VARIoT IoT vulnerabilities database
| VAR-202003-0792 | CVE-2019-13194 | Brother Industries HL-L8360CDW Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL. plural Brother Printers are vulnerable to information leakage.Information may be obtained. Brother Industries HL-L8360CDW is a multi-function printer from Brother Industries, Japan. The vulnerability stems from network system or product configuration errors during operation
| VAR-202003-0592 | CVE-2019-4719 | IBM MQ and IBM MQ Appliance information disclosure vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware
| VAR-202003-0796 | CVE-2019-13198 | plural Kyocera Cross-site scripting vulnerabilities in printers |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. plural Kyocera A cross-site scripting vulnerability exists in the printer.Information may be obtained and tampered with. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan. This vulnerability stems from the lack of proper verification of client data by WEB applications. An attacker can use this vulnerability to execute client code
| VAR-202003-0921 | CVE-2019-13171 | plural Xerox Out-of-bounds write vulnerabilities in printers |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly. plural Xerox The printer contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fuji Xerox Corporation is the world's largest manufacturer of digital and information technology products and a global top 500 company. Fuji Xerox series printer products can meet various business needs. All kinds of black and white color digital printers have high performance and high quality
| VAR-202003-0797 | CVE-2019-13199 | Kyocera ECOSYS M5526CDW Cross-Site Request Forgery Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device. plural Kyocera A cross-site request forgery vulnerability exists in the printer.Information may be tampered with. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan
| VAR-202003-0789 | CVE-2019-13395 | Voo branded NETGEAR CG3700b cross-site request forgery vulnerability |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file. NETGEAR CG3700b A cross-site request forgery vulnerability exists in custom firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR CG3700b is a cable modem and router from NETGEAR. The vulnerability stems from the fact that the network system or product does not fully verify the source or authenticity of the data. An attacker can use the forged data to attack
| VAR-202003-0795 | CVE-2019-13197 | plural Kyocera Classic buffer overflow vulnerability in printers |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. plural Kyocera A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan.
Kyocera ECOSYS M5526CDW 2R7_2000.001.701 has a buffer overflow vulnerability in the URI path of the web application
| VAR-202003-0804 | CVE-2019-13206 | plural Kyocera Classic buffer overflow vulnerability in printers |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. plural Kyocera A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan.
The Kyocera ECOSYS M5526CDW 2R7_2000.001.701 version of the web application's ‘Document Boxes’ function has a buffer overflow vulnerability in multiple parameters
| VAR-202003-0798 | CVE-2019-13200 | Kyocera ECOSYS M5526CDW cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. plural Kyocera A cross-site scripting vulnerability exists in the printer.Information may be obtained and tampered with. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan. This vulnerability stems from the lack of proper verification of client data by WEB applications. An attacker can use this vulnerability to execute client code
| VAR-202003-0787 | CVE-2019-13393 | NETGEAR CG3700b Authentication vulnerabilities in custom firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase. NETGEAR CG3700b Custom firmware contains an authentication vulnerability.Information may be obtained. NETGEAR CG3700b is a cable modem and router from NETGEAR.
