VARIoT IoT vulnerabilities database

download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote attackers to download the configuration (without a login) to discover the password. ShenZhen Anni 5 in 1 XVR The device contains an information disclosure vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Anni5in1XVR is a multi-functional DVR device from China's Anni Digital Technology. A security vulnerability exists in the download.rsp file on the Anni5in1XVR device

In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings. Silex SX-500 and GE MobileLink(GEH-500) Contains an authentication vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Silex SD-320AN is a serial port device server produced by Silex Technology Company of Japan. GE MobileLink (GEH-500) is an electrocardiogram analysis system developed by General Electric (GE). There is a security vulnerability in Silex SX-500 and GE MobileLink (GEH-500) 1.54 and earlier versions. The vulnerability is caused by the program not performing authentication on POST requests. An attacker could exploit this vulnerability to change system settings

Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection. HP Network Automation has a cross-site scripting vulnerability that allows remote attackers to exploit vulnerabilities to inject malicious scripts or HTML code to capture sensitive information or hijack user sessions when malicious data is viewed. Multiple HP Products are prone to the following security vulnerabilities: 1. An SQL-injection vulnerability 2. An HTML-injection vulnerability Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application or to control how the site is rendered to the user, access or modify data or exploit latent vulnerabilities in the underlying database. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158014 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03158014 Version: 1 MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2018-05-09 Last Updated: 2018-05-09 Potential Security Impact: Remote: Cross-Site Scripting (XSS), SQL Injection Source: Micro Focus, Product Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified in Micro Focus Network Automation and Network Operations Management (NOM) Suite. References: - CVE-2018-6492 - Remote Cross-Site Scripting (XSS) - CVE-2018-6493 - Remote SQL Injection SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP Network Automation Software - v10.0x, v10.1x, v10.2x, v10.3x, v10.4x, v10.5x - Network Operations Management (NOM) Suite - v2017.06 - Classic Suite, v2017.11 - Classic Suite, v2017.11 - Containerized Suite, v2018.02 - Classic Suite, v2018.02 - Containerized Suite BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com. RESOLUTION MicroFocus has made the following software updates and mitigation information to resolve the vulnerability in Micro Focus Network Automation (NA) and Network Operations Management (NOM) Suite: For the KM please go to the link: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03155960> Patch number 10.00.023, for NA Version 10.0x: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/LID/NA_00058> Patch number 10.11.06, for NA version 10.1x: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/LID/NA_00053> Patch number 10.21.05, for NA version 10.2x: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/LID/NA_00054> Patch number 10.30.03, for NA version 10.3x: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/LID/NA_00055> Patch number 10.40.01, for NA version 10.4x: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/LID/NA_00056> Patch number 10.50.01 - for NA version 10.5x: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/LID/NA_00057> Patch number 10.30.P3 - for NOM version 2017.06 - Classic Suite: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/LID/NA_00055> Patch number 10.40.P1, for NOM version 2017.11 - Classic Suite: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/LID/NA_00056> Patch number 2017.11.P1, for NOM version 2017.11 - Containerized Suite: <https://softwaresupport.softwaregrp.com/km/KM03150865> Patch number 10.50.01, for NOM version 2018.02 - Classic Suite: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/LID/NA_00057> Patch number 2018.02.P1, for NOM version 2018.02 - Containerized Suite: <https://softwaresupport.softwaregrp.com/km/KM03147136> HISTORY Version:1 (rev.1) - 10 May 2018 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Micro Focus products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. For other issues about the content of this Security Bulletin, send e-mail to cyber-psrt@microfocus.com. Report: To report a potential security vulnerability for any supported product: Web form: https://www.microfocus.com/support-and-services/report-security Email: security@microfocus.com Subscribe: To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification Once you are logged in to the portal, please choose security bulletins under product and document types. Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://softwaresupport.hpe.com/security-vulnerability Software Product Category: The Software Product Category is represented in the title by the two characters following Micro Focus Security Bulletin. 3P = 3rd Party Software GN = Micro Focus General Software MU = Multi-Platform Software System management and security procedures must be reviewed frequently to maintain system integrity. Micro Focus is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Micro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Micro Focus will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2017 EntIT Software LLC Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Micro Focus and the names of Micro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJa8znlAAoJEHfErXedNUNKYJkH/25W6ElVKb5nCp3LN9US139t pc/093JtZ2qIy/Alpmic7UxlkBeBajMuqoCyr1uVuruBOTv9AqqOckjPSrPO5ovv o2S80OJF7AerH+u0I2ogKfJ+caleG+lxRSz9u2ppoLvepA06hbvAmiQi+/ridzq5 n7V0W5wZP/M4klpyY+lOG2CIRkZpnpa5TXIvcK0ESitC9H5kDp9274GFpDlVlXIq nhsnWjuNszLXQ430IjeQbxotDu4QaVkd82FayACAFrnpFhuiLnHr6cFCCe+FWraG TcoWcFFpErbPMsMR7QRmzWf8w0zyFCMVKPonRSqnGMR/gS+ihwTZMcviqkpnXLE= =RgJ1 -----END PGP SIGNATURE-----

SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection. Multiple HP Products are prone to the following security vulnerabilities: 1. An SQL-injection vulnerability 2. A cross-site scripting vulnerability 3. An HTML-injection vulnerability Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application or to control how the site is rendered to the user, access or modify data or exploit latent vulnerabilities in the underlying database. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158014 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03158014 Version: 1 MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. References: - CVE-2018-6492 - Remote Cross-Site Scripting (XSS) - CVE-2018-6493 - Remote SQL Injection SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP Network Automation Software - v10.0x, v10.1x, v10.2x, v10.3x, v10.4x, v10.5x - Network Operations Management (NOM) Suite - v2017.06 - Classic Suite, v2017.11 - Classic Suite, v2017.11 - Containerized Suite, v2018.02 - Classic Suite, v2018.02 - Containerized Suite BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com. RESOLUTION MicroFocus has made the following software updates and mitigation information to resolve the vulnerability in Micro Focus Network Automation (NA) and Network Operations Management (NOM) Suite: For the KM please go to the link: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03155960> Patch number 10.00.023, for NA Version 10.0x: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/LID/NA_00058> Patch number 10.11.06, for NA version 10.1x: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/LID/NA_00053> Patch number 10.21.05, for NA version 10.2x: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/LID/NA_00054> Patch number 10.30.03, for NA version 10.3x: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/LID/NA_00055> Patch number 10.40.01, for NA version 10.4x: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/LID/NA_00056> Patch number 10.50.01 - for NA version 10.5x: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/LID/NA_00057> Patch number 10.30.P3 - for NOM version 2017.06 - Classic Suite: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/LID/NA_00055> Patch number 10.40.P1, for NOM version 2017.11 - Classic Suite: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/LID/NA_00056> Patch number 2017.11.P1, for NOM version 2017.11 - Containerized Suite: <https://softwaresupport.softwaregrp.com/km/KM03150865> Patch number 10.50.01, for NOM version 2018.02 - Classic Suite: <https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/LID/NA_00057> Patch number 2018.02.P1, for NOM version 2018.02 - Containerized Suite: <https://softwaresupport.softwaregrp.com/km/KM03147136> HISTORY Version:1 (rev.1) - 10 May 2018 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Micro Focus products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. For other issues about the content of this Security Bulletin, send e-mail to cyber-psrt@microfocus.com. Report: To report a potential security vulnerability for any supported product: Web form: https://www.microfocus.com/support-and-services/report-security Email: security@microfocus.com Subscribe: To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification Once you are logged in to the portal, please choose security bulletins under product and document types. Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://softwaresupport.hpe.com/security-vulnerability Software Product Category: The Software Product Category is represented in the title by the two characters following Micro Focus Security Bulletin. 3P = 3rd Party Software GN = Micro Focus General Software MU = Multi-Platform Software System management and security procedures must be reviewed frequently to maintain system integrity. Micro Focus is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Micro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Micro Focus will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2017 EntIT Software LLC Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Micro Focus and the names of Micro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJa8znlAAoJEHfErXedNUNKYJkH/25W6ElVKb5nCp3LN9US139t pc/093JtZ2qIy/Alpmic7UxlkBeBajMuqoCyr1uVuruBOTv9AqqOckjPSrPO5ovv o2S80OJF7AerH+u0I2ogKfJ+caleG+lxRSz9u2ppoLvepA06hbvAmiQi+/ridzq5 n7V0W5wZP/M4klpyY+lOG2CIRkZpnpa5TXIvcK0ESitC9H5kDp9274GFpDlVlXIq nhsnWjuNszLXQ430IjeQbxotDu4QaVkd82FayACAFrnpFhuiLnHr6cFCCe+FWraG TcoWcFFpErbPMsMR7QRmzWf8w0zyFCMVKPonRSqnGMR/gS+ihwTZMcviqkpnXLE= =RgJ1 -----END PGP SIGNATURE-----

