VARIoT IoT vulnerabilities database

A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-1500 Software Controller (All versions >= V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC S7-PLCSIM Advanced (All versions >= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. plural SIMATIC The product contains an access control vulnerability.Information may be tampered with. The Simatic S7-1200 CPU and Simatic S7-1500 CPU series are discrete and continuous control in industrial environments such as manufacturing, food and beverage, and chemical industries. A man-in-the-middle attack vulnerability exists in the SIMATICS7-1200 and SIMATICS7-1500CPU families. A vulnerability has been identified in SIMATIC ET200SP (incl. No public exploitation of the vulnerability was known at the time of advisory publication. Both Siemens SIMATIC S7-1500 CPU and Siemens SIMATIC S7-1200 are products of Siemens, Germany. SIMATIC S7-1500 CPU is a CPU (central processing unit) module. Siemens SIMATIC S7-1200 is a S7-1200 series PLC (programmable logic controller). This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus. plural Modicon The product contains an exceptional state handling vulnerability.Service operation interruption (DoS) It may be in a state. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. A security vulnerability exists in several Schneider Electric products. An attacker could exploit this vulnerability to cause a denial of service

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller. plural Modicon The product contains an exceptional state handling vulnerability.Service operation interruption (DoS) It may be in a state. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. A security vulnerability exists in several Schneider Electric products. An attacker could exploit this vulnerability to cause a denial of service

Delta TPEditor is a man-machine interface programming software. The Delta TPEditor tpe project file has a memory corruption vulnerability. The attacker can trick the user who installed TPEditor to open the malicious tpe file, and then trigger the execution of malicious code on the user's system or cause the program to initiate a denial of service attack

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as "Set root password") are exposed. eQ-3 Homematic CCU2 and CCU3 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both eQ-3 Homematic CCU3 and eQ-3 HomeMatic CCU2 are central control units of a smart home system from German eQ-3 company. There is a command injection vulnerability in eQ-3 Homematic CCU2 and CCU3. The vulnerability stems from the process of constructing executable commands from external input data. The network system or product does not properly filter the special elements. The attacker can use this vulnerability to execute illegal commands

A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate. SAP NetWeaver UDDI server (Services Registry) Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus. Modicon M580 and Modicon M340 Exists in a vulnerability in handling exceptional conditions.Service operation interruption (DoS) It may be in a state. Schneider Electric Modicon M580 and Schneider Electric Modicon M340 are products of Schneider Electric. Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon M340 is a mid-range PLC (programmable logic controller) for industrial processes and infrastructure. There are security vulnerabilities in Schneider Electric Modicon M580 using firmware before V2.90 and Schneider Electric Modicon M340 using firmware before V3.10. An attacker could exploit this vulnerability to cause a denial of service

Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver Process Integration Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered

A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller. Modicon M580 Exists in a vulnerability in handling exceptional conditions.Service operation interruption (DoS) It may be in a state. Schneider Electric Modicon M580 is a programmable automation controller from Schneider Electric of France. A security vulnerability exists in Schneider Electric Modicon M580 using firmware versions prior to V2.80. An attacker could exploit this vulnerability to cause a denial of service

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. SCALANCE X-200 , X-200IRT , X-200RNA Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SCALANCE X is a series of industrial Ethernet switches launched by Siemens. The Siemens SCALANCE X series has an uncontrolled resource consumption vulnerability. Siemens SCALANCE X-200IRT is a tool produced by Siemensindustrial . The vulnerability stems from the failure of the network system or product to properly validate the input data