Voo branded NETGEAR CG3700b has an authorization issue vulnerability
| VAR-202003-0918 | CVE-2019-13168 | plural Xerox Classic buffer overflow vulnerability in printers |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device. (DoS) It may be put into a state. Fuji Xerox Corporation is the world's largest manufacturer of digital and information technology products and a global top 500 company. Fuji Xerox series printer products can meet various business needs. All kinds of black and white color digital printers have high performance and high quality
| VAR-202003-0589 | CVE-2019-4619 | IBM MQ and MQ Appliance Vulnerability regarding information leakage in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862. Vendor exploits this vulnerability IBM X-Force ID: 168862 It is published as.Information may be obtained
| VAR-202003-0916 | CVE-2019-13166 | plural Xerox Inadequate protection of credentials in printer vulnerabilities |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks. plural Xerox Printers are vulnerable to inadequate protection of credentials.Information may be obtained. Fuji Xerox Corporation is the world's largest manufacturer of digital and information technology products and a global top 500 company. Fuji Xerox series printer products can meet various business needs. All kinds of black and white color digital printers have high performance and high quality
| VAR-202003-0889 | CVE-2019-18578 | Dell EMC XtremIO XMS Cross-site scripting vulnerability in |
CVSS V2: 6.0 CVSS V3: 9.0 Severity: CRITICAL |
Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application. (DoS) It may be put into a state. Dell EMC XtremIO XMS is a set of XtremIO (enterprise storage platform) management software of Dell (Dell)
| VAR-202003-0888 | CVE-2019-18577 | Dell EMC XtremIO XMS Vulnerability in improper permission assignment for critical resources in |
CVSS V2: 7.2 CVSS V3: 6.7 Severity: MEDIUM |
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access. (DoS) It may be put into a state. Dell EMC XtremIO XMS is a set of XtremIO (enterprise storage platform) management software of Dell (Dell)
| VAR-202003-0887 | CVE-2019-18576 | Dell EMC XtremIO XMS Vulnerability regarding information leakage from log files in |
CVSS V2: 2.1 CVSS V3: 6.7 Severity: MEDIUM |
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user. Dell EMC XtremIO XMS Exists in a vulnerability related to information leakage from log files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Dell EMC XtremIO XMS is the US Dell ( Dell ) set of company XtremIO (Enterprise storage platform) management software. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components
| VAR-202003-0584 | CVE-2019-3770 | Dell Wyse Management Suite Cross-site scripting vulnerability in |
CVSS V2: 3.5 CVSS V3: 6.4 Severity: MEDIUM |
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. The offering includes Wyse endpoint centralized management, asset tracking and automatic device discovery. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
| VAR-202003-0583 | CVE-2019-3769 | Dell Wyse Management Suite Cross-site scripting vulnerability in |
CVSS V2: 3.5 CVSS V3: 6.4 Severity: MEDIUM |
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. The offering includes Wyse endpoint centralized management, asset tracking and automatic device discovery. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
| VAR-202003-1583 | CVE-2020-6812 | Debian Security Advisory 4639-1 |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. An information disclosure issue has been found in Firefox prior to 74.
For the oldstable distribution (stretch), these problems have been fixed
in version 68.6.0esr-1~deb9u1.
For the stable distribution (buster), these problems have been fixed in
version 68.6.0esr-1~deb10u1.
We recommend that you upgrade your firefox-esr packages.
For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5pOM4ACgkQEMKTtsN8
TjYgNRAAjqHD8ZWHZPCnBeZ0AjJ5vtvMJzRLMEtcWQ3qDq9vhXvcdDD4bJ7Mc85n
Ma6+4J1/l4Q0G3c/QKCDaGf26RZqvo76Ql1E5ct7M3C82kpDdEHaAW/UWF+v2XhR
89M0SLecr6C8SVlMxHB0kV15N/L9sekOOQgFHK3hDO8eArPNgmwQqjOtLDS9A+1U
FGiDMN6OyKMKx+ItAU4TaCVs3EEbxcBvLKcJ7zvxX/FY9AYR1NOmHlKUKRgCnlzV
yd4LEyEwDLzAjuGI77K8sGa7Zq73ttWj4tBl+NgiWEoIoUGEfn3l0grR/VeCI8Hk
6GYYrRd9ChOhnPqZHMxaLEuaLBvnj85qUQwR0xBb+fsarJwum84jNKznbt/2my/r
zutYM9K6lL8DdKopKbwARWOlAR5hhw++5d6cKxNVgVBmR9FbdkZDoHnlqyRTZCtw
MbNHT5KNZzcVXuu5H7HrgIQ+cMdBHphoIG4ZPUCJeESu4YK6vSr1S3BCEBI+4243
i3Hy7A09a7j7Th13ZnQ02Y4Rwc6nF0MjuhaYWT20ysM8RF+pntIuRHL5kF5MtCJ6
1QqzHU7PfQ/yNFZbaabazzUPgO34KkWiMRt42XZZBztPeNoNe7ql6Qp/rIXgtZWs
ZT8Fa4jKGviVEZFxWKwt0/U1UKPAAB+4b93MC+qfY/5BLbtWD1o=
=tfz5
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: firefox security update
Advisory ID: RHSA-2020:0816-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0816
Issue date: 2020-03-16
CVE Names: CVE-2019-20503 CVE-2020-6805 CVE-2020-6806
CVE-2020-6807 CVE-2020-6811 CVE-2020-6812
CVE-2020-6814
====================================================================
1. Summary:
An update for firefox is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64
3. Description:
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.