There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. DasanGPON is a home router product from Dasan, Korea. A command injection vulnerability exists in the DasanGPON home router. The vulnerability is caused by the router saving the result of the Internet packet explorer in /tmp and transmitting it to the user when the user accesses the /diag.html page again. An attacker could use the vulnerability to execute a command and retrieve the output by sending a diag_action=ping request with the \342\200\230dest_host\342\200\231 parameter to GponForm/diag_FormURI

Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. RT-AC1200HP provided by ASUS Japan Inc. is a wireless LAN router. RT-AC1200HP contains a cross-site scripting vulnerability (CWE-79). Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the logged in user's web browser

Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. RT-AC87U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC87U contains a cross-site scripting vulnerability (CWE-79). Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. Spring Framework Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Spring Framework is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. Spring Framework 5.0 through 5.0.5 and 4.3 through 4.3.16 are vulnerable; other versions are also affected. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Description: Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. For further information, refer to the Release Notes linked to in the References section. Security Fix(es): * spring-messaging: ReDoS Attack with spring-messaging (CVE-2018-1257) * spring-data: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259) * spring-security-oauth2: Remote Code Execution with spring-security-oauth2 (CVE-2018-1260) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging 1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration 1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Fuse 7.2 security update Advisory ID: RHSA-2018:3768-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2018:3768 Issue date: 2018-12-04 CVE Names: CVE-2016-5002 CVE-2016-5003 CVE-2017-12196 CVE-2018-1257 CVE-2018-1259 CVE-2018-1288 CVE-2018-1336 CVE-2018-8014 CVE-2018-8018 CVE-2018-8039 CVE-2018-8041 CVE-2018-12537 ===================================================================== 1. Summary: An update is now available for Red Hat Fuse. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Fuse enables integration experts, application developers, and business users to collaborate and independently develop connected solutions. Fuse is part of an agile integration solution. Its distributed approach allows teams to deploy integrated services where required. The API-centric, container-based architecture decouples services so they can be created, extended, and deployed independently. This release of Red Hat Fuse 7.2 serves as a replacement for Red Hat Fuse 7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag (CVE-2016-5003) * tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) * ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint (CVE-2018-8018) * apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039) * xmlrpc: XML external entity vulnerability SSRF via a crafted DTD (CVE-2016-5002) * undertow: Client can use bogus uri in Digest authentication (CVE-2017-12196) * spring-data-commons: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259) * kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass (CVE-2018-1288) * tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014) * camel-mail: path traversal vulnerability (CVE-2018-8041) * vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers (CVE-2018-12537) * spring-framework: ReDoS Attack with spring-messaging (CVE-2018-1257) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Eedo Shapira (GE Digital) for reporting CVE-2018-8041. The CVE-2017-12196 issue was discovered by Jan Stourac (Red Hat). 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are located in the download section of the customer portal. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1503055 - CVE-2017-12196 undertow: Client can use bogus uri in Digest authentication 1508110 - CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD 1508123 - CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag 1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging 1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration 1579611 - CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins 1591072 - CVE-2018-12537 vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers 1595332 - CVE-2018-8039 apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* 1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS 1607731 - CVE-2018-8018 ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint 1611059 - CVE-2018-1288 kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass 1612644 - CVE-2018-8041 camel-mail: path traversal vulnerability 5. References: https://access.redhat.com/security/cve/CVE-2016-5002 https://access.redhat.com/security/cve/CVE-2016-5003 https://access.redhat.com/security/cve/CVE-2017-12196 https://access.redhat.com/security/cve/CVE-2018-1257 https://access.redhat.com/security/cve/CVE-2018-1259 https://access.redhat.com/security/cve/CVE-2018-1288 https://access.redhat.com/security/cve/CVE-2018-1336 https://access.redhat.com/security/cve/CVE-2018-8014 https://access.redhat.com/security/cve/CVE-2018-8018 https://access.redhat.com/security/cve/CVE-2018-8039 https://access.redhat.com/security/cve/CVE-2018-8041 https://access.redhat.com/security/cve/CVE-2018-12537 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=7.2.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.2/ https://access.redhat.com/articles/2939351 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXAakytzjgjWX9erEAQgDkw//Wb1MeuX1VOUq4u9qkgtp3ECPTAR3GE8B RWHYBguzM+WJrDPTtgH1sy1BstIEPgVooQLTKWhZYtJpR64S5T6YAv+aFh1vA7qI 87GDERqiATIm3l8qKBBOF02FukP9ywkaH5hR+pT7tM2OuN8iZ4dvKl0Rdzs6vnhF Ea+qVCKeQlyn88HUUqYw51nBX7tbK0H1RuG7DxlU93LBYqymMIZ90KhcGeuvNPu/ BVk7xMDtbdPSagSBy5WFpTvZ/ozeYBmO7u8p9l67SiD3obR6Rtn83B3DKvL/AFP4 ahKlIrK62hk2qgXrpLQ9aVUwBMZ1Lqu99LelF20hRt38L7qy/EXtD+Xdt0H9Xl/H bcLyRvjq8pOjdrdqAvnfI5HBDdSZrxujYX9t6egoQg3wFuS9h0DbKFMXSKMSaW2S WlP4L5zbCTvhPy3mIPOECKDxP8Xa2g2HnqCal2PpHIXGVBvD0CTuxI0b7a6WKKYf dbhm5uIEhdoS/vSuHntq+o+3IzlhRNHKx2Uh+03arWYyj4N26bbKFB+v+7gjL2e9 1ITf4HXEUphym5PY0R1GGc2Xr5Xc8BjV8xX3pgvI8FcRov4XGsS37TYpvNxPmTCA e4VB2C4WS+AFhk1QJR7cNuACwUxjarIoKUp1CX5gvqu35pVgxR97KxoblGdMtR9g UOgTm4iHIhQ= =RCpd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter. Synology Note Station Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology Note Station is a cloud-based note management platform from Synology

Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. Synology Note Station Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology Note Station is a cloud-based note management platform from Synology. Attachment Preview is one of the attachment preview function components

SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. SAP MaxDB ODBC The driver contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of UDL files by the Data Link Properties dialog. When parsing the Servername element, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the process. MaxDB ODBC Driver 7.9.09.07 is vulnerable; other versions may also be affected

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2. Successful exploits will attackers to cause a denial of service condition

KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances. KONGTOP DVR The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. KONGTOP DVR A303 and so on are all different types of network DVR equipment from China's KONGTOP Industrial Company. A security vulnerability exists in several KONGTOP DVR products due to a backdoor in the Telnetd file. An attacker could exploit the vulnerability with a call to the 'Print_Password' function to obtain information. The following products are affected: KONGTOP DVR A303; KONGTOP DVR A403; KONGTOP DVR D303; KONGTOP DVR D305; KONGTOP DVR D403

A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This affects C# SDK, C SDK, Java SDK. Microsoft C #, C, and Java SDK for Azure IoT are software development kits for Microsoft Azure (Microsoft) based on C #, C, and Java languages for developing Azure IoT (Internet of Things Platform) applications, respectively. An attacker could use this vulnerability to impersonate a server. Multiple Microsoft Azure IoT SDKs are prone to a security vulnerability that may allow attackers to conduct spoofing attacks. A man-in-the-middle attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs. In some circumstances, some operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception. Intel Architecture (processor architecture) is a CPU specification developed by Intel Corporation for its processor. There are security vulnerabilities in the operating systems of multiple vendors. Systems from the following vendors are affected: Apple; DragonFly BSD Project; FreeBSD Project; Linux Kernel; Microsoft; Red Hat; SUSE Linux; Ubuntu; Vmware; Xen. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2018:1347-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1347 Issue date: 2018-05-08 CVE Names: CVE-2018-1087 CVE-2018-8897 CVE-2018-1000199 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.2) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.2) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.2) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087) * Kernel: error in exception handling leads to DoS (CVE-2018-8897) * kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Andy Lutomirski for reporting CVE-2018-1087 and CVE-2018-1000199 and Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1566837 - CVE-2018-1087 Kernel: KVM: error in exception handling leads to wrong debug stack value 1567074 - CVE-2018-8897 Kernel: error in exception handling leads to DoS 1568477 - CVE-2018-1000199 kernel: ptrace() incorrect error handling leads to corruption and DoS 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.2): Source: kernel-3.10.0-327.66.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.66.3.el7.noarch.rpm kernel-doc-3.10.0-327.66.3.el7.noarch.rpm x86_64: kernel-3.10.0-327.66.3.el7.x86_64.rpm kernel-debug-3.10.0-327.66.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.66.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.66.3.el7.x86_64.rpm kernel-devel-3.10.0-327.66.3.el7.x86_64.rpm kernel-headers-3.10.0-327.66.3.el7.x86_64.rpm kernel-tools-3.10.0-327.66.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.66.3.el7.x86_64.rpm perf-3.10.0-327.66.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm python-perf-3.10.0-327.66.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.2): Source: kernel-3.10.0-327.66.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.66.3.el7.noarch.rpm kernel-doc-3.10.0-327.66.3.el7.noarch.rpm ppc64le: kernel-3.10.0-327.66.3.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-327.66.3.el7.ppc64le.rpm kernel-debug-3.10.0-327.66.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-327.66.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.66.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.66.3.el7.ppc64le.rpm kernel-devel-3.10.0-327.66.3.el7.ppc64le.rpm kernel-headers-3.10.0-327.66.3.el7.ppc64le.rpm kernel-tools-3.10.0-327.66.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.66.3.el7.ppc64le.rpm kernel-tools-libs-3.10.0-327.66.3.el7.ppc64le.rpm perf-3.10.0-327.66.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.66.3.el7.ppc64le.rpm python-perf-3.10.0-327.66.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.66.3.el7.ppc64le.rpm x86_64: kernel-3.10.0-327.66.3.el7.x86_64.rpm kernel-debug-3.10.0-327.66.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.66.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.66.3.el7.x86_64.rpm kernel-devel-3.10.0-327.66.3.el7.x86_64.rpm kernel-headers-3.10.0-327.66.3.el7.x86_64.rpm kernel-tools-3.10.0-327.66.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.66.3.el7.x86_64.rpm perf-3.10.0-327.66.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm python-perf-3.10.0-327.66.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.2): Source: kernel-3.10.0-327.66.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.66.3.el7.noarch.rpm kernel-doc-3.10.0-327.66.3.el7.noarch.rpm x86_64: kernel-3.10.0-327.66.3.el7.x86_64.rpm kernel-debug-3.10.0-327.66.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.66.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.66.3.el7.x86_64.rpm kernel-devel-3.10.0-327.66.3.el7.x86_64.rpm kernel-headers-3.10.0-327.66.3.el7.x86_64.rpm kernel-tools-3.10.0-327.66.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.66.3.el7.x86_64.rpm perf-3.10.0-327.66.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm python-perf-3.10.0-327.66.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.66.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.66.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.2): ppc64le: kernel-debug-debuginfo-3.10.0-327.66.3.el7.ppc64le.rpm kernel-debug-devel-3.10.0-327.66.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.66.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.66.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.66.3.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-327.66.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.66.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.66.3.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.66.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.66.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.66.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.66.3.el7.x86_64.rpm perf-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.66.3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1087 https://access.redhat.com/security/cve/CVE-2018-8897 https://access.redhat.com/security/cve/CVE-2018-1000199 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFa8hjAXlSAg2UNWIIRAkH1AKCosff5yYgtYpdAUcf3SnlQOGVZfgCgiEYR g6/4/EzMBa+lSt9QhxSqC18= =IYAU -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6.4) - x86_64 3. Bug Fix(es): * The kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Retpolines. The Retpolines mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. (BZ#1554251) 4. 5.9 server) - i386, ia64, noarch, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001 Security Update 2018-001 addresses the following: Crash Reporter Available for: macOS High Sierra 10.13.4 Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved error handling. The issue appears to be from an undocumented side effect of the instructions. CVE-2018-8897: Andy Lutomirski, Nick Peterson (linkedin.com/in/everdox) of Everdox Tech LLC Entry added May 8, 2018 LinkPresentation Available for: macOS High Sierra 10.13.4 Impact: Processing a maliciously crafted text message may lead to UI spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2018-4187: Zhiyang Zeng (@Wester) of Tencent Security Platform Department, Roman Mueller (@faker_) Installation note: Security Update 2018-001 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlrxvQQpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEY/HxAA tRDFZcMPnxucIk9vENarx+oXzhMPGDJri16zOS9m7gv019GP10OJ2aDyr6GQpaK1 s0eCGXMqXuZ3mr7ZDikleB0xddPi+9mEjqSkfgxeP7WKFXSjAFCjc6sbv1SSq8IH km4yqtbQLFiVmL4BYnVW0GhYwWAgFn3QAKKZjD6TZYTrtOnxuQKkPqhZgD3xLG8y aYd0FgRX2AN23c157Gvn/nN3gYAtLxhlCwv5DcMuDH9BNPB6RR+qNPWaz6nxOukm aOeigkHhYwvVK4AlITE06R4UBJRq8LBxC2xLzEbr4jQZnRq1uT94w4SqCLhJUQ1z e7k5Aj9tp1HnS5ZSX6+lOohMDI3iQ8h3XS4NGj4I962QIlovuCmAgkqzN/OeH4LV sxmqUEF/SeriryotcN/NCRjQSbmjwleVkmJ6pcEUTT3X+/EuFgOajj1/jm9ntrDv 4rsB/6CxZSC5+dW51L337GsjxPMiNBHhALXYuen/Xd35kU7YOLosFeFlednmBgYY otXb832XGmW2C65uM/+zWJHJ/DW0NXF2GZkvD15rd7SUdKQjyO9003TJFudx3w4W 9y9LXSIF7b7KW1SaAgHr3ayWaXsioaSOeBrlURG6o/eLfRfrrBiwAMNqn/TPwsP1 /S1rasMuleP9L8h3kSm0Z1+j7iZIDaCuIZ2fgP6G/UE= =fLK2 -----END PGP SIGNATURE----- . 7.3) - ppc64, ppc64le, x86_64 3. ========================================================================== Ubuntu Security Notice USN-3641-2 May 08, 2018 linux, linux-lts-trusty vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for Ubuntu 12.04 ESM. A local attacker could use this to cause a denial of service (system crash). This issue only affected the amd64 architecture. A local attacker in a KVM virtual machine could use this to cause a denial of service (guest VM crash) or possibly escalate privileges inside of the virtual machine. This issue only affected the i386 and amd64 architectures. (CVE-2018-1087) Andy Lutomirski discovered that the Linux kernel did not properly perform error handling on virtualized debug registers. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1000199) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: linux-image-3.13.0-147-generic 3.13.0-147.196~precise1 linux-image-3.13.0-147-generic-lpae 3.13.0-147.196~precise1 linux-image-3.2.0-134-generic 3.2.0-134.180 linux-image-3.2.0-134-generic-pae 3.2.0-134.180 linux-image-3.2.0-134-highbank 3.2.0-134.180 linux-image-3.2.0-134-omap 3.2.0-134.180 linux-image-3.2.0-134-powerpc-smp 3.2.0-134.180 linux-image-3.2.0-134-powerpc64-smp 3.2.0-134.180 linux-image-3.2.0-134-virtual 3.2.0-134.180 linux-image-generic 3.2.0.134.149 linux-image-generic-lpae-lts-trusty 3.13.0.147.138 linux-image-generic-lts-trusty 3.13.0.147.138 linux-image-generic-pae 3.2.0.134.149 linux-image-highbank 3.2.0.134.149 linux-image-omap 3.2.0.134.149 linux-image-powerpc 3.2.0.134.149 linux-image-powerpc-smp 3.2.0.134.149 linux-image-powerpc64-smp 3.2.0.134.149 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. Summary: Updated redhat-virtualization-host packages that fix several bugs and add various enhancements are now available. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Includes GlusterFS fixes for CVE-2018-1088, dhcp fixes for CVE-2018-1111, kernel fixes for CVE-2018-1087, and kernel fixes for CVE-2018-8897. A list of bugs fixed in this update is available in the Technical Notes book: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2/ht ml/technical_notes/ 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1357247 - rhvh 4: reboot after install shows "4m[terminated]" and takes long to reboot 1374007 - [RFE] RHV-H does not default to LVM Thin Provisioning 1420068 - [RFE] RHV-H should meet NIST 800-53 partitioning requirements by default 1422676 - [Test Only] Test Ansible playbook for registration 1429485 - [RFE] Imgbased layers should be named with '%{name}-%{version}-%{release}' instead of %{name}-%{version} 1433394 - kdump could fill up /var filesystem while writing to /var/crash 1443965 - Libvirt is disabled on RHVH host 1454536 - HostedEngine setup fails if RHV-H timezone < UTC set during installation 1474268 - RHVH host displays "upgrade available" information on the engine after registering until an update is released 1489567 - Host Software tab does not show exact RHVH version anymore 1501161 - The version displays as "4.1" for subscribed product with RHVH 4.2 1502920 - File missing after upgrade of RHVH node from version RHVH-4.1-20170925.0 to latest. 1503148 - [RFE] translate between basic ntp configurations and chrony configurations 1516123 - tuned-adm timeout while adding the host in manager and the deployment will fail/take time to complete 1534855 - RHVH brand is missing on cockpit login screen. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:06.debugreg Security Advisory The FreeBSD Project Topic: Mishandling of x86 debug exceptions Category: core Module: kernel Announced: 2018-05-08 Credits: Nick Peterson, Everdox Tech LLC https://www.linkedin.com/in/everdox Andy Lutomirski Affects: All supported versions of FreeBSD. Corrected: 2018-05-08 17:03:33 UTC (stable/11, 11.2-PRERELEASE) 2018-05-08 17:12:10 UTC (releng/11.1, 11.1-RELEASE-p10) 2018-05-08 17:05:39 UTC (stable/10, 10.4-STABLE) 2018-05-08 17:12:10 UTC (releng/10.4, 10.4-RELEASE-p9) CVE Name: CVE-2018-8897 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. Background On x86 architecture systems, the stack is represented by the combination of a stack segment and a stack pointer, which must remain in sync for proper operation. Instructions related to manipulating the stack segment have special handling to facilitate consistency with changes to the stack pointer. II. If that instruction is a system call or similar instruction that transfers control to the operating system, the debug exception will be handled in the kernel context instead of the user context. III. Impact An authenticated local attacker may be able to read sensitive data in kernel memory, control low-level operating system functions, or may panic the system. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, using either a binary or source code patch, and then reboot. 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install And reboot. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.1] # fetch https://security.FreeBSD.org/patches/SA-18:06/debugreg.11.1.patch # fetch https://security.FreeBSD.org/patches/SA-18:06/debugreg.11.1.patch.asc # gpg --verify debugreg.11.1.patch.asc [FreeBSD 10.4] # fetch https://security.FreeBSD.org/patches/SA-18:06/debugreg.10.4.patch # fetch https://security.FreeBSD.org/patches/SA-18:06/debugreg.10.4.patch.asc # gpg --verify debugreg.10.4.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile and install your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r333370 releng/10.4/ r333371 stable/11/ r333369 releng/11.1/ r333371 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability. A crafted Client field in ppreg files can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to execute code under the context of root. Multiple SQL-injection vulnerabilities 2. A command-injection vulnerability 3. An insecure authentication weakness Exploiting these issues could allow an attacker to access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary command, bypass authentication mechanism, execute arbitrary code and obtain sensitive information. This may aid in further attacks. Email Encryption Gateway 5.5 Build 1111 and prior are vulnerable. There is an SQL injection vulnerability in the formRegistration2 class in Trend Micro TMEEG version 5.5

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerability. The issue results from the lack of proper validation of user-supplied strings before using them to construct SQL queries. An attacker can leverage this vulnerability to execute code under the context of root. Multiple SQL-injection vulnerabilities 2. A command-injection vulnerability 3. An insecure authentication weakness Exploiting these issues could allow an attacker to access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary command, bypass authentication mechanism, execute arbitrary code and obtain sensitive information. This may aid in further attacks. There is an SQL injection vulnerability in the formConfiguration class in Trend Micro TMEEG version 5.5

A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of root. Multiple SQL-injection vulnerabilities 2. A command-injection vulnerability 3. This may aid in further attacks

A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this vulnerability. When parsing the username parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to disclose sensitive information under the context of the database. Multiple SQL-injection vulnerabilities 2. A command-injection vulnerability 3. An insecure authentication weakness Exploiting these issues could allow an attacker to access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary command, bypass authentication mechanism, execute arbitrary code and obtain sensitive information. This may aid in further attacks

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. D-Link DSL-3782 EU Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDSL-3782 is a wireless router product from D-Link. A buffer overflow vulnerability exists in the /userfs/bin/tcapi binary in D-LinkDSL-3782