The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. all-in-one-wp-security-and-firewall is a website security protection plugin used in it. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues. WordPress for all-in-one-wp-security-and-firewall The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC virtual device type 28. eQ-3 Homematic CCU2 and CCU3 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both eQ-3 Homematic CCU3 and eQ-3 HomeMatic CCU2 are central control units of a smart home system from German eQ-3 company. Input verification error vulnerabilities exist in eQ-3 Homematic CCU2 and CCU3. The vulnerability stems from the failure of the network system or product to properly validate the input data

OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. Attackers can use this vulnerability to obtain sensitive information

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. Bugs fixed (https://bugzilla.redhat.com/): 1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs 1690628 - CVE-2019-3875 keycloak: missing signatures validation on CRL used to verify client certificates 1728609 - CVE-2019-10201 keycloak: SAML broker does not check existence of signature on document allowing any user impersonation 1729261 - CVE-2019-10199 keycloak: CSRF check missing in My Resources functionality in the Account Console 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1749487 - CVE-2019-14832 keycloak: cross-realm user access auth bypass 1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default 1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource 1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig 1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package 1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package 1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package 1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* 1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source 1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS 1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* 1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments 1816175 - CVE-2019-12419 cxf: OpenId Connect token service does not properly validate the clientId 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 5. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. JIRA issues fixed (https://issues.jboss.org/): JBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5 JBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11 JBEAP-17365 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7 JBEAP-17476 - [GSS](7.2.z) Upgrade Generic JMS RA 2.0.2.Final JBEAP-17478 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final JBEAP-17483 - [GSS](7.2.z) Upgrade Apache CXF from 3.2.9 to 3.2.10 JBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17513 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13 JBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005 JBEAP-17523 - [GSS](7.2.z) Upgrade wildfly-core from 6.0.16 to 6.0.17 JBEAP-17547 - [GSS](7.2.z) Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final JBEAP-17548 - [GSS](7.2.z) Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001 JBEAP-17560 - [GSS](7.2.z) Upgrade HAL from 3.0.16 to 3.0.17 JBEAP-17579 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.8 to 1.4.11 JBEAP-17582 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003 JBEAP-17605 - Tracker bug for the EAP 7.2.5 release for RHEL-8 JBEAP-17631 - [GSS](7.2.z) Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3 JBEAP-17647 - [GSS](7.2.z) Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final JBEAP-17665 - [GSS](7.2.z) Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final JBEAP-17722 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final JBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8 JBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1 7. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. For the stable distribution (buster), these problems have been fixed in version 2.2.5+dfsg2-2+deb10u1. We recommend that you upgrade your h2o packages. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Data Grid 7.3.3 security update Advisory ID: RHSA-2020:0727-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2020:0727 Issue date: 2020-03-05 CVE Names: CVE-2018-14335 CVE-2019-3805 CVE-2019-3888 CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-9518 CVE-2019-10173 CVE-2019-10174 CVE-2019-10184 CVE-2019-10212 CVE-2019-14379 ==================================================================== 1. Summary: An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat Data Grid 7.3.2 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Security Fix(es): * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518) * xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) (CVE-2019-10173) * infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174) * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * h2: Information Exposure due to insecure handling of permissions in the backup (CVE-2018-14335) * wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805) * undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888) * undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files (CVE-2019-10212) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To install this update, do the following: 1. Download the Data Grid 7.3.3 server patch from the customer portal. 2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. 3. Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes for patching instructions. 4. Restart Data Grid to ensure the changes take effect. 4. Bugs fixed (https://bugzilla.redhat.com/): 1610877 - CVE-2018-14335 h2: Information Exposure due to insecure handling of permissions in the backup 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1722971 - CVE-2019-10173 xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) 1731984 - CVE-2019-10212 undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 5. References: https://access.redhat.com/security/cve/CVE-2018-14335 https://access.redhat.com/security/cve/CVE-2019-3805 https://access.redhat.com/security/cve/CVE-2019-3888 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/cve/CVE-2019-10173 https://access.redhat.com/security/cve/CVE-2019-10174 https://access.redhat.com/security/cve/CVE-2019-10184 https://access.redhat.com/security/cve/CVE-2019-10212 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\xdata.grid&downloadType=patches&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXmD2b9zjgjWX9erEAQhDqA/9G7uM0HlTt4M6Z9Zc23FSbbr+jj1k/o69 a5WWa+xS3Ko4IvlN5rt+wOHSFet+NTMAerNHzAsB2+viX1hr14Hwf3QnIom/yxbJ PaC1djdaZfcvSIODhbq/C5Ilae09x3rW1voQ39i1Q2bsEqVePLZdC75KjvNLsfqe QJCMvcO3jkccxn7k45baCfTGsFyOhHb17Y9DRarWsC7jO9kEjMxrUPN6qKP6BC9t RMuqDxo1aJnatMeCWb7NA0UpOz0+lFpuR+ZZYPV444nGmfTKrbc9c5TuQUCSP+LD sG1+fh2xMztuGxNiJfgSP3iqHmgXD9TBxh1kxn1kt59llCO5+Uqu/O5OsqeQQ0Ym I+a2VAzn2N776sTbWIZ3231IJex68oG+4/fIo6/FVVJpmtDIDgumgErTPD0kkNuT yyyn3u50RZohzSxEz37QdiQDJbiJcJhmtFR5fLRAbFa8Ys2Gw81PGFba95/kVooX K5uSukzOBm8nhxfBvwZDCY/gWuJwVLSAOJb4VoPZiR2WbZsx+9r+spQv6K9wYr5v s//DY88rsUSaMH4kGco//6Dqis8IwOISr/ZR+Edlnrz1rHv9Z4XerMw56VUKIHva mS7rdNmbLqHN0XfZImxewLca2i7sWIlxWrgKF2f4zEO3ermivdis7RdssZkJ9Zv9 S7B2VoNOQj4=zoia -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Installation instructions are available from the Fuse 7.6.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/ 4. Description: Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. JIRA issues fixed (https://issues.jboss.org/): KEYCLOAK-11815 - Tracker bug for the RH-SSO 7.3.5 release for RHEL6 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0 SwiftNIO HTTP/2 1.5.0 is now available and addresses the following: SwiftNIO HTTP/2 Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on macOS Sierra 10.12 and later and Ubuntu 14.04 and later Impact: A HTTP/2 server may consume unbounded amounts of memory when receiving certain traffic patterns and eventually suffer resource exhaustion Description: This issue was addressed with improved buffer size management. CVE-2019-9512: Jonathan Looney of Netflix CVE-2019-9514: Jonathan Looney of Netflix CVE-2019-9515: Jonathan Looney of Netflix CVE-2019-9516: Jonathan Looney of Netflix SwiftNIO HTTP/2 Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on macOS Sierra 10.12 and later and Ubuntu 14.04 and later Impact: A HTTP/2 server may consume excessive CPU resources when receiving certain traffic patterns Description: This issue was addressed with improved input validation. CVE-2019-9518: Piotr Sikora of Google, Envoy Security Team Installation note: SwiftNIO HTTP/2 1.5.0 may be obtained via Swift Package Manager. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 and https://github.com/apple/swift-nio-http2/releases/tag/1.5.0. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.16.3)