Security Fix(es):
* Mozilla: Use-after-free when removing data about origins (CVE-2020-6805)
* Mozilla: BodyStream::OnInputStreamReady was missing protections against
state confusion (CVE-2020-6806)
* Mozilla: Use-after-free in cubeb during stream destruction
(CVE-2020-6807)
* Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
(CVE-2020-6814)
* Mozilla: Out of bounds reads in sctp_load_addresses_from_init
(CVE-2019-20503)
* Mozilla: Devtools' 'Copy as cURL' feature did not fully escape
website-controlled data, potentially leading to command injection
(CVE-2020-6811)
* Mozilla: The names of AirPods with personally identifiable information
were exposed to websites with camera or microphone permission
(CVE-2020-6812)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1812199 - CVE-2020-6805 Mozilla: Use-after-free when removing data about origins
1812200 - CVE-2020-6806 Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion
1812201 - CVE-2020-6807 Mozilla: Use-after-free in cubeb during stream destruction
1812202 - CVE-2020-6811 Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
1812203 - CVE-2019-20503 Mozilla: Out of bounds reads in sctp_load_addresses_from_init
1812204 - CVE-2020-6812 Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
1812205 - CVE-2020-6814 Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
firefox-68.6.0-1.el6_10.src.rpm
i386:
firefox-68.6.0-1.el6_10.i686.rpm
firefox-debuginfo-68.6.0-1.el6_10.i686.rpm
x86_64:
firefox-68.6.0-1.el6_10.x86_64.rpm
firefox-debuginfo-68.6.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
x86_64:
firefox-68.6.0-1.el6_10.i686.rpm
firefox-debuginfo-68.6.0-1.el6_10.i686.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
firefox-68.6.0-1.el6_10.src.rpm
x86_64:
firefox-68.6.0-1.el6_10.i686.rpm
firefox-68.6.0-1.el6_10.x86_64.rpm
firefox-debuginfo-68.6.0-1.el6_10.i686.rpm
firefox-debuginfo-68.6.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
firefox-68.6.0-1.el6_10.src.rpm
i386:
firefox-68.6.0-1.el6_10.i686.rpm
firefox-debuginfo-68.6.0-1.el6_10.i686.rpm
ppc64:
firefox-68.6.0-1.el6_10.ppc64.rpm
firefox-debuginfo-68.6.0-1.el6_10.ppc64.rpm
s390x:
firefox-68.6.0-1.el6_10.s390x.rpm
firefox-debuginfo-68.6.0-1.el6_10.s390x.rpm
x86_64:
firefox-68.6.0-1.el6_10.x86_64.rpm
firefox-debuginfo-68.6.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
x86_64:
firefox-68.6.0-1.el6_10.i686.rpm
firefox-debuginfo-68.6.0-1.el6_10.i686.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
firefox-68.6.0-1.el6_10.src.rpm
i386:
firefox-68.6.0-1.el6_10.i686.rpm
firefox-debuginfo-68.6.0-1.el6_10.i686.rpm
x86_64:
firefox-68.6.0-1.el6_10.x86_64.rpm
firefox-debuginfo-68.6.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
x86_64:
firefox-68.6.0-1.el6_10.i686.rpm
firefox-debuginfo-68.6.0-1.el6_10.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-20503
https://access.redhat.com/security/cve/CVE-2020-6805
https://access.redhat.com/security/cve/CVE-2020-6806
https://access.redhat.com/security/cve/CVE-2020-6807
https://access.redhat.com/security/cve/CVE-2020-6811
https://access.redhat.com/security/cve/CVE-2020-6812
https://access.redhat.com/security/cve/CVE-2020-6814
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXm9LGtzjgjWX9erEAQgnMxAAjP5+D/J2CdW/5qP/DkFY840VQzO19ZnK
91SNP1WIbKnN4xemphuc6nDG5dGXUawr1CYYthOg2VGTakPiGlfKzwDMuWwNaCVO
yHZlybSZhnRa6BErvOkHn+pBHV9G8nR8C2Vi9fOaXmiJRbm8AcMs76gPWO/9Eory
f1GrEx+8GEPSUPFEhpZOvdExR16fJbHuUpfFkUo23VVj28evL+nOccAibRmnYT0P
