://access.redhat.com/errata/RHSA-2019:3756
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html
- https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html
- https://seclists.org/bugtraq/2019/Nov/24
- https://www.debian.org/security/2019/dsa-4571
- https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html
- https://security.gentoo.org/glsa/201911-08
- https://usn.ubuntu.com/4202-1/
- https://support.apple.com/kb/HT210788
- https://support.apple.com/kb/HT210785
- https://support.apple.com/kb/HT210790
- https://support.apple.com/kb/HT210789
- https://seclists.org/bugtraq/2019/Dec/21
- https://seclists.org/bugtraq/2019/Dec/23
- https://seclists.org/bugtraq/2019/Dec/17
- https://support.apple.com/kb/HT210793
- https://support.apple.com/kb/HT210795
- https://support.apple.com/kb/HT210794
- http://seclists.org/fulldisclosure/2019/Dec/23
- http://seclists.org/fulldisclosure/2019/Dec/26
- http://seclists.org/fulldisclosure/2019/Dec/27
- http://seclists.org/fulldisclosure/2019/Dec/30
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://usn.ubuntu.com/4335-1/
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.tenable.com/security/tns-2021-11
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/