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. Once the entropy is reduced, the attacker can brute-force the encryption key and use it to decrypt communications. Bluetooth BR/EDR is a Bluetooth BR/EDR (Basic Rate/Enhanced Data Rate) standard. An encryption issue vulnerability exists in Bluetooth BR/EDR 5.1 and earlier versions. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text. A weakness in the Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) protocol core specification exposes a vulnerability that could allow for an unauthenticated, adjacent malicious user to perform a man-in-the-middle attack on an encrypted Bluetooth connection. The attack must be performed during negotiation or renegotiation of a paired device connection; existing sessions cannot be attacked. The issue could allow the malicious user to reduce the entropy of the negotiated session key that is used to secure a Bluetooth connection between a paired device and a host device. An attacker who can successfully inject a malicious message into a Bluetooth connection during session negotiation or renegotiation could cause the strength of the session key to be susceptible to brute force attack. This advisory will be updated as additional information becomes available. There are no workarounds that address this vulnerability. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190813-bluetooth. 8.0) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * Backport TCP follow-up for small buffers (BZ#1739184) * TCP performance regression after CVE-2019-11478 bug fix (BZ#1743170) * RHEL8.0 - bnx2x link down, caused by transmit timeouts during load test (Marvell/Cavium/QLogic) (L3:) (BZ#1743548) * block: blk-mq improvement (BZ#1780567) * RHEL8.0 - Regression to RHEL7.6 by changing force_latency found during RHEL8.0 validation for SAP HANA on POWER (BZ#1781111) * blk-mq: overwirte performance drops on real MQ device (BZ#1782183) * RHEL8: creating vport takes lot of memory i.e 2GB per vport which leads to drain out system memory quickly. (BZ#1782705) 4. 7) - aarch64, noarch, ppc64le 3. Bug Fix(es): * kernel modules pkey and paes_s390 are not available (BZ#1719192) * pkey: Indicate old mkvp only if old and curr. mkvp are different (BZ#1720621) * System dropped into Mon running softboots Exception: 501 (Hardware Interrupt) at c00000000000a814 replay_interrupt_return+0x0/0x4 (ipmi) (BZ#1737563) * kernel: jump label transformation performance (BZ#1739143) * Backport i40e MDD detection removal for PFs (BZ#1747618) 4. 7.5) - ppc64, ppc64le, x86_64 3. Bug Fix(es): * TCP packets are segmented when sent to the VLAN device when coming from VXLAN dev. (BZ#1732810) * skb head copy occurs when sending traffic over OVS managed VXLAN tunnel (BZ#1733896) * [mlx4] VXLAN over VLAN TCP segmentation (BZ#1734306) * use "make -jN" for modules_install (BZ#1735082) * Backport TCP follow-up for small buffers (BZ#1739128) * [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use kvfree (BZ#1740176) * RHEL7.6 - powerpc/pseries: Disable CPU hotplug across migrations / powerpc/rtas: Fix a potential race between CPU-Offline & Migration (LPM) (BZ#1745437) * RHEL7.6 - powerpc/pseries: Fix unitialized timer reset on migration / powerpc/pseries/mobility: Extend start/stop topology update scope (LPM) (BZ#1745439) * RHEL7.5 - ISST-LTE:PVM:Zeppelin :LPM: Failure logs and stack trace seen during LPM (POWER9/P9) (BZ#1745447) 4. 7.2) - x86_64 3. Bug Fix(es): * port show-kabi to python3 (BZ#1806924) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2019:3218-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3218 Issue date: 2019-10-29 CVE Names: CVE-2019-9506 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.3) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.3) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.3) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.3) - noarch, x86_64 3. Security Fix(es): * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel build: parallelize redhat/mod-sign.sh (BZ#1755326) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Package List: Red Hat Enterprise Linux Server AUS (v. 7.3): Source: kernel-3.10.0-514.70.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.70.1.el7.noarch.rpm kernel-doc-3.10.0-514.70.1.el7.noarch.rpm x86_64: kernel-3.10.0-514.70.1.el7.x86_64.rpm kernel-debug-3.10.0-514.70.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.70.