VARIoT IoT vulnerabilities database

A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login. Win 240 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IntelbrasWin240 is a wireless router from Brazil's Intelbras

The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10. CUPS is prone to a security weakness. Successfully exploiting this issue may allow attackers to bypass security mechanism. This may lead to other attacks. CPUS is an open source printing system. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 X41 D-Sec GmbH Security Advisory: X41-2018-005 Multiple Vulnerabilities in Apple smartcardservices =================================================== Overview - -------- Confirmed Affected Versions: e3eb96a6eff9d02497a51b3c155a10fa5989021f Confirmed Patched Versions: 8eef01a5e218ae78cc358de32213b50a601662de Vendor: Apple Vendor URL: https://smartcardservices.github.io/ Credit: X41 D-Sec GmbH, Eric Sesterhenn Status: Public Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-005-smartcardservices/ Summary and Impact - ------------------ Attackers with local access can exploit security issues in the smartcard driver. These result in memory corruptions, which might lead to code execution. Since smartcards can be used for authentication, the vulnerabilities may allow an attacker to login to the system without valid credentials as any user. X41 did not perform a full test or audit on the software. Product Description - ------------------- The Smart Card Services project is comprised of several components which, when combined, provide the necessary abstraction layer and integration of smart cards into Appleas CDSA implementation. Stack based buffer overflow =========================== Severity Rating: Medium Vector: APDU Response CVE: CVE-2018-4300 CWE: 120 CVSS Score: 7.1 (High) CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Summary and Impact - ------------------ In file Tokend/CAC/CACRecord.cpp the function CACCertificateRecord::getDataAttribute() might overwrite the value certificate and possibly other stack data, if a smartcard provides malicious data. {% highlight c++ %} unsigned char command[] = { 0x80, 0x36, 0x00, 0x00, 0x64 }; unsigned char result[MAXBUFFERSIZE]; sizet resultLength = sizeof(result); uint8 certificate[CACMAXSIZECERT]; uint8 uncompressed[CACMAXSIZECERT]; sizet certificateLength = 0; try { PCSC::Transaction (cacToken); cacToken.select(mApplication); uint32t cacreturn; do { cacreturn = cacToken.exchangeAPDU(command, sizeof(command), result, resultLength); if ((cacreturn & 0xFF00) != 0x6300) CACError::check(cacreturn); sizet requested = command[4]; if (resultLength != requested + 2) PCSC::Error::throwMe(SCARDEPROTOMISMATCH); memcpy(certificate + certificateLength, result, resultLength - 2); certificateLength += resultLength - 2; // Number of bytes to fetch next time around is in the last byte // returned. command[4] = cacreturn & 0xFF; } while ((cacreturn & 0xFF00) == 0x6300); } catch (...) { return NULL; } {% endhighlight %} As long as the smartcard returns a return code of 0x63FF, more data is copied into the certificate buffer, causing a stack based overflow. A malicious smartcard is able to control all of the overflowed bytes. Workarounds - ----------- None Stack based buffer overflow with limited input ============================================== Severity Rating: Medium Vector: APDU Response CVE: CVE-2018-4301 CWE: 120 CVSS Score: 7.1 (High) CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Summary and Impact - ------------------ In file Tokend/PKCS11/GemaltoKeyHandle.cpp the function GemaltoPrivateKeyRecord::computeDecrypt() might overwrite the value strData if the supplied dataLength is too big. {% highlight c++ %} void GemaltoPrivateKeyRecord::computeDecrypt(GemaltoToken &gemaltoToken, CKULONG mech, const AccessCredentials *cred, unsigned char *data, sizet dataLength, unsigned char output, size_t &outputLength) { GemaltoToken::log("\nGemaltoPrivateKeyRecord::computeDecrypt <BEGIN>\n"); GemaltoToken::log("GemaltoPrivateKeyRecord::computeDecrypt - mechanism <%lu>\n", mech); GemaltoToken::log("GemaltoPrivateKeyRecord::computeDecrypt - cred <%p>\n", cred); char strData[6000]; memset(strData, '\0', sizeof(strData)); char str = strData; for (size_t i=0; i<dataLength; i++) { str += sprintf(str, "%02x ", data[i]); } GemaltoToken::log("GemaltoPrivateKeyRecord::computeDecrypt - dataLength <%lu> - data <%s>\n", dataLength, strData); GemaltoToken::log("GemaltoPrivateKeyRecord::computeDecrypt - output <%p>\n", output); GemaltoToken::log("GemaltoPrivateKeyRecord::computeDecrypt - outputLength <%lu>\n", outputLength); {% endhighlight %} The attacker might control the data which is to be decrypted, but exploitation is limited by the sprintf() format string. Workarounds - ----------- None Timeline ======== 2018-02-03 Issues found 2018-05-22 Vendor contacted 2018-05-22 Automated vendor reply 2018-05-23 Personal vendor reply 2018-06-05 Requesting technical feedback from the vendor 2018-06-22 Vendor states that the bugs are fixed in public git 2018-07-12 CVE IDs assigned 2018-08-03 https://smartcardservices.github.io/security/ updated 2018-08-11 Advisory released - -- X41 D-SEC GmbH, Dennewartstr. 25-27, D-52068 Aachen T: +49 241 9809418-0, Fax: -9 Unternehmenssitz: Aachen, Amtsgericht Aachen: HRB19989 GeschA$?ftsfA1/4hrer: Markus Vervier -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEpwxVTgxAIcUvTugIo5Klpg50CxAFAlty3ScACgkQo5Klpg50 CxCRNQ/+I+0oXn6oWXNARh+qU+fBxuUx8ydAIgDvEeBQddHAWaHQpVzkE7xgSZbg wUsmCMGEvAd6Jvfc4rH1gHy3jHl4zdLs7XDSslYUC3hc+BgsfvSR078+zNzzZ1yX 7Fe4vpq2Oep4Vbq2Y8wBrh5zui4PoS2afFRHKY5KaEKuzfvQGOS5WcKdFwm0WZNB 4l+b3ie/v2pBA7/YglYACyNkZU8bsNDAumuVeMP5MFdT0S88eE4hCwo3QJ1GurR5 4L5B+QDUwbMCA4pgH5ifOpdgDtHTLnYvoIKZGPT8Vu7lbjlHCdFKOjw52aiBqaHo iac/RBE8EzWjmeqE9UbHB6U0PeFdWbjVGhlPNBn1wErwyj18hK2rZRIJR0kGdBXU +1SXhxYbR4a2pB4VQcIpqWSQqgMe3IwoXIPpY5IIZwV/StjZ6/mnRMxZgiF7JnPQ OgI/F2AWFryJWtEtQ6gXAGEE2dkInVALo0ym509d5gRkkfAcoJXpSM3oa3BcOanV DJ3tMIE0H8UKXwL3EvRn02TvuZpbtvSDUyZniBl9vl5FMQJCK8Zh++jX9dOvplsR a/Ytuxt4KWFtuzU/gaQ5BjBHS80m9M7HJzMMohYY60Yyr4aczZxd8/8lZpggMNKE gDrded2INA+9ybxlcnWpSTIoD+Cl034kCqOWcjVzWW6/tYIiN+Q= =9tdn -----END PGP SIGNATURE-----

A potential remote denial of service security vulnerability has been identified in HPE Integrated Lights Out 4 prior to v2.60 and iLO 5 for Gen 10 servers prior to v1.30. HPE Integrated Lights Out 4 and iLO 5 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HP Integrated Lights-Out is prone to an unspecified remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to trigger denial-of-service conditions. Through an integrated remote management port, Monitor and maintain the running status of the server, remotely manage and control the server, etc. A remote attacker could exploit this vulnerability to cause a denial of service

A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior to v2.55 could be remotely exploited to create a denial of service. plural HPE The product contains vulnerabilities related to security functions.Service operation interruption (DoS) There is a possibility of being put into a state. HPE Integrated Lights-Out (iLO) is an embedded server management technology, which monitors and maintains the health of the server, remotely manages the server, etc. through an integrated remote management port. Moonshot Chassis Manager is a movement chassis manager. Moonshot Component Pack is a Moonshot component pack. Security vulnerabilities exist in several HPE products. A remote attacker could exploit this vulnerability to cause a denial of service

SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database. SAP MaxDB (liveCache) Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAP MaxDB is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. SAP MaxDB (liveCache) 7.8 and 7.9 are vulnerable

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery. 3PAR Service Processor (SP) Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass. 3PAR Service Processor (SP) Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. These attacks are known as L1 Terminal Fault: SGX, L1 Terminal Fault: OS/SMM, and L1 Terminal Fault: VMM. Intel Core Systems with microprocessors contain information disclosure vulnerabilities.Information may be obtained and information may be altered. Multiple Intel Processors are prone to a multiple information-disclosure vulnerabilities. Local attackers can exploit these issues to obtain sensitive information. This may aid in further attacks. Intel Xeon Processor E3 v5 Family, etc. are the central processing unit (CPU) products of Intel Corporation of the United States. The following products are affected: Intel Xeon Processor E3 v5 Family; Intel Xeon Processor E3 v6 Family; 6th generation Intel Core processors; 7th generation Intel Core processors; 8th generation Intel Core processors. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2018-240-01) New kernel packages are available for Slackware 14.2 to mitigate security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.153/*: Upgraded. This kernel update enables mitigations for L1 Terminal Fault aka Foreshadow and Foreshadow-NG vulnerabilities. Thanks to Bernhard Kaindl for bisecting the boot issue that was preventing us from upgrading to earlier 4.4.x kernels that contained this fix. To see the status of CPU vulnerability mitigations on your system, look at the files in: /sys/devices/system/cpu/vulnerabilities Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3615 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3546 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-firmware-20180825_fea76a0-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-generic-4.4.153-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-generic-smp-4.4.153_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-headers-4.4.153_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-huge-4.4.153-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-huge-smp-4.4.153_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-modules-4.4.153-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-modules-smp-4.4.153_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-source-4.4.153_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-firmware-20180825_fea76a0-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-generic-4.4.153-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-headers-4.4.153-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-huge-4.4.153-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-modules-4.4.153-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-source-4.4.153-noarch-1.txz MD5 signatures: +-------------+ Slackware 14.2 packages: b0a4ac8050eed122d407069db8704be2 kernel-firmware-20180825_fea76a0-noarch-1.txz cd110706f35e4496017f7270d393fcf9 kernel-generic-4.4.153-i586-1.txz 57b026fb409d15596b91963bfab973b5 kernel-generic-smp-4.4.153_smp-i686-1.txz d1f1a717bcdc85be8382628f0a38ae78 kernel-headers-4.4.153_smp-x86-1.txz 439fc6640ce50c1b061b60b6a7afffe9 kernel-huge-4.4.153-i586-1.txz b1683dd7d0a3f6898f5d8ffecca50c4a kernel-huge-smp-4.4.153_smp-i686-1.txz 5ac4445b7ac81c65e4fe8269fa8f7b23 kernel-modules-4.4.153-i586-1.txz 3f9a394283e7feff520b6bff6219d1de kernel-modules-smp-4.4.153_smp-i686-1.txz 4b8979e2226d66d957b33deacbf5fb26 kernel-source-4.4.153_smp-noarch-1.txz Slackware x86_64 14.2 packages: b0a4ac8050eed122d407069db8704be2 kernel-firmware-20180825_fea76a0-noarch-1.txz 1109c106490e646cf687fbd1ac7211cd kernel-generic-4.4.153-x86_64-1.txz 8668e44ceb919d862e02c7eedfd2cf1d kernel-headers-4.4.153-x86-1.txz fe42dde9fd78ef32c4527e0a6fa60da0 kernel-huge-4.4.153-x86_64-1.txz 7a872f2bff05ebad6ec781f36bf0e392 kernel-modules-4.4.153-x86_64-1.txz 6403fd73910a3f1e1b9eed3ecb6de0e4 kernel-source-4.4.153-noarch-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.153-smp | bash For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.153 | bash Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 4.4.153-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 4.4.153 as the version. If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting. If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader. If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAluFyGYACgkQakRjwEAQIjN99wCbBHlVovtqYBjkObo2PP9WIIr7 eI8An0+88QDu5DNT6mF1CrHvAToR3o8G =SVgT -----END PGP SIGNATURE-----

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. These attacks are known as L1 Terminal Fault: SGX, L1 Terminal Fault: OS/SMM, and L1 Terminal Fault: VMM. Multiple Intel Processors are prone to a multiple information-disclosure vulnerabilities. Local attackers can exploit these issues to obtain sensitive information. This may aid in further attacks. Intel Core i3 processor, etc. are all CPU (central processing unit) products of Intel Corporation of the United States. Security vulnerabilities exist in several Intel products that use speculative execution and address translation. The following products are affected: Intel Core i3 processor; Intel Core i5 processor; Intel Core i7 processor; Intel Core M processor family; 2nd generation Intel Core processors; 3rd generation Intel Core processors; 4th generation Intel Core processors; 5th generation Intel Core processors, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2018:2389-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2389 Issue date: 2018-08-14 CVE Names: CVE-2018-3620 CVE-2018-3646 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.2) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.2) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.2) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Package List: Red Hat Enterprise Linux Server AUS (v. 7.2): Source: kernel-3.10.0-327.71.4.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.71.4.el7.noarch.rpm kernel-doc-3.10.0-327.71.4.el7.noarch.rpm x86_64: kernel-3.10.0-327.71.4.el7.x86_64.rpm kernel-debug-3.10.0-327.71.4.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.71.4.el7.x86_64.rpm kernel-devel-3.10.0-327.71.4.el7.x86_64.rpm kernel-headers-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.71.4.el7.x86_64.rpm perf-3.10.0-327.71.4.el7.x86_64.rpm perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm python-perf-3.10.0-327.71.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.2): Source: kernel-3.10.0-327.71.4.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.71.4.el7.noarch.rpm kernel-doc-3.10.0-327.71.4.el7.noarch.rpm ppc64le: kernel-3.10.0-327.71.4.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-327.71.4.el7.ppc64le.rpm kernel-debug-3.10.0-327.71.4.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.71.4.el7.ppc64le.rpm kernel-devel-3.10.0-327.71.4.el7.ppc64le.rpm kernel-headers-3.10.0-327.71.4.el7.ppc64le.rpm kernel-tools-3.10.0-327.71.4.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm kernel-tools-libs-3.10.0-327.71.4.el7.ppc64le.rpm perf-3.10.0-327.71.4.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm python-perf-3.10.0-327.71.4.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm x86_64: kernel-3.10.0-327.71.4.el7.x86_64.rpm kernel-debug-3.10.0-327.71.4.