VARIoT IoT vulnerabilities database

VAR-201902-0278	CVE-2019-7673	MOBOTIX S14 Information disclosure vulnerability in devices	CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administrator Credentials are stored in the 13-character DES hash format. MOBOTIX S14 The device contains an information disclosure vulnerability.Information may be obtained. MOBOTIX S14 is a network camera produced by German MOBOTIX company. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

VAR-201902-0281	CVE-2019-7676	Enphase Envoy Vulnerabilities related to certificate and password management	CVSS V2: 6.5 CVSS V3: 7.2 Severity: HIGH

A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account. Enphase Envoy Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Enphase Envoy is the core home energy control gateway in Enphase Energy's home energy solution. Allows remote attackers to use vulnerabilities to submit special requests and unauthorized access to applications

VAR-201902-0001	CVE-2009-5154	MOBOTIX S14 Vulnerabilities related to the use of hard-coded credentials on devices	CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account. MOBOTIX S14 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MOBOTIX S14 is a network camera produced by German MOBOTIX company. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

VAR-201903-0464	CVE-2019-7421	SAMSUNG X7400GX SyncThru Web Service Vulnerable to cross-site scripting	CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM

SAMSUNG X7400GX SyncThru Web Service Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code.

VAR-201903-0463	CVE-2019-7420	SAMSUNG X7400GX SyncThru Web Service Vulnerable to cross-site scripting	CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code.

VAR-201903-0462	CVE-2019-7419	SAMSUNG X7400GX SyncThru Web Service Vulnerable to cross-site scripting	CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM

SAMSUNG X7400GX SyncThru Web Service Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code.

VAR-201902-0255	CVE-2019-7632	plural LifeSize Product In OS Command injection vulnerability	CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH

LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication. plural LifeSize Product Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LifeSize Team and others are a set of video conferencing solutions of American LifeSize Company. An operating system command injection vulnerability exists in several LifeSize products. An attacker could exploit this vulnerability to inject and run code on the system