RxXzXSm4MPuHoMBUJeIeBrYk5xlo/1sZITq0I40FLpejUWZoun76IPTIc371xtE/
tV6BN3Zrd5hDTXh9Df9wYGSDvwB1g2G1UEbG7FdRmeitC7NhoXLDSDyrOR75PbJe
YvDgjT75UeJvfu2RykzKvy2Ygqguc6Tsz/upO0vSWIUf7VXk3d/o+HEYn1T8YENU
9t97UOIkLFS49lGXyOilXrsYKQUmh/b1lJWfrs5T/AYjCPziiY0n70px4TX5Zzsd
5ERjQZUC/Sd8CNFXYybIpOKVkUGRFt+VDyRmJYd05g43Wflm01DpRVcZiXLjCwHQ
6zGss1xvIBkCeqds/BSX4AHzU2T0kcMQhSyzOsmggF0gArm2lcrXt52TZB1e9vQC
yGTam7ecr0QeSQWMyuPbSBhs9xAzONH9AwVJQOEadKpLw35VB/Y7/XyQm3JQHr2v
0ITEstr9Sac=GeLY
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. 8.0) - ppc64le, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202003-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mozilla Firefox: Multiple vulnerabilities
Date: March 12, 2020
Bugs: #702638, #705000, #709346, #712182
ID: 202003-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Mozilla Firefox, the worst
of which may allow execution of arbitrary code.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/firefox < 68.6.0 >= 68.6.0
2 www-client/firefox-bin < 68.6.0 >= 68.6.0
-------------------------------------------------------------------
2 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Mozilla Firefox.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could entice a user to view a specially crafted web
page, possibly resulting in the execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
Furthermore, a remote attacker may be able to perform Man-in-the-Middle
attacks, obtain sensitive information, spoof the address bar, conduct
clickjacking attacks, bypass security restrictions and protection
mechanisms, or have other unspecified impact.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-68.6.0"
All Mozilla Firefox binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.6.0"
References
==========
[ 1 ] CVE-2019-11745
https://nvd.nist.gov/vuln/detail/CVE-2019-11745
[ 2 ] CVE-2019-17005
https://nvd.nist.gov/vuln/detail/CVE-2019-17005
[ 3 ] CVE-2019-17008
https://nvd.nist.gov/vuln/detail/CVE-2019-17008
[ 4 ] CVE-2019-17010
https://nvd.nist.gov/vuln/detail/CVE-2019-17010
[ 5 ] CVE-2019-17011
https://nvd.nist.gov/vuln/detail/CVE-2019-17011
[ 6 ] CVE-2019-17012
https://nvd.nist.gov/vuln/detail/CVE-2019-17012
[ 7 ] CVE-2019-17016
https://nvd.nist.gov/vuln/detail/CVE-2019-17016
[ 8 ] CVE-2019-17017
https://nvd.nist.gov/vuln/detail/CVE-2019-17017
[ 9 ] CVE-2019-17022
https://nvd.nist.gov/vuln/detail/CVE-2019-17022
[ 10 ] CVE-2019-17024
https://nvd.nist.gov/vuln/detail/CVE-2019-17024
[ 11 ] CVE-2019-17026
https://nvd.nist.gov/vuln/detail/CVE-2019-17026
[ 12 ] CVE-2019-20503
https://nvd.nist.gov/vuln/detail/CVE-2019-20503
[ 13 ] CVE-2020-6796
https://nvd.nist.gov/vuln/detail/CVE-2020-6796
[ 14 ] CVE-2020-6797
https://nvd.nist.gov/vuln/detail/CVE-2020-6797
[ 15 ] CVE-2020-6798
https://nvd.nist.gov/vuln/detail/CVE-2020-6798
[ 16 ] CVE-2020-6799
https://nvd.nist.gov/vuln/detail/CVE-2020-6799
[ 17 ] CVE-2020-6800
https://nvd.nist.gov/vuln/detail/CVE-2020-6800
[ 18 ] CVE-2020-6805
https://nvd.nist.gov/vuln/detail/CVE-2020-6805
[ 19 ] CVE-2020-6806
https://nvd.nist.gov/vuln/detail/CVE-2020-6806
[ 20 ] CVE-2020-6807
https://nvd.nist.gov/vuln/detail/CVE-2020-6807
[ 21 ] CVE-2020-6811
https://nvd.nist.gov/vuln/detail/CVE-2020-6811
[ 22 ] CVE-2020-6812
https://nvd.nist.gov/vuln/detail/CVE-2020-6812
[ 23 ] CVE-2020-6814
https://nvd.nist.gov/vuln/detail/CVE-2020-6814
[ 24 ] MFSA-2019-37
https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/
[ 25 ] MFSA-2020-03
https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
