Operating System:

[Appliance]

Published:

20 December 2016

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ESB-2016.3028 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.3028
              K16712298: libxml2 vulnerability CVE-2016-1834
                             20 December 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           F5 Products
Publisher:         F5 Networks
Operating System:  Network Appliance
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-1834  

Reference:         ASB-2016.0104
                   ASB-2016.0087
                   ESB-2016.1235

Original Bulletin: 
   https://support.f5.com/csp/#/article/K16712298

- --------------------------BEGIN INCLUDED TEXT--------------------

K16712298: libxml2 vulnerability CVE-2016-1834 

Security Advisory

Original Publication Date: Dec 20, 2016 Updated Date: Dec 20, 2016 Applies to
(see versions): Vulnerability Description

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4,
as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and
watchOS before 2.2.1, allows remote attackers to execute arbitrary code or 
cause a denial of service (memory corruption) via a crafted XML document. 
(CVE-2016-1834)

Impact

A heap-based buffer overflow in xmlStrncat function allows remote attackers to
execute arbitrary code or cause a denial of service (DOS) using a crafted XML
document. Security Issue Status

F5 Product Development has assigned ID 601059 (BIG-IP) and INSTALLER-2826 
(Traffix SDC) to this vulnerability.

To determine if your release is known to be vulnerable, the components or 
features that are affected by the vulnerability, and for information about 
releases or hotfixes that address the vulnerability, refer to the following 
table:

Product			Versions known to be vulnerable		Versions known to be not vulnerable	Severity	Vulnerable component or feature
BIG-IP LTM		12.0.0 - 12.1.1				12.1.2					Low		libxml2 (XML Content Based Routing, XML commands, External monitors, APL scripts, Python, Perl, PHP, qkview)
			11.4.0 - 11.6.1
			11.2.1
			10.2.1 - 10.2.4	

 
BIG-IP AAM		12.0.0 - 12.1.1 			12.1.2					Low		libxml2 (image optimization, XML commands, External monitors, APL scripts, Python, Perl, PHP, qkview, Mogrify)
			11.4.0 - 11.6.1	
BIG-IP AFM		12.0.0 - 12.1.1				12.1.2					Low		libxml2 (SSH Plugin, XML commands, External monitors, APL scripts, Python, Perl, PHP, qkview)
			11.4.0 - 11.6.1	
BIG-IP Analytics	12.0.0 - 12.1.1				12.1.2					Low		libxml2 (XML commands, External monitors, APL scripts, Python, Perl, PHP, qkview)
			11.4.0 - 11.6.1
			11.2.1		
BIG-IP APM		12.0.0 - 12.1.1				12.1.2					Low		libxml2 (XML commands, External monitors, APL scripts, Python, Perl, PHP, qkview)
			11.4.0 - 11.6.1
			11.2.1
			10.2.1 - 10.2.4	
BIG-IP ASM		12.0.0 - 12.1.1				12.1.2					Low		libxml2 (XML commands, External monitors, APL scripts, Python, Perl, PHP, qkview)
			11.4.0 - 11.6.1
			11.2.1
			10.2.1 - 10.2.4	
BIG-IP DNS		12.0.0 - 12.1.1				12.1.2					Low		libxml2 (XML commands, External monitors, APL scripts, Python, Perl, PHP, qkview)
BIG-IP Edge Gateway	11.2.1					None					Low		libxml2 (XML commands, External monitors, APL scripts, Python, Perl, PHP, qkview)
			10.2.1 - 10.2.4
BIG-IP GTM		11.4.0 - 11.6.1 			None					Low		libxml2 (XML commands, External monitors, APL scripts, Python, Perl, PHP, qkview)
			11.2.1
			10.2.1 - 10.2.4	
BIG-IP Link Controller	12.0.0 - 12.1.1				12.1.2					Low		libxml2 (XML commands, External monitors, APL scripts, Python, Perl, PHP, qkview)
			11.4.0 - 11.6.1
			11.2.1
			10.2.1 - 10.2.4
BIG-IP PEM		12.0.0 - 12.1.1				12.1.2					Low		libxml2 (XML commands, External monitors, APL scripts, Python, Perl, PHP, qkview)
			11.4.0 - 11.6.1
BIG-IP PSM		11.4.0 - 11.4.1				None					Low		libxml2 (XML commands, External monitors, APL scripts, Python, Perl, PHP, qkview)
			10.2.1 - 10.2.4
BIG-IP WebAccelerator	11.2.1					None					Low		libxml2 (image optimization, XML commands, External monitors, APL scripts, Python, Perl, PHP, qkview)
			10.2.1 - 10.2.4
BIG-IP WebSafe		12.0.0 - 12.1.1				12.1.2					Low		libxml2 (XML commands, External monitors, APL scripts, Python, Perl, PHP, qkview)
			11.6.0 - 11.6.1
 
