VARIoT IoT vulnerabilities database

A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior to v2.55 could be remotely exploited to create a denial of service. plural HPE The product contains vulnerabilities related to security functions.Service operation interruption (DoS) There is a possibility of being put into a state. HPE Integrated Lights-Out (iLO) is an embedded server management technology, which monitors and maintains the health of the server, remotely manages the server, etc. through an integrated remote management port. Moonshot Chassis Manager is a movement chassis manager. Moonshot Component Pack is a Moonshot component pack. Security vulnerabilities exist in several HPE products. A remote attacker could exploit this vulnerability to cause a denial of service

SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database. SAP MaxDB (liveCache) Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAP MaxDB is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. SAP MaxDB (liveCache) 7.8 and 7.9 are vulnerable

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery. 3PAR Service Processor (SP) Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass. 3PAR Service Processor (SP) Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. These attacks are known as L1 Terminal Fault: SGX, L1 Terminal Fault: OS/SMM, and L1 Terminal Fault: VMM. Intel Core Systems with microprocessors contain information disclosure vulnerabilities.Information may be obtained and information may be altered. Multiple Intel Processors are prone to a multiple information-disclosure vulnerabilities. Local attackers can exploit these issues to obtain sensitive information. This may aid in further attacks. Intel Xeon Processor E3 v5 Family, etc. are the central processing unit (CPU) products of Intel Corporation of the United States. The following products are affected: Intel Xeon Processor E3 v5 Family; Intel Xeon Processor E3 v6 Family; 6th generation Intel Core processors; 7th generation Intel Core processors; 8th generation Intel Core processors. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2018-240-01) New kernel packages are available for Slackware 14.2 to mitigate security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.153/*: Upgraded. This kernel update enables mitigations for L1 Terminal Fault aka Foreshadow and Foreshadow-NG vulnerabilities. Thanks to Bernhard Kaindl for bisecting the boot issue that was preventing us from upgrading to earlier 4.4.x kernels that contained this fix. To see the status of CPU vulnerability mitigations on your system, look at the files in: /sys/devices/system/cpu/vulnerabilities Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3615 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3546 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-firmware-20180825_fea76a0-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-generic-4.4.153-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-generic-smp-4.4.153_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-headers-4.4.153_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-huge-4.4.153-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-huge-smp-4.4.153_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-modules-4.4.153-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-modules-smp-4.4.153_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-source-4.4.153_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-firmware-20180825_fea76a0-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-generic-4.4.153-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-headers-4.4.153-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-huge-4.4.153-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-modules-4.4.153-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-source-4.4.153-noarch-1.txz MD5 signatures: +-------------+ Slackware 14.2 packages: b0a4ac8050eed122d407069db8704be2 kernel-firmware-20180825_fea76a0-noarch-1.txz cd110706f35e4496017f7270d393fcf9 kernel-generic-4.4.153-i586-1.txz 57b026fb409d15596b91963bfab973b5 kernel-generic-smp-4.4.153_smp-i686-1.txz d1f1a717bcdc85be8382628f0a38ae78 kernel-headers-4.4.153_smp-x86-1.txz 439fc6640ce50c1b061b60b6a7afffe9 kernel-huge-4.4.153-i586-1.txz b1683dd7d0a3f6898f5d8ffecca50c4a kernel-huge-smp-4.4.153_smp-i686-1.txz 5ac4445b7ac81c65e4fe8269fa8f7b23 kernel-modules-4.4.153-i586-1.txz 3f9a394283e7feff520b6bff6219d1de kernel-modules-smp-4.4.153_smp-i686-1.txz 4b8979e2226d66d957b33deacbf5fb26 kernel-source-4.4.153_smp-noarch-1.txz Slackware x86_64 14.2 packages: b0a4ac8050eed122d407069db8704be2 kernel-firmware-20180825_fea76a0-noarch-1.txz 1109c106490e646cf687fbd1ac7211cd kernel-generic-4.4.153-x86_64-1.txz 8668e44ceb919d862e02c7eedfd2cf1d kernel-headers-4.4.153-x86-1.txz fe42dde9fd78ef32c4527e0a6fa60da0 kernel-huge-4.4.153-x86_64-1.txz 7a872f2bff05ebad6ec781f36bf0e392 kernel-modules-4.4.153-x86_64-1.txz 6403fd73910a3f1e1b9eed3ecb6de0e4 kernel-source-4.4.153-noarch-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.153-smp | bash For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.153 | bash Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 4.4.153-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 4.4.153 as the version. If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting. If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader. If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAluFyGYACgkQakRjwEAQIjN99wCbBHlVovtqYBjkObo2PP9WIIr7 eI8An0+88QDu5DNT6mF1CrHvAToR3o8G =SVgT -----END PGP SIGNATURE-----