VAR-201904-1069	CVE-2019-0199	Apache Tomcat Vulnerable to resource exhaustion	CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. Apache Tomcat Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Apache Tomcat is a lightweight web application server from the Apache Software Foundation. This program implements support for Servlet and JavaServerPage (JSP). There is a security vulnerability in Apache Tomcat. An attacker could exploit the vulnerability to cause a denial of service. Attackers may leverage this issue to cause denial-of-service conditions. A vulnerability in Apache Tomcat could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a resource exhaustion condition in the HTTP/2 implementation of the affected software. A successful exploit could result in a DoS condition on the targeted system. Apache has confirmed the vulnerability and released software updates. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4596-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat8 CVE ID : CVE-2018-8014 CVE-2018-11784 CVE-2019-0199 CVE-2019-0221 CVE-2019-12418 CVE-2019-17563 Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross- site scripting, denial of service via resource exhaustion and insecure redirects. For the oldstable distribution (stretch), these problems have been fixed in version 8.5.50-0+deb9u1. This update also requires an updated version of tomcat-native which has been updated to 1.2.21-1~deb9u1. We recommend that you upgrade your tomcat8 packages. For the detailed security status of tomcat8 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat8 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl4GgDcACgkQEMKTtsN8 TjaVxA//dmUGPdFZSI6VW/avTJ8YKIgVaKTLJz47hl9GKWJoGI4lG5TE4INs193y xKf2gtuPb/YCdqZj2VphPTiPiIbycXrRXTq9uGnioteeAZfgKnqSokcQ+EvUItsp Q7nBeuFNdSHaK1TAQ74Ty4qcwM/WXQ5c0UfZvAbMzYp3PRrkHkMXhUHMj7MJNz7W 6I/ehY+h+VkvTj7P6U3icEoLsTqOwKiHFiAVKD9DiUZqRI62nmbMW2il1zgF3pOZ QNrDGhNsaVfhJbIES3/vuF/qSQIm6GryQ1dwxbFBszemdHTGEQmANsxLLXWnPDH1 2KigZh5bkSlQZvJRHgbJp+LdM+DSY7VI1KtwTIkpwFZ2/kbz+kMGGT+TQplSORyL IY9SK1aQduWBx2yi3X7/wPXVdV7KA1cMCPhSt8fVieYxZWtONALBuCdnSSEweIEq myd2GD75QIHjZy7JZoVc421kCjH4IrXxuwEQDkHjKTladjdklOREEocAc8R+NjSS kUKdS2cOel6M2yjH/ieOv3DVaUPplgl+0KJGXqAhdkCQUwTMsw1tmR/ObWkCHQov k79Isubwc5kuQD/iBCuIQM8TgfNcyWXNAyHbpKR7kGkrn/ihN7dsCdvRjrMPrvRJ x/PLd3rjlgS5D1cEf7PTZZjym4mwDPrKgamSt9V3f3RwFwV75vY= =je4v -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat support for Spring Boot 2.1.12 security and bug fix update Advisory ID: RHSA-2020:2366-01 Product: Red Hat OpenShift Application Runtimes Advisory URL: https://access.redhat.com/errata/RHSA-2020:2366 Issue date: 2020-06-04 CVE Names: CVE-2019-0199 CVE-2019-3868 CVE-2019-3875 CVE-2019-10199 CVE-2019-10201 CVE-2019-14832 ===================================================================== 1. Summary: An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [NOTE: This security advisory was unintentionally omitted at the time of the initial software release on 2020-02-18. The advisory is informational only; no files in the release have changed.] 2. Description: Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.1.12 serves as a replacement for Red Hat support for Spring Boot 2.1.6, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199) * keycloak: SAML broker does not check existence of signature on document allowing any user impersonation (CVE-2019-10201) * keycloak: session hijack using the user access token (CVE-2019-3868) * keycloak: missing signatures validation on CRL used to verify client certificates (CVE-2019-3875) * keycloak: CSRF check missing in My Resources functionality in the Account Console (CVE-2019-10199) * keycloak: cross-realm user access auth bypass (CVE-2019-14832) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1679144 - CVE-2019-3868 keycloak: session hijack using the user access token 1690628 - CVE-2019-3875 keycloak: missing signatures validation on CRL used to verify client certificates 1693325 - CVE-2019-0199 tomcat: Apache Tomcat HTTP/2 DoS 1728609 - CVE-2019-10201 keycloak: SAML broker does not check existence of signature on document allowing any user impersonation 1729261 - CVE-2019-10199 keycloak: CSRF check missing in My Resources functionality in the Account Console 1749487 - CVE-2019-14832 keycloak: cross-realm user access auth bypass 5. References: https://access.redhat.com/security/cve/CVE-2019-0199 https://access.redhat.com/security/cve/CVE-2019-3868 https://access.redhat.com/security/cve/CVE-2019-3875 https://access.redhat.com/security/cve/CVE-2019-10199 https://access.redhat.com/security/cve/CVE-2019-10201 https://access.redhat.com/security/cve/CVE-2019-14832 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=catRhoar.spring.boot&downloadType=distributions&version=2.1.12 https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.1/html-single/release_notes_for_spring_boot_2.1/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXtjx9tzjgjWX9erEAQhFOA//Tkk46vAF4/aJiKVApEHvF5R96081W2Hq G96k3lUPuatTrcD/2yek9whs1Bf9MQgWcaFWCgx63nsNs6Mm81frsR/dt4YV8mWc 97y4u6kz6nvQQ6Wz6Xuic9km17/yXuNl5JqgmcLtltgNhtWgZhpQUKfbP3ot0T2X FStJvnZlPrgDnpnVZ8y6x++otaDfbXGiy2FyGepXei8WWxXtQ/XYPoQC/mYbuXgM eUNsFLEyY9hWLCE4vfavLCM4fHs+djrL2E6N431JhpLyCrbTx0nYkaMkoOoJlLe2 agJjBzd5iYnBbD6p9K5okIWR1U2gNsdV6Q7UROTLiEFoxBOr1hO1mzqYkJ80t1Pm d48N7OuQ4MhYgiKftVDmsVgXuQzySUrjZWnZZnDbVZo02gwD8T1NXgq9zCX64/sl ucKvbDnnmLDYQYsKRCjf1aH1ZDrrPOPIOkTbMlb4+Wqc/O8jrRfzvya0ym9wnN8v CG3VmxPBPeNgp6/pmTBrJU9c+dER9qmavAB77Vl09dH88V9Ne4GLiVfqSVOEhY1w vwZo31fNXNYFYT/NV2v9CiZwrRcsqn60VH0E4Qc+zTOb5esR7bIidcBMGtPm+BI0 80uR7D6DwjVmZsfzwakCIiGMaChysonql+P72iOd2Xerj7osdvMSEQHSVSjuILh7 wiv1ksQVw/s= =pUHq -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

VAR-201903-0461	CVE-2019-7418	SAMSUNG X7400GX SyncThru Web Service Vulnerable to cross-site scripting	CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM

SAMSUNG X7400GX SyncThru Web Service Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered.