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.70.1.el7.x86_64.rpm kernel-devel-3.10.0-514.70.1.el7.x86_64.rpm kernel-headers-3.10.0-514.70.1.el7.x86_64.rpm kernel-tools-3.10.0-514.70.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.70.1.el7.x86_64.rpm perf-3.10.0-514.70.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm python-perf-3.10.0-514.70.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.3): Source: kernel-3.10.0-514.70.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.70.1.el7.noarch.rpm kernel-doc-3.10.0-514.70.1.el7.noarch.rpm ppc64le: kernel-3.10.0-514.70.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-514.70.1.el7.ppc64le.rpm kernel-debug-3.10.0-514.70.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-514.70.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.70.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.70.1.el7.ppc64le.rpm kernel-devel-3.10.0-514.70.1.el7.ppc64le.rpm kernel-headers-3.10.0-514.70.1.el7.ppc64le.rpm kernel-tools-3.10.0-514.70.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.70.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-514.70.1.el7.ppc64le.rpm perf-3.10.0-514.70.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.70.1.el7.ppc64le.rpm python-perf-3.10.0-514.70.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.70.1.el7.ppc64le.rpm x86_64: kernel-3.10.0-514.70.1.el7.x86_64.rpm kernel-debug-3.10.0-514.70.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.70.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.70.1.el7.x86_64.rpm kernel-devel-3.10.0-514.70.1.el7.x86_64.rpm kernel-headers-3.10.0-514.70.1.el7.x86_64.rpm kernel-tools-3.10.0-514.70.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.70.1.el7.x86_64.rpm perf-3.10.0-514.70.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm python-perf-3.10.0-514.70.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.3): Source: kernel-3.10.0-514.70.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.70.1.el7.noarch.rpm kernel-doc-3.10.0-514.70.1.el7.noarch.rpm x86_64: kernel-3.10.0-514.70.1.el7.x86_64.rpm kernel-debug-3.10.0-514.70.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.70.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.70.1.el7.x86_64.rpm kernel-devel-3.10.0-514.70.1.el7.x86_64.rpm kernel-headers-3.10.0-514.70.1.el7.x86_64.rpm kernel-tools-3.10.0-514.70.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.70.1.el7.x86_64.rpm perf-3.10.0-514.70.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm python-perf-3.10.0-514.70.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.3): x86_64: kernel-debug-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.70.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.70.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.3): ppc64le: kernel-debug-debuginfo-3.10.0-514.70.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-514.70.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.70.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.70.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.70.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-514.70.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.70.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.70.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.70.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.70.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.3): x86_64: kernel-debug-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.70.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.70.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.70.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXbgzJ9zjgjWX9erEAQiOuQ/9GqJN/Q6EHpz6n2yaiazzQe7JRASRJFKT hjCmDd6nvHhSR2v6pvu2rrZbmG1EV//v+NOTVjInKXKVO41013w2bgBPAmSdjCcu 1+5UfHBoCkhdO3TBzBv+Vb0at8QYGmfLl8NYJTvSOT4stiC5TKdKAct0R++LvAz0 l24IDoomsXF5xvDU+b4XjyD+XFwcZLPnfUtTrNg/7l0JK08/Y9sE8giYgZkySoJv g7sB7f9OOOcMOuXtGhCHhBl9aZUujSskmWyHOBQMcZk6/m4EyTpXP/s9/3eW9ngr ek2iySSo+PVajcjCNCwWjzMSMWQQ8pBTdbAGnaKQj12JrrDZvalwm3Fojbp+qnEd aD0PjhfXKybVVJpGEGBDlDMf0IKZrvkvJ4P47Gmcfl1/WnY5K+AwrImeL/zySjjq BTsGhW15O7CPQoNByAEuDeMo5FTzjQ2xac+A8LkNiRNmUqs42fqRBr0KbVY7YDn8 tNwFLtqrSoe+az0NbuGr8Uimr3+DULJBucFtxX8fnuCQf/sL9B+REgX8g5c3D/YB vFp8E3D/svkA03mYMyv2Q3xDnj5v1sI60jcnIx76GWTdh3elYEMIgtphqzlSfKmL rrmLRRpmZ+eJsNSXzBs2f90AOFEI/NN7UE/+BGQ0raCl1MciVuQRjweCUcl0PfDb XqcHBFZ9TC8= =Yc+c -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra address the following: AppleGraphicsControl Available for: macOS Mojave 10.14.