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.71.4.el7.x86_64.rpm kernel-devel-3.10.0-327.71.4.el7.x86_64.rpm kernel-headers-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.71.4.el7.x86_64.rpm perf-3.10.0-327.71.4.el7.x86_64.rpm perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm python-perf-3.10.0-327.71.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.2): Source: kernel-3.10.0-327.71.4.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.71.4.el7.noarch.rpm kernel-doc-3.10.0-327.71.4.el7.noarch.rpm x86_64: kernel-3.10.0-327.71.4.el7.x86_64.rpm kernel-debug-3.10.0-327.71.4.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.71.4.el7.x86_64.rpm kernel-devel-3.10.0-327.71.4.el7.x86_64.rpm kernel-headers-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.71.4.el7.x86_64.rpm perf-3.10.0-327.71.4.el7.x86_64.rpm perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm python-perf-3.10.0-327.71.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.71.4.el7.x86_64.rpm perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.2): ppc64le: kernel-debug-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm kernel-debug-devel-3.10.0-327.71.4.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.71.4.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-327.71.4.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.71.4.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.71.4.el7.x86_64.rpm perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.71.4.el7.x86_64.rpm perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.71.4.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-3620 https://access.redhat.com/security/cve/CVE-2018-3646 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/L1TF 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW3M6OtzjgjWX9erEAQgXsA//fUjJD9ABgMqdEY1I+4Y28+aCtz++Rn0O lQaHCnxzStUHT401003DNrka0StFmfCSLZ7fYQF5iss9bE0dFyQaJ+UxWqEMiiJ5 eBRWolwaQjovLOs/W0ihbiOgDa4IiBmaXzJ6V2CTXC6PMFtsc5qo7fcUroQ72Exa gdXUxO4z3Ei4TTZpwLL/5xfphENXoOk0BMGw5ouAhfsiGyY/q5VWICqoKYqXvgSB S6qI85FlHVHTiMpZa7DjFygFfGsraOYkUF9Svokw2d46mzAdFHBfsY4l3esvOth0 HVdIXBhN9xoKnKI6907vGrDhNshm6E029vhLoc+R6cJIa6nFXDxIlb/PsYhGDmvE N7WVbb1ItaZn2b6RAmkhw4XSMJlGXtsbR0qQghXL0h0RB70a+DKQOrpLuJZFaxHE ETzp+i5p0xRLgyNMUHgDtSSCgb+y+ctSrCyB6ls5hV/TIuYKV3L3UhRYGaWlCWIk Ki9Iou3E8NCmHNgJlaG4g7EVnv5bXrDoww5UU79W5TDIapQXohXwSYH5TJMfyj5U 786wYzOtx1ubSM+AnJ3yXWaHgxOUv/o0NjYruO+SuXlqKw7CnlAyYJJj5kro3Yhu QuJU1xNPPhTV+608bCy/lthONMfTRZ534be+RcLw8gd1v6/WtGcZxdvNtCJ1nQ5e xxvWT3L+dPQ1KA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6.7) - i386, ppc64, s390x, x86_64 3. (CVE-2018-3620, CVE-2018-3646) * kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2018-240-01) New kernel packages are available for Slackware 14.2 to mitigate security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.153/*: Upgraded. Thanks to Bernhard Kaindl for bisecting the boot issue that was preventing us from upgrading to earlier 4.4.x kernels that contained this fix. To see the status of CPU vulnerability mitigations on your system, look at the files in: /sys/devices/system/cpu/vulnerabilities Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3615 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3546 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-firmware-20180825_fea76a0-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-generic-4.4.153-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-generic-smp-4.4.153_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-headers-4.4.153_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-huge-4.4.153-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-huge-smp-4.4.153_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-modules-4.4.153-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-modules-smp-4.4.153_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-source-4.4.153_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-firmware-20180825_fea76a0-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-generic-4.4.153-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-headers-4.4.153-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-huge-4.4.153-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-modules-4.4.153-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-source-4.4.153-noarch-1.txz MD5 signatures: +-------------+ Slackware 14.2 packages: b0a4ac8050eed122d407069db8704be2 kernel-firmware-20180825_fea76a0-noarch-1.txz cd110706f35e4496017f7270d393fcf9 kernel-generic-4.4.153-i586-1.txz 57b026fb409d15596b91963bfab973b5 kernel-generic-smp-4.4.153_smp-i686-1.txz d1f1a717bcdc85be8382628f0a38ae78 kernel-headers-4.4.153_smp-x86-1.txz 439fc6640ce50c1b061b60b6a7afffe9 kernel-huge-4.4.153-i586-1.txz b1683dd7d0a3f6898f5d8ffecca50c4a kernel-huge-smp-4.4.153_smp-i686-1.txz 5ac4445b7ac81c65e4fe8269fa8f7b23 kernel-modules-4.4.153-i586-1.txz 3f9a394283e7feff520b6bff6219d1de kernel-modules-smp-4.4.153_smp-i686-1.txz 4b8979e2226d66d957b33deacbf5fb26 kernel-source-4.4.153_smp-noarch-1.txz Slackware x86_64 14.2 packages: b0a4ac8050eed122d407069db8704be2 kernel-firmware-20180825_fea76a0-noarch-1.txz 1109c106490e646cf687fbd1ac7211cd kernel-generic-4.4.153-x86_64-1.txz 8668e44ceb919d862e02c7eedfd2cf1d kernel-headers-4.4.153-x86-1.txz fe42dde9fd78ef32c4527e0a6fa60da0 kernel-huge-4.4.153-x86_64-1.txz 7a872f2bff05ebad6ec781f36bf0e392 kernel-modules-4.4.153-x86_64-1.txz 6403fd73910a3f1e1b9eed3ecb6de0e4 kernel-source-4.4.153-noarch-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.153-smp | bash For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.153 | bash Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 4.4.153-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 4.4.153 as the version. If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting. If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader. If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-693.37.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1599860) 4. To fully resolve these vulnerabilities it is also necessary to install updated CPU microcode (only available in Debian non-free). Common server class CPUs are covered in the update released as DSA 4273-1. For the stable distribution (stretch), these problems have been fixed in version 4.9.110-3+deb9u3. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlt6p8ZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TBJg//VmtxfP6VLm5Q2hHuOlUejrc2W4hOcNRR0Ud7DjJ0B5Gfb9y/u1k+RXBj akX5/Csi6l+kLOWs4/amX3VAxdQRYFL6eEJBNZzlCkBasu1DpkvJdL9F0EP9gru7 Xd/StpSQs8GaBAlklQsckHtKqPzhB5D56gLosLupfmdNovlRKPhX282Ae5JCgjyf BjQv7Oa5K+pUw7F4sZUsdTPZHvl3bZ14u2SDzkIYX6K0KSRi3r4kBNGlRkCnRUTd AW8LpC2uWFX584LhVqJhnKhtd2lveadkwjX9TTRDJkJJOW88Yf2hDSyvWRAKS90D 65SEB2SIrgYiOTqCW4TQXPv5cNSn+LPimrkPus4likNyxJajbck5lB5GVLTTd0dp X0WPp4uhNsISHERZzdJpT8Y3uu5VrPzgSxPay/aPh+n7vy/wFknliZ4IfBSZtOri J5OrlN+Dal0M7eli1ojoByMLsH5Tzzd6/pfmOtWH/wNUFuMPdNwM/KuzcZRn+aMY FZ6jk6Ge0UNgFoQQPb6ddu0YBlPQGK5t+jPS47qR8fEqV7VxBDFVQYKK5Lni9iwi bIarRFTWQNj3nYZ44VOsk95QuyKe2Gw5NkjzlsEhQdQ318urQ6tpAAvjet/xbaHv 6SO/0r3APr5jxH2GGrLUvRRezbXYkBhEVhWOtcOQryXEzPAbcGc= =Cd8P -----END PGP SIGNATURE----- . ========================================================================== Kernel Live Patch Security Notice 0044-1 October 05, 2018 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu: | Series | Base kernel | Arch | flavors | |------------------+--------------+----------+------------------| | Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | lowlatency | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | lowlatency | Summary: Several security issues were fixed in the kernel. Note that due to a client issue, this livepatch may report that it failed to load. You can verify that the patch has