Apple

Notified:  June 17, 2016 Updated: April 04, 2018

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://support.apple.com/en-us/HT206905 https://support.apple.com/en-us/HT207271 https://support.apple.com/en-us/HT206902

Addendum

WebKit and WebKit-based applications and browsers are affected. Apple has assigned CVE-2016-4642, CVE-2016-4643, and CVE-2016-4644, as described in the HT206905 security bulletin. CVE-2016-7579 is described in the HT207271 bulletin.

Arista Networks, Inc.

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Belkin, Inc.

Notified:  July 28, 2016 Updated: July 28, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

CentOS

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Cisco

Notified:  July 28, 2016 Updated: July 28, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

CoreOS

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Debian GNU/Linux

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

DesktopBSD

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

DragonFly BSD Project

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

EMC Corporation

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

F5 Networks, Inc.

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Fedora Project

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

FreeBSD Project

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Gentoo Linux

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Google

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Hardened BSD

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Hewlett Packard Enterprise

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Hitachi

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

IBM Corporation

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Juniper Networks

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Lenovo

Notified:  June 17, 2016 Updated: August 01, 2016

Statement Date:   July 28, 2016

Status

  Not Affected

Vendor Statement

Lenovo products are not affected by this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

m0n0wall

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Microsoft Corporation

Notified:  June 17, 2016 Updated: November 08, 2016

Status

  Affected

Vendor Statement

Please see the reference linked below.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://support.microsoft.com/en-us/kb/3179800

Mocana

Notified:  July 28, 2016 Updated: July 28, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Mozilla

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

NEC Corporation

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

NetBSD

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Nokia

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

OmniTI

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

OpenBSD

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

openSUSE project

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Openwall GNU/*/Linux

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Opera

Notified:  June 17, 2016 Updated: August 11, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Oracle Corporation

Notified:  June 17, 2016 Updated: October 21, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Oracle has notified the CERT/CC that the vulnerabilities are addressed in the October 2017 Critical Patch Update, linked below.

Vendor References

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Addendum

Java SE is affected. Oracle has assigned CVE-2016-5597.

QNX Software Systems Inc.

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Red Hat, Inc.

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

SAP

Notified:  July 28, 2016 Updated: July 28, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Slackware Linux Inc.

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Sony Corporation

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

SUSE Linux

Notified:  June 17, 2016 Updated: July 19, 2016

Statement Date:   July 18, 2016

Status

  Unknown

Vendor Statement

SUSE may include fixes for this issue in future updates to SLE or openSUSE packages when they become available from projects implementing GUI http user agents.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Synology

Notified:  July 28, 2016 Updated: July 28, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Turbolinux

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Ubuntu

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Unisys

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.