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8693: Arash Tohidi of Solita autofs Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper Description: This was addressed with additional checks by Gatekeeper on files mounted through a network share. CVE-2019-8656: Filippo Cavallarin Bluetooth Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-19860 Bluetooth Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB) Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Kasper Rasmussen of University of Oxford, England Entry added August 13, 2019 Carbon Core Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8661: Natalie Silvanovich of Google Project Zero Core Data Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero Core Data Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project Zero Disk Management Available for: macOS Mojave 10.14.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8697: ccpwd working with Trend Micro's Zero Day Initiative FaceTime Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu Found in Apps Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to leak memory Description: This issue was addressed with improved checks. CVE-2019-8663: Natalie Silvanovich of Google Project Zero Foundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project Zero Grapher Available for: macOS Mojave 10.14.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8695: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Graphics Drivers Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8691: Aleksandr Tarasikov (@astarasikov), Arash Tohidi of Solita, Lilang Wu and Moony Li of Trend Micro's Mobile Security Research Team working with Trend Micro's Zero Day Initiative CVE-2019-8692: Lilang Wu and Moony Li of Trend Micro Mobile Security Research Team working with Trend Micro's Zero Day Initiative Heimdal Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team and Catalyst IOAcceleratorFamily Available for: macOS Mojave 10.14.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8694: Arash Tohidi of Solita libxslt Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: A remote attacker may be able to view sensitive information Description: A stack overflow was addressed with improved input validation. CVE-2019-13118: found by OSS-Fuzz Quick Look Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary Description: This issue was addressed with improved checks. CVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google Project Zero Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8697: ccpwd working with Trend Micro's Zero Day Initiative Siri Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero Time Machine Available for: macOS Mojave 10.14.5 Impact: The encryption status of a Time Machine backup may be incorrect Description: An inconsistent user interface issue was addressed with improved state management. CVE-2019-8667: Roland Kletzing of cyber:con GmbH UIFoundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Additional recognition Classroom We would like to acknowledge Jeff Johnson of underpassapp.com for their assistance. Game Center We would like to acknowledge Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc. for their assistance. Installation note: macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl1S688pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3Hiog/+ PcWPEhxDpnU1ctoVPhyoqkV1tUs8z3hdNyX/tPtQZIQVFB7No1Md0GX8Zrv2libb LwrbU25ewe82XE9Es6ngxTdkRaREn8+hm9gxYPCMDXyKRlv904Q1b4zthYUt7/NO 7RG6ZRHEINOQORzrDsmgT/X6TukIy73HNob+4xZJTdJe9ZU3/zDCaqUgyUJSodou vsVFR3oqkwbVby4eT9+YbxJWMvVoFfB1+Qqo1w9kN7WXcYK3gb7sGtnNQlrE70kR pLRogcmwTQsi+sTm8bxQsuXXjdtTHeeCf0FRJg8NY5wZmdV9lNOghtmNxfTwIuir VeWusIgZWaK7IbgHW3PRYv3Sbrk40zcOraDsPv2rdgjOj4ReVyKHw5/f5Fyhcn+v WnIC4iNIBurz0HZU91QqD58Sqp+HtWl8xkM3ZW+Kd9LjnLty3fNw6Au5Aw8DTHzN 5F+lz7JRVV3+j7AYELog3WV6mdzMKW85gJRJtwXJ8hHSYZnvat06faFlPcDiKjBW rW7BehRykZpmZtaSZjL25IeOuXJHHdRfvabuTZ3nk47SSn7EJJ3xFBnvw6TgVFX+ TvmcUg5FinTSR81NkIY0ux6x1kuV/4vIUGZ4O0Houf/FoUhMQvig9ZkSw2B+Ynbd Xl3qBT4SVPWQyFAvjHwjCZA+GpNsnEKgZm8SlYVgqog= =tCwo -----END PGP SIGNATURE----- . 7) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. ========================================================================== Ubuntu Security Notice USN-4147-1 October 04, 2019 linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors - linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems - linux-hwe: Linux hardware enablement (HWE) kernel Details: It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) Benjamin Moody discovered that the XFS file system in the Linux kernel did not properly handle an error condition when out of disk quota. A local attacker could possibly use this to cause a denial of service. (CVE-2019-15538) It was discovered that the Hisilicon HNS3 ethernet device driver in the Linux kernel contained an out of bounds access vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2019-15925) It was discovered that the Atheros mobile chipset driver in the Linux kernel did not properly validate data in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2019-15926) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. A physically proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that ZR364XX Camera USB device driver for the Linux kernel did not properly initialize memory. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15217) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) It was discovered that the Line 6 USB driver for the Linux kernel contained a race condition when the device was disconnected. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15223) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: linux-image-5.0.0-1018-aws 5.0.0-1018.20 linux-image-5.0.0-1019-kvm 5.0.0-1019.20 linux-image-5.0.0-1019-raspi2 5.0.0-1019.19 linux-image-5.0.0-1020-gcp 5.0.0-1020.20 linux-image-5.0.0-1022-azure 5.0.0-1022.23 linux-image-5.0.0-1023-snapdragon 5.0.0-1023.24 linux-image-5.0.0-31-generic 5.0.0-31.33 linux-image-5.0.0-31-generic-lpae 5.0.0-31.33 linux-image-5.0.0-31-lowlatency 5.0.0-31.33 linux-image-aws 5.0.0.1018.19 linux-image-azure 5.0.0.1022.21 linux-image-gcp 5.0.0.1020.46 linux-image-generic 5.0.0.31.32 linux-image-generic-lpae 5.0.0.31.32 linux-image-gke 5.0.0.1020.46 linux-image-kvm 5.0.0.1019.19 linux-image-lowlatency 5.0.0.31.32 linux-image-raspi2 5.0.0.1019.16 linux-image-snapdragon 5.0.0.1023.16 linux-image-virtual 5.0.0.31.32 Ubuntu 18.04 LTS: linux-image-5.0.0-1020-gke 5.0.0-1020.20~18.04.1 linux-image-5.0.0-31-generic 5.0.0-31.33~18.04.1 linux-image-5.0.0-31-generic-lpae 5.0.0-31.33~18.04.1 linux-image-5.0.0-31-lowlatency 5.0.0-31.33~18.04.1 linux-image-generic-hwe-18.04 5.0.0.31.88 linux-image-generic-lpae-hwe-18.04 5.0.0.31.88 linux-image-gke-5.0 5.0.0.1020.9 linux-image-lowlatency-hwe-18.04 5.0.0.31.88 linux-image-snapdragon-hwe-18.04 5.0.0.31.88 linux-image-virtual-hwe-18.04 5.0.0.31.88 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4147-1 CVE-2019-0136, CVE-2019-10207, CVE-2019-13631, CVE-2019-15090, CVE-2019-15117, CVE-2019-15118, CVE-2019-15211, CVE-2019-15212, CVE-2019-15215, CVE-2019-15217, CVE-2019-15218, CVE-2019-15220, CVE-2019-15221, CVE-2019-15223, CVE-2019-15538, CVE-2019-15925, CVE-2019-15926, CVE-2019-9506 Package Information: https://launchpad.net/ubuntu/+source/linux/5.0.0-31.33 https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1018.20 https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1022.23 https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1020.20 https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1019.20 https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1019.19 https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1023.24 https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1020.20~18.04.1 https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-31.33~18.04.1 . Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About"

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-nginx114-nginx security update Advisory ID: RHSA-2019:2775-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2775 Issue date: 2019-09-16 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary: An update for rh-nginx114-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The rh-nginx114-nginx service must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm aarch64: rh-nginx114-nginx-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.aarch64.rpm ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm aarch64: rh-nginx114-nginx-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.aarch64.rpm ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYD0u9zjgjWX9erEAQh90w/7BWdh3Jxs9cP+P0kgwkv3Y0BLGblHx0B4 3BkFoa4B+/k2xrCOl+vy6cPip7PY7KVemOfv6g3BYlqAISOxU2lSjScEMwhdrh4g 2Ng7xkoUOoQ0KfXmVzMayVUkRwgam+utdacHnNgdGdYPwhCmticW0n5PfNakMOb6 CCmUZ91tfV7orMPiH+f1nBIulXok4zcOzdvZElSh97dmQcjoi+T5EoqbcFY8n5Ck Y+COohJ3X026oab73Tr2Kayju43TJGUdNR8lVmap4H8QkXqvbTrjd2YqXj8Zg7qr