successfully loaded by looking in /sys/kernel/livepatch for a directory starting with the name "lkp_Ubuntu," followed by your kernel version, and ending with the version number, "44." The next client update should correct this problem. (CVE-2018-3620) It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. (CVE-2018-15594) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555) It was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2018-14633) It was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. (CVE-2018-15572) Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-17182) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-133.159 | 44.1 | generic, lowlatency | | 4.4.0-133.159~14.04.1 | 44.1 | lowlatency, generic | | 4.4.0-134.160 | 44.1 | generic, lowlatency | | 4.4.0-134.160~14.04.1 | 44.1 | lowlatency, generic | | 4.4.0-135.161~14.04.1 | 44.1 | lowlatency, generic | | 4.15.0-32.35 | 44.1 | lowlatency, generic | | 4.15.0-32.35~16.04.1 | 44.1 | generic, lowlatency | | 4.15.0-33.36 | 44.1 | lowlatency, generic | | 4.15.0-33.36~16.04.1 | 44.1 | lowlatency, generic | | 4.15.0-34.37 | 44.1 | generic, lowlatency | | 4.15.0-34.37~16.04.1 | 44.2 | lowlatency, generic | References: CVE-2018-3620, CVE-2018-15594, CVE-2018-3646, CVE-2018-6555, CVE-2018-14633, CVE-2018-15572, CVE-2018-17182 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . (CVE-2018-3620) Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. (CVE-2018-5391) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: linux-image-4.15.0-1017-gcp 4.15.0-1017.18~16.04.1 linux-image-4.15.0-1021-azure 4.15.0-1021.21~16.04.1 linux-image-4.15.0-32-generic 4.15.0-32.35~16.04.1 linux-image-4.15.0-32-generic-lpae 4.15.0-32.35~16.04.1 linux-image-4.15.0-32-lowlatency 4.15.0-32.35~16.04.1 linux-image-azure 4.15.0.1021.27 linux-image-gcp 4.15.0.1017.29 linux-image-generic-hwe-16.04 4.15.0.32.54 linux-image-generic-lpae-hwe-16.04 4.15.0.32.54 linux-image-gke 4.15.0.1017.29 linux-image-lowlatency-hwe-16.04 4.15.0.32.54 linux-image-virtual-hwe-16.04 4.15.0.32.54 Please note that the recommended mitigation for CVE-2018-3646 involves updating processor microcode in addition to updating the kernel; however, the kernel includes a fallback for processors that have not received microcode updates. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xen: Multiple vulnerabilities Date: October 30, 2018 Bugs: #643350, #655188, #655544, #659442 ID: 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, the worst of which could cause a Denial of Service condition. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/xen < 4.10.1-r2 >= 4.10.1-r2 2 app-emulation/xen-tools < 4.10.1-r2 >= 4.10.1-r2 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.10.1-r2" All Xen tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.10.1-r2" References ========== [ 1 ] CVE-2017-5715 https://nvd.nist.gov/vuln/detail/CVE-2017-5715 [ 2 ] CVE-2017-5753 https://nvd.nist.gov/vuln/detail/CVE-2017-5753 [ 3 ] CVE-2017-5754 https://nvd.nist.gov/vuln/detail/CVE-2017-5754 [ 4 ] CVE-2018-10471 https://nvd.nist.gov/vuln/detail/CVE-2018-10471 [ 5 ] CVE-2018-10472 https://nvd.nist.gov/vuln/detail/CVE-2018-10472 [ 6 ] CVE-2018-10981 https://nvd.nist.gov/vuln/detail/CVE-2018-10981 [ 7 ] CVE-2018-10982 https://nvd.nist.gov/vuln/detail/CVE-2018-10982 [ 8 ] CVE-2018-12891 https://nvd.nist.gov/vuln/detail/CVE-2018-12891 [ 9 ] CVE-2018-12892 https://nvd.nist.gov/vuln/detail/CVE-2018-12892 [ 10 ] CVE-2018-12893 https://nvd.nist.gov/vuln/detail/CVE-2018-12893 [ 11 ] CVE-2018-15468 https://nvd.nist.gov/vuln/detail/CVE-2018-15468 [ 12 ] CVE-2018-15469 https://nvd.nist.gov/vuln/detail/CVE-2018-15469 [ 13 ] CVE-2018-15470 https://nvd.nist.gov/vuln/detail/CVE-2018-15470 [ 14 ] CVE-2018-3620 https://nvd.nist.gov/vuln/detail/CVE-2018-3620 [ 15 ] CVE-2018-3646 https://nvd.nist.gov/vuln/detail/CVE-2018-3646 [ 16 ] CVE-2018-5244 https://nvd.nist.gov/vuln/detail/CVE-2018-5244 [ 17 ] CVE-2018-7540 https://nvd.nist.gov/vuln/detail/CVE-2018-7540 [ 18 ] CVE-2018-7541 https://nvd.nist.gov/vuln/detail/CVE-2018-7541 [ 19 ] CVE-2018-7542 https://nvd.nist.gov/vuln/detail/CVE-2018-7542 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201810-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. These attacks are known as L1 Terminal Fault: SGX, L1 Terminal Fault: OS/SMM, and L1 Terminal Fault: VMM. Intel Core Systems with microprocessors contain information disclosure vulnerabilities.Information may be obtained. Intel Core i3 processor, etc. are all CPU (central processing unit) products of Intel Corporation of the United States. Security vulnerabilities exist in several Intel products that use speculative execution and address translation. The following products are affected: Intel Core i3 processor; Intel Core i5 processor; Intel Core i7 processor; Intel Core M processor family; 2nd generation Intel Core processors; 3rd generation Intel Core processors; 4th generation Intel Core processors; 5th generation Intel Core processors, etc. Description: The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. (CVE-2018-3620, CVE-2018-3646) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address the following: afpserver Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A remote attacker may be able to attack AFP servers through HTTP clients Description: An input validation issue was addressed with improved input validation. CVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC Berkeley AppleGraphicsControl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4410: an anonymous researcher working with Trend Micro's Zero Day Initiative AppleGraphicsControl Available for: macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4417: Lee of the Information Security Lab Yonsei University working with Trend Micro's Zero Day Initiative APR Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2017-12613: Craig Young of Tripwire VERT CVE-2017-12618: Craig Young of Tripwire VERT ATS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend Micro's Zero Day Initiative ATS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4308: Mohamed Ghannam (@_simo36) CFNetwork Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative CoreAnimation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4415: Liang Zhuo working with Beyond Security's SecuriTeam Secure Disclosure CoreCrypto Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers Description: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum CoreFoundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) CUPS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: In certain configurations, a remote attacker may be able to replace the message content from the print server with arbitrary content Description: An injection issue was addressed with improved validation. CVE-2018-4153: Michael Hanselmann of hansmi.ch CUPS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4406: Michael Hanselmann of hansmi.ch Dictionary Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Parsing a maliciously crafted dictionary file may lead to disclosure of user information Description: A validation issue existed which allowed local file access. This was addressed with input sanitization. CVE-2018-4346: Wojciech ReguAa (@_r3ggi) of SecuRing Dock Available for: macOS Mojave 10.14 Impact: A malicious application may be able to access restricted files Description: This issue was addressed by removing additional entitlements. CVE-2018-4403: Patrick Wardle of Digita Security dyld Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved validation. This ensures that older data read from recently-written-to