VAR-201902-0692	CVE-2018-9190	Fortinet FortiClientWindows In NULL Pointer dereference vulnerability	CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM

A null pointer dereference vulnerability in Fortinet FortiClientWindows 6.0.2 and earlier allows attacker to cause a denial of service via the NDIS miniport driver. Fortinet FortiClientWindows is a Windows-based mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances

VAR-201903-0447	CVE-2019-6223	plural Apple Updates to product vulnerabilities	CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH

A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * group FaceTime Unintentional response to incoming calls * Privilege escalation * Arbitrary code execution * information leak * Sandbox avoidance. in the United States. Apple iOS is an operating system developed for mobile devices. FaceTime is one of those video calling software. The vulnerability stems from configuration errors in the network system or product during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-2-07-1 iOS 12.1.4 iOS 12.1.4 is now available and addresses the following: FaceTime Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer Description: A logic issue existed in the handling of Group FaceTime calls. CVE-2019-6223: Grant Thompson of Catalina Foothills High School, Daven Morris of Arlington, TX Foundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel GroA of Google Project Zero IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-7287: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel GroA of Google Project Zero Live Photos in FaceTime Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A thorough security audit of the FaceTime service uncovered an issue with Live Photos Description: The issue was addressed with improved validation on the FaceTime server. CVE-2019-7288: Apple Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.1.4". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxcZmkpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3F9HRAA sYhaZOf89H/kgxsBJbnJWa4g3Gi+OVgw2cfLkLT8GlAa2tZW+9pvra8cYZZ2TlvV 20UNupWr5sJPru+OWMiEYGRvVBQI5UaIRyIR4IsRbDcbvKe4ml0WM5t96PA1y5wt vhV9CKFwJY40k9PAWbb87eHf1kf8W6yCNAmddskSVFtgPBmGmZX4+u5OTY1YjIyc ilOKOJAsgnn/E+OGZ8RiDcQljY3CruzdCBecczt0QkzuXuvoSlL9RujOBtjZ/uLd cDorb7v0I9PokAdYAksEmgXFL8PDsm5h4ELkS3/Cp4RF8krdybB/4RN3SosWNBpA 99jMxgA5Mc+yLdIwPM9WUd/iq51KkYx+MLXYWzJwplnqQAQYW9p0+wTGTmEB+2x5 wStyUhMGbh3u5u3HBSLx31q2lkbTZU6+/kcqe6aQX0NckJBXV/+yGylQNcKN6XDk vWb9pCOjfpv5WyqvJ7XgNoX5CQcLt6WzJ0onZoVrhJoEnm2T0TKC/Tv2OCs9eJzb SgjAmKmavEaebSUa2StV4JfoNVPt7ijZdu+theAoObVrrktiWGX04srqyFaLZd/w 57NvpxizrLDNUWLmuuELQ9m1zL+xCLbJp46y1EaojjkaFw4H/7+U9nuKtg6+8ay/ o2nlJlEaOnQzrL+jp7mLvW05upIw0Ii/fyKTCQmbKSg= =p+hh -----END PGP SIGNATURE----- . This build contains the security content described in this article

VAR-201902-0242	CVE-2019-6974	Linux kernel Race condition vulnerability	CVSS V2: 6.8 CVSS V3: 8.1 Severity: HIGH

