VARIoT IoT vulnerabilities database

HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection. HARMAN AMX MVP5150 The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The HarmanAMXMVP5150 is an audio and video system device

A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands. A successful exploit could allow the attacker to perform arbitrary command injection. The attacker would need administrator credentials for the targeted device. Cisco NX-OS The software includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco NX-OS Software is prone to a local command-injection vulnerability. This issue is being tracked by Cisco Bug IDs CSCvi01453 and CSCvj00550. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. The following products and versions are affected: Cisco Nexus 3000 Series Switches; Nexus 3500 Platform Switches; Nexus 3600 Platform Switches; Nexus 9000 Series Switches in standalone NX-OS mode; Nexus 9500 R-Series Switching Platform

A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. These file overwrites by the attacker are accomplished at the root privilege level. The vulnerability occurs because there is no verification of user-input parameters and or digital-signature verification for image files when using a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device and issuing a command at the CLI. Because an exploit could allow the attacker to overwrite any file on the disk, including system files, a denial of service (DoS) condition could occur. The attacker must have valid administrator credentials for the affected device to exploit this vulnerability. Cisco NX-OS The software contains an input validation vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Cisco NX-OS Software is prone to an arbitrary file-overwrite vulnerability. Attackers can overwrite arbitrary files on an unsuspecting user's computer in the context of the vulnerable application. This issue is being tracked by Cisco Bug IDs CSCvh76022 and CSCvj03856. Cisco Nexus 3000 Series Switches are all products of Cisco (Cisco). Cisco Nexus 3000 Series Switches is a 3000 series switch. Cisco Nexus 3500 Platform Switches is a 3500 series platform switch. Cisco Nexus 3600 Platform Switches is a 3600 series platform switch. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Cisco Nexus 3000 Series Switches; Nexus 3500 Platform Switches; Nexus 3600 Platform Switches; Nexus 9000 Series Switches in standalone NX-OS mode; Nexus 9500 R-Series Switching Platform

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to the incorrect implementation of a CLI command that allows a Bash command to be incorrectly invoked on the Guest Shell CLI. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Guest Shell prompt. A successful exploit could allow the attacker to issue commands that should be restricted by a Guest Shell account. Cisco NX-OS The software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco NX-OS System Software is prone to a local security-bypass vulnerability. This may aid in further attacks. This issue is being tracked by Cisco Bug IDs CSCvh76090, CSCvj01472, CSCvj01497 . The implementation of the Bash shell in Cisco NX-OS Software is vulnerable to permission and access control issues. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products. The following products and versions are affected: Cisco Nexus 3000 Series Switches; Nexus 3500 Platform Switches; Nexus 3600 Platform Switches; Nexus 7000 Series Switches; Nexus 7700 Series Switches; Nexus 9000 Series Switches in standalone NX-OS mode; Platform

A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the NX-API Sandbox interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the NX-API Sandbox interface. An attacker could exploit this vulnerability by persuading a user of the NX-API Sandbox interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected NX-API Sandbox interface. Cisco NX-OS The software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvj14814. Cisco NX-OS Software is a data center-level operating system software used by a set of switches of Cisco. The vulnerability stems from the lack of correct validation of client data in WEB applications. The following products and versions are affected: Cisco Nexus 3000 Series Switches; Nexus 3500 Platform Switches; Nexus 9000 Series Switches in standalone NX-OS mode

A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to incomplete error handling if a specific error type occurs during the SSH key export. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the CLI. A successful exploit could allow the attacker to expose a user's private SSH key. In addition, a similar type of error in the SSH key import could cause the passphrase-protected private SSH key to be imported unintentionally. Cisco NX-OS The software contains an information disclosure vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Cisco NX-OS Software is prone to local information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug IDs CSCvh76123, CSCvh76123, CSCvj01385, CSCvj01386, CSCvj01393

TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password. TP-Link Archer CR-700 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. TP-Link Archer CR-700 is a wireless modem from China Pulian (TP-Link). There is a cross-site scripting vulnerability in TP-Link Archer CR-700 version 1.0.6, which is caused by the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Xiaomi Xiaoai MINI Smart Speaker is a smart speaker product produced by Xiaomi Technology Company. There is a binary loophole in Xiaomi Xiaoai MINI smart speaker. An attacker can use the loophole to allow the target speaker to receive voice instructions.

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350, Sx550 Series Switches could allow an authenticated, remote attacker to cause the SNMP application of an affected device to cease processing traffic, resulting in the CPU utilization reaching one hundred percent. Manual intervention may be required before a device resumes normal operations. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a malicious SNMP packet to an affected device. A successful exploit could allow the attacker to cause the device to cease forwarding traffic, which could result in a denial of service (DoS) condition. Cisco has released firmware updates that address this vulnerability. plural Cisco The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. CiscoSmallBusinessSwitch is the core series switch of cisco. The vulnerability stems from a network system or product that does not properly validate the input data. This issue is being tracked by Cisco Bug IDs CSCvn49346, CSCvn93730

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Cisco NX-OS The software includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco NX-OS Software is prone to a local command-injection vulnerability. This issue is being tracked by Cisco Bug IDs CSCvh75867, CSCvh75958, CSCvi92239, CSCvi92240, CSCvi92242, CSCvi92243 and CSCvk36294

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system. These issues are being tracked by Cisco Bug IDs CSCvn88721, CSCvo03346, CSCvo05229, CSCvo05231, CSCvo33767, CSCvo33769, and CSCvo33774. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system. These issues are being tracked by Cisco Bug IDs CSCvn88721, CSCvo03346, CSCvo05229, CSCvo05231, CSCvo33767, CSCvo33769, and CSCvo33774. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system. These issues are being tracked by Cisco Bug IDs CSCvn88721, CSCvo03346, CSCvo05229, CSCvo05231, CSCvo33767, CSCvo33769, and CSCvo33774. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system. This issue is tracked by Cisco Bug ID's CSCvo22842, CSCvo28671, CSCvo28680, CSCvo62258, CSCvo62264 and CSCvo62280

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system. This issue is tracked by Cisco Bug ID's CSCvo22842, CSCvo28671, CSCvo28680, CSCvo62258, CSCvo62264 and CSCvo62280

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. This issue is tracked by Cisco Bug ID's CSCvo23576, CSCvo28734, CSCvo62268 and CSCvo62275. Attackers can exploit this vulnerability to execute illegal SQL commands

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. This issue is tracked by Cisco Bug ID's CSCvo23576, CSCvo28734, CSCvo62268 and CSCvo62275. Attackers can exploit this vulnerability to execute illegal SQL commands

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information. This issue is being tracked by Cisco Bug ID CSCvo28666 and CSCvo62256. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths. The following products and versions are affected: Cisco PI Software versions prior to 3.4, versions prior to 3.5, and versions prior to 3.6; Cisco EPN Manager versions prior to 3.0.1

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system. This issue is tracked by Cisco Bug ID's CSCvo22842, CSCvo28671, CSCvo28680, CSCvo62258, CSCvo62264 and CSCvo62280

Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf. Intel Xeon Scalable Processors and so on are products of Intel Corporation of the United States. Intel XeonScalable Processors is a scalable server central processing unit (CPU). IntelXeonProcessorE7v4Family is a XeonE7 series server central processing unit (CPU). IntelXeonProcessorE5v4Family is a XeonE5 series server central processing unit (CPU). An information disclosure vulnerability exists in several Intel products. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component. The following products and versions are affected: Intel Xeon Scalable Processors; Xeon Processor E7 v4 Family; Xeon Processor E5 v4 Family; Xeon Processor E3 v6 Family; Xeon Processor E3 v4 Family; Xeon Processor E; Xeon E Processor; Xeon D Processor; Puma; Pentium Processor Silver Series; Pentium Processor N Series; Pentium Processor J Series; Pentium Gold Processor Series; Mobile Communications Platforms; Microcode; Core X series Processors; Celeron Processor N Series; Celeron Processor J Series; Celeron Processor G Series; Atom Processor X Series ;Atom Processor E3900 Series;Atom Processor E3800 Series;Atom Processor. The vulnerability is due to improper memory operations that could expose a side channel on the affected system. A successful exploit could be used to conduct further attacks. Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available. A third-party patch is also available. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2019:1185-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1185 Issue date: 2019-05-14 CVE Names: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 ===================================================================== 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64, ppc64le, x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2019-11091) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Package List: Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4): Source: qemu-kvm-1.5.3-141.el7_4.10.src.rpm x86_64: qemu-img-1.5.3-141.el7_4.10.x86_64.rpm qemu-kvm-1.5.3-141.el7_4.10.x86_64.rpm qemu-kvm-common-1.5.3-141.el7_4.10.x86_64.rpm qemu-kvm-debuginfo-1.5.3-141.el7_4.10.x86_64.rpm qemu-kvm-tools-1.5.3-141.el7_4.10.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.4): Source: qemu-kvm-1.5.3-141.el7_4.10.src.rpm ppc64: qemu-img-1.5.3-141.el7_4.10.ppc64.rpm qemu-kvm-debuginfo-1.5.3-141.el7_4.10.ppc64.rpm ppc64le: qemu-img-1.5.3-141.el7_4.10.ppc64le.rpm qemu-kvm-debuginfo-1.5.3-141.el7_4.10.ppc64le.rpm x86_64: qemu-img-1.5.3-141.el7_4.10.x86_64.rpm qemu-kvm-1.5.3-141.el7_4.10.x86_64.rpm qemu-kvm-common-1.5.3-141.el7_4.10.x86_64.rpm qemu-kvm-debuginfo-1.5.3-141.el7_4.10.x86_64.rpm qemu-kvm-tools-1.5.3-141.el7_4.10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-12126 https://access.redhat.com/security/cve/CVE-2018-12127 https://access.redhat.com/security/cve/CVE-2018-12130 https://access.redhat.com/security/cve/CVE-2019-11091 https://access.redhat.com/security/vulnerabilities/mds https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXNsSVNzjgjWX9erEAQiXQQ//Uu1syzSGpDi6dgh4btMzKTLWEluRQE15 ERIN3qbzOOdAuH9hop0I1JAPVjYtTYRvDekYSNUKwOC1/DTLmeblCRLuxMBs3Hkh 3N8T49rfZgESGpZ+F5yfsJk3ZmFdv9FGvZtvMv32HG/xlqW35WmFvgs5zpZsO3OA UNDLhyhfdGROORliy3nFah3UVzr/jhOnpXr+4jPZ+6WJgsVVDJmMEjgtfB9mJ80G WgqfmoLApyYtco/oN7kiTsqYAXLQj0g6dfHwDnWeSfGsPXUmjfG6w0VMUyFqyZr3 7FQhgZM/4Ad9CrszU/G9mk8+pofL/I0jE3B9/SFPjhIEx2JMMatR70u1jyVZgItw U+wY3gEPxU5EyOA6DOcYmEJrngSqKSVTMPe5HL8VqQq63+zGlTLPE6qxAmYdPBIL TQq95T7csc1KiMC0rl+uUpG5skXsecWKrzbUKnPnz0JMNwuDftoEz5MEq7R1AwHW ct15ewglsW8zBdzCR9+s/p5t1qbUzi5Kd+VSiSmtYBsNR1F4QVCjREFrnYMOE/1Q a32dy7/HjHGIs4/iqEFsskeYhWNR+c8EpvClieeBHvgCcXQcNoaMYXm/V4ZeMoEm NcrTM9IHwD/tOhDajjuFkcTujYJsM6zsHWQHhz07At9UolGZRe0FkRTtohQlvMJi jNFdgvxu0bU= =B1Xr -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Software Description: - intel-microcode: Processor microcode for Intel CPUs Details: USN-3977-1 provided mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry Trail and Bay Trail processor families. ========================================================================== Ubuntu Security Notice USN-3978-1 May 14, 2019 qemu update ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary: Several issues were addressed in QEMU. Software Description: - qemu: Machine emulator and virtualizer Details: Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian \xd6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian \xd6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. (CVE-2018-12126) Kurtis Miller discovered that a buffer overflow existed in QEMU when loading a device tree blob. A local attacker could use this to execute arbitrary code. (CVE-2018-20815) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian \xd6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. (CVE-2019-11091) It was discovered that a NULL pointer dereference existed in the sun4u power device implementation in QEMU. A local attacker could use this to cause a denial of service. This issue only affected Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-5008) William Bowling discovered that an information leak existed in the SLiRP networking implementation of QEMU. (CVE-2019-9824) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: qemu 1:3.1+dfsg-2ubuntu3.1 qemu-system-x86 1:3.1+dfsg-2ubuntu3.1 Ubuntu 18.10: qemu 1:2.12+dfsg-3ubuntu8.7 qemu-system-x86 1:2.12+dfsg-3ubuntu8.7 Ubuntu 18.04 LTS: qemu 1:2.11+dfsg-1ubuntu7.13 qemu-system-x86 1:2.11+dfsg-1ubuntu7.13 Ubuntu 16.04 LTS: qemu 1:2.5+dfsg-5ubuntu10.38 qemu-system-x86 1:2.5+dfsg-5ubuntu10.38 Ubuntu 14.04 ESM: qemu 2.0.0+dfsg-2ubuntu1.46 qemu-system-x86 2.0.0+dfsg-2ubuntu1.46 After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes. Relevant releases/architectures: RHV-M 4.2 - noarch 3. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. It provides mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities. To fully resolve these vulnerabilities it is also necessary to update the Linux kernel packages as released in DSA 4444. For the stable distribution (stretch), these problems have been fixed in version 3.20190514.1~deb9u1. For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzb2WsACgkQEMKTtsN8 TjZ+PBAAqVaw+/6ZsLEwj4aPlI0XrDP1MEWLHSFyOpOluNKaHSfCR1MopjdmSykT 91es+HCLISwbpuhPy8a+rPEZnSwnQczuXJITMVnW0Z9noUvTf/BnN/dAdwTa8Ka8 DkhBnvmc5gOkdcG7il+PaI1byZ5/6S+znqhDiN4VSZg3h1LhJMk9h9kUjQS+W6uC qA4JGdJsqeQShngE8njGetwCaf29+e2OQ3RfuDp+6XgsQln2ZOi7r69Bj5VmH5jB yYzMMp8n0jMKelzqP9HtniL/P/75foDhQrP95k8gFaeRaLTEIb0NNLP1JpiaVKtn +c+1yMN6R7JG86AOlNOq/xUHv3pkuP9i2PBEga/956nQZf9g9/5tc6/K0dgHl4Yx zn1SKQrKdXVqtvYx6boh3cPqoJ99W32GijQHr2N8ezjdmW7SHMGtpnSVO88nDbH4 JVdxVhtY4JCsDJxYIwb6T4p3TSGIzN0T7y5/YqItqObmblLpg8jASWNkrepH3jqY a9swwMelQTsop5LFTwgYbTznXSEE+AorFTc+hOvScR4ZSr8kPVK/nf/m+h5Zj68B Lx/nnOQZFYySrNBKMfMLCXmrmMWP3ZavMiiEJL4GbWfNFAEJH4P+2UwsjwyEVW3h NrRAdm0MqsY86tHBWmDGhNMYjShKm/vG5mMpWg5r3AG3IhG1x/U= =PWZK -----END PGP SIGNATURE----- . These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks