VARIoT IoT vulnerabilities database

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system. plural SIMATIC The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensSIMATICS7-400 is a programmable logic controller for manufacturing and process automation in Siemens, Germany. An input validation vulnerability exists in the Siemens SIMATIC S7-400. An attacker could exploit the vulnerability by sending a specially crafted packet to the TCP port 102. Siemens SIMATIC S7-400 CPU is prone to multiple denial-of-service vulnerabilities. Remote attackers may exploit these issues to cause denial-of-service conditions, denying service to legitimate users. A vulnerability has been identified in SIMATIC S7-400 (incl. At the time of advisory publication no public exploitation of this security vulnerability was known. The vulnerability stems from the failure of the network system or product to properly validate the input data

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system. plural SIMATIC The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensSIMATICS7-400 is a programmable logic controller for manufacturing and process automation in Siemens, Germany. An input verification vulnerability exists in the Siemens SIMATIC S7-400 product. Siemens SIMATIC S7-400 CPU is prone to multiple denial-of-service vulnerabilities. Remote attackers may exploit these issues to cause denial-of-service conditions, denying service to legitimate users. A vulnerability has been identified in SIMATIC S7-400 (incl. At the time of advisory publication no public exploitation of this security vulnerability was known

A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial-of-Service condition impacting the availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known. SIMATIC S7-1200 and SIMATIC S7-1500 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Siemens SIMATIC S7-1200 and SIMATIC S7-1500 are programmable logic controllers (PLCs) from Siemens AG in small and medium-sized automation systems. Siemens SIMATIC S7 is prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users

Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site. SAP NetWeaver Contains an open redirect vulnerability.Information may be obtained and information may be altered. SAP NetWeaver is prone to open-redirection vulnerability An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible

A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:3676-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3676 Issue date: 2018-11-27 CVE Names: CVE-2018-8416 ==================================================================== 1. Summary: An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Security Fix(es): * .NET Core: Arbitrary file and directory creation (CVE-2018-8416) For more information, please refer to the upstream docs in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-8416 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW/zJC9zjgjWX9erEAQi0Pw//WnLvaExr0r/rVkOTSxMDwGEqCu4K7nU6 8FnknCX3hpTmIqwIb5VIGOUwRneeg3DnGxg8vIBm8dwrAGqkgpfpGJLt1H7MNAMK p3idNKfoZgG3gVfiO55aaKkftoimA4rUx915ssPzLtBADWdqPfSG0jHkWJgynpDA gAU2FZOhmIJ2Z2+COCi7i1hf2CKDeRRu7mvFDkyKYb4yoVsGXPsm4dB1piw/2VCh ezp4sWeGq0r1dReejy+O2IU8bx/8LsaPqz2ZaARXjFHCEEg4y2CFxLzv2nsokQfy gmpcNtY7F2+ysHP9YL9xV7/pQF3FR1cHDP8lZ6usNIrgrPO/e7WAszsTEg6u3+9l t4gRjeE1SJHa7JkC6seEpZXsxCdR0/9GeOBm+b2RF9qgSEgQgtD/N/AKNQWt4Qo3 rRQN79cy4sRznmwzP0MBE57RAu7GzmmueLeJK7uAuQikfqxGPn5Q2yOah74I2WR9 lzbwqVLuUBHZZhHautHQA3i4bqz8CEfQRHTGmiagkHYWn2m2yNJsWnDMt5YpLzn2 GpTg+9TU0GmwqSquG/5r/rD9YLJwM2m8KV9Yt0PArzw1ey+z542i0Dwv4GlHpIR4 W9D33bMeOY1o4IhLmT+Qlm5ZbGEWleQ4U59YUaCvnZDzsfg0AcJSSpg42ws2+FkC uuianWdqhaI=i2VD -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. plural Microsoft Windows Product and PowerShell Core Contains a vulnerability that can be tampered with. The vendor Microsoft PowerShell Has been disclosed as "Tampering Vulnerability".An attacker could execute code that is not logged. Microsoft Powershell is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions

A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1. Vendors have identified this vulnerability as " Microsoft PowerShell Is a remote code execution vulnerability.The code could be executed remotely. Successfully exploiting this issue may result in the execution of arbitrary code in the context of the affected system. Failed exploit attempts will likely result in denial-of-service conditions

Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access. Intel Rapid Storage Technology is prone to a local privilege-escalation vulnerability. An attackers may exploit this issue to gain elevated privileges. Versions prior to Intel Rapid Storage Technology 16.7 are vulnerable

Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. Attackers can exploit this issue to obtain potentially sensitive information. This may lead to further attacks. This tool is mainly used to get the latest applications provided by Intel

Improper file permissions in the installer for the Intel Ready Mode Technology may allow an unprivileged user to potentially gain privileged access via local access. Intel Ready Mode Technology is prone to an insecure file-permissions vulnerability. A local attacker can exploit this issue to gain elevated privileges on an affected system

Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access. Intel Media Server Studio is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with administrative privileges. Intel Media Server Studio versions prior to 2019 Beta Release are vulnerable. The product supports functions such as video encoding/decoding, audio encoding/decoding, and video filtering

Authentication bypass in the Intel RAID Web Console 3 for Windows before 4.186 may allow an unprivileged user to potentially gain administrative privileges via local access. Successfully exploiting this issue can allow an attacker to obtain sensitive information that may aid in launching further attacks

Cross-site scripting in the Intel RAID Web Console v3 for Windows may allow an unauthenticated user to elevate privilege via remote access. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to perform unauthorized actions such as reading, modifying, or deleting content, or inject malicious content. A remote attacker could exploit this vulnerability to elevate privileges

IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947. Vendors have confirmed this vulnerability IBM X-Force ID: 148947 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attackers may exploit these issues to execute arbitrary-code with root privileges

Cradlepoint is the industry leader in 4G/LTE network modems and routers, providing the highest level of solution for enterprise 4G/LTD/Wi-Fi wireless networks and providing management services to ensure optimal network uptime . There are multiple vulnerabilities in CradlepointRouter. The attacker uses hard-coded backdoor credentials to reveal sensitive information such as the WLAN MAC of the target device, while the default password of the Cradlepoint router is four bytes after the WLAN MAC. If the user does not modify the default password, the attacker can use the default password to log in to the device's web management interface and perform a series of malicious operations, including executing commands in the sandbox, enabling SSH services, and so on.

The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. D-Link Central WiFiManager CWM-100 The device contains a server-side request forgery vulnerability.Information may be tampered with. D-LINKCentralWifiManagerCWM-100 is D-LINK centralized wireless management software. Attackers can exploit this vulnerability to perform port scanning

The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF. D-Link Central WiFiManager (CWM-100) The device contains a server-side request forgery vulnerability.Information may be obtained. D-LINKCentralWifiManagerCWM-100 is D-LINK centralized wireless management software. The FTP server component of D-LINKCentral WifiManager can be used as a middleman machine, allowing PORTCommand bounce scanning attacks. FTP Server is one of the FTP (File Transfer Protocol) servers

The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges. D-Link Central WiFiManager CWM-100 Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LINKCentralWifiManagerCWM-100 is D-LINK centralized wireless management software. The D-LinkCentral WiFi Manager CWM-1001.03r0098 device will load the Trojan horse \"quserex.dll\" and will create a new thread that runs the integrity of the SYSTEM

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. Kibana Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ElasticsearchKibana (formerly known as elasticsearch-dashboard) is an open source, browser-based analytics and search Elasticsearch dashboard tool from Elasticsearch, the Netherlands. Console is one of the console plugins. Kibana is prone to a local file-include vulnerability. This may allow the attacker to compromise the application and the computer; other attacks are also possible. The following versions of product are vulnerable: Kibana 5.0 through 5.5.12 are vulnerable. Kibana 6.0 through 6.4.2 are vulnerable