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. These attacks are known as L1 Terminal Fault: SGX, L1 Terminal Fault: OS/SMM, and L1 Terminal Fault: VMM. Intel Core Systems with microprocessors contain information disclosure vulnerabilities.Information may be obtained. Intel Core i3 processor, etc. are all CPU (central processing unit) products of Intel Corporation of the United States. Security vulnerabilities exist in several Intel products that use speculative execution and address translation. The following products are affected: Intel Core i3 processor; Intel Core i5 processor; Intel Core i7 processor; Intel Core M processor family; 2nd generation Intel Core processors; 3rd generation Intel Core processors; 4th generation Intel Core processors; 5th generation Intel Core processors, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2018:2389-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2389 Issue date: 2018-08-14 CVE Names: CVE-2018-3620 CVE-2018-3646 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.2) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.2) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.2) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Package List: Red Hat Enterprise Linux Server AUS (v. 7.2): Source: kernel-3.10.0-327.71.4.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.71.4.el7.noarch.rpm kernel-doc-3.10.0-327.71.4.el7.noarch.rpm x86_64: kernel-3.10.0-327.71.4.el7.x86_64.rpm kernel-debug-3.10.0-327.71.4.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.71.4.el7.x86_64.rpm kernel-devel-3.10.0-327.71.4.el7.x86_64.rpm kernel-headers-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.71.4.el7.x86_64.rpm perf-3.10.0-327.71.4.el7.x86_64.rpm perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm python-perf-3.10.0-327.71.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.2): Source: kernel-3.10.0-327.71.4.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.71.4.el7.noarch.rpm kernel-doc-3.10.0-327.71.4.el7.noarch.rpm ppc64le: kernel-3.10.0-327.71.4.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-327.71.4.el7.ppc64le.rpm kernel-debug-3.10.0-327.71.4.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.71.4.el7.ppc64le.rpm kernel-devel-3.10.0-327.71.4.el7.ppc64le.rpm kernel-headers-3.10.0-327.71.4.el7.ppc64le.rpm kernel-tools-3.10.0-327.71.4.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm kernel-tools-libs-3.10.0-327.71.4.el7.ppc64le.rpm perf-3.10.0-327.71.4.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm python-perf-3.10.0-327.71.4.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm x86_64: kernel-3.10.0-327.71.4.el7.x86_64.rpm kernel-debug-3.10.0-327.71.4.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.71.4.el7.x86_64.rpm kernel-devel-3.10.0-327.71.4.el7.x86_64.rpm kernel-headers-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.71.4.el7.x86_64.rpm perf-3.10.0-327.71.4.el7.x86_64.rpm perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm python-perf-3.10.0-327.71.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.2): Source: kernel-3.10.0-327.71.4.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.71.4.el7.noarch.rpm kernel-doc-3.10.0-327.71.4.el7.noarch.rpm x86_64: kernel-3.10.0-327.71.4.el7.x86_64.rpm kernel-debug-3.10.0-327.71.4.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.71.4.el7.x86_64.rpm kernel-devel-3.10.0-327.71.4.el7.x86_64.rpm kernel-headers-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.71.4.el7.x86_64.rpm perf-3.10.0-327.71.4.el7.x86_64.rpm perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm python-perf-3.10.0-327.71.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.71.4.el7.x86_64.rpm perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.2): ppc64le: kernel-debug-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm kernel-debug-devel-3.10.0-327.71.4.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.71.4.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-327.71.4.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.71.4.el7.x86_64.rpm perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.71.4.el7.x86_64.rpm perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-3620 https://access.redhat.com/security/cve/CVE-2018-3646 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/L1TF 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW3M6OtzjgjWX9erEAQgXsA//fUjJD9ABgMqdEY1I+4Y28+aCtz++Rn0O lQaHCnxzStUHT401003DNrka0StFmfCSLZ7fYQF5iss9bE0dFyQaJ+UxWqEMiiJ5 eBRWolwaQjovLOs/W0ihbiOgDa4IiBmaXzJ6V2CTXC6PMFtsc5qo7fcUroQ72Exa gdXUxO4z3Ei4TTZpwLL/5xfphENXoOk0BMGw5ouAhfsiGyY/q5VWICqoKYqXvgSB S6qI85FlHVHTiMpZa7DjFygFfGsraOYkUF9Svokw2d46mzAdFHBfsY4l3esvOth0 HVdIXBhN9xoKnKI6907vGrDhNshm6E029vhLoc+R6cJIa6nFXDxIlb/PsYhGDmvE N7WVbb1ItaZn2b6RAmkhw4XSMJlGXtsbR0qQghXL0h0RB70a+DKQOrpLuJZFaxHE ETzp+i5p0xRLgyNMUHgDtSSCgb+y+ctSrCyB6ls5hV/TIuYKV3L3UhRYGaWlCWIk Ki9Iou3E8NCmHNgJlaG4g7EVnv5bXrDoww5UU79W5TDIapQXohXwSYH5TJMfyj5U 786wYzOtx1ubSM+AnJ3yXWaHgxOUv/o0NjYruO+SuXlqKw7CnlAyYJJj5kro3Yhu QuJU1xNPPhTV+608bCy/lthONMfTRZ534be+RcLw8gd1v6/WtGcZxdvNtCJ1nQ5e xxvWT3L+dPQ1KA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The appliance is available to download as an OVA file from the Customer Portal. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. (CVE-2018-3620, CVE-2018-3646) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. To fully resolve these vulnerabilities it is also necessary to install updated CPU microcode (only available in Debian non-free). Common server class CPUs are covered in the update released as DSA 4273-1. For the stable distribution (stretch), these problems have been fixed in version 4.9.110-3+deb9u3. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlt6p8ZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TBJg//VmtxfP6VLm5Q2hHuOlUejrc2W4hOcNRR0Ud7DjJ0B5Gfb9y/u1k+RXBj akX5/Csi6l+kLOWs4/amX3VAxdQRYFL6eEJBNZzlCkBasu1DpkvJdL9F0EP9gru7 Xd/StpSQs8GaBAlklQsckHtKqPzhB5D56gLosLupfmdNovlRKPhX282Ae5JCgjyf BjQv7Oa5K+pUw7F4sZUsdTPZHvl3bZ14u2SDzkIYX6K0KSRi3r4kBNGlRkCnRUTd AW8LpC2uWFX584LhVqJhnKhtd2lveadkwjX9TTRDJkJJOW88Yf2hDSyvWRAKS90D 65SEB2SIrgYiOTqCW4TQXPv5cNSn+LPimrkPus4likNyxJajbck5lB5GVLTTd0dp X0WPp4uhNsISHERZzdJpT8Y3uu5VrPzgSxPay/aPh+n7vy/wFknliZ4IfBSZtOri J5OrlN+Dal0M7eli1ojoByMLsH5Tzzd6/pfmOtWH/wNUFuMPdNwM/KuzcZRn+aMY FZ6jk6Ge0UNgFoQQPb6ddu0YBlPQGK5t+jPS47qR8fEqV7VxBDFVQYKK5Lni9iwi bIarRFTWQNj3nYZ44VOsk95QuyKe2Gw5NkjzlsEhQdQ318urQ6tpAAvjet/xbaHv 6SO/0r3APr5jxH2GGrLUvRRezbXYkBhEVhWOtcOQryXEzPAbcGc= =Cd8P -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-3742-2 August 14, 2018 linux-lts-trusty vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 for Ubuntu 12.04 ESM. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. (CVE-2018-3620) Andrey Konovalov discovered an out-of-bounds read in the POSIX timers subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. A remote attacker could use this to cause a denial of service. (CVE-2018-5390) Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. A remote attacker could use this to cause a denial of service. (CVE-2018-5391) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: linux-image-3.13.0-155-generic 3.13.0-155.206~precise1 linux-image-3.13.0-155-generic-lpae 3.13.0-155.206~precise1 linux-image-generic-lpae-lts-trusty 3.13.0.155.145 linux-image-generic-lts-trusty 3.13.0.155.145 Please note that the recommended mitigation for CVE-2018-3646 involves updating processor microcode in addition to updating the kernel; however, the kernel includes a fallback for processors that have not received microcode updates. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. 5 ELS) - i386, noarch, s390x, x86_64 3. 6.5) - x86_64 3. (CVE-2018-3620, CVE-2018-3646) * kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. These attacks are known as L1 Terminal Fault: SGX, L1 Terminal Fault: OS/SMM, and L1 Terminal Fault: VMM. Multiple Intel Processors are prone to a multiple information-disclosure vulnerabilities. Local attackers can exploit these issues to obtain sensitive information. This may aid in further attacks. Intel Core i3 processor, etc. are all CPU (central processing unit) products of Intel Corporation of the United States. The following products are affected: Intel Core i3 processor; Intel Core i5 processor; Intel Core i7 processor; Intel Core M processor family; 2nd generation Intel Core processors; 3rd generation Intel Core processors; 4th generation Intel Core processors; 5th generation Intel Core processors, etc. 7.2) - noarch, x86_64 3. Description: The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. (CVE-2018-3620, CVE-2018-3646) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. To fully resolve these vulnerabilities it is also necessary to install updated CPU microcode (only available in Debian non-free). Common server class CPUs are covered in the update released as DSA 4273-1. For the stable distribution (stretch), these problems have been fixed in version 4.9.110-3+deb9u3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 10.14 macOS Mojave 10.14 addresses the following: Bluetooth Available for: iMac (21.5-inch, Late 2012), iMac (27-inch, Late 2012) , iMac (21.5-inch, Late 2013), iMac (21.5-inch, Mid 2014), iMac (Retina 5K, 27-inch, Late 2014), iMac (21.5-inch, Late 2015), Mac mini (Mid 2011), Mac mini Server (Mid 2011), Mac mini (Late 2012) , Mac mini Server (Late 2012), Mac mini (Late 2014), Mac Pro (Late 2013), MacBook Air (11-inch, Mid 2011), MacBook Air (13-inch, Mid 2011), MacBook Air (11-inch, Mid 2012), MacBook Air (13-inch, Mid 2012), MacBook Air (11-inch, Mid 2013), MacBook Air (13-inch, Mid 2013), MacBook Air (11-inch, Early 2015), MacBook Air (13-inch, Early 2015), MacBook Pro (13-inch, Mid 2012), MacBook Pro (15-inch, Mid 2012), MacBook Pro (Retina, 13-inch, Early 2013), MacBook Pro (Retina, 15-inch, Early 2013), MacBook Pro (Retina, 13-inch, Late 2013), and MacBook Pro (Retina, 15-inch, Late 2013) Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham The updates below are available for these Mac models: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013, Mid 2010, and Mid 2012 models with recommended Metal-capable graphics processor, including MSI Gaming Radeon RX 560 and Sapphire Radeon PULSE RX 580) afpserver Impact: A remote attacker may be able to attack AFP servers through HTTP clients Description: An input validation issue was addressed with improved input validation. CVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC Berkeley Entry added October 30, 2018 App Store Impact: A malicious application may be able to determine the Apple ID of the owner of the computer Description: A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. CVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc. AppleGraphicsControl Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4417: Lee of the Information Security Lab Yonsei University working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 Application Firewall Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A configuration issue was addressed with additional restrictions. CVE-2018-4353: Abhinav Bansal of LinkedIn Inc. APR Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2017-12613: Craig Young of Tripwire VERT CVE-2017-12618: Craig Young of Tripwire VERT Entry added October 30, 2018 ATS Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 ATS Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4308: Mohamed Ghannam (@_simo36) Entry added October 30, 2018 Auto Unlock Impact: A malicious application may be able to access local users AppleIDs Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. CFNetwork Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 CoreFoundation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreFoundation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4414: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreText Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4347: an anonymous researcher Entry added October 30, 2018 Crash Reporter Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4333: Brandon Azad CUPS Impact: In certain configurations, a remote attacker may be able to replace the message content from the print server with arbitrary content Description: An injection issue was addressed with improved validation. CVE-2018-4153: Michael Hanselmann of hansmi.ch Entry added October 30, 2018 CUPS Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4406: Michael Hanselmann of hansmi.ch Entry added October 30, 2018 Dictionary Impact: Parsing a maliciously crafted dictionary file may lead to disclosure of user information Description: A validation issue existed which allowed local file access. This was addressed with input sanitization. CVE-2018-4346: Wojciech ReguAa (@_r3ggi) of SecuRing Entry added October 30, 2018 Grand Central Dispatch Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad Entry added October 30, 2018 Heimdal Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas F. Wenisch of University of Michigan, Mark Silberstein and Marina Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu of Intel Corporation, Yuval Yarom of The University of Adelaide Entry added October 30, 2018 iBooks Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: A configuration issue was addressed with additional restrictions. CVE-2018-4355: evi1m0 of bilibili security team Entry added October 30, 2018 Intel Graphics Driver Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4396: Yu Wang of Didi Research America CVE-2018-4418: Yu Wang of Didi Research America Entry added October 30, 2018 Intel Graphics Driver Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2018-4351: Appology Team @ Theori working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 Intel Graphics Driver Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4350: Yu Wang of Didi Research America Entry added October 30, 2018 Intel Graphics Driver Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4334: Ian Beer of Google Project Zero Entry added October 30, 2018 IOHIDFamily Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero Entry added October 30, 2018 IOKit Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero Entry added October 30, 2018 IOKit Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2018-4383: Apple Entry added October 30, 2018 IOUserEthernet Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple Entry added October 30, 2018 Kernel Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions. CVE-2018-4399: Fabiano Anemone (@anoane) Entry added October 30, 2018 Kernel Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Entry added October 30, 2018 Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4336: Brandon Azad CVE-2018-4337: Ian Beer of Google Project Zero CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4344: The UK's National Cyber Security Centre (NCSC) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 LibreSSL Impact: Multiple issues in libressl were addressed in this update Description: Multiple issues were addressed by updating to libressl version 2.6.4. CVE-2015-3194 CVE-2015-5333 CVE-2015-5334 CVE-2016-702 Entry added October 30, 2018 Login Window Impact: A local user may be able to cause a denial of service Description: A validation issue was addressed with improved logic. CVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of MWR InfoSecurity Entry added October 30, 2018 mDNSOffloadUserClient Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team Entry added October 30, 2018 MediaRemote Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. This ensures that older data read from recently-written-to addresses cannot be read via a speculative side-channel. CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken Johnson of the Microsoft Security Response Center (MSRC) Entry added October 30, 2018 Security Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4395: Patrick Wardle of Digita Security Entry added October 30, 2018 Security Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky Spotlight Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4393: Lufeng Li Entry added October 30, 2018 Symptom Framework Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 Text Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck) Entry added October 30, 2018 Wi-Fi Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 Additional recognition Accessibility Framework We would like to acknowledge Ryan Govostes for their assistance. Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. CoreDAV We would like to acknowledge an anonymous researcher for their assistance. CoreGraphics We would like to acknowledge Nitin Arya of Roblox Corporation for their assistance. CoreSymbolication We would like to acknowledge Brandon Azad for their assistance. IOUSBHostFamily We would like to acknowledge an anonymous researcher for their assistance. Kernel We would like to acknowledge Brandon Azad for their assistance. Mail We would like to acknowledge Alessandro Avagliano of Rocket Internet SE, John Whitehead of The New York Times, Kelvin Delbarre of Omicron Software Systems, and Zbyszek A>>A3Akiewski for their assistance. Quick Look We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing and Patrick Wardle of Digita Security and lokihardt of Google Project Zero for their assistance. Security We would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, and an anonymous researcher for their assistance. SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. Terminal We would like to acknowledge an anonymous researcher for their assistance. WindowServer We would like to acknowledge Patrick Wardle of Digita Security for their assistance. Installation note: macOS Mojave 10.14 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GrtxAA iVBcAdusz88zFzkT05EIxb9nSp4CGOlhKlChK4N7Db17o2fNT0hNpQixEAC0wC/A zqIzsXEzZlPobI4OnwiEVs7lVBsvCW+IarrRZ8pgSllKs1VlbNfOO3z9vB5BqJMr d9PjPvtHyG3jZmWqQPIjvJb3l3ZjHAt+HAvTItNMkhIUjqV80JI8wP3erzIf3tAt VoLIw5iL5w4HAYcWsn9DYcecXZdv39MnKL5UGzMX3bkee2U7kGYtgskU+mdPa1Wl WzquIPlLeKL2KNSXEfbkPtcKM/fvkURsNzEDvg+PBQLdI3JeR1bOeN24aiTEtiEL TecGm/kKMMJWmDdhPhFvZVD+SIdZd4LgbTawR1UE1JJg7jnEZKCvZ45mXd2eBwn/ rpEKCLBsgA59GILs3ZjZSIWskRJPzZrt463AKcN2wukkTUUkY1rhRVdOf6LZMs9Z w9iJOua3vt+HzCCxTEaH53WUeM6fn/Yeq+DGIS5Fk0G09pU7tsyJVwj3o1nJn0dl e2mcrXBJeSmi6bvvkJX45y/Y8E8Qr+ovS4uN8wG6DOWcCBQkDkugabng8vNh8GST 1wNnV9JY/CmYbU0ZIwKbbSDkcQLQuIl7kKaZMHnU74EytcKscUqqx1VqINz1tssu 1wZZGLtg3VubrZOsnUZzumD+0nI8c6QAnQK3P2PSZ0k= =i9YR -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-3742-2 August 14, 2018 linux-lts-trusty vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 for Ubuntu 12.04 ESM. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. (CVE-2018-3620) Andrey Konovalov discovered an out-of-bounds read in the POSIX timers subsystem in the Linux kernel. A remote attacker could use this to cause a denial of service. (CVE-2018-5390) Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. A remote attacker could use this to cause a denial of service. (CVE-2018-5391) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: linux-image-3.13.0-155-generic 3.13.0-155.206~precise1 linux-image-3.13.0-155-generic-lpae 3.13.0-155.206~precise1 linux-image-generic-lpae-lts-trusty 3.13.0.155.145 linux-image-generic-lts-trusty 3.13.0.155.145 Please note that the recommended mitigation for CVE-2018-3646 involves updating processor microcode in addition to updating the kernel; however, the kernel includes a fallback for processors that have not received microcode updates. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2390-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2390 Issue date: 2018-08-14 CVE Names: CVE-2017-0861 CVE-2017-15265 CVE-2018-3620 CVE-2018-3646 CVE-2018-3693 CVE-2018-7566 CVE-2018-10901 CVE-2018-1000004 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265) * kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; and Vegard Nossum (Oracle Corporation) for reporting CVE-2018-10901. Bug Fix(es): * The Least recently used (LRU) operations are batched by caching pages in per-cpu page vectors to prevent contention of the heavily used lru_lock spinlock. The page vectors can hold even the compound pages. Previously, the page vectors were cleared only if they were full. Subsequently, the amount of memory held in page vectors, which is not reclaimable, was sometimes too high. Consequently the page reclamation started the Out of Memory (OOM) killing processes. With this update, the underlying source code has been fixed to clear LRU page vectors each time when a compound page is added to them. As a result, OOM killing processes due to high amounts of memory held in page vectors no longer occur. (BZ#1575819) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1501878 - CVE-2017-15265 kernel: Use-after-free in snd_seq_ioctl_create_port() 1535315 - CVE-2018-1000004 kernel: Race condition in sound system can lead to denial of service 1550142 - CVE-2018-7566 kernel: race condition in snd_seq_write() may lead to UAF or OOB-access 1563994 - CVE-2017-0861 kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation 1581650 - CVE-2018-3693 Kernel: speculative bounds check bypass store 1585005 - CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF) 1601849 - CVE-2018-10901 kernel: kvm: vmx: host GDT limit corruption 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm i386: kernel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-devel-2.6.32-754.3.5.el6.i686.rpm kernel-headers-2.6.32-754.3.5.el6.i686.rpm perf-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm i386: kernel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-devel-2.6.32-754.3.5.el6.i686.rpm kernel-headers-2.6.32-754.3.5.el6.i686.rpm perf-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm ppc64: kernel-2.6.32-754.3.5.el6.ppc64.rpm kernel-bootwrapper-2.6.32-754.3.5.el6.ppc64.rpm kernel-debug-2.6.32-754.3.5.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.3.5.el6.ppc64.rpm kernel-devel-2.6.32-754.3.5.el6.ppc64.rpm kernel-headers-2.6.32-754.3.5.el6.ppc64.rpm perf-2.6.32-754.3.5.el6.ppc64.rpm perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm s390x: kernel-2.6.32-754.3.5.el6.s390x.rpm kernel-debug-2.6.32-754.3.5.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debug-devel-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.3.5.el6.s390x.rpm kernel-devel-2.6.32-754.3.5.el6.s390x.rpm kernel-headers-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-devel-2.6.32-754.3.5.el6.s390x.rpm perf-2.6.32-754.3.5.el6.s390x.rpm perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.3.5.el6.ppc64.rpm perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm python-perf-2.6.32-754.3.5.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.3.5.el6.s390x.rpm perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm python-perf-2.6.32-754.3.5.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm i386: kernel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-devel-2.6.32-754.3.5.el6.i686.rpm kernel-headers-2.6.32-754.3.5.el6.i686.rpm perf-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-0861 https://access.redhat.com/security/cve/CVE-2017-15265 https://access.redhat.com/security/cve/CVE-2018-3620 https://access.redhat.com/security/cve/CVE-2018-3646 https://access.redhat.com/security/cve/CVE-2018-3693 https://access.redhat.com/security/cve/CVE-2018-7566 https://access.redhat.com/security/cve/CVE-2018-10901 https://access.redhat.com/security/cve/CVE-2018-1000004 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/L1TF 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW3Me0NzjgjWX9erEAQhkDBAAjGcoEad9NOtCUJqgDcVHLArXg9OKAloW +BaoAYrYtzH3h9teocV6U3mYaxhwu2Cd13JlbKJsc8BLRzHUSZpwxjcsewCzjx2u dotwAksPej7L3U/U5YPSJ37r/OP+ni7trT1dtEmCI578QHFZB6+4/qK/1aYM+biQ EI0BoaSMV6RDo9u+U6zPgk8L7ugMhWs2PCXbtV7koyg563tasvo5jWlfVYNVD1fz cKTzsTwVQwirynWa2mvtaI+vaslYX3x9Zn6dJ2VEzpD4w6tU54/sViaetmLnSOir ZVdtkeO0pdEBO2YUr+Igc+ZOtLdGpzOjkQVQMBG+YE6bDdynYYFrxkPcNPeB1f1K 2bTNHA/FnirFDOII3JuYEqg8TXdh8NYRZ4a8rqchGo2JCeh5Q5LnhJDYWJv2HbTW TZUQY/nStRfWVpygQJV72GJENICnRVjjQ5D569KFBopnK0iXWLpxlf3dmp5Lvdg2 0rBVnnclfQCQVxZvOiZ3s0wkA9d0o7v4pDN2YgTRDlU4nzI3xE4jh0Sevsn4tVco ePUubCuxhjQfxJswBPoZA8Al3GGlSxOMKFHO6HscnnAh6YL5LVusx4PpJt4Y3tjW Vf8Rk4bFbn+M0RtVM+vnFGjWAr7w6iKvRya8y0LzElfAtpeedcnuxfJGtecT73IZ /6fv2MlabwY=kAUc -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Note that due to a client issue, this livepatch may report that it failed to load. You can verify that the patch has successfully loaded by looking in /sys/kernel/livepatch for a directory starting with the name "lkp_Ubuntu," followed by your kernel version, and ending with the version number, "44." The next client update should correct this problem. (CVE-2018-3620) It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. (CVE-2018-15572) Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. (CVE-2018-17182) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-133.159 | 44.1 | generic, lowlatency | | 4.4.0-133.159~14.04.1 | 44.1 | lowlatency, generic | | 4.4.0-134.160 | 44.1 | generic, lowlatency | | 4.4.0-134.160~14.04.1 | 44.1 | lowlatency, generic | | 4.4.0-135.161~14.04.1 | 44.1 | lowlatency, generic | | 4.15.0-32.35 | 44.1 | lowlatency, generic | | 4.15.0-32.35~16.04.1 | 44.1 | generic, lowlatency | | 4.15.0-33.36 | 44.1 | lowlatency, generic | | 4.15.0-33.36~16.04.1 | 44.1 | lowlatency, generic | | 4.15.0-34.37 | 44.1 | generic, lowlatency | | 4.15.0-34.37~16.04.1 | 44.2 | lowlatency, generic | References: CVE-2018-3620, CVE-2018-15594, CVE-2018-3646, CVE-2018-6555, CVE-2018-14633, CVE-2018-15572, CVE-2018-17182 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . These CVEs are security vulnerabilities caused by flaws in the design of speculative execution hardware in the computer's CPU. Details on the vulnerability and our response can be found here: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF Due to the high complexity of the fixes and the need for a corresponding CPU microcode update for a complete fix, we are unable to livepatch these CVEs. Please plan to reboot into an updated kernel as soon as possible. Users running Ubuntu 16.04 LTS or 14.04 LTS should upgrade to kernel version 4.4.0-133.159 or later. References: CVE-2018-3620, and CVE-2018-3646 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xen: Multiple vulnerabilities Date: October 30, 2018 Bugs: #643350, #655188, #655544, #659442 ID: 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, the worst of which could cause a Denial of Service condition. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/xen < 4.10.1-r2 >= 4.10.1-r2 2 app-emulation/xen-tools < 4.10.1-r2 >= 4.10.1-r2 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.10.1-r2" All Xen tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.10.1-r2" References ========== [ 1 ] CVE-2017-5715 https://nvd.nist.gov/vuln/detail/CVE-2017-5715 [ 2 ] CVE-2017-5753 https://nvd.nist.gov/vuln/detail/CVE-2017-5753 [ 3 ] CVE-2017-5754 https://nvd.nist.gov/vuln/detail/CVE-2017-5754 [ 4 ] CVE-2018-10471 https://nvd.nist.gov/vuln/detail/CVE-2018-10471 [ 5 ] CVE-2018-10472 https://nvd.nist.gov/vuln/detail/CVE-2018-10472 [ 6 ] CVE-2018-10981 https://nvd.nist.gov/vuln/detail/CVE-2018-10981 [ 7 ] CVE-2018-10982 https://nvd.nist.gov/vuln/detail/CVE-2018-10982 [ 8 ] CVE-2018-12891 https://nvd.nist.gov/vuln/detail/CVE-2018-12891 [ 9 ] CVE-2018-12892 https://nvd.nist.gov/vuln/detail/CVE-2018-12892 [ 10 ] CVE-2018-12893 https://nvd.nist.gov/vuln/detail/CVE-2018-12893 [ 11 ] CVE-2018-15468 https://nvd.nist.gov/vuln/detail/CVE-2018-15468 [ 12 ] CVE-2018-15469 https://nvd.nist.gov/vuln/detail/CVE-2018-15469 [ 13 ] CVE-2018-15470 https://nvd.nist.gov/vuln/detail/CVE-2018-15470 [ 14 ] CVE-2018-3620 https://nvd.nist.gov/vuln/detail/CVE-2018-3620 [ 15 ] CVE-2018-3646 https://nvd.nist.gov/vuln/detail/CVE-2018-3646 [ 16 ] CVE-2018-5244 https://nvd.nist.gov/vuln/detail/CVE-2018-5244 [ 17 ] CVE-2018-7540 https://nvd.nist.gov/vuln/detail/CVE-2018-7540 [ 18 ] CVE-2018-7541 https://nvd.nist.gov/vuln/detail/CVE-2018-7541 [ 19 ] CVE-2018-7542 https://nvd.nist.gov/vuln/detail/CVE-2018-7542 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201810-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. (BZ#1632422) 4. 7) - aarch64, noarch, ppc64le 3. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. 6.4) - x86_64 3. (BZ#1625330) 4. 7) - ppc64le 3. (CVE-2018-5391) * kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344) * kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781) * kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902) * kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405) * kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661) * kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805) * kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208) * kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120) * kernel: a null pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130) * kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344) * kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803) * kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848) * kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878) * kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026) * kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913) * kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232) * kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092) * kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094) * kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118) * kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740) * kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757) * kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322) * kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879) * kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881) * kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883) * kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940) Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094. Bugs fixed (https://bugzilla.redhat.com/): 1314275 - CVE-2015-8830 kernel: AIO write triggers integer overflow in some protocols 1322930 - [RFE] Allow xfs to modify labels on mounted filesystem 1337528 - CVE-2016-4913 kernel: Information leak when handling NM entries containing NUL 1481136 - CVE-2017-10661 kernel: Handling of might_cancel queueing is not properly pretected against race 1488484 - GRE: IFLA_MTU ignored on NEWLINK 1504058 - kernel panic with nfsd while removing locks on file close 1507027 - [ESXi][RHEL7.6]x86/vmware: Add paravirt sched clock 1528312 - CVE-2017-17805 kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service 1533909 - CVE-2018-5344 kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service 1541846 - CVE-2018-1000026 kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet 1542494 - VMs with NVMe devices passed through sometimes fail to be launched 1551051 - CVE-2018-5803 kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service 1551565 - CVE-2017-18208 kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service 1552867 - CVE-2018-7740 kernel: Denial of service in resv_map_release function in mm/hugetlb.c 1553361 - CVE-2018-7757 kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c 1557434 - bio too big device md0 (1024 > 256) 1557599 - [RFE] Rebase ipset (kernel) to latest upstream 1558066 - CVE-2017-18232 kernel: Mishandling mutex within libsas allowing local Denial of Service 1558328 - Kernel data path test with OVS 2.9 + DPDK 17.11 fails with low throughput 1560777 - CVE-2018-1092 kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image 1560788 - CVE-2018-1094 kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image 1561162 - [RHEL7.5] Extreme performance impact caused by raid resync 1563697 - Triming on full pool can trigger 'dm_pool_alloc_data_block' failed: error = -28 1563994 - CVE-2017-0861 kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation 1564186 - XFS may block endlessly in xlog_wait() on IO error 1568167 - crypto aesni-intel aes(gcm) is broken for IPsec 1571062 - CVE-2018-8781 kernel: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space 1571623 - CVE-2018-10322 kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service 1572983 - conntrack doesn't track packets in specific network namespace if those packets were processed by CT --notrack target in other network namespace 1573699 - CVE-2018-1118 kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() 1575472 - CVE-2018-1120 kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service 1576419 - CVE-2018-1130 kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash 1577408 - CVE-2018-10940 kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c 1584775 - VMs hung after migration 1590720 - CVE-2018-10902 kernel: MIDI driver race condition leads to a double-free 1590799 - CVE-2018-5848 kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption 1592654 - [NVMe Device Assignment] Guest reboot failed from the NVMe assigned which os installed on 1596802 - CVE-2018-10878 kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image 1596806 - CVE-2018-10879 kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file 1596828 - CVE-2018-10881 kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image 1596846 - CVE-2018-10883 kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function 1599161 - CVE-2018-13405 kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members 1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) 1609717 - [unwinder] CPU spins indefinitely in __save_stack_trace() call chain 1610958 - CVE-2017-18344 kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c 6. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3635371 4. PowerEdge 1950 1624498 - CVE-2018-14634 kernel: Integer overflow in Linux's create_elf_tables function 6. ========================================================================== Ubuntu Security Notice USN-3742-3 August 21, 2018 linux-lts-trusty regressions ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: USN-3742-2 introduced regressions in the Linux Hardware Enablement (HWE) kernel for Ubuntu 12.04 ESM. Software Description: - linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise ESM Details: USN-3742-2 introduced mitigations in the Linux Hardware Enablement (HWE) kernel for Ubuntu 12.04 ESM to address L1 Terminal Fault (L1TF) vulnerabilities (CVE-2018-3620, CVE-2018-3646). Unfortunately, the update introduced regressions that caused kernel panics when booting in some environments as well as preventing Java applications from starting. We apologize for the inconvenience. Original advisory details: It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). (CVE-2018-3620) Andrey Konovalov discovered an out-of-bounds read in the POSIX timers subsystem in the Linux kernel. (CVE-2018-5391) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: linux-image-3.13.0-156-generic 3.13.0-156.206~precise1 linux-image-3.13.0-156-generic-lpae 3.13.0-156.206~precise1 linux-image-generic-lpae-lts-trusty 3.13.0.156.146 linux-image-generic-lts-trusty 3.13.0.156.146 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. 6.6) - noarch, x86_64 3. Bug Fix(es): * After updating the system to prevent the L1 Terminal Fault (L1TF) vulnerability, only one thread was detected on systems that offer processing of two threads on a single processor core. With this update, the "__max_smt_threads()" function has been fixed. (BZ#1625334) * Previously, a kernel panic occurred when the kernel tried to make an out of bound access to the array that describes the L1 Terminal Fault (L1TF) mitigation state on systems without Extended Page Tables (EPT) support. This update extends the array of mitigation states to cover all the states, which effectively prevents out of bound array access. Also, this update enables rejecting invalid, irrelevant values, that might be erroneously provided by the userspace. (BZ#1629633) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2785-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2785 Issue date: 2018-09-25 CVE Names: CVE-2018-5390 CVE-2018-5391 CVE-2018-10675 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.3) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.3) - ppc64, ppc64le, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. (CVE-2018-5391) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390 and CVE-2018-5391. Bug Fix(es): * On systems running Red Hat Enterprise Linux 7 with Red Hat OpenShift Container Platform 3.5, a node sometimes got into "NodeNotReady" state after a CPU softlockup. Consequently, the node was not available. This update fixes an irq latency source in memory compaction. As a result, nodes no longer get into "NodeNotReady" state under the described circumstances. (BZ#1596281) * Previously, the kernel source code was missing support to report the Speculative Store Bypass Disable (SSBD) vulnerability status on IBM Power Systems and the little-endian variants of IBM Power Systems. As a consequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file incorrectly reported "Not affected" on both CPU architectures. This fix updates the kernel source code to properly report the SSBD status either as "Vulnerable" or "Mitigation: Kernel entry/exit barrier (TYPE)" where TYPE is one of "eieio", "hwsync", "fallback", or "unknown". (BZ#1612351) * The hypervisors of Red Hat Enterprise Linux 7 virtual machines (VMs) in certain circumstances mishandled the microcode update in the kernel. As a consequence, the VMs sometimes became unresponsive when booting. This update applies an upstream patch to avoid early microcode update when running under a hypervisor. As a result, kernel hangs no longer occur in the described scenario. (BZ#1618388) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact 1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack) 1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.3): Source: kernel-3.10.0-514.58.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.58.1.el7.noarch.rpm kernel-doc-3.10.0-514.58.1.el7.noarch.rpm x86_64: kernel-3.10.0-514.58.1.el7.x86_64.rpm kernel-debug-3.10.0-514.58.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.58.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.58.1.el7.x86_64.rpm kernel-devel-3.10.0-514.58.1.el7.x86_64.rpm kernel-headers-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.58.1.el7.x86_64.rpm perf-3.10.0-514.58.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm python-perf-3.10.0-514.58.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3): x86_64: kernel-debug-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.58.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.3): Source: kernel-3.10.0-514.58.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.58.1.el7.noarch.rpm kernel-doc-3.10.0-514.58.1.el7.noarch.rpm ppc64: kernel-3.10.0-514.58.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-514.58.1.el7.ppc64.rpm kernel-debug-3.10.0-514.58.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-514.58.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-514.58.1.el7.ppc64.rpm kernel-devel-3.10.0-514.58.1.el7.ppc64.rpm kernel-headers-3.10.0-514.58.1.el7.ppc64.rpm kernel-tools-3.10.0-514.58.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-514.58.1.el7.ppc64.rpm perf-3.10.0-514.58.1.el7.ppc64.rpm perf-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm python-perf-3.10.0-514.58.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm ppc64le: kernel-3.10.0-514.58.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-514.58.1.el7.ppc64le.rpm kernel-debug-3.10.0-514.58.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.58.1.el7.ppc64le.rpm kernel-devel-3.10.0-514.58.1.el7.ppc64le.rpm kernel-headers-3.10.0-514.58.1.el7.ppc64le.rpm kernel-tools-3.10.0-514.58.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-514.58.1.el7.ppc64le.rpm perf-3.10.0-514.58.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm python-perf-3.10.0-514.58.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm s390x: kernel-3.10.0-514.58.1.el7.s390x.rpm kernel-debug-3.10.0-514.58.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-514.58.1.el7.s390x.rpm kernel-debug-devel-3.10.0-514.58.1.el7.s390x.rpm kernel-debuginfo-3.10.0-514.58.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-514.58.1.el7.s390x.rpm kernel-devel-3.10.0-514.58.1.el7.s390x.rpm kernel-headers-3.10.0-514.58.1.el7.s390x.rpm kernel-kdump-3.10.0-514.58.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-514.58.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-514.58.1.el7.s390x.rpm perf-3.10.0-514.58.1.el7.s390x.rpm perf-debuginfo-3.10.0-514.58.1.el7.s390x.rpm python-perf-3.10.0-514.58.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-514.58.1.el7.s390x.rpm x86_64: kernel-3.10.0-514.58.1.el7.x86_64.rpm kernel-debug-3.10.0-514.58.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.58.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.58.1.el7.x86_64.rpm kernel-devel-3.10.0-514.58.1.el7.x86_64.rpm kernel-headers-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.58.1.el7.x86_64.rpm perf-3.10.0-514.58.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm python-perf-3.10.0-514.58.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.3): ppc64: kernel-debug-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-514.58.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-514.58.1.el7.ppc64.rpm perf-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-514.58.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.58.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-514.58.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.58.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-5390 https://access.redhat.com/security/cve/CVE-2018-5391 https://access.redhat.com/security/cve/CVE-2018-10675 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW6qe7NzjgjWX9erEAQjNbQ/+IKrFgUV0KKr007GhsyzJeLCUqTrNBcio bsIWQDFE/sV/deohMIBHybvxBeiZkUe8D+d/IcNS/0a1+jSNWytdahR8AO5PdjF1 QxXXnteY7glupPg7oBJzNVtrfWmvo6M7jH2U+EQ0w5agSIBQ+WFChXH5hMwXxx8f nW7hs3ToSWJyrAo6VRQ9IX3goBskn6qIcbTsp4lMNhGa1gQPOFvoT0DyK7V32TWT KmNAK13XYd8nP402PUUyN72HksPwW5fJNG5bQIYUp07WGOgiKt0X8vAgzaSX9srd LBxMG+TP8IJjrNe3RUC/kD3BJ+n7BYp0hnYr1y2k09qHDrDP7K0qP63fRBPQ+xPs 3gQmmz9AICgF+xA95onoREUJp6rqydFb92OsebwRb2aZ4ho084M7GTsKe7cZn4zL oUXFafA7Tjir+K0oyOLsAF/ieIvzHt35IJKFECXZuAuomgsTTh92DLnMurszyNmi IzIZbenNNhPV6qGLD1gANzvaaRKZNhJVh1DAZgWaMqOf/xZYE2n1mO8XAj5/m97T Sz4RCOUVFMTgcFAQFWv29uLtV0c8gd6X9QNiYeDGqoADskwGpSdBKuNlnHFaOv86 gWhCLv9cY+N8IbrjtSSugY6zzBStigEQ+2BSrqh7YvVjkRhpIqHql0yJzCknPtIh un3AsdlsrV4=O9gE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID field. Edimax EW-7438RPn Mini v2 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. EdimaxEW-7438RPnMini is a wireless router product from EdimaxTechnology. A cross-site scripting vulnerability exists in the SSID field in versions prior to EdimaxEW-7438RPnMiniv21.26. A remote attacker can exploit this vulnerability to perform a phishing attack

A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process. plural Hikvision IP Cameras The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HikVision IP Cameras is a network camera product from China Hikvision. Hikvision network camera has a buffer overflow vulnerability, which is caused by insufficient input verification

A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140. Cisco IOS and Cisco IOS XE The software is vulnerable to cryptographic strength. Vendors have confirmed this vulnerability Bug ID CSCve77140 It is released as.Information may be obtained

Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface. A security vulnerability exists in Zipato Zipabox

Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device. Zipato Zipabox Smart Home Controller Contains a cryptographic strength vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Zipato Zipabox is a smart home gateway controller from Zipato, Republic of Croatia. Attackers can exploit this vulnerability to extract plaintext passwords and gain root access to the device

Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home. Zipato Zipabox Smart Home Controller Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Zipato Zipabox is a smart home gateway controller from Zipato, Republic of Croatia. Zipato Zipabox BOARD REV - 1 version (system version 118) has a security hole

The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT). SmartMesh Contains an access control vulnerability.Information may be altered. SmartMesh (SMT) is a blockchain-based IoT underlying protocol that is positioned in areas such as networkless communication and networkless payment. There are security vulnerabilities in the 'transferProxy' and 'approveProxy' functions in SMT's smart contracts. An attacker could use this vulnerability to unauthorized transfer of digital assets

ASUS HG100 devices allow denial of service via an IPv4 packet flood. ASUS HG100 The device contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ASUSHG100 is a home intelligence monitoring device from ASUS. A denial of service vulnerability exists in ASUSHG100. There is a security flaw in the ASUS HG100