[ 26 ] MFSA-2020-06
https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/
[ 27 ] MFSA-2020-09
https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-02
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. 8.0) - aarch64, ppc64le, s390x, x86_64
3
| VAR-202003-1771 | CVE-2019-14887 | Red Hat Wildfly encryption problem vulnerability |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable. Red Hat Wildfly is a lightweight open source application server based on JavaEE from American Red Hat (Red Hat) company. The vulnerability stems from the program's failure to implement the'enabled-protocols' setting configured by Wildfly. Attackers can use this vulnerability to obtain information spread on the network. Description:
Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update
Advisory ID: RHSA-2020:2511-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2511
Issue date: 2020-06-10
CVE Names: CVE-2018-14371 CVE-2019-0205 CVE-2019-0210
CVE-2019-10172 CVE-2019-12423 CVE-2019-14887
CVE-2019-17573 CVE-2020-1695 CVE-2020-1729
CVE-2020-1745 CVE-2020-1757 CVE-2020-6950
CVE-2020-7226 CVE-2020-8840 CVE-2020-9546
CVE-2020-9547 CVE-2020-9548 CVE-2020-10688
CVE-2020-10719
====================================================================
1. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
applications based on the WildFly application runtime. See the Red Hat JBoss Enterprise
Application Platform 7.3.1 Release Notes for information about the most
significant bug fixes and enhancements included in this release.
Security Fix(es):
* cxf: reflected XSS in the services listing page (CVE-2019-17573)
* cxf-core: cxf: OpenId Connect token service does not properly validate
the clientId (CVE-2019-12423)
* jackson-mapper-asl: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)
* undertow: servletPath in normalized incorrectly leading to dangerous
application mapping which could result in security bypass (CVE-2020-1757)
* jackson-databind: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)
* jackson-mapper-asl: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)
* resteasy-jaxrs: resteasy: Improper validation of response header in
MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* cryptacular: excessive memory allocation during a decode operation
(CVE-2020-7226)
* smallrye-config: SmallRye: SecuritySupport class is incorrectly public
and contains a static method to access the current threads context class
loader (CVE-2020-1729)
* resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected
XSS attack (CVE-2020-10688)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking
(CVE-2020-8840)
* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)
* jackson-databind: Serialization gadgets in shaded-hikari-config
(CVE-2020-9546)
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)
* libthrift: thrift: Endless loop when feed with specific input data
(CVE-2019-0205)
* libthrift: thrift: Out-of-bounds read related to TJSONProtocol or
TSimpleJSONProtocol (CVE-2019-0210)
* wildfly: The 'enabled-protocols' value in legacy security is not
respected if OpenSSL security provider is in use (CVE-2019-14887)
* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con
parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
* jsf-impl: mojarra: Path traversal in
ResourceManager.java:getLocalePrefix() via the loc parameter
(CVE-2018-14371)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, see the CVE page(s) listed in the
References section.
