VARIoT IoT vulnerabilities database

Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter. ASUSTOR AS6202T Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSTOR AS6202T ADM is a set of ASUSTOR NAS storage device operating system developed by ASUSTOR. There is a security vulnerability in the importuser.cgi file in ASUSTOR AS6202T ADM 3.1.0.RFQ3

An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter. ASUSTOR AS6202T Contains an access control vulnerability.Information may be tampered with. ASUSTOR AS6202T ADM is a set of ASUSTOR NAS storage device operating system developed by ASUSTOR. There is a security vulnerability in the download.cgi file in ASUSTOR AS6202T ADM 3.1.0.RFQ3. A remote attacker could exploit this vulnerability to obtain sensitive information by sending a specially crafted HTTP request

A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter. ASUSTOR AS6202T Contains a path traversal vulnerability.Information may be tampered with. ASUSTOR AS6202T ADM is a set of ASUSTOR NAS storage device operating system developed by ASUSTOR

A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter. ASUSTOR AS6202T Contains a path traversal vulnerability.Information may be obtained. ASUSTOR AS6202T ADM is a set of ASUSTOR NAS storage device operating system developed by ASUSTOR

WECON LeviStudio is a set of human-machine interface programming software from China WECON company. WECON LeviStudio has a heap overflow vulnerability. An attacker could exploit the vulnerability to cause the program to crash by constructing a malformed hmp file. If used successfully, it can lead to arbitrary code execution

IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598. IBM WebSphere MQ Contains a certificate validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 142598 It is released as.Information may be obtained. Multiple IBM Products are prone to an information-disclosure vulnerability

The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network. BMWvehicles and others are automotive products of the German BMW (BayerischeMotorenWerkeAG) company. There is a security hole in the TelematicsControlUnit in BMW cars (cars produced in 2012-2018). An attacker can exploit a vulnerability for a ranged attack. BMW Infotainment System Telematics/Control Unit/Central Gateway Module are prone to the following multiple security vulnerabilities: 1. A local code-execution vulnerability 2. A security-bypass vulnerability 3. A denial-of-service vulnerability 4. Multiple remote code-execution vulnerabilities An attacker can leverage these issues to execute arbitrary code with root privileges, bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions. BMW vehicles, etc

The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network. BMWvehicles and others are automotive products of the German BMW (BayerischeMotorenWerkeAG) company. There is a security hole in the Telematics ControlUnit on the BMW (models produced in 2012-2018). Allows an attacker to conduct a ranged attack. BMW Infotainment System Telematics/Control Unit/Central Gateway Module are prone to the following multiple security vulnerabilities: 1. A local code-execution vulnerability 2. A security-bypass vulnerability 3. A denial-of-service vulnerability 4. Multiple remote code-execution vulnerabilities An attacker can leverage these issues to execute arbitrary code with root privileges, bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions. BMW vehicles, etc. Remote attackers can exploit this vulnerability to attack the system

The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access. plural BMW In the series Head Unit HU_NBT ( alias Infotainment) The component contains a vulnerability related to failure of the protection mechanism.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HeadUnitHU_NBT (Infotainment) component is a system of infotainment systems. There are security holes in the HeadUnitHU_NBT component on several BMW cars (cars produced in 2012-2018). There are currently no detailed vulnerability descriptions. BMW Infotainment System Telematics/Control Unit/Central Gateway Module are prone to the following multiple security vulnerabilities: 1. A local code-execution vulnerability 2. A security-bypass vulnerability 3. A denial-of-service vulnerability 4. Multiple remote code-execution vulnerabilities An attacker can leverage these issues to execute arbitrary code with root privileges, bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions

The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in. plural BMW In the series Head Unit HU_NBT ( alias Infotainment) The component contains a vulnerability related to failure of the protection mechanism.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HeadUnitHU_NBT (Infotainment) component is a system of infotainment systems. There are security holes in the HeadUnitHU_NBT component on several BMW cars (cars produced in 2012-2018). There are currently no detailed vulnerability descriptions. BMW Infotainment System Telematics/Control Unit/Central Gateway Module are prone to the following multiple security vulnerabilities: 1. A local code-execution vulnerability 2. A security-bypass vulnerability 3. A denial-of-service vulnerability 4. Multiple remote code-execution vulnerabilities An attacker can leverage these issues to execute arbitrary code with root privileges, bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions

The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell. plural BMW In the series Head Unit HU_NBT ( alias Infotainment) The component contains a vulnerability related to failure of the protection mechanism.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HeadUnitHU_NBT (Infotainment) component is a system of infotainment systems. There are security holes in the HeadUnitHU_NBT component on several BMW cars (cars produced in 2012-2018). BMW Infotainment System Telematics/Control Unit/Central Gateway Module are prone to the following multiple security vulnerabilities: 1. A local code-execution vulnerability 2. A security-bypass vulnerability 3. A denial-of-service vulnerability 4. Multiple remote code-execution vulnerabilities An attacker can leverage these issues to execute arbitrary code with root privileges, bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions

The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot. plural BMW In the series Head Unit HU_NBT ( alias Infotainment) The component contains a vulnerability related to failure of the protection mechanism.Service operation interruption (DoS) There is a possibility of being put into a state. HeadUnitHU_NBT (Infotainment) component is a system of infotainment systems. There are security holes in the HeadUnitHU_NBT component on several BMW cars (cars produced in 2012-2018). A remote attacker can use this vulnerability to cause HeadUnit to restart with Bluetooth. BMW Infotainment System Telematics/Control Unit/Central Gateway Module are prone to the following multiple security vulnerabilities: 1. A local code-execution vulnerability 2. A security-bypass vulnerability 3. A denial-of-service vulnerability 4. Multiple remote code-execution vulnerabilities An attacker can leverage these issues to execute arbitrary code with root privileges, bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions

The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in. plural BMW In the series Head Unit HU_NBT ( alias Infotainment) The component contains a vulnerability related to failure of the protection mechanism.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HeadUnitHU_NBT (Infotainment) component is a system of infotainment systems. There are security holes in the HeadUnitHU_NBT component on several BMW cars (cars produced in 2012-2018). There are currently no detailed vulnerability descriptions. BMW Infotainment System Telematics/Control Unit/Central Gateway Module are prone to the following multiple security vulnerabilities: 1. A local code-execution vulnerability 2. A security-bypass vulnerability 3. A denial-of-service vulnerability 4. Multiple remote code-execution vulnerabilities An attacker can leverage these issues to execute arbitrary code with root privileges, bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a. Has speculative execution function CPU Is vulnerable to a cache-side channel attack. "Variant 4" Or "SpectreNG" It is called. Has speculative execution function CPU The following vulnerabilities have been reported that perform cache timing side-channel attacks against. * CVE-2018-3639 (Variant 4 "SpectreNG") : Speculative Store Bypass (SSB) * CVE-2018-3640 (Variant 3a) : Rogue System Register Read (RSRE) For more information, Project Zero <a href="https://bugs.chromium.org/p/project-zero/issues/detail?id=1528">bug report</a> , Intel security advisory <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html">INTEL-SA-00115</a> and ARM <a href="https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability">whitepaper</a> Please refer to. This vulnerability has been announced in the past <a href="https://www.kb.cert.org/vuls/id/584653"> Vulnerability </a> CVE-2017-5753 (Variant 1 "Spectre") , CVE-2017-5715 (Variant 2 "Spectre") , CVE-2017-5754 (Variant 3 "Meltdown") To be similar to "SpectreNG" It is reported with the name.By using a cache timing side channel attack, a third party who can access as a local user may be able to read arbitrary privilege data or system register values. CPUhardware is firmware that runs in the central processor for managing and controlling the CPU. A number of CPUHardwares have information disclosure vulnerabilities. The vulnerability is caused by a race condition in the CPU cache processing. Local attackers can exploit vulnerabilities to obtain sensitive information through side channel analysis. Multiple CPU Hardwares are prone to an information-disclosure vulnerability. AMD, ARM, and Intel CPUs are all CPU (central processing unit) products from different manufacturers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4273-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 16, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : intel-microcode CVE ID : CVE-2018-3639 CVE-2018-3640 This update ships updated CPU microcode for some types of Intel CPUs and provides SSBD support (needed to address "Spectre v4") and fixes for "Spectre v3a". For the stable distribution (stretch), these problems have been fixed in version 3.20180703.2~deb9u1. We recommend that you upgrade your intel-microcode packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address the following: afpserver Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A remote attacker may be able to attack AFP servers through HTTP clients Description: An input validation issue was addressed with improved input validation. CVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC Berkeley AppleGraphicsControl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4410: an anonymous researcher working with Trend Micro's Zero Day Initiative AppleGraphicsControl Available for: macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4417: Lee of the Information Security Lab Yonsei University working with Trend Micro's Zero Day Initiative APR Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2017-12613: Craig Young of Tripwire VERT CVE-2017-12618: Craig Young of Tripwire VERT ATS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend Micro's Zero Day Initiative ATS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4308: Mohamed Ghannam (@_simo36) CFNetwork Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative CoreAnimation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4415: Liang Zhuo working with Beyond Security's SecuriTeam Secure Disclosure CoreCrypto Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers Description: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum CoreFoundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) CUPS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: In certain configurations, a remote attacker may be able to replace the message content from the print server with arbitrary content Description: An injection issue was addressed with improved validation. CVE-2018-4153: Michael Hanselmann of hansmi.ch CUPS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4406: Michael Hanselmann of hansmi.ch Dictionary Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Parsing a maliciously crafted dictionary file may lead to disclosure of user information Description: A validation issue existed which allowed local file access. This was addressed with input sanitization. CVE-2018-4346: Wojciech ReguAa (@_r3ggi) of SecuRing Dock Available for: macOS Mojave 10.14 Impact: A malicious application may be able to access restricted files Description: This issue was addressed by removing additional entitlements. CVE-2018-4403: Patrick Wardle of Digita Security dyld Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved validation. This ensures that older data read from recently-written-to addresses cannot be read via a speculative side-channel. CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken Johnson of the Microsoft Security Response Center (MSRC) EFI Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: A local user may be able to modify protected parts of the file system Description: A configuration issue was addressed with additional restrictions. CVE-2018-4342: Timothy Perfitt of Twocanoes Software Foundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck) Grand Central Dispatch Available for: macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad Heimdal Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas F. Wenisch of University of Michigan, Mark Silberstein and Marina Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu of Intel Corporation, Yuval Yarom of The University of Adelaide Hypervisor Available for: macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2018-4242: Zhuo Liang of Qihoo 360 Nirvan Team ICU Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4394: an anonymous researcher Intel Graphics Driver Available for: macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4334: Ian Beer of Google Project Zero Intel Graphics Driver Available for: macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4396: Yu Wang of Didi Research America CVE-2018-4418: Yu Wang of Didi Research America Intel Graphics Driver Available for: macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4350: Yu Wang of Didi Research America IOGraphics Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4422: an anonymous researcher working with Trend Micro's Zero Day Initiative IOHIDFamily Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero IOKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4402: Proteas of Qihoo 360 Nirvan Team IOKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero IOUserEthernet Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple IPSec Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2018-4420: Mohamed Ghannam (@_simo36) Kernel Available for: macOS High Sierra 10.13.6 Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions. CVE-2018-4399: Fabiano Anemone (@anoane) Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4419: Mohamed Ghannam (@_simo36) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Kernel Available for: macOS Sierra 10.12.6 Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4259: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4286: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4287: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4288: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4291: Kevin Backhouse of Semmle and LGTM.com Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security Team Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Kernel Available for: macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4424: Dr. Silvio Cesare of InfoSect Login Window Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A local user may be able to cause a denial of service Description: A validation issue was addressed with improved logic. CVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of MWR InfoSecurity Mail Available for: macOS Mojave 10.14 Impact: Processing a maliciously crafted mail message may lead to UI spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4389: Dropbox Offensive Security Team, Theodor Ragnar Gislason of Syndis mDNSOffloadUserClient Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team MediaRemote Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. This ensures that implementation specific system registers cannot be leaked via a speculative execution side-channel. CVE-2018-3640: Innokentiy Sennovskiy from BiZone LLC (bi.zone), Zdenek Sojka, Rudolf Marek and Alex Zuepke from SYSGO AG (sysgo.com) NetworkExtension Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Connecting to a VPN server may leak DNS queries to a DNS proxy Description: A logic issue was addressed with improved state management. CVE-2018-4369: an anonymous researcher Perl Available for: macOS Sierra 10.12.6 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2018-6797: Brian Carpenter Ruby Available for: macOS Sierra 10.12.6 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple issues in Ruby were addressed in this update. CVE-2017-898 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Processing a maliciously crafted S/MIME signed message may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd. Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4395: Patrick Wardle of Digita Security Spotlight Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4393: Lufeng Li Symptom Framework Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative WiFi Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische UniversitA$?t Darmstadt Additional recognition Calendar We would like to acknowledge an anonymous researcher for their assistance. iBooks We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool ICT for their assistance. Kernel We would like to acknowledge Brandon Azad for their assistance. LaunchServices We would like to acknowledge Alok Menghrajani of Square for their assistance. Quick Look We would like to acknowledge lokihardt of Google Project Zero for their assistance. Security We would like to acknowledge Marinos Bernitsas of Parachute for their assistance. Terminal We would like to acknowledge an anonymous researcher for their assistance. Installation note: macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EcGQ// QbUbTOZRgxcStGZjs+qdXjeaXI6i1MKaky7o/iYCXf87crFu79PCsXyPU1jeMvoS tgDxz7ornlyaxR4wcSYzfcuIeY2ZH+dkxc7JJHQbKTW1dWYHpXUUzzNm+Ay/Gtk+ 2EIAgJ9oUf8FARR5cmcKBZfLFVdc40vpM3bBCV4m2Kr5KiDsqZKdZTujBQRccAsO HKRbhDecw0WX/CfEbLprs86uIXFMIoifhmh8LMebjzIQn2ozoFG6R31vMMHeDpir zf0xlVCJrJy/XywmkodhBWWrUWcM0hfsJ8EmyIBwFEYUxFhOV3D+x3rStd2kjyNL LG9oWclxDkjImQXdrL8IRAQfZvcVQFZK2vSGCYfRN0LY105sxjPjeIsJ0RORzcSN 2mlDR1UuTosk0GleDbmhv/ornfOc537UebwuHVWU5LpPNFkvY1Cv8zPrQAHewuod TmktkNuv2x2fgw9g7ntE88UBF9JMC+Ofs/FgJ67RkoT4R39P7VvaztHlmxmr/rIw TrSs7TDVqciz+DOMRKxyNPI1cpXM5ITCTvgbY4+RWwaFJzfgY+Gc+sldvVcb1x9I LlsI19MA0bsvi+ReOcLbWYuEHaVhVqZ7LndxR9m2gJ39L9jff+dOsSlznF4OLs+S t7Rz6i2mOpe6vXobkTUmml3m3zYIhL3XcdcYpw3U0F8= =uhgi -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3756-1 August 27, 2018 intel-microcode vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: The system could be made to expose sensitive information. Software Description: - intel-microcode: Processor microcode for Intel CPUs Details: It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). This vulnerability is also known as Rogue System Register Read (RSRE). (CVE-2018-3640) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: intel-microcode 3.20180807a.0ubuntu0.18.04.1 Ubuntu 16.04 LTS: intel-microcode 3.20180807a.0ubuntu0.16.04.1 Ubuntu 14.04 LTS: intel-microcode 3.20180807a.0ubuntu0.14.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3756-1 CVE-2018-3639, CVE-2018-3640, CVE-2018-3646 Package Information: https://launchpad.net/ubuntu/+source/intel-microcode/3.20180807a.0ubuntu0.18.04.1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20180807a.0ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20180807a.0ubuntu0.14.04.1

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". CPUhardware is firmware that runs in the central processor for managing and controlling the CPU. Multiple CPUHardware information disclosure vulnerabilities. The vulnerability is caused by a race condition in the CPU cache processing. Local attackers can exploit vulnerabilities to obtain sensitive information through side channel analysis. AMD, ARM, and Intel CPUs are all CPU (central processing unit) products from different manufacturers. AMD, ARM, and Intel CPUs have security vulnerabilities. 6.4) - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:1965-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1965 Issue date: 2018-06-26 CVE Names: CVE-2017-11600 CVE-2018-3639 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch, ppc64le 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC, x86 AMD) * kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3485871 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1474928 - CVE-2017-11600 kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-862.6.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.6.3.el7.noarch.rpm kernel-doc-3.10.0-862.6.3.el7.noarch.rpm x86_64: kernel-3.10.0-862.6.3.el7.x86_64.rpm kernel-debug-3.10.0-862.6.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.6.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm kernel-devel-3.10.0-862.6.3.el7.x86_64.rpm kernel-headers-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.6.3.el7.x86_64.rpm perf-3.10.0-862.6.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm python-perf-3.10.0-862.6.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.6.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-862.6.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.6.3.el7.noarch.rpm kernel-doc-3.10.0-862.6.3.el7.noarch.rpm x86_64: kernel-3.10.0-862.6.3.el7.x86_64.rpm kernel-debug-3.10.0-862.6.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.6.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm kernel-devel-3.10.0-862.6.3.el7.x86_64.rpm kernel-headers-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.6.3.el7.x86_64.rpm perf-3.10.0-862.6.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm python-perf-3.10.0-862.6.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.6.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-862.6.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.6.3.el7.noarch.rpm kernel-doc-3.10.0-862.6.3.el7.noarch.rpm ppc64: kernel-3.10.0-862.6.3.el7.ppc64.rpm kernel-bootwrapper-3.10.0-862.6.3.el7.ppc64.rpm kernel-debug-3.10.0-862.6.3.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm kernel-debug-devel-3.10.0-862.6.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.6.3.el7.ppc64.rpm kernel-devel-3.10.0-862.6.3.el7.ppc64.rpm kernel-headers-3.10.0-862.6.3.el7.ppc64.rpm kernel-tools-3.10.0-862.6.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm kernel-tools-libs-3.10.0-862.6.3.el7.ppc64.rpm perf-3.10.0-862.6.3.el7.ppc64.rpm perf-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm python-perf-3.10.0-862.6.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm ppc64le: kernel-3.10.0-862.6.3.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.6.3.el7.ppc64le.rpm kernel-debug-3.10.0-862.6.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.6.3.el7.ppc64le.rpm kernel-devel-3.10.0-862.6.3.el7.ppc64le.rpm kernel-headers-3.10.0-862.6.3.el7.ppc64le.rpm kernel-tools-3.10.0-862.6.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.6.3.el7.ppc64le.rpm perf-3.10.0-862.6.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm python-perf-3.10.0-862.6.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm s390x: kernel-3.10.0-862.6.3.el7.s390x.rpm kernel-debug-3.10.0-862.6.3.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.6.3.el7.s390x.rpm kernel-debug-devel-3.10.0-862.6.3.el7.s390x.rpm kernel-debuginfo-3.10.0-862.6.3.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.6.3.el7.s390x.rpm kernel-devel-3.10.0-862.6.3.el7.s390x.rpm kernel-headers-3.10.0-862.6.3.el7.s390x.rpm kernel-kdump-3.10.0-862.6.3.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.6.3.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.6.3.el7.s390x.rpm perf-3.10.0-862.6.3.el7.s390x.rpm perf-debuginfo-3.10.0-862.6.3.el7.s390x.rpm python-perf-3.10.0-862.6.3.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.6.3.el7.s390x.rpm x86_64: kernel-3.10.0-862.6.3.el7.x86_64.rpm kernel-debug-3.10.0-862.6.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.6.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm kernel-devel-3.10.0-862.6.3.el7.x86_64.rpm kernel-headers-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.6.3.el7.x86_64.rpm perf-3.10.0-862.6.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm python-perf-3.10.0-862.6.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): noarch: kernel-abi-whitelists-3.10.0-862.6.3.el7.noarch.rpm kernel-doc-3.10.0-862.6.3.el7.noarch.rpm ppc64le: kernel-3.10.0-862.6.3.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.6.3.el7.ppc64le.rpm kernel-debug-3.10.0-862.6.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.6.3.el7.ppc64le.rpm kernel-devel-3.10.0-862.6.3.el7.ppc64le.rpm kernel-headers-3.10.0-862.6.3.el7.ppc64le.rpm kernel-tools-3.10.0-862.6.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.6.3.el7.ppc64le.rpm perf-3.10.0-862.6.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm python-perf-3.10.0-862.6.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm s390x: kernel-3.10.0-862.6.3.el7.s390x.rpm kernel-debug-3.10.0-862.6.3.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.6.3.el7.s390x.rpm kernel-debug-devel-3.10.0-862.6.3.el7.s390x.rpm kernel-debuginfo-3.10.0-862.6.3.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.6.3.el7.s390x.rpm kernel-devel-3.10.0-862.6.3.el7.s390x.rpm kernel-headers-3.10.0-862.6.3.el7.s390x.rpm kernel-kdump-3.10.0-862.6.3.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.6.3.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.6.3.el7.s390x.rpm perf-3.10.0-862.6.3.el7.s390x.rpm perf-debuginfo-3.10.0-862.6.3.el7.s390x.rpm python-perf-3.10.0-862.6.3.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.6.3.el7.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.6.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-862.6.3.el7.ppc64.rpm perf-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.6.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.6.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.6.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.6.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): noarch: kernel-doc-3.10.0-862.6.3.el7.noarch.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.6.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.6.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.6.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-862.6.