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. Linux kernel Contains a race condition vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Linux kernel is prone to a security bypass vulnerability. Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks. Versions prior to Linux kernel 4.20.8 are vulnerable. ========================================================================== Ubuntu Security Notice USN-3932-2 April 02, 2019 linux-lts-xenial, linux-aws vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: USN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. A local attacker could use this to cause a denial of service. (CVE-2017-18249) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613) Vasily Averin and Evgenii Shatokhin discovered that a use-after-free vulnerability existed in the NFS41+ subsystem when multiple network namespaces are in use. A local attacker in a container could use this to cause a denial of service (system crash) or possibly execute arbitrary code. A privileged local attacker could use this to possibly execute arbitrary code. (CVE-2018-9517) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: linux-image-4.4.0-1040-aws 4.4.0-1040.43 linux-image-4.4.0-144-generic 4.4.0-144.170~14.04.1 linux-image-4.4.0-144-generic-lpae 4.4.0-144.170~14.04.1 linux-image-4.4.0-144-lowlatency 4.4.0-144.170~14.04.1 linux-image-4.4.0-144-powerpc-e500mc 4.4.0-144.170~14.04.1 linux-image-4.4.0-144-powerpc-smp 4.4.0-144.170~14.04.1 linux-image-4.4.0-144-powerpc64-emb 4.4.0-144.170~14.04.1 linux-image-4.4.0-144-powerpc64-smp 4.4.0-144.170~14.04.1 linux-image-aws 4.4.0.1040.41 linux-image-generic-lpae-lts-xenial 4.4.0.144.127 linux-image-generic-lts-xenial 4.4.0.144.127 linux-image-lowlatency-lts-xenial 4.4.0.144.127 linux-image-powerpc-e500mc-lts-xenial 4.4.0.144.127 linux-image-powerpc-smp-lts-xenial 4.4.0.144.127 linux-image-powerpc64-emb-lts-xenial 4.4.0.144.127 linux-image-powerpc64-smp-lts-xenial 4.4.0.144.127 linux-image-virtual-lts-xenial 4.4.0.144.127 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/usn/usn-3932-2 https://usn.ubuntu.com/usn/usn-3932-1 CVE-2017-18249, CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14614, CVE-2018-14616, CVE-2018-16884, CVE-2018-9517, CVE-2019-3459, CVE-2019-3460, CVE-2019-3701, CVE-2019-3819, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222, CVE-2019-9213 Package Information: https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1040.43 https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-144.170~14.04.1 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2020:0103-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0103 Issue date: 2020-01-14 CVE Names: CVE-2018-10853 CVE-2018-18281 CVE-2018-20856 CVE-2019-6974 CVE-2019-11599 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64 3. Security Fix(es): * kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856) * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974) * kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853) * kernel: TLB flush happens too late on mremap (CVE-2018-18281) * kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * guest softlockup in mem_cgroup_reparent_charges with 800GB guests (BZ#1770111) * [RHEL7.7] Refined TSC clocksource calibration occasionally fails on some SkyLake-X servers (BZ#1775682) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1589890 - CVE-2018-10853 kernel: kvm: guest userspace to guest kernel write 1645121 - CVE-2018-18281 kernel: TLB flush happens too late on mremap 1671913 - CVE-2019-6974 Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() 1705937 - CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping 1738705 - CVE-2018-20856 kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: kernel-3.10.0-693.62.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.62.1.el7.noarch.rpm kernel-doc-3.10.0-693.62.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.62.1.el7.x86_64.rpm kernel-debug-3.10.0-693.62.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.62.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.62.1.el7.x86_64.rpm kernel-devel-3.10.0-693.62.1.el7.x86_64.rpm kernel-headers-3.10.0-693.62.1.el7.x86_64.rpm kernel-tools-3.10.0-693.62.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.62.1.el7.x86_64.rpm perf-3.10.0-693.62.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm python-perf-3.10.0-693.62.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: kernel-3.10.0-693.62.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.62.1.el7.noarch.rpm kernel-doc-3.10.0-693.62.1.el7.noarch.rpm ppc64le: kernel-3.10.0-693.62.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-693.62.1.el7.ppc64le.rpm kernel-debug-3.10.0-693.62.