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. HPE Integrated Lights-Out 5 (iLO 5) , HPE Integrated Lights-Out 4(iLO 4) , HPE Integrated Lights-Out 3 (iLO 3) Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Simultaneous Multi-threading (SMT) Contains an information disclosure vulnerability.Information may be obtained. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. An information disclosure vulnerability exists in OpenSSL. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssl (SSA:2018-325-01) New openssl packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 (* Security fix *) patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 packages: e6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz c61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz Slackware x86_64 14.0 packages: 96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz b7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz Slackware 14.1 packages: 099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz b5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz Slackware x86_64 14.1 packages: fc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz e873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz Slackware 14.2 packages: d5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz 594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: 943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz 0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz Slackware -current packages: 6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz 6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz Slackware x86_64 -current packages: eb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz 12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: March 14, 2019 Bugs: #673056, #678564 ID: 201903-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple Information Disclosure vulnerabilities in OpenSSL allow attackers to obtain sensitive information. Background ========== OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.2r >= 1.0.2r Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length record with valid padding. A local attacker could run a malicious process next to legitimate processes using the architectureas parallel thread running capabilities to leak encrypted data from the CPU's internal processes. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2r" References ========== [ 1 ] CVE-2018-5407 https://nvd.nist.gov/vuln/detail/CVE-2018-5407 [ 2 ] CVE-2019-1559 https://nvd.nist.gov/vuln/detail/CVE-2019-1559 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201903-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6 Advisory ID: RHSA-2019:3932-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2019:3932 Issue date: 2019-11-20 CVE Names: CVE-2018-0734 CVE-2018-0737 CVE-2018-5407 CVE-2018-17189 CVE-2018-17199 CVE-2019-0196 CVE-2019-0197 CVE-2019-0217 CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 CVE-2019-9517 ===================================================================== 1. Summary: Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Core Services on RHEL 6 Server - i386, noarch, ppc64, x86_64 3. Description: This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): * openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time 1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies 1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition 1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare 1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service 6. Package List: Red Hat JBoss Core Services on RHEL 6 Server: Source: jbcs-httpd24-apr-1.6.3-63.jbcs.el6.src.rpm jbcs-httpd24-apr-util-1.6.1-48.jbcs.el6.src.rpm jbcs-httpd24-brotli-1.0.6-7.jbcs.el6.src.rpm jbcs-httpd24-curl-7.64.1-14.jbcs.el6.src.rpm jbcs-httpd24-httpd-2.4.37-33.jbcs.el6.src.rpm jbcs-httpd24-jansson-2.11-20.jbcs.el6.src.rpm jbcs-httpd24-mod_cluster-native-1.3.12-9.Final_redhat_2.jbcs.el6.src.rpm jbcs-httpd24-mod_jk-1.2.46-22.redhat_1.jbcs.el6.src.rpm jbcs-httpd24-mod_security-2.9.2-16.GA.jbcs.el6.src.rpm jbcs-httpd24-nghttp2-1.39.2-4.jbcs.el6.src.rpm jbcs-httpd24-openssl-1.1.1-25.jbcs.el6.src.rpm i386: jbcs-httpd24-apr-1.6.3-63.jbcs.el6.i686.rpm jbcs-httpd24-apr-debuginfo-1.6.3-63.jbcs.el6.i686.rpm jbcs-httpd24-apr-devel-1.6.3-63.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-1.6.1-48.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-48.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-devel-1.6.1-48.