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.6.3.el7.noarch.rpm kernel-doc-3.10.0-862.6.3.el7.noarch.rpm x86_64: kernel-3.10.0-862.6.3.el7.x86_64.rpm kernel-debug-3.10.0-862.6.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.6.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm kernel-devel-3.10.0-862.6.3.el7.x86_64.rpm kernel-headers-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.6.3.el7.x86_64.rpm perf-3.10.0-862.6.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm python-perf-3.10.0-862.6.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.6.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-11600 https://access.redhat.com/security/cve/CVE-2018-3639 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3485871 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWzJvQtzjgjWX9erEAQhA1BAAnHot2ERbRC9tVbWzn8egMTLwNGaPfu8b RhzRg0qgwySJM7JXfEC2fKJYoCaL71ykhGUC98wNc5SJVqkfzMt66pyxrMrK8Ff2 +LJW3BFAbFfzzt/NMRwXM+s2TSNj6BhqWpohgmB83jz3uPzH51QBp2SbumMDwdrj VN9/rZlA/2rofE/7Lyz2B/Rks5oEvRbW4pf4hDpARDLqD8iU4UhW8QGb4HZfH//X lvVTnKaMvCN1Jecc0fyp6lE4no2FBMPBlIQvnHcHw4gtjBajN4Ics/nMEXs7Zp2/ +sCtyWuH06G6hiawMHmCaw6QPqIvhJ2zcgzZl+18ITDk3OOlIPhpFJHQ1hjKZR3v 5PqvGyVXuKqzwtRIdTvDNIrI42R31xUiLXSk24scMO8p5IiCrONn2Med4LsOH6k8 9hMyYG+oYo3SKjes8N9Q3Gzf98MR/Kkx/5nRRmLpQEHehhNIgBebhscWdL535Ufk NJ1a4SHRxCoj3WSpx6XDZ+ZjHHWJVYZ8TnvHY2qrD1r1BCZNXkeBYZ4Fthelu5BS iGLax+RbZbS0n83AmEV7rq85o1i95fJPYTuZ1xzcx8DxZcgwoc6X8h9doz2Rz9Mq 08nScZYH4g6ruhcvWFYnsxx/hYpWvnnaUlmDGKhoUpd5+hCPP3hTx+GvFKi/IjiD rcTDRBuyPRI= =PPUN -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-2 macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra are now available and address the following: afpserver Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A remote attacker may be able to attack AFP servers through HTTP clients Description: An input validation issue was addressed with improved input validation. CVE-2018-4295: Jianjun Chen (@whucjj) from Tsinghua University and UC Berkeley AppleGraphicsControl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4410: an anonymous researcher working with Trend Micro's Zero Day Initiative AppleGraphicsControl Available for: macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4417: Lee of the Information Security Lab Yonsei University working with Trend Micro's Zero Day Initiative APR Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2017-12613: Craig Young of Tripwire VERT CVE-2017-12618: Craig Young of Tripwire VERT ATS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4411: lilang wu moony Li of Trend Micro working with Trend Micro's Zero Day Initiative ATS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4308: Mohamed Ghannam (@_simo36) CFNetwork Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative CoreAnimation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4415: Liang Zhuo working with Beyond Security's SecuriTeam Secure Disclosure CoreCrypto Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers Description: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. CVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum CoreFoundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) CUPS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: In certain configurations, a remote attacker may be able to replace the message content from the print server with arbitrary content Description: An injection issue was addressed with improved validation. CVE-2018-4153: Michael Hanselmann of hansmi.ch CUPS Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4406: Michael Hanselmann of hansmi.ch Dictionary Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Parsing a maliciously crafted dictionary file may lead to disclosure of user information Description: A validation issue existed which allowed local file access. This was addressed with input sanitization. CVE-2018-4346: Wojciech ReguAa (@_r3ggi) of SecuRing Dock Available for: macOS Mojave 10.14 Impact: A malicious application may be able to access restricted files Description: This issue was addressed by removing additional entitlements. CVE-2018-4403: Patrick Wardle of Digita Security dyld Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved validation. This ensures that older data read from recently-written-to addresses cannot be read via a speculative side-channel. CVE-2018-3639: Jann Horn (@tehjh) of Google Project Zero (GPZ), Ken Johnson of the Microsoft Security Response Center (MSRC) EFI Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: A local user may be able to modify protected parts of the file system Description: A configuration issue was addressed with additional restrictions. CVE-2018-4342: Timothy Perfitt of Twocanoes Software Foundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck) Grand Central Dispatch Available for: macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad Heimdal Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-3646: Baris Kasikci, Daniel Genkin, Ofir Weisse, and Thomas F. Wenisch of University of Michigan, Mark Silberstein and Marina Minkin of Technion, Raoul Strackx, Jo Van Bulck, and Frank Piessens of KU Leuven, Rodrigo Branco, Henrique Kawakami, Ke Sun, and Kekai Hu of Intel Corporation, Yuval Yarom of The University of Adelaide Hypervisor Available for: macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2018-4242: Zhuo Liang of Qihoo 360 Nirvan Team ICU Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4394: an anonymous researcher Intel Graphics Driver Available for: macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4334: Ian Beer of Google Project Zero Intel Graphics Driver Available for: macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4396: Yu Wang of Didi Research America CVE-2018-4418: Yu Wang of Didi Research America Intel Graphics Driver Available for: macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4350: Yu Wang of Didi Research America IOGraphics Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4422: an anonymous researcher working with Trend Micro's Zero Day Initiative IOHIDFamily Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero IOKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4402: Proteas of Qihoo 360 Nirvan Team IOKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero IOUserEthernet Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple IPSec Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2018-4420: Mohamed Ghannam (@_simo36) Kernel Available for: macOS High Sierra 10.13.6 Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions. CVE-2018-4399: Fabiano Anemone (@anoane) Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4419: Mohamed Ghannam (@_simo36) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Kernel Available for: macOS Sierra 10.12.6 Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4259: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4286: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4287: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4288: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4291: Kevin Backhouse of Semmle and LGTM.com Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security Team Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Kernel Available for: macOS Mojave 10.14 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4424: Dr. Silvio Cesare of InfoSect Login Window Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A local user may be able to cause a denial of service Description: A validation issue was addressed with improved logic. CVE-2018-4348: Ken Gannon of MWR InfoSecurity and Christian Demko of MWR InfoSecurity Mail Available for: macOS Mojave 10.14 Impact: Processing a maliciously crafted mail message may lead to UI spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4389: Dropbox Offensive Security Team, Theodor Ragnar Gislason of Syndis mDNSOffloadUserClient Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team MediaRemote Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. This ensures that implementation specific system registers cannot be leaked via a speculative execution side-channel. CVE-2018-3640: Innokentiy Sennovskiy from BiZone LLC (bi.zone), Zdenek Sojka, Rudolf Marek and Alex Zuepke from SYSGO AG (sysgo.com) NetworkExtension Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Connecting to a VPN server may leak DNS queries to a DNS proxy Description: A logic issue was addressed with improved state management. CVE-2018-4369: an anonymous researcher Perl Available for: macOS Sierra 10.12.6 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2018-6797: Brian Carpenter Ruby Available for: macOS Sierra 10.12.6 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple issues in Ruby were addressed in this update. CVE-2017-898 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Processing a maliciously crafted S/MIME signed message may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd. Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4395: Patrick Wardle of Digita Security Spotlight Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4393: Lufeng Li Symptom Framework Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative WiFi Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische UniversitA$?t Darmstadt Additional recognition Calendar We would like to acknowledge an anonymous researcher for their assistance. iBooks We would like to acknowledge Sem VoigtlA$?nder of Fontys Hogeschool ICT for their assistance. Kernel We would like to acknowledge Brandon Azad for their assistance. LaunchServices We would like to acknowledge Alok Menghrajani of Square for their assistance. Quick Look We would like to acknowledge lokihardt of Google Project Zero for their assistance. Security We would like to acknowledge Marinos Bernitsas of Parachute for their assistance. Terminal We would like to acknowledge an anonymous researcher for their assistance. Installation note: macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, and Security Update 2018-005 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EcGQ// QbUbTOZRgxcStGZjs+qdXjeaXI6i1MKaky7o/iYCXf87crFu79PCsXyPU1jeMvoS tgDxz7ornlyaxR4wcSYzfcuIeY2ZH+dkxc7JJHQbKTW1dWYHpXUUzzNm+Ay/Gtk+ 2EIAgJ9oUf8FARR5cmcKBZfLFVdc40vpM3bBCV4m2Kr5KiDsqZKdZTujBQRccAsO HKRbhDecw0WX/CfEbLprs86uIXFMIoifhmh8LMebjzIQn2ozoFG6R31vMMHeDpir zf0xlVCJrJy/XywmkodhBWWrUWcM0hfsJ8EmyIBwFEYUxFhOV3D+x3rStd2kjyNL LG9oWclxDkjImQXdrL8IRAQfZvcVQFZK2vSGCYfRN0LY105sxjPjeIsJ0RORzcSN 2mlDR1UuTosk0GleDbmhv/ornfOc537UebwuHVWU5LpPNFkvY1Cv8zPrQAHewuod TmktkNuv2x2fgw9g7ntE88UBF9JMC+Ofs/FgJ67RkoT4R39P7VvaztHlmxmr/rIw TrSs7TDVqciz+DOMRKxyNPI1cpXM5ITCTvgbY4+RWwaFJzfgY+Gc+sldvVcb1x9I LlsI19MA0bsvi+ReOcLbWYuEHaVhVqZ7LndxR9m2gJ39L9jff+dOsSlznF4OLs+S t7Rz6i2mOpe6vXobkTUmml3m3zYIhL3XcdcYpw3U0F8= =uhgi -----END PGP SIGNATURE----- . Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Once all virtual machines have shut down, start them again for this update to take effect. Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. Bug Fix(es): * Previously, configurations with the little-endian variant of IBM Power Systems CPU architectures and Hard Disk Drives (HDD) designed according to Nonvolatile Memory Express (NVMe) open standards, experienced crashes during shutdown or reboot due to race conditions of CPUs. As a consequence, the sysfs pseudo file system threw a stack trace report about an attempt to create a duplicate entry in sysfs. This update modifies the source code so that the irq_dispose_mapping() function is called first and the msi_bitmap_free_hwirqs() function is called afterwards. As a result, the race condition no longer appears in the described scenario. (BZ#1570510) * When switching from the indirect branch speculation (IBRS) feature to the retpolines feature, the IBRS state of some CPUs was sometimes not handled correctly. Consequently, some CPUs were left with the IBRS Model-Specific Register (MSR) bit set to 1, which could lead to performance issues. With this update, the underlying source code has been fixed to clear the IBRS MSR bits correctly, thus fixing the bug. (BZ#1586147) * During a balloon reset, page pointers were not correctly initialized after unmapping the memory. Consequently, on the VMware ESXi hypervisor with "Fault Tolerance" and "ballooning" enabled, the following messages repeatedly occurred in the kernel log: [3014611.640148] WARNING: at mm/vmalloc.c:1491 __vunmap+0xd3/0x100() [3014611.640269] Trying to vfree() nonexistent vm area (ffffc90000697000) With this update, the underlying source code has been fixed to initialize page pointers properly. As a result, the mm/vmalloc.c warnings no longer occur under the described circumstances. (BZ#1595600) 4. Relevant releases/architectures: RHEV-M 3.6 ELS - noarch 3. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. The following packages have been upgraded to a later upstream version: rhevm-setup-plugins (3.6.7). (CVE-2018-3639) Note: This issue is present in hardware and cannot be fully fixed via software update. To be fully functional, up-to-date CPU microcode applied on the system might be required. In this update, mitigation for PowerPC architecture is provided. 6) - i386, x86_64 3. Bug Fix(es): * Previously, microcode updates on 32 and 64-bit AMD and Intel architectures were not synchronized. As a consequence, it was not possible to apply the microcode updates. This fix adds the synchronization to the microcode updates so that processors of the stated architectures receive updates at the same time. As a result, microcode updates are now synchronized. (BZ#1574592) 4. Description: The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. 7) - aarch64, noarch, ppc64le, s390x 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. (CVE-2018-3639) Note: This is the OpenJDK side of the CVE-2018-3639 mitigation