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-693.62.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.62.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.62.1.el7.ppc64le.rpm kernel-devel-3.10.0-693.62.1.el7.ppc64le.rpm kernel-headers-3.10.0-693.62.1.el7.ppc64le.rpm kernel-tools-3.10.0-693.62.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.62.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-693.62.1.el7.ppc64le.rpm perf-3.10.0-693.62.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.62.1.el7.ppc64le.rpm python-perf-3.10.0-693.62.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.62.1.el7.ppc64le.rpm x86_64: kernel-3.10.0-693.62.1.el7.x86_64.rpm kernel-debug-3.10.0-693.62.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.62.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.62.1.el7.x86_64.rpm kernel-devel-3.10.0-693.62.1.el7.x86_64.rpm kernel-headers-3.10.0-693.62.1.el7.x86_64.rpm kernel-tools-3.10.0-693.62.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.62.1.el7.x86_64.rpm perf-3.10.0-693.62.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm python-perf-3.10.0-693.62.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: kernel-3.10.0-693.62.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.62.1.el7.noarch.rpm kernel-doc-3.10.0-693.62.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.62.1.el7.x86_64.rpm kernel-debug-3.10.0-693.62.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.62.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.62.1.el7.x86_64.rpm kernel-devel-3.10.0-693.62.1.el7.x86_64.rpm kernel-headers-3.10.0-693.62.1.el7.x86_64.rpm kernel-tools-3.10.0-693.62.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.62.1.el7.x86_64.rpm perf-3.10.0-693.62.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm python-perf-3.10.0-693.62.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.62.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.62.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: kernel-debug-debuginfo-3.10.0-693.62.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-693.62.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.62.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.62.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.62.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-693.62.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.62.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.62.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.62.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.62.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.62.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.62.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.62.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXh3j4tzjgjWX9erEAQgrsA/7BKPcBbg2RX7I5HWuL2oC26IWdlrmbC+9 3wjegJPnhVuPkRXGWb7fCC4yVe4VjoeVRBN2HRCsyU4q9d9oPnVwldrRwzElGQdJ v93Ac7aOwy4fZMD8rwukWaPd9OmQnT/hM7cLAbozSqL+tBRo1G2fjuE1sBscIZDB qFHqRWA/nup6Qm8miiz/vnnEZCukXRMzgk8NO6jMjUR0TQ65hMZc0TTrElZZ99Z6 Bcm7C2nnw3CK0ewJewxPS21d/r4Rs7dpGF/6xjnsAzSPpO6HhzBmSTDoHe8uhsz7 lfjh79KcljPTe+mG1iO0E4l9aNnpNRWd7XZ4JVpQw6Ne47XGTMiybLivfPKo141q WlyfSdxxgyPZjI1xejmt/eqLiliTiuTj65Hlf8yn76DZOCGg22KZUNg1K8U/RWGz mlM34oeozfamjRNXYAibIW9zW65Y9DZ+sM6NLVulcYFGkqsX/t5yE3otkMUzDilK 6nLnXZ7Uu8jJz89mLWcNVY/mKBFP5WNsyZdThFt4q7koNwwNviHDSzQzyTTsgMwd P7sBoOYpqevd+WA/qS103ZyrEurjM/yFbNcbQDJcrT9SgV00YBzAkyGXz4IJ5Jy9 0DNYTkOwKhfbG+WLfQwvfL9FYv5TkkjHy6BIcOjzbQXM/pQAR5AybYOPROoi/Q7R R0SZU3D8SVo=IHlt -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. 7) - aarch64, noarch, ppc64le 3. Bug Fix(es): * [kernel-alt]: BUG: unable to handle kernel NULL pointer IP: crypto_remove_spawns+0x118/0x2e0 (BZ#1536967) * [HPE Apache] update ssif max_xmit_msg_size limit for multi-part messages (BZ#1610534) * RHEL-Alt-7.6 - powerpc/pseries: Fix unitialized timer reset on migration / powerpc/pseries/mobility: Extend start/stop topology update scope (LPM) (BZ#1673613) * RHEL-Alt-7.6 - s390: sha3_generic module fails and triggers panic when in FIPS mode (BZ#1673979) * RHEL-Alt-7.6 - System crashed after oom - During ICP deployment (BZ#1710304) * kernel-alt: Race condition in hashtables [rhel-alt-7.6.z] (BZ#1712127) * RHEL-Alt-7.6 - OP930:PM_Test:cpupower -r command set values for first 3 cores in quad and misses last core. (CORAL) (BZ#1717836) * RHEL-Alt-7.6 - disable runtime NUMA remapping for PRRN/LPM/VPHN (BZ#1717906) * fragmented packets timing out (BZ#1729066) * Backport TCP follow-up for small buffers (BZ#1733617) Enhancement(s): * RHEL-Alt-7.6 - perfevent PMDA cannot create file descriptors for reading nest events using the perf API (pcp/kernel) (CORAL) (BZ#1723036) 4