addresses cannot be read via a speculative side-channel. CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken Johnson of the Microsoft Security Response Center (MSRC) EFI Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: A local user may be able to modify protected parts of the file system Description: A configuration issue was addressed with additional restrictions. CVE-2018-4342: Timothy Perfitt of Twocanoes Software Foundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck) Grand Central Dispatch Available for: macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad Heimdal Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas F. Wenisch of University of Michigan, Mark Silberstein and Marina Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu of Intel Corporation, Yuval Yarom of The University of Adelaide Hypervisor Available for: macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2018-4242: Zhuo Liang of Qihoo 360 Nirvan Team ICU Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4394: an anonymous researcher Intel Graphics Driver Available for: macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4334: Ian Beer of Google Project Zero Intel Graphics Driver Available for: macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4396: Yu Wang of Didi Research America CVE-2018-4418: Yu Wang of Didi Research America Intel Graphics Driver Available for: macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4350: Yu Wang of Didi Research America IOGraphics Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4422: an anonymous researcher working with Trend Micro's Zero Day Initiative IOHIDFamily Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero IOKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4402: Proteas of Qihoo 360 Nirvan Team IOKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero IOUserEthernet Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple IPSec Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2018-4420: Mohamed Ghannam (@_simo36) Kernel Available for: macOS High Sierra 10.13.6 Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions. CVE-2018-4399: Fabiano Anemone (@anoane) Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4419: Mohamed Ghannam (@_simo36) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Kernel Available for: macOS Sierra 10.12.6 Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4259: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4286: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4287: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4288: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4291: Kevin Backhouse of Semmle and LGTM.com Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security Team Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Kernel Available for: macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4424: Dr. Silvio Cesare of InfoSect Login Window Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A local user may be able to cause a denial of service Description: A validation issue was addressed with improved logic. CVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of MWR InfoSecurity Mail Available for: macOS Mojave 10.14 Impact: Processing a maliciously crafted mail message may lead to UI spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4389: Dropbox Offensive Security Team, Theodor Ragnar Gislason of Syndis mDNSOffloadUserClient Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team MediaRemote Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. This ensures that implementation specific system registers cannot be leaked via a speculative execution side-channel. CVE-2018-3640: Innokentiy Sennovskiy from BiZone LLC (bi.zone), Zdenek Sojka, Rudolf Marek and Alex Zuepke from SYSGO AG (sysgo.com) NetworkExtension Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Connecting to a VPN server may leak DNS queries to a DNS proxy Description: A logic issue was addressed with improved state management. CVE-2018-4369: an anonymous researcher Perl Available for: macOS Sierra 10.12.6 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2018-6797: Brian Carpenter Ruby Available for: macOS Sierra 10.12.6 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple issues in Ruby were addressed in this update. CVE-2017-898 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Processing a maliciously crafted S/MIME signed message may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd. Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4395: Patrick Wardle of Digita Security Spotlight Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4393: Lufeng Li Symptom Framework Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative WiFi Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische UniversitA$?t Darmstadt Additional recognition Calendar We would like to acknowledge an anonymous researcher for their assistance. iBooks We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool ICT for their assistance. Kernel We would like to acknowledge Brandon Azad for their assistance. LaunchServices We would like to acknowledge Alok Menghrajani of Square for their assistance. Quick Look We would like to acknowledge lokihardt of Google Project Zero for their assistance. Security We would like to acknowledge Marinos Bernitsas of Parachute for their assistance. Terminal We would like to acknowledge an anonymous researcher for their assistance. Installation note: macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EcGQ// QbUbTOZRgxcStGZjs+qdXjeaXI6i1MKaky7o/iYCXf87crFu79PCsXyPU1jeMvoS tgDxz7ornlyaxR4wcSYzfcuIeY2ZH+dkxc7JJHQbKTW1dWYHpXUUzzNm+Ay/Gtk+ 2EIAgJ9oUf8FARR5cmcKBZfLFVdc40vpM3bBCV4m2Kr5KiDsqZKdZTujBQRccAsO HKRbhDecw0WX/CfEbLprs86uIXFMIoifhmh8LMebjzIQn2ozoFG6R31vMMHeDpir zf0xlVCJrJy/XywmkodhBWWrUWcM0hfsJ8EmyIBwFEYUxFhOV3D+x3rStd2kjyNL LG9oWclxDkjImQXdrL8IRAQfZvcVQFZK2vSGCYfRN0LY105sxjPjeIsJ0RORzcSN 2mlDR1UuTosk0GleDbmhv/ornfOc537UebwuHVWU5LpPNFkvY1Cv8zPrQAHewuod TmktkNuv2x2fgw9g7ntE88UBF9JMC+Ofs/FgJ67RkoT4R39P7VvaztHlmxmr/rIw TrSs7TDVqciz+DOMRKxyNPI1cpXM5ITCTvgbY4+RWwaFJzfgY+Gc+sldvVcb1x9I LlsI19MA0bsvi+ReOcLbWYuEHaVhVqZ7LndxR9m2gJ39L9jff+dOsSlznF4OLs+S t7Rz6i2mOpe6vXobkTUmml3m3zYIhL3XcdcYpw3U0F8= =uhgi -----END PGP SIGNATURE----- . Issue date: 2018-08-14 Updated on: 2018-08-14 (Initial Advisory) CVE number: CVE-2018-3646 1. Summary VMware vSphere, Workstation, and Fusion updates enable Hypervisor- Specific Mitigations for L1 Terminal Fault - VMM vulnerability. The mitigations in this advisory are categorized as Hypervisor- Specific Mitigations described by VMware Knowledge Base article 55636. Relevant Products VMware vCenter Server (VC) VMware vSphere ESXi (ESXi) VMware Workstation Pro / Player (WS) VMware Fusion Pro / Fusion (Fusion) 3. Problem Description vCenter Server, ESXi, Workstation, and Fusion updates include Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM. This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisoras or another VMas privileged information that resides sequentially or concurrently in the same coreas L1 Data cache. CVE-2018-3646 has two currently known attack vectors which will be referred to as "Sequential-Context" and "Concurrent-Context." Attack Vector Summary Sequential-context attack vector: a malicious VM can potentially infer recently accessed L1 data of a previous context (hypervisor thread or other VM thread) on either logical processor of a processor core. Concurrent-context attack vector: a malicious VM can potentially infer recently accessed L1 data of a concurrently executing context (hypervisor thread or other VM thread) on the other logical processor of the Hyper-Threading-enabled processor core. Mitigation Summary The Sequential-context attack vector is mitigated by a vSphere update to the product versions listed in table below. This mitigation is dependent on Intel microcode updates (provided in separate ESXi patches for most Intel hardware platforms) also listed in the table below. This mitigation is enabled by default and does not impose a significant performance impact. The Concurrent-context attack vector is mitigated through enablement of a new feature known as the ESXi Side-Channel-Aware Scheduler. This feature may impose a non-trivial performance impact and is not enabled by default. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ======= ======= ======= ========= ===================== ========== VC 6.7 Any Important 6.7.0d None VC 6.5 Any Important 6.5u2c None VC 6.0 Any Important 6.0u3h None VC 5.5 Any Important 5.5u3j None ESXi 6.7 Any Important ESXi670-201808401-BG* None ESXi670-201808402-BG** None ESXi670-201808403-BG* None ESXi 6.5 Any Important ESXi650-201808401-BG* None ESXi650-201808402-BG** None ESXi650-201808403-BG* None ESXi 6.0 Any Important ESXi600-201808401-BG* None ESXi600-201808402-BG** None ESXi600-201808403-BG* None ESXi 5.5 Any Important ESXi550-201808401-BG* None ESXi550-201808402-BG** None ESXi550-201808403-BG* None WS 14.x Any Important 14.1.3* None Fusion 10.x Any Important 10.1.3* None *These patches DO NOT mitigate the Concurrent-context attack vector previously described by default. For details on the three-phase vSphere mitigation process please see KB55806 and for the mitigation process for Workstation and Fusion please see KB57138. **These patches include microcode updates required for mitigation of the Sequential-context attack vector. This microcode may also be obtained from your hardware OEM in the form of a BIOS or firmware update. Details on microcode that has been provided by Intel and packaged by VMware is enumerated in the patch KBs found in the Solution section of this document. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. vCenter 6.7.0d Downloads: https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/6_7 Documentation: https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-670d-release-notes.html vCenter 6.5u2c Downloads: https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/6_5 Documentation: https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u2c-release-notes.html vCenter 6.0u3h Downloads: https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/6_0 Documentation: https://docs.vmware.com/en/VMware-vSphere/6.0/rn/vsphere-vcenter-server-60u3h-release-notes.html vCenter 5.5u3j Downloads: https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/5_5 Documentation: https://docs.vmware.com/en/VMware-vSphere/5.5/rn/vsphere-vcenter-server-55u3j-release-notes.html ESXi 6.7 Downloads: https://my.vmware.com/group/vmware/patch Documentation: ESXi670-201808401-BG (esx-base): https://kb.vmware.com/kb/56537 ESXi670-201808402-BG (microcode): https://kb.vmware.com/kb/56538 ESXi670-201808403-BG (esx-ui):(https://kb.vmware.com/kb/56897 ESXi 6.5 Downloads: https://my.vmware.com/group/vmware/patch Documentation: ESXi650-201808401-BG (esx-base): https://kb.vmware.com/kb/56547 ESXi650-201808402-BG (microcode): https://kb.vmware.com/kb/56563 ESXi650-201808403-BG (esx-ui): https://kb.vmware.com/kb/56896 ESXi 6.0 Downloads: https://my.vmware.com/group/vmware/patch Documentation: ESXi600-201808401-BG (esx-base): https://kb.vmware.com/kb/56552 ESXi600-201808402-BG (microcode): https://kb.vmware.com/kb/56553 ESXi600-201808403-BG (esx-ui): https://kb.vmware.com/kb/56895 ESXi 5.5 Downloads: https://my.vmware.com/group/vmware/patch Documentation: ESXi550-201808401-BG (esx-base): https://kb.vmware.com/kb/56557 ESXi550-201808402-BG (microcode): https://kb.vmware.com/kb/56558 ESXi550-201808403-BG (esx-ui): https://kb.vmware.com/kb/56894 VMware Workstation Pro 14.1.3 Downloads: https://www.vmware.com/go/downloadworkstation Documentation: https://docs.vmware.com/en/VMware-Workstation-Pro/index.html VMware Workstation Player 14.1.3 Downloads: https://www.vmware.com/go/downloadplayer Documentation: https://docs.vmware.com/en/VMware-Workstation-Player/index.html VMware Fusion Pro / Fusion 10.1.3 Downloads: https://www.vmware.com/go/downloadfusion Documentation: https://docs.vmware.com/en/VMware-Fusion/index.html 5. Change log 2018-08-14: Initial security advisory in conjunction with vSphere, Workstation, and Fusion updates and patches released on 2018-08-14. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security at vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2018 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2390-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2390 Issue date: 2018-08-14 CVE Names: CVE-2017-0861 CVE-2017-15265 CVE-2018-3620 CVE-2018-3646 CVE-2018-3693 CVE-2018-7566 CVE-2018-10901 CVE-2018-1000004 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265) * kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; and Vegard Nossum (Oracle Corporation) for reporting CVE-2018-10901. Bug Fix(es): * The Least recently used (LRU) operations are batched by caching pages in per-cpu page vectors to prevent contention of the heavily used lru_lock spinlock. The page vectors can hold even the compound pages. Previously, the page vectors were cleared only if they were full. Subsequently, the amount of memory held in page vectors, which is not reclaimable, was sometimes too high. Consequently the page reclamation started the Out of Memory (OOM) killing processes. With this update, the underlying source code has been fixed to clear LRU page vectors each time when a compound page is added to them. As a result, OOM killing processes due to high amounts of memory held in page vectors no longer occur. (BZ#1575819) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1501878 - CVE-2017-15265 kernel: Use-after-free in snd_seq_ioctl_create_port() 1535315 - CVE-2018-1000004 kernel: Race condition in sound system can lead to denial of service 1550142 - CVE-2018-7566 kernel: race condition in snd_seq_write() may lead to UAF or OOB-access 1563994 - CVE-2017-0861 kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation 1581650 - CVE-2018-3693 Kernel: speculative bounds check bypass store 1585005 - CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF) 1601849 - CVE-2018-10901 kernel: kvm: vmx: host GDT limit corruption 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm i386: kernel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-devel-2.6.32-754.3.5.el6.i686.rpm kernel-headers-2.6.32-754.3.5.el6.i686.rpm perf-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm i386: kernel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-devel-2.6.32-754.3.5.el6.i686.rpm kernel-headers-2.6.32-754.3.5.el6.i686.rpm perf-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm ppc64: kernel-2.6.32-754.3.5.el6.ppc64.rpm kernel-bootwrapper-2.6.32-754.3.5.el6.ppc64.rpm kernel-debug-2.6.32-754.3.5.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.3.5.el6.ppc64.rpm kernel-devel-2.6.32-754.3.5.el6.ppc64.rpm kernel-headers-2.6.32-754.3.5.el6.ppc64.rpm perf-2.6.32-754.3.5.el6.ppc64.rpm perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm s390x: kernel-2.6.32-754.3.5.el6.s390x.rpm kernel-debug-2.6.32-754.3.5.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debug-devel-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.3.5.el6.s390x.rpm kernel-devel-2.6.32-754.3.5.el6.s390x.rpm kernel-headers-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-devel-2.6.32-754.3.5.el6.s390x.rpm perf-2.6.32-754.3.5.el6.s390x.rpm perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.3.5.el6.ppc64.rpm perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm python-perf-2.6.32-754.3.5.