ARX			None					6.2.0 - 6.4.0				Not vulnerable	None
Enterprise Manager	None					3.1.1					Not vulnerable	None
FirePass		None					7.0.0					Not vulnerable	None
BIG-IQ Cloud		None					4.0.0 - 4.5.0				Not vulnerable	None
BIG-IQ Device		None					4.2.0 - 4.5.0				Not vulnerable	None
BIG-IQ Security		None					4.0.0 - 4.5.0				Not vulnerable	None
 	
BIG-IQ ADC		None					4.5.0					Not vulnerable	None
BIG-IQ Centralized 	None					5.0.0 - 5.1.0				Not vulnerable	None
Management							4.6.0	
BIG-IQ Cloud and 	None					1.0.0					Not vulnerable	None
Orchestration
F5 iWorkflow		None					2.0.0 - 2.0.2				Not vulnerable	None
LineRate		None					2.5.0 - 2.6.1				Not vulnerable	None
Traffix SDC		5.0.0 - 5.1.0
			4.0.0 - 4.4.0				None					Low		libxml2


Vulnerability Recommended Actions

If you are running a version listed in the Versions known to be vulnerable 
column, you can eliminate this vulnerability by upgrading to a version listed
in the Versions known to be not vulnerable column. If the table lists only an
older version than what you are currently running, or does not list a 
non-vulnerable version, then no upgrade candidate currently exists.

Mitigation

None Supplemental Information

    K9970: Subscribing to email notifications regarding F5 products K9957: 
Creating a custom RSS feed to view new and updated documents K4602: Overview 
of the F5 security vulnerability response policy K4918: Overview of the F5 
critical issue hotfix policy K167: Downloading software and firmware from F5

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWFi1Oox+lLeg9Ub1AQjMtg//XIfXIN106LvcdMSnLJqHvGDyRJpBOyET
RVcr/uiDipHhSJHbI0/YvkK6rWDz8ji3NrjerWO7uqkq6Ph7/nl+8Tp2rkfhu0GN
r9OlldrUiQHyaBtDvj6pxTqi8mDHrijEBghWr/zhgdVxDUnqQ/BIiAkxCCdOvRop
ykDb5l67WzCns2p7DfnBPzJGSB7wE9Ch6clXnRhiAgqbylRhL735uD9CmQ5Rsm18
dvuVJtfTYU+3vkz+9sSIgNvuk6ix6On/nW0GcLKvUZ2mmsW0o/tjmeH3/NqZLHfN
C6T9gzjc1s5eOh2XxWRDwmRz0FWuMWjq/iM6gMbvRYtDi8231uzyE9VLZ2vFyXur
A+QUPB8rZDsR9wbxx7/OYBluS1wD9PrlPzy6X9tE3qmX6VFGGVE2hcskVNzWaRaS
AyyyOWYEsKdESzXrwD4RPV7iATit8Xm4hnAfGh5yOTZ8NmDfNr2twNmaSyf/sVA/
ABgS+3PKei0yBflQJZ7WKRb1HuVHwFFPYnxXtdyKYeMfAZyayzt2gqBO84Pe+ZwG
5nUFOf/ML2BCjnAnd5Nlz+m1sjmJuvjHF1nreI1dR0+RB7HaViuIu6lEx6ZgXIBo
sat2E9QS8Mn+epmLtmcIuXMQVdh1zL5jDoUqTurqcDpjT3FtXJWIFkJ6TSlA9Ju5
MhABkxWonF8=
=YFzu
-----END PGP SIGNATURE-----