A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials. mySCADA myPRO Contains a vulnerability in the use of hard-coded credentials.Information may be obtained and information may be altered

The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a home's target temperature to 95 degrees Fahrenheit. This vulnerability might be described as an addendum to CVE-2013-4860. Radio Thermostat CT50 and CT80 Contains an input validation vulnerability.Information may be tampered with. Radio Thermostat CT50 and CT80 are touch screen thermostat products of American Radio Thermostat Company. This product manages heating and cooling systems in homes. Local HTTP API is one of the local HTTP interfaces

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution. D-Link DIR-550A and DIR-604M The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-Link DIR-550A and DIR-604M are both D-Link wireless router products. A remote code execution vulnerability exists in D-LinkDIR-550A and DIR-604M2.10KR and earlier

totemomail Encryption Gateway before 6.0_b567 allows remote attackers to obtain sensitive information about user sessions and encryption key material via a JSONP hijacking attack. totemomail Encryption Gateway Contains an information disclosure vulnerability.Information may be obtained. A security vulnerability exists in previous versions of totemomailEncryptionGateway6.0_b567

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability. D-Link DIR-550A and DIR-604M Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-Link DIR-550A and DIR-604M are both D-Link wireless router products. Security vulnerabilities existed in D-LinkDIR-550A and DIR-604M2.10KR and earlier