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.3.5.el6.s390x.rpm perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm python-perf-2.6.32-754.3.5.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm i386: kernel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-devel-2.6.32-754.3.5.el6.i686.rpm kernel-headers-2.6.32-754.3.5.el6.i686.rpm perf-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-0861 https://access.redhat.com/security/cve/CVE-2017-15265 https://access.redhat.com/security/cve/CVE-2018-3620 https://access.redhat.com/security/cve/CVE-2018-3646 https://access.redhat.com/security/cve/CVE-2018-3693 https://access.redhat.com/security/cve/CVE-2018-7566 https://access.redhat.com/security/cve/CVE-2018-10901 https://access.redhat.com/security/cve/CVE-2018-1000004 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/L1TF 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW3Me0NzjgjWX9erEAQhkDBAAjGcoEad9NOtCUJqgDcVHLArXg9OKAloW +BaoAYrYtzH3h9teocV6U3mYaxhwu2Cd13JlbKJsc8BLRzHUSZpwxjcsewCzjx2u dotwAksPej7L3U/U5YPSJ37r/OP+ni7trT1dtEmCI578QHFZB6+4/qK/1aYM+biQ EI0BoaSMV6RDo9u+U6zPgk8L7ugMhWs2PCXbtV7koyg563tasvo5jWlfVYNVD1fz cKTzsTwVQwirynWa2mvtaI+vaslYX3x9Zn6dJ2VEzpD4w6tU54/sViaetmLnSOir ZVdtkeO0pdEBO2YUr+Igc+ZOtLdGpzOjkQVQMBG+YE6bDdynYYFrxkPcNPeB1f1K 2bTNHA/FnirFDOII3JuYEqg8TXdh8NYRZ4a8rqchGo2JCeh5Q5LnhJDYWJv2HbTW TZUQY/nStRfWVpygQJV72GJENICnRVjjQ5D569KFBopnK0iXWLpxlf3dmp5Lvdg2 0rBVnnclfQCQVxZvOiZ3s0wkA9d0o7v4pDN2YgTRDlU4nzI3xE4jh0Sevsn4tVco ePUubCuxhjQfxJswBPoZA8Al3GGlSxOMKFHO6HscnnAh6YL5LVusx4PpJt4Y3tjW Vf8Rk4bFbn+M0RtVM+vnFGjWAr7w6iKvRya8y0LzElfAtpeedcnuxfJGtecT73IZ /6fv2MlabwY=kAUc -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Corrected: 2018-08-14 17:51:12 UTC (stable/11, 11.1-STABLE) 2018-08-15 02:30:11 UTC (releng/11.2, 11.2-RELEASE-p2) 2018-08-15 02:30:11 UTC (releng/11.1, 11.1-RELEASE-p13) CVE Name: CVE-2018-3620, CVE-2018-3646 Special Note: Speculative execution vulnerability mitigation remains a work in progress. This advisory addresses the issue in FreeBSD 11.1 and later. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. Background When a program accesses data in memory via a logical address it is translated to a physical address in RAM by the CPU. Accessing an unmapped logical address results in what is known as a terminal fault. II. The CPU may speculatively access the level 1 data cache (L1D). Data which would otherwise be protected may then be determined by using side channel methods. This issue affects bhyve on FreeBSD/amd64 systems. III. Impact An attacker executing user code, or kernel code inside of a virtual machine, may be able to read secret data from the kernel or from another virtual machine. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +30 "Rebooting for security update" 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.2] # fetch https://security.FreeBSD.org/patches/SA-18:09/l1tf-11.2.patch # fetch https://security.FreeBSD.org/patches/SA-18:09/l1tf-11.2.patch.asc # gpg --verify l1tf-11.2.patch.asc [FreeBSD 11.1] # fetch https://security.FreeBSD.org/patches/SA-18:09/l1tf-11.1.patch # fetch https://security.FreeBSD.org/patches/SA-18:09/l1tf-11.1.patch.asc # gpg --verify l1tf-11.1.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details CVE-2018-3620 (L1 Terminal Fault-OS) - ------------------------------------ FreeBSD reserves the the memory page at physical address 0, so it will not contain secret data. FreeBSD zeros the paging data structures for unmapped addresses, so that speculatively executed L1 Terminal Faults will access only the reserved, unused page. The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r337794 releng/11.1/ r337828 releng/11.2/ r337828 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. ========================================================================== Ubuntu Security Notice USN-3741-3 August 17, 2018 linux regressions ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in the Linux kernel. Unfortunately, the update introduced regressions that caused kernel panics when booting in some environments as well as preventing Java applications from starting. This update fixes the problems. We apologize for the inconvenience. A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). A remote attacker could use this to cause a denial of service. (CVE-2018-5390) Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. A remote attacker could use this to cause a denial of service. (CVE-2018-5391) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: linux-image-3.13.0-156-generic 3.13.0-156.206 linux-image-3.13.0-156-generic-lpae 3.13.0-156.206 linux-image-3.13.0-156-lowlatency 3.13.0-156.206 linux-image-3.13.0-156-powerpc-e500 3.13.0-156.206 linux-image-3.13.0-156-powerpc-e500mc 3.13.0-156.206 linux-image-3.13.0-156-powerpc-smp 3.13.0-156.206 linux-image-3.13.0-156-powerpc64-emb 3.13.0-156.206 linux-image-3.13.0-156-powerpc64-smp 3.13.0-156.206 linux-image-generic 3.13.0.156.166 linux-image-generic-lpae 3.13.0.156.166 linux-image-lowlatency 3.13.0.156.166 linux-image-powerpc-e500 3.13.0.156.166 linux-image-powerpc-e500mc 3.13.0.156.166 linux-image-powerpc-smp 3.13.0.156.166 linux-image-powerpc64-emb 3.13.0.156.166 linux-image-powerpc64-smp 3.13.0.156.166 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. Relevant releases/architectures: RHEL 7-based RHEV-H ELS - noarch RHEV Hypervisor for RHEL-6 ELS - noarch 3

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. Service disruption as a result (DoS) There is a possibility of being attacked. Linux Kernel is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This is mitigated by reducing the default limits on memory usage for incomplete fragmented packets. The same mitigation can be achieved without the need to reboot, by setting the sysctls: net.ipv4.ipfrag_high_thresh = 262144 net.ipv6.ip6frag_high_thresh = 262144 net.ipv4.ipfrag_low_thresh = 196608 net.ipv6.ip6frag_low_thresh = 196608 The default values may still be increased by local configuration if necessary. For the stable distribution (stretch), this problem has been fixed in version 4.9.110-3+deb9u2. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAltzSylfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RaQQ//ZmbZqbqzS25ZDtEN7fJbInoznmfFiXHYCS9/GNEID3ODvPEn34omQ+Tj HJHroMWFsXROIaViHvJ2mZB3dpgv+ge1huvqXFTh+VrnQxvmdzzNy0UiDUH3B7jU BnbI7IS5x2dBC4cY+5vJ1fn0mWnvh/Bg9D+HEce3mmz9f/bTmXXiwPosyCM0KnzC R8aq73EU61A+IYJd+otICU6jZk+4IdgZRhW6q8F5OgHrnBryr0Xem8hSeL4Nkv3y aLX2Ca20eAgfeGo/SAHmG+FfJLR6dG8frz1k8HsKWNW16O8AC6lDbRC1+teK1e43 6GoIjfU9fBy3Cc35I1JQ85cfzfDLaETQ6IQ23o9SUP6qh8QKtUYDIU2sEDAThmrA IeoJsscGUvRMOx/XzuW8xN6rgbU+uNp8NIYXonZjy+U28dGp11obq3ka02railwj VEhm3YPIddeySofS0tZuBJ1XKL1/a5voLQ9GEBk+wq10DPdfYvSmIXxVR/FOfYy5 mLLTdtHINomfeihEI9AOWqq7w5bVIIidWB2a5FJiBZKWW1OdiNRHlD4hNMCR5xRv vK2PPXYcCxBuO4mdcnYydDcmrDvD22b6AhN1sm8FqUkWSXQbRoHNan95A8KbgZw0 Rk68oRCEFKcScB67ZhK2hUue7hZhkz52MlbS7pJgBPSuKrVsZtw= =WPm5 -----END PGP SIGNATURE----- . 7) - aarch64, noarch, ppc64le 3. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. 7) - ppc64le 3. ========================================================================= Ubuntu Security Notice USN-3742-2 August 14, 2018 linux-lts-trusty vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 for Ubuntu 12.04 ESM. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). (CVE-2018-3620) Andrey Konovalov discovered an out-of-bounds read in the POSIX timers subsystem in the Linux kernel. (CVE-2018-5391) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: linux-image-3.13.0-155-generic 3.13.0-155.206~precise1 linux-image-3.13.0-155-generic-lpae 3.13.0-155.206~precise1 linux-image-generic-lpae-lts-trusty 3.13.0.155.145 linux-image-generic-lts-trusty 3.13.0.155.145 Please note that the recommended mitigation for CVE-2018-3646 involves updating processor microcode in addition to updating the kernel; however, the kernel includes a fallback for processors that have not received microcode updates. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3635371 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:3590-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3590 Issue date: 2018-11-13 CVE Names: CVE-2017-18344 CVE-2018-5391 CVE-2018-10675 CVE-2018-14634 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.2) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. (CVE-2018-5391) * kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391 and Qualys Research Labs for reporting CVE-2018-14634. Bug Fix(es): * Previously, a kernel panic occurred when the kernel tried to make an out of bound access to the array that describes the L1 Terminal Fault (L1TF) mitigation state on systems without Extended Page Tables (EPT) support. This update extends the array of mitigation states to cover all the states, which effectively prevents out of bound array access. Also, this update enables rejecting invalid, irrelevant values, that might be erroneously provided by the userspace. As a result, the kernel no longer panics in the described scenario. (BZ#1629565) * Previously, a packet was missing the User Datagram Protocol (UDP) payload checksum during a full checksum computation, if the hardware checksum was not applied. As a consequence, a packet with an incorrect checksum was dropped by a peer. With this update, the kernel includes the UDP payload checksum during the full checksum computation. As a result, the checksum is computed correctly and the packet can be received by the peer. (BZ#1635792) * Previously, a transform lookup through the xfrm framework could be performed on an already transformed destination cache entry (dst_entry). When using User Datagram Protocol (UDP) over IPv6 with a connected socket in conjunction with Internet Protocol Security (IPsec) in Encapsulating Security Payload (ESP) transport mode. As a consequence, invalid IPv6 fragments transmitted from the host or the kernel occasionally terminated unexpectedly due to a socket buffer (SKB) underrun. With this update, the xfrm lookup on an already transformed dst_entry is not possible. As a result, using UDP iperf utility over IPv6 ESP no longer causes invalid IPv6 fragment transmissions or a kernel panic. (BZ#1639586) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact 1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) 1610958 - CVE-2017-18344 kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c 1624498 - CVE-2018-14634 kernel: Integer overflow in Linux's create_elf_tables function 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.2): Source: kernel-3.10.0-327.76.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm kernel-doc-3.10.0-327.76.1.el7.noarch.rpm x86_64: kernel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-headers-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm perf-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.2): Source: kernel-3.10.0-327.76.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm kernel-doc-3.10.0-327.76.1.el7.noarch.rpm x86_64: kernel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-headers-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm perf-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.2): Source: kernel-3.10.0-327.76.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm kernel-doc-3.10.0-327.76.1.el7.noarch.rpm x86_64: kernel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-headers-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm perf-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-18344 https://access.redhat.com/security/cve/CVE-2018-5391 https://access.redhat.com/security/cve/CVE-2018-10675 https://access.redhat.com/security/cve/CVE-2018-14634 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3553061 https://access.redhat.com/security/vulnerabilities/mutagen-astronomy 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW+sPDtzjgjWX9erEAQhm3BAAhxwzb8zJTfl0zFY/r9KUzkAdLXY4w39X BgJrVPyl7f6krvQ17HE95Poqz/iUhMOZAweypQXHMRKkmfMTYiLHlKpdIusou2xy y1ZzB1uloI4j2zMdTDRP5yZz06r/NP5A05pLZDA02iR5b07ALLYb5hcL5oBnpQXp 9Xp31qb7TCP+jWtCO1Ot+9GJ3chMNvpYqH0OkGTpq/G7PxGrhIzB6v4p6N5OntD9 5CIebREaGBWn9ViWiUHcthgg+PN2iS2/5ST82g/Jss/WmVVZSiVbayob6/MNQPnb M29VHOmJ6pf5dERNpSqrJrBXeDYCMA6HHD+RT9SmiuQQ8gQ2Rzjy7K97Nn++6x7O nclOTmB7hQZtl0WhgC3xuwtslXGpe9jKSzql03ijTvJRQrczgVWiBS+tpfVAJprV ma2Kchf5ivctaXZ/R62JMyTvNf6HCVdvBNvSNET52ol3PkdpJK7V7mg+H64Mqdrl cBTUDBHHYYWMJted9pHWq7tPs0vy1h9aoFqNdlak5jwr169vldlZMRBbhtvz+OXj V/o+IClbY9UUfibaXDoX7qufeVikW1KQ4L+VhRj3RzXNsu2A8FUAcN7za5Qv5HIe LiC42C+pjvHqS/9gNpBakzKv6nPldWZIfPEuF4zewizBxlTXHPE1ln1hAWKjqVTs 6QJ1Zh7jeUY= =8JOQ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.3) - ppc64, ppc64le, x86_64 3. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. Consequently, the node was not available. This update fixes an irq latency source in memory compaction. (BZ#1596281) * Previously, the kernel source code was missing support to report the Speculative Store Bypass Disable (SSBD) vulnerability status on IBM Power Systems and the little-endian variants of IBM Power Systems. As a consequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file incorrectly reported "Not affected" on both CPU architectures. This fix updates the kernel source code to properly report the SSBD status either as "Vulnerable" or "Mitigation: Kernel entry/exit barrier (TYPE)" where TYPE is one of "eieio", "hwsync", "fallback", or "unknown". As a consequence, the VMs sometimes became unresponsive when booting. This update applies an upstream patch to avoid early microcode update when running under a hypervisor. (BZ#1618388) 4

An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID field. Edimax EW-7438RPn Mini v2 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. EdimaxEW-7438RPnMini is a wireless router product from EdimaxTechnology. A cross-site scripting vulnerability exists in the SSID field in versions prior to EdimaxEW-7438RPnMiniv21.26. A remote attacker can exploit this vulnerability to perform a phishing attack

A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process. plural Hikvision IP Cameras The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HikVision IP Cameras is a network camera product from China Hikvision. Hikvision network camera has a buffer overflow vulnerability, which is caused by insufficient input verification

A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140. Cisco IOS and Cisco IOS XE The software is vulnerable to cryptographic strength. Vendors have confirmed this vulnerability Bug ID CSCve77140 It is released as.Information may be obtained

Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface. A security vulnerability exists in Zipato Zipabox

Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device. Zipato Zipabox Smart Home Controller Contains a cryptographic strength vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Zipato Zipabox is a smart home gateway controller from Zipato, Republic of Croatia. Attackers can exploit this vulnerability to extract plaintext passwords and gain root access to the device