oNh7J2jnRec01+rYG8sL225+ZrdTtZ6c7kXQpUDh+jkjDImfJZz38HkI5/mRU+iS VSqP5PAhKvYlOXvIGIOoWtMXLDmnuzVEo/E/tScHc85Mp+6B5yM5r93dTGuRfjo1 yvSIftS3y7A8NtP7oJvpvVhcVAyc024X124PtojSoL+s5K60jzy06rky4WxIy0uh kqK1W/SowueKFreJjBo4N6ZZ6rjBZ8okZKqWjRCi56szhP3KJ4+563g5VfltLsd5 YqN9li8tUNzjrehVkZKEKfv6RkEQUuAbyAEVL6yFzVk3lTf1SgjlQhCNedWmD6N7 aeVU/tMNw4gMXXtmLPObL54HNUNgM799BLVzzna+wofr2iT7nnUZakCsfn+jHYk7 3Z3oFnpnL5o=L5z9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/): JBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5 JBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11 JBEAP-17365 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7 JBEAP-17476 - [GSS](7.2.z) Upgrade Generic JMS RA 2.0.2.Final JBEAP-17478 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final JBEAP-17483 - [GSS](7.2.z) Upgrade Apache CXF from 3.2.9 to 3.2.10 JBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17513 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13 JBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005 JBEAP-17523 - [GSS](7.2.z) Upgrade wildfly-core from 6.0.16 to 6.0.17 JBEAP-17547 - [GSS](7.2.z) Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final JBEAP-17548 - [GSS](7.2.z) Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001 JBEAP-17560 - [GSS](7.2.z) Upgrade HAL from 3.0.16 to 3.0.17 JBEAP-17579 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.8 to 1.4.11 JBEAP-17582 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003 JBEAP-17605 - Tracker bug for the EAP 7.2.5 release for RHEL-8 JBEAP-17631 - [GSS](7.2.z) Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3 JBEAP-17647 - [GSS](7.2.z) Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final JBEAP-17665 - [GSS](7.2.z) Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final JBEAP-17722 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final JBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8 JBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1 7. For the oldstable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u3. For the stable distribution (buster), these problems have been fixed in version 1.14.2-2+deb10u1. We recommend that you upgrade your nginx packages. For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1e7q4ACgkQEMKTtsN8 TjanPg/+JLLuKVdUDpVPFNkX1ckmT5gsoCwzGz3ybhcDMxbf7jD8jtmXFiGFn4fP MXsx6MgrRZn3hq+2VF6MKZjKh9n1hBX38PkqjHKEtV6Xzor97xxLH0rrMlBMEQ7y rz96YTffJfcj+ykI3Vlye1GGDEiKyu0vWgoutXH3i8GUYFyDk//HQdI0eJLQhkfo TMRdbAKmMGeMt/8tSz4G0wewdxc9xjNwE1lKkV22JbT6t656f5QtvOLxt2HvM5c4 gFtFFBv7e1ymh0CKz4VxOxjEH+4ogx5HfzcYP2LjaZJsCFOw8ZUbdieFhlF0R2jH vskBuYLPa/djYHoZ55KY/WTmTsn72y7ZEuQcAdiHRVjg6wRFaum/KkdwutBBCeEj odvrGUcgdLLx4uAC7JOt9HME77Rgu1wTnx3l9L3QCwxIXpHqL8zOuSrSKYDuntDT agQ/awapEYYK5IAgo7YGkhHHHbTSLQ2UX9KfmyoPXJ+H9Vl/XjGhPwdDSEYNqrE9 IKQ8gaFCVOgjJo8lTa5NBsvxa08Gh6jQGZo8Rgfjs4KvUS847Cpb086BvU9pMs36 46+cLbkJ2jkfMLd4slZ5Gf2wkagUJmeZD5O7bY90Szs/IUOJez0LWaN3l7VSMtvY a3a/Y53cX1QYt60eiE6x/ifraOHzcsJglrUNmK8VPfJ9tSTFhWY=+ZOE -----END PGP SIGNATURE----- . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. 7) - noarch, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.16.1). The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1728604 - CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource 1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig 1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package 1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package 1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package 1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* 1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource 1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source 1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default 1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS 1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* 1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1798524 - CVE-2019-20444 netty: HTTP request smuggling 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1815212 - CVE-2020-1953 apache-commons-configuration: uncontrolled class instantiation when loading YAML files 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory 1848960 - CVE-2020-14060 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool 1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool 1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms 5. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. The References section of this erratum contains a download link (you must log in to download the update)