4. Solution:
Before applying this update, ensure all previously released errata relevant
to your system have been applied.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter
1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720
1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data
1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId
1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page
1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation
1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader
1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size
6. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final
JBEAP-18060 - [GSS](7.3.z) Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001
JBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001
JBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012
JBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core
JBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core
JBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final
JBEAP-18277 - [GSS](7.3.z) Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001
JBEAP-18288 - [GSS](7.3.z) Upgrade FasterXML from 2.10.0 to 2.10.3
JBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10
JBEAP-18302 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.18 to 1.0.20
JBEAP-18315 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010
JBEAP-18346 - [GSS](7.3.z) Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002
JBEAP-18352 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001
JBEAP-18361 - [GSS](7.3.z) Upgrade Woodstox from 5.0.3 to 6.0.3
JBEAP-18367 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.15 to 5.3.16
JBEAP-18393 - [GSS](7.3.z) Update $JBOSS_HOME/docs/schema to show https schema URL instead of http
JBEAP-18397 - Tracker bug for the EAP 7.3.1 release for RHEL-6
JBEAP-18409 - [GSS](7.3.z) Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001
JBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final
JBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001
JBEAP-18596 - [GSS](7.3.z) Upgrade JBoss Modules from 1.9.1 to 1.10.0
JBEAP-18598 - [GSS](7.3.z) Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002
JBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001
JBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001
JBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final
JBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001
JBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001
JBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001
JBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001
JBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006
JBEAP-18836 - [GSS](7.3.z) Upgrade Remoting JMX from 3.0.3 to 3.0.4
JBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2
JBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002
JBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0
JBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2
JBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3
JBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3
JBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4
JBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final
JBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001
JBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002
JBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1
JBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004
JBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001
JBEAP-19117 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001
JBEAP-19133 - [GSS](7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001
JBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001
JBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001
JBEAP-19192 - (7.3.z) Update the Japanese translations
JBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001
JBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001
JBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final
7. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
8. References:
https://access.redhat.com/security/cve/CVE-2018-14371
https://access.redhat.com/security/cve/CVE-2019-0205
https://access.redhat.com/security/cve/CVE-2019-0210
https://access.redhat.com/security/cve/CVE-2019-10172
https://access.redhat.com/security/cve/CVE-2019-12423
https://access.redhat.com/security/cve/CVE-2019-14887
https://access.redhat.com/security/cve/CVE-2019-17573
https://access.redhat.com/security/cve/CVE-2020-1695
https://access.redhat.com/security/cve/CVE-2020-1729
https://access.redhat.com/security/cve/CVE-2020-1745
https://access.redhat.com/security/cve/CVE-2020-1757
https://access.redhat.com/security/cve/CVE-2020-6950
https://access.redhat.com/security/cve/CVE-2020-7226
https://access.redhat.com/security/cve/CVE-2020-8840
https://access.redhat.com/security/cve/CVE-2020-9546
https://access.redhat.com/security/cve/CVE-2020-9547
https://access.redhat.com/security/cve/CVE-2020-9548
https://access.redhat.com/security/cve/CVE-2020-10688
https://access.redhat.com/security/cve/CVE-2020-10719
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/
9.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXuEwDdzjgjWX9erEAQj5vA//da7dJ0mPXDfnjDddloLp4GhZFSzpMf+8
XOA1pa8mFiDSXeJd4LoO3jDTPQnOsvnLX/4WoMFK227o+mKMWo74ArjeEg9EosT3
YaqI77IMexUuVjBHnvKygiB8ZYCXLS3PXiC/Ods5I5Xt07uxvsu9bl328RSX2TQR
fhD/EAbc8vopMD10off7iXSgNh320EW/2GJKhJDoXhdvkZyifc5gu9/SaDq1JH1Q
ol8FyVhdJCiDu1cqw/LBMT1J8BSJuJI+y9b7eqyQ4oZOIhpJ5BsMgcJmmLMjgnBA
X1b1CtCJy9KbhNgLIqC+og37Bce2MDfAames/HC6wyZyryeChzhVYxhOw25YUk+W
hBTOfQN273TIEp/Nom/SNYKrG2D9a3ki+7AeGOHRDQbfhBXeogYHftIT+h7sErAe
EfkGoAE+pGeQiNXLDkSx6eZodxednpK4S8LoysUpkCAyl1Zfd2TjbVGyZNIcOEtO
kCNtJ0giM7ZccXLnA+aC/X6M0c27pd8sl2eIgkBaLymEoEYW+BgdxSE5HD5hhC/p
P6WT3nq8R5k0xmRXGXOEK2ireHIjQAfhADmv50YJv4wkbfbXADl1AImiLprgnrGI
y2sYyVzXGC4APQZJCgUG61wZkRp8QDtnjAdfJujSzuxg3KpE/x1MQJqlnibKflUN
uvhlMQF+ipU=W6+1
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
The References section of this erratum contains a download link (you must
log in to download the update).
The JBoss server process must be restarted for the update to take effect