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-ldap-1.6.1-48.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-mysql-1.6.1-48.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-nss-1.6.1-48.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-odbc-1.6.1-48.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-openssl-1.6.1-48.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-48.jbcs.el6.i686.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-48.jbcs.el6.i686.rpm jbcs-httpd24-brotli-1.0.6-7.jbcs.el6.i686.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-7.jbcs.el6.i686.rpm jbcs-httpd24-brotli-devel-1.0.6-7.jbcs.el6.i686.rpm jbcs-httpd24-curl-7.64.1-14.jbcs.el6.i686.rpm jbcs-httpd24-curl-debuginfo-7.64.1-14.jbcs.el6.i686.rpm jbcs-httpd24-httpd-2.4.37-33.jbcs.el6.i686.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-33.jbcs.el6.i686.rpm jbcs-httpd24-httpd-devel-2.4.37-33.jbcs.el6.i686.rpm jbcs-httpd24-httpd-selinux-2.4.37-33.jbcs.el6.i686.rpm jbcs-httpd24-httpd-tools-2.4.37-33.jbcs.el6.i686.rpm jbcs-httpd24-jansson-2.11-20.jbcs.el6.i686.rpm jbcs-httpd24-jansson-debuginfo-2.11-20.jbcs.el6.i686.rpm jbcs-httpd24-jansson-devel-2.11-20.jbcs.el6.i686.rpm jbcs-httpd24-libcurl-7.64.1-14.jbcs.el6.i686.rpm jbcs-httpd24-libcurl-devel-7.64.1-14.jbcs.el6.i686.rpm jbcs-httpd24-mod_cluster-native-1.3.12-9.Final_redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.12-9.Final_redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-mod_jk-ap24-1.2.46-22.redhat_1.jbcs.el6.i686.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.46-22.redhat_1.jbcs.el6.i686.rpm jbcs-httpd24-mod_jk-manual-1.2.46-22.redhat_1.jbcs.el6.i686.rpm jbcs-httpd24-mod_ldap-2.4.37-33.jbcs.el6.i686.rpm jbcs-httpd24-mod_md-2.4.37-33.jbcs.el6.i686.rpm jbcs-httpd24-mod_proxy_html-2.4.37-33.jbcs.el6.i686.rpm jbcs-httpd24-mod_security-2.9.2-16.GA.jbcs.el6.i686.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-16.GA.jbcs.el6.i686.rpm jbcs-httpd24-mod_session-2.4.37-33.jbcs.el6.i686.rpm jbcs-httpd24-mod_ssl-2.4.37-33.jbcs.el6.i686.rpm jbcs-httpd24-nghttp2-1.39.2-4.jbcs.el6.i686.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-4.jbcs.el6.i686.rpm jbcs-httpd24-nghttp2-devel-1.39.2-4.jbcs.el6.i686.rpm jbcs-httpd24-openssl-1.1.1-25.jbcs.el6.i686.rpm jbcs-httpd24-openssl-debuginfo-1.1.1-25.jbcs.el6.i686.rpm jbcs-httpd24-openssl-devel-1.1.1-25.jbcs.el6.i686.rpm jbcs-httpd24-openssl-libs-1.1.1-25.jbcs.el6.i686.rpm jbcs-httpd24-openssl-perl-1.1.1-25.jbcs.el6.i686.rpm jbcs-httpd24-openssl-static-1.1.1-25.jbcs.el6.i686.rpm noarch: jbcs-httpd24-httpd-manual-2.4.37-33.jbcs.el6.noarch.rpm ppc64: jbcs-httpd24-brotli-1.0.6-7.jbcs.el6.ppc64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-7.jbcs.el6.ppc64.rpm jbcs-httpd24-brotli-devel-1.0.6-7.jbcs.el6.ppc64.rpm jbcs-httpd24-curl-7.64.1-14.jbcs.el6.ppc64.rpm jbcs-httpd24-curl-debuginfo-7.64.1-14.jbcs.el6.ppc64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-33.jbcs.el6.ppc64.rpm jbcs-httpd24-jansson-2.11-20.jbcs.el6.ppc64.rpm jbcs-httpd24-jansson-debuginfo-2.11-20.jbcs.el6.ppc64.rpm jbcs-httpd24-jansson-devel-2.11-20.jbcs.el6.ppc64.rpm jbcs-httpd24-libcurl-7.64.1-14.jbcs.el6.ppc64.rpm jbcs-httpd24-libcurl-devel-7.64.1-14.jbcs.el6.ppc64.rpm jbcs-httpd24-mod_md-2.4.37-33.jbcs.el6.ppc64.rpm x86_64: jbcs-httpd24-apr-1.6.3-63.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.6.3-63.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-devel-1.6.3-63.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-48.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-48.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-48.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-48.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-48.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-48.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-48.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-48.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-48.jbcs.el6.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-48.jbcs.el6.x86_64.rpm jbcs-httpd24-brotli-1.0.6-7.jbcs.el6.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.6-7.jbcs.el6.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.6-7.jbcs.el6.x86_64.rpm jbcs-httpd24-curl-7.64.1-14.jbcs.el6.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.64.1-14.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-2.4.37-33.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-33.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-33.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-33.jbcs.el6.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-33.jbcs.el6.x86_64.rpm jbcs-httpd24-jansson-2.11-20.jbcs.el6.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.11-20.jbcs.el6.x86_64.rpm jbcs-httpd24-jansson-devel-2.11-20.jbcs.el6.x86_64.rpm jbcs-httpd24-libcurl-7.64.1-14.jbcs.el6.x86_64.rpm jbcs-httpd24-libcurl-devel-7.64.1-14.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.12-9.Final_redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.12-9.Final_redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.46-22.redhat_1.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.46-22.redhat_1.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.46-22.redhat_1.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-33.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_md-2.4.37-33.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-33.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-16.GA.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-16.GA.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-33.jbcs.el6.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-33.jbcs.el6.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-4.jbcs.el6.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-4.jbcs.el6.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-4.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-1.1.1-25.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1-25.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1-25.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1-25.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1-25.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1-25.jbcs.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-0734 https://access.redhat.com/security/cve/CVE-2018-0737 https://access.redhat.com/security/cve/CVE-2018-5407 https://access.redhat.com/security/cve/CVE-2018-17189 https://access.redhat.com/security/cve/CVE-2018-17199 https://access.redhat.com/security/cve/CVE-2019-0196 https://access.redhat.com/security/cve/CVE-2019-0197 https://access.redhat.com/security/cve/CVE-2019-0217 https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXdVoL9zjgjWX9erEAQhDLw/+Mfjt8An133D/dKW5oR9yMg62DEEC/4Cg dZmxKhl19OMZAZuW50cGKv2FpDmJrKdXXD3t5qral22H0PytI9//FOIhWI1iz6Iz dUezvO+lWWaKUQ7KoInxh+GX64/ll+uVfBqOW3I4FWA4ZHw27/kUVHfymD/7GBUQ YsZaaiy8jKHA0VfcjtZva9GJZ4/GkhBZF4xobzgxzKurv4jsvRZaRcf8pV8ty4ll e55/G3YVyLi7nzF5l/EWKLBOhi6EPVWPO7QcjrVyIJ8126UypxPgcVvst85GAFV9 waZVdRpbcMmGqm6yc+1+3Xz9t+uY4Kxa6/fgnTJGsKDhMyscdTzi5p/Ckoeu72u9 xdrvL5z9cQraY9j5O0E5rjc0zaqKXsKIBd4hi33HTO/DhQgCFvJFIZT6oLFsv6Iz mK0fC6v+7BDF01pKdjHRS6p/iEUKP5u5Dnrto/GPUGRS8RMcxLyCCHGttM50swgQ AJaXKchifSn00H2Dg+bb7z3mUZejPBLfDN39rvKzyonQd+GlDZUlprWtPVgu3qlC zQjLuPdbDIHnDPgTK+7MqNEM7DHyI/APh0l33/tjjtBG9ybLgGYDUSafPDA3caZM IIqBDEZ8ztDMVaSrkmQdI6onBFBJBYfQ5zu8VI6zxPQXs6vC0r9KlMAG7KqUihr4 eV0hw7GzzDQ= =xwun -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Security Fix(es): * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * openssl: 0-byte record padding oracle (CVE-2019-1559) * tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199 (CVE-2019-10072) * tomcat: XSS in SSI printenv (CVE-2019-0221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle 1713275 - CVE-2019-0221 tomcat: XSS in SSI printenv 1723708 - CVE-2019-10072 tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199 6. ========================================================================== Ubuntu Security Notice USN-3840-1 December 06, 2018 openssl, openssl1.0 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in OpenSSL. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. (CVE-2018-0734) Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735) Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, and Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading (SMT) architectures are vulnerable to side-channel leakage. This issue is known as "PortSmash". An attacker could possibly use this issue to perform a timing side-channel attack and recover private keys. (CVE-2018-5407) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libssl1.0.0 1.0.2n-1ubuntu6.1 libssl1.1 1.1.1-1ubuntu2.1 Ubuntu 18.04 LTS: libssl1.0.0 1.0.2n-1ubuntu5.2 libssl1.1 1.1.0g-2ubuntu4.3 Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.14 Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.27 After a standard system update you need to reboot your computer to make all the necessary changes