VAR-201902-0446	CVE-2019-1678	Cisco Meeting Server Input validation vulnerability	CVSS V2: 4.0 CVSS V3: 4.3 Severity: MEDIUM

A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. The vulnerability is due to improper validation of coSpaces configuration parameters. An attacker could exploit this vulnerability by inserting crafted strings in specific coSpace parameters. An exploit could allow the attacker to prevent clients from joining a conference call in the affected coSpace. Versions prior to 2.4.3 are affected. Cisco Meeting Server Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Meeting Server is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCvn16684

VAR-201912-0474	CVE-2019-7287	apple's iOS Out-of-bounds write vulnerability in	CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute arbitrary code with kernel privileges. apple's iOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple iOS is prone to a memory-corruption vulnerability. Failed exploit attempts will result in a denial-of-service condition. The following versions fixes the issue: Versions prior to Apple iOS 12.1.4. IOKit is one of the components that read system information. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-2-07-1 iOS 12.1.4 iOS 12.1.4 is now available and addresses the following: FaceTime Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer Description: A logic issue existed in the handling of Group FaceTime calls. CVE-2019-6223: Grant Thompson of Catalina Foothills High School, Daven Morris of Arlington, TX Foundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel GroA of Google Project Zero IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-7287: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel GroA of Google Project Zero Live Photos in FaceTime Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A thorough security audit of the FaceTime service uncovered an issue with Live Photos Description: The issue was addressed with improved validation on the FaceTime server. CVE-2019-7288: Apple Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.1.4". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxcZmkpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3F9HRAA sYhaZOf89H/kgxsBJbnJWa4g3Gi+OVgw2cfLkLT8GlAa2tZW+9pvra8cYZZ2TlvV 20UNupWr5sJPru+OWMiEYGRvVBQI5UaIRyIR4IsRbDcbvKe4ml0WM5t96PA1y5wt vhV9CKFwJY40k9PAWbb87eHf1kf8W6yCNAmddskSVFtgPBmGmZX4+u5OTY1YjIyc ilOKOJAsgnn/E+OGZ8RiDcQljY3CruzdCBecczt0QkzuXuvoSlL9RujOBtjZ/uLd cDorb7v0I9PokAdYAksEmgXFL8PDsm5h4ELkS3/Cp4RF8krdybB/4RN3SosWNBpA 99jMxgA5Mc+yLdIwPM9WUd/iq51KkYx+MLXYWzJwplnqQAQYW9p0+wTGTmEB+2x5 wStyUhMGbh3u5u3HBSLx31q2lkbTZU6+/kcqe6aQX0NckJBXV/+yGylQNcKN6XDk vWb9pCOjfpv5WyqvJ7XgNoX5CQcLt6WzJ0onZoVrhJoEnm2T0TKC/Tv2OCs9eJzb SgjAmKmavEaebSUa2StV4JfoNVPt7ijZdu+theAoObVrrktiWGX04srqyFaLZd/w 57NvpxizrLDNUWLmuuELQ9m1zL+xCLbJp46y1EaojjkaFw4H/7+U9nuKtg6+8ay/ o2nlJlEaOnQzrL+jp7mLvW05upIw0Ii/fyKTCQmbKSg= =p+hh -----END PGP SIGNATURE-----

VAR-201912-0473	CVE-2019-7286	apple's iOS and Apple Mac OS X Out-of-bounds write vulnerability in	CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges. apple's iOS and Apple Mac OS X Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple iOS and macOS are prone to a memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Failed exploit attempts will result in a denial-of-service condition. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Foundation is one of the frameworks that provides basic system services for all applications. There are security vulnerabilities in Foundation components in several Apple products. CVE-2019-8546: ChiYuan Chang Passcode Available for: Apple Watch Series 1 and later Impact: A partially entered passcode may not clear when the device goes to sleep Description: An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. CVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Alternatively, on your watch, select "My Watch > General > About". Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.1.4". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-3-25-3 tvOS 12.2 tvOS 12.2 is now available and addresses the following: CFString Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2019-8516: SWIPS Team of Frifee Inc. configd Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to elevate privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8552: Mohamed Ghannam (@_simo36) CoreCrypto Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher file Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted file might disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6237: an anonymous researcher Foundation Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero GeoServices Available for: Apple TV 4K and Apple TV (4th generation) Impact: Clicking a malicious SMS link may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2019-8553: an anonymous researcher iAP Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher IOHIDFamily Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow was addressed with improved size validation. CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6) Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to determine kernel memory layout Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2019-8514: Samuel Groß of Google Project Zero Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to read kernel memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-7293: Ned Williamson of Google Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan) CVE-2019-8510: Stefan Esser of Antid0te UG Power Management Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in MIG generated code. CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com) Siri Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to initiate a Dictation request without user authorization Description: An API issue existed in the handling of dictation requests. CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Carabaș of University POLITEHNICA of Bucharest, and Răzvan Deaconescu of University POLITEHNICA of Bucharest TrueTypeScaler Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved validation. CVE-2019-8551: Ryan Pickren (ryanpickren.com) WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6201: dwfault working with ADLab of Venustech CVE-2019-8518: Samuel Groß of Google Project Zero CVE-2019-8523: Apple CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8558: Samuel Groß of Google Project Zero CVE-2019-8559: Apple CVE-2019-8563: Apple WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A memory corruption issue was addressed with improved validation. CVE-2019-8562: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8536: Apple CVE-2019-8544: an anonymous researcher WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cross-origin issue existed with the fetch API. CVE-2019-8515: James Lee (@Windowsrcer) WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-7285: dwfault working at ADLab of Venustech CVE-2019-8556: Apple WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8506: Samuel Groß of Google Project Zero WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious website may be able to execute scripts in the context of another website Description: A logic issue was addressed with improved validation. CVE-2019-8503: Linus Särud of Detectify WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A validation issue was addressed with improved logic. CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team XPC Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs Additional recognition Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Safari We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com) for their assistance. WebKit We would like to acknowledge Andrey Kovalev of Yandex Security Team for their assistance. Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7gpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EWyBAA nFUeN7oBBPCdezabzgIAh29Mk1K+tgNeH0BIkyyPuoqeYd5UQK9cwZJ7Ww9J7uqB nAH30awuCq8r8h3oLLOn8X9A/ORNxFKUZRF+8AbH00G0taATIFjseSwGwGz5/rG7 aPoi/Mh4ilWh8luQJVvPO7KTHTeJLSsiBOuvqUmDaJVxu1y10inVW3j1s8RtrOVt BR+PZq7/BQ9wsSPxRS2bTQp3BX3m3aleadnZ9HkeXVB/9O8c5TrG6HIgfBNYMJFY mGpQoCM1nCh8jaWmoO1gjP7B0W2DKPhE6jFmCtuRsmnOG3ROhGbXi6T6AOOI9EX3 233FgygUVZgs7t4dhz0UZ1EczQiQ4dL0YYL7J/LYMjaM31qul2cdJWTPb9ZFARFt PHeyU1uHcJ2j67kGt1qepETUfWNa4W/RD3wUmKJdKBED65xOuwv9ijnEcAhzwh4F q6UefOTf1PwszuzWpAi7rCyOWq3TqDF+r6som9j5q15fMPx+TakBA6/TKViWLRw1 ydoi3g2OkKpvgapzBdVAm9Rtcvr4B0uXtLUXL7heB6TP12UheSum817QQiLs4aqV 9syBL5XpFOJUdQPD0SMIzuhvaN2dugH2wc1BDeiv5H8nYvMx6oiebJN8CgJ3uo8Y iJBethq6bdDVq8EfYN6vHCjH7bTFtcaCVgXWq5KJYp8= =8uDf -----END PGP SIGNATURE-----= . This build contains the security content described in this article

VAR-201912-0456	CVE-2019-7290	apple's iPhone OS for Shortcuts Vulnerability in externally controllable references to resources in another region of	CVSS V2: 7.5 CVSS V3: 10.0 Severity: CRITICAL

An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumvent sandbox restrictions. apple's iPhone OS for Shortcuts Exists in a vulnerability in externally controllable references to resources in another region.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple iOS is prone to the following vulnerabilities: 1. An information-disclosure vulnerability. 2. A security-bypass vulnerability Attackers can exploit these issues to gain sensitive information and to bypass security mechanisms. This may aid in further attacks. Apple Shortcuts version 2.1.2 is vulnerable. A security vulnerability exists in Apple Shortcuts versions prior to 2.1.3 based on the iOS platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS Shortcuts 2.1.3 for iOS is now available and addresses the following: Shortcuts Available for: Shortcuts 2.1.2 for iOS Impact: A local user may be able to view senstive user information Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2019-7290: Avimanyu Roy (@AvimanyuRoy3) Additional recognition Shortcuts We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool ICT for their assistance. Installation note: Shortcuts 2.1.3 for iOS may be obtained from the App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxcZmopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HU4A/8 DI/d6q1a4C0x7/T/XBDc4WsuvOFa5mmaTicKE24CRJjDjb2c11ZOtIeeBF7HBJVx 5+326g+3y1J7wAPT1o5btQQv0SNxVaDuJUa8hNUrheg+LpQ5dEzVY50X+lMJ9etE gjyyZWrzWMSXvuHj+CrXRuK1BXZQCWZzOXIPfVOYqH3eBao0ld4NaQdtviUctNla wgiLZ+33fVFJm1MjtdcjxOhKd54GVGUnKN338YhnFQfIjEZA7zeOvKlzb77ZqDZx JxpuVIpkv4OvWX0Xg+u0iYALEbJDr75vk3YUjuKHCWENdJM9Eka64yVxdGc7C9/E vpAKwVaWcgCJuDexaqwt/ht1AclMVzORPSYtU0A1HxyVR3kEUVjAWAuANjakB/Zn CDerYQiTOyFSZIvitkrunQmb65iXMjjYgznnTjAxv1kkil5uAz56L+jJ0C/CNw4y kzsQnrKbxyTNJ/qYzPaEJChsZ7FSWakBUJZ62hQzRaQnXgGZ8UyfyL9cRS5NUaO5 Yd0FaQk7UWCsbFzePHTlSbA5GedweJ6cXcoBst/WdpGP+81ZnvQMhbEJvxXwmKP1 xpq0PhAWRFBQFtWowhVE7fKLQj9zqao86eSebKK1Tc9VfnFNUmTQjyQo2HpdQtnC eW17D5S5FBaov6WyxASP5Wmi8xJsmgWP4OomprfSbNQ= =BI6A -----END PGP SIGNATURE-----

VAR-201912-0455	CVE-2019-7289	apple's iPhone OS for Shortcuts Past traversal vulnerability in	CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information. apple's iPhone OS for Shortcuts Exists in a past traversal vulnerability.Information may be obtained. Apple iOS is prone to the following vulnerabilities: 1. An information-disclosure vulnerability. 2. A security-bypass vulnerability Attackers can exploit these issues to gain sensitive information and to bypass security mechanisms. This may aid in further attacks. Apple Shortcuts version 2.1.2 is vulnerable. There is a security vulnerability in the processing of directory paths in versions prior to 2.1.3 of Apple Shortcuts based on the iOS platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS Shortcuts 2.1.3 for iOS is now available and addresses the following: Shortcuts Available for: Shortcuts 2.1.2 for iOS Impact: A local user may be able to view senstive user information Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2019-7289: Sem VoigtlA$?nder of Fontys Hogeschool ICT Shortcuts Available for: Shortcuts 2.1.2 for iOS Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-7290: Avimanyu Roy (@AvimanyuRoy3) Additional recognition Shortcuts We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool ICT for their assistance. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxcZmopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HU4A/8 DI/d6q1a4C0x7/T/XBDc4WsuvOFa5mmaTicKE24CRJjDjb2c11ZOtIeeBF7HBJVx 5+326g+3y1J7wAPT1o5btQQv0SNxVaDuJUa8hNUrheg+LpQ5dEzVY50X+lMJ9etE gjyyZWrzWMSXvuHj+CrXRuK1BXZQCWZzOXIPfVOYqH3eBao0ld4NaQdtviUctNla wgiLZ+33fVFJm1MjtdcjxOhKd54GVGUnKN338YhnFQfIjEZA7zeOvKlzb77ZqDZx JxpuVIpkv4OvWX0Xg+u0iYALEbJDr75vk3YUjuKHCWENdJM9Eka64yVxdGc7C9/E vpAKwVaWcgCJuDexaqwt/ht1AclMVzORPSYtU0A1HxyVR3kEUVjAWAuANjakB/Zn CDerYQiTOyFSZIvitkrunQmb65iXMjjYgznnTjAxv1kkil5uAz56L+jJ0C/CNw4y kzsQnrKbxyTNJ/qYzPaEJChsZ7FSWakBUJZ62hQzRaQnXgGZ8UyfyL9cRS5NUaO5 Yd0FaQk7UWCsbFzePHTlSbA5GedweJ6cXcoBst/WdpGP+81ZnvQMhbEJvxXwmKP1 xpq0PhAWRFBQFtWowhVE7fKLQj9zqao86eSebKK1Tc9VfnFNUmTQjyQo2HpdQtnC eW17D5S5FBaov6WyxASP5Wmi8xJsmgWP4OomprfSbNQ= =BI6A -----END PGP SIGNATURE-----

VAR-201903-0209	CVE-2019-7391	ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 Cross-site request forgery vulnerability in device	CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH

ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 The device contains a cross-site request forgery vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 modem is a modem made by ZyXEL company in Taiwan, China. A remote attacker could exploit this vulnerability to perform unauthorized operations

VAR-201902-0456	CVE-2019-1672	Cisco Web Security Appliance Vulnerable to resource exhaustion	CVSS V2: 5.0 CVSS V3: 5.8 Severity: MEDIUM

A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. The vulnerability is due to the incorrect handling of SSL-encrypted traffic when Decrypt for End-User Notification is disabled in the configuration. An attacker could exploit this vulnerability by sending a SSL connection through the affected device. A successful exploit could allow the attacker to bypass a configured drop policy to block specific SSL connections. Releases 10.1.x and 10.5.x are affected. Cisco Web Security Appliance (WSA) Contains a resource exhaustion vulnerability.Information may be tampered with. CiscoWebSecurityAppliance is a WEB secure access device. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCvm91630. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. The vulnerability stems from the fact that the program does not properly handle traffic encrypted by SSL

VAR-201902-0457	CVE-2019-1673	Cisco Identity Services Engine Vulnerable to cross-site scripting	CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. For information about fixed software releases, consult the Cisco bug ID at https://quickview.cloudapps.cisco.com/quickview/bug/CSCvn64652. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies