VARIoT IoT vulnerabilities database

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. Spring Framework Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Spring Framework is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. Spring Framework 5.0 through 5.0.5 and 4.3 through 4.3.16 are vulnerable; other versions are also affected. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Description: Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. For further information, refer to the Release Notes linked to in the References section. Security Fix(es): * spring-messaging: ReDoS Attack with spring-messaging (CVE-2018-1257) * spring-data: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259) * spring-security-oauth2: Remote Code Execution with spring-security-oauth2 (CVE-2018-1260) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging 1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration 1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Fuse 7.2 security update Advisory ID: RHSA-2018:3768-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2018:3768 Issue date: 2018-12-04 CVE Names: CVE-2016-5002 CVE-2016-5003 CVE-2017-12196 CVE-2018-1257 CVE-2018-1259 CVE-2018-1288 CVE-2018-1336 CVE-2018-8014 CVE-2018-8018 CVE-2018-8039 CVE-2018-8041 CVE-2018-12537 ===================================================================== 1. Summary: An update is now available for Red Hat Fuse. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Fuse enables integration experts, application developers, and business users to collaborate and independently develop connected solutions. Fuse is part of an agile integration solution. Its distributed approach allows teams to deploy integrated services where required. The API-centric, container-based architecture decouples services so they can be created, extended, and deployed independently. This release of Red Hat Fuse 7.2 serves as a replacement for Red Hat Fuse 7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag (CVE-2016-5003) * tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) * ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint (CVE-2018-8018) * apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039) * xmlrpc: XML external entity vulnerability SSRF via a crafted DTD (CVE-2016-5002) * undertow: Client can use bogus uri in Digest authentication (CVE-2017-12196) * spring-data-commons: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259) * kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass (CVE-2018-1288) * tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014) * camel-mail: path traversal vulnerability (CVE-2018-8041) * vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers (CVE-2018-12537) * spring-framework: ReDoS Attack with spring-messaging (CVE-2018-1257) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Eedo Shapira (GE Digital) for reporting CVE-2018-8041. The CVE-2017-12196 issue was discovered by Jan Stourac (Red Hat). 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are located in the download section of the customer portal. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1503055 - CVE-2017-12196 undertow: Client can use bogus uri in Digest authentication 1508110 - CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD 1508123 - CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag 1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging 1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration 1579611 - CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins 1591072 - CVE-2018-12537 vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers 1595332 - CVE-2018-8039 apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* 1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS 1607731 - CVE-2018-8018 ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint 1611059 - CVE-2018-1288 kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass 1612644 - CVE-2018-8041 camel-mail: path traversal vulnerability 5. References: https://access.redhat.com/security/cve/CVE-2016-5002 https://access.redhat.com/security/cve/CVE-2016-5003 https://access.redhat.com/security/cve/CVE-2017-12196 https://access.redhat.com/security/cve/CVE-2018-1257 https://access.redhat.com/security/cve/CVE-2018-1259 https://access.redhat.com/security/cve/CVE-2018-1288 https://access.redhat.com/security/cve/CVE-2018-1336 https://access.redhat.com/security/cve/CVE-2018-8014 https://access.redhat.com/security/cve/CVE-2018-8018 https://access.redhat.com/security/cve/CVE-2018-8039 https://access.redhat.com/security/cve/CVE-2018-8041 https://access.redhat.com/security/cve/CVE-2018-12537 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=7.2.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.2/ https://access.redhat.com/articles/2939351 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXAakytzjgjWX9erEAQgDkw//Wb1MeuX1VOUq4u9qkgtp3ECPTAR3GE8B RWHYBguzM+WJrDPTtgH1sy1BstIEPgVooQLTKWhZYtJpR64S5T6YAv+aFh1vA7qI 87GDERqiATIm3l8qKBBOF02FukP9ywkaH5hR+pT7tM2OuN8iZ4dvKl0Rdzs6vnhF Ea+qVCKeQlyn88HUUqYw51nBX7tbK0H1RuG7DxlU93LBYqymMIZ90KhcGeuvNPu/ BVk7xMDtbdPSagSBy5WFpTvZ/ozeYBmO7u8p9l67SiD3obR6Rtn83B3DKvL/AFP4 ahKlIrK62hk2qgXrpLQ9aVUwBMZ1Lqu99LelF20hRt38L7qy/EXtD+Xdt0H9Xl/H bcLyRvjq8pOjdrdqAvnfI5HBDdSZrxujYX9t6egoQg3wFuS9h0DbKFMXSKMSaW2S WlP4L5zbCTvhPy3mIPOECKDxP8Xa2g2HnqCal2PpHIXGVBvD0CTuxI0b7a6WKKYf dbhm5uIEhdoS/vSuHntq+o+3IzlhRNHKx2Uh+03arWYyj4N26bbKFB+v+7gjL2e9 1ITf4HXEUphym5PY0R1GGc2Xr5Xc8BjV8xX3pgvI8FcRov4XGsS37TYpvNxPmTCA e4VB2C4WS+AFhk1QJR7cNuACwUxjarIoKUp1CX5gvqu35pVgxR97KxoblGdMtR9g UOgTm4iHIhQ= =RCpd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter. Synology Note Station Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology Note Station is a cloud-based note management platform from Synology

Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. Synology Note Station Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology Note Station is a cloud-based note management platform from Synology. Attachment Preview is one of the attachment preview function components

SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. SAP MaxDB ODBC The driver contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of UDL files by the Data Link Properties dialog. When parsing the Servername element, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the process. MaxDB ODBC Driver 7.9.09.07 is vulnerable; other versions may also be affected

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2. Successful exploits will attackers to cause a denial of service condition

KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances. KONGTOP DVR The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. KONGTOP DVR A303 and so on are all different types of network DVR equipment from China's KONGTOP Industrial Company. A security vulnerability exists in several KONGTOP DVR products due to a backdoor in the Telnetd file. An attacker could exploit the vulnerability with a call to the 'Print_Password' function to obtain information. The following products are affected: KONGTOP DVR A303; KONGTOP DVR A403; KONGTOP DVR D303; KONGTOP DVR D305; KONGTOP DVR D403

A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This affects C# SDK, C SDK, Java SDK. Microsoft C #, C, and Java SDK for Azure IoT are software development kits for Microsoft Azure (Microsoft) based on C #, C, and Java languages for developing Azure IoT (Internet of Things Platform) applications, respectively. An attacker could use this vulnerability to impersonate a server. Multiple Microsoft Azure IoT SDKs are prone to a security vulnerability that may allow attackers to conduct spoofing attacks. A man-in-the-middle attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs. Some operating systems and hypervisors Intel There is a problem that does not expect a debug exception in the hardware architecture, or does not handle it properly. Inappropriate checking or handling for exceptional situations (CWE-703) - CVE-2018-8897 Intel Software Developer Manual (SDM) Vol. SDM Vol 3A section 2.3 According to the debug exception EFLAGS Register IF flag (Interrupt Enable Flag) Is not prohibited. So in certain situations, certain Intel x86-64 Ring level after using architecture-specific instructions 3 Running on OS From component , Higher ring level ( many OS In the ring level 0) Debug exceptions pointing to the data in are enabled. This allows the attacker to API May be used to access sensitive memory information or manipulate high privileged operating system functions.An authenticated attacker could obtain sensitive data in memory and manipulate higher privileged operating system functions. Intel Architecture (processor architecture) is a CPU specification developed by Intel Corporation for its processor. There are security vulnerabilities in the operating systems of multiple vendors. Systems from the following vendors are affected: Apple; DragonFly BSD Project; FreeBSD Project; Linux Kernel; Microsoft; Red Hat; SUSE Linux; Ubuntu; Vmware; Xen. 5 ELS) - i386, noarch, s390x, x86_64 3. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-862.2.3 source tree, which provides a number of bug fixes over the previous version. (BZ#1549768) 4. 6.4) - x86_64 3. Bug Fix(es): * The kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Retpolines. The Retpolines mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. (BZ#1554251) 4. CVE-2018-10471 An error was discovered in the mitigations against Meltdown which could result in denial of service. CVE-2018-10472 Anthony Perard discovered that incorrect parsing of CDROM images can result in information disclosure. CVE-2018-10981 Jan Beulich discovered that malformed device models could result in denial of service. CVE-2018-10982 Roger Pau Monne discovered that incorrect handling of high precision event timers could result in denial of service and potentially privilege escalation. For the stable distribution (stretch), these problems have been fixed in version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u6. We recommend that you upgrade your xen packages. For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xen Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlr7PHoACgkQEMKTtsN8 TjbvyBAAqSJFsDcTo75hggE1faIttXR3UKOwJ4eSKbkf3G6/JnvotuO5z4bQXDBC XZfkL6kOTl579vmCGgCvBv/SrrPrJ1ibhrw+Dz1MIcjX4Yt9mb6NriWuMTObknca uw6qJakWZTB3tFcp3LlmN80B8lY/67XR8mQaZ4f0yHhGEfqIunEtSgLelmp5lLu2 M/m1iH9zQon3muhQiXiHJeMg1ghJ3xvFKbuEU9prih4NNinxquv0pmAzfbPCCBN6 E4cuEjArzdnwLydeWfCoLrFOZh5rvoMTmmK8gj2/KVlbC5YgJ5/xVlc89B4PaJKL m3oUV2dnLEpubC7uuXSOoejMnfbPcOGM4VYrmuIuxEfZZVNYE/NxvmNCZ+JDzQV7 Z939vOgyqyuojFFt7lgvoCWM2Q3xDRMrE9akK1KyAGmvyRzoczblw8N6dzL8sain gs5LUE/5dCJWQWv4IPz/V/nl50Lh+tYjbdVuZaiXxKYiqiWuCY0Ea+8QIb2UWGrk rC2BUYaoYBEo0vQhzBIi91E2hyQ+2Y6+zP6zTVTEA8PDw2YnfdffzydQ3Z9l4OSN IoTOojXPpMdcCSVzBC5OkvzBuQ6qzkVh3vftxajYazuiSrPJl8KenLJ6jFlpCzA3 p+140rFiElDCUkHacCmfs4zWQ+/ZLcoAppIxvxDEZYWyRJp3qgU= =KAUD -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2018:1348-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1348 Issue date: 2018-05-08 CVE Names: CVE-2018-1087 CVE-2018-8897 CVE-2018-1000199 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.3) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.3) - ppc64, ppc64le, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087) * Kernel: error in exception handling leads to DoS (CVE-2018-8897) * kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Andy Lutomirski for reporting CVE-2018-1087 and CVE-2018-1000199 and Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1566837 - CVE-2018-1087 Kernel: KVM: error in exception handling leads to wrong debug stack value 1567074 - CVE-2018-8897 Kernel: error in exception handling leads to DoS 1568477 - CVE-2018-1000199 kernel: ptrace() incorrect error handling leads to corruption and DoS 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.3): Source: kernel-3.10.0-514.48.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.48.3.el7.noarch.rpm kernel-doc-3.10.0-514.48.3.el7.noarch.rpm x86_64: kernel-3.10.0-514.48.3.el7.x86_64.rpm kernel-debug-3.10.0-514.48.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.48.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.48.3.el7.x86_64.rpm kernel-devel-3.10.0-514.48.3.el7.x86_64.rpm kernel-headers-3.10.0-514.48.3.el7.x86_64.rpm kernel-tools-3.10.0-514.48.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.48.3.el7.x86_64.rpm perf-3.10.0-514.48.3.el7.x86_64.rpm perf-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm python-perf-3.10.0-514.48.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3): x86_64: kernel-debug-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.48.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.48.3.el7.x86_64.rpm perf-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.3): Source: kernel-3.10.0-514.48.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.48.3.el7.noarch.rpm kernel-doc-3.10.0-514.48.3.el7.noarch.rpm ppc64: kernel-3.10.0-514.48.3.el7.ppc64.rpm kernel-bootwrapper-3.10.0-514.48.3.el7.ppc64.rpm kernel-debug-3.10.0-514.48.3.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-514.48.3.el7.ppc64.rpm kernel-debug-devel-3.10.0-514.48.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-514.48.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-514.48.3.el7.ppc64.rpm kernel-devel-3.10.0-514.48.3.el7.ppc64.rpm kernel-headers-3.10.0-514.48.3.el7.ppc64.rpm kernel-tools-3.10.0-514.48.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-514.48.3.el7.ppc64.rpm kernel-tools-libs-3.10.0-514.48.3.el7.ppc64.rpm perf-3.10.0-514.48.3.el7.ppc64.rpm perf-debuginfo-3.10.0-514.48.3.el7.ppc64.rpm python-perf-3.10.0-514.48.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-514.48.3.el7.ppc64.rpm ppc64le: kernel-3.10.0-514.48.3.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-514.48.3.el7.ppc64le.rpm kernel-debug-3.10.0-514.48.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-514.48.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.48.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.48.3.el7.ppc64le.rpm kernel-devel-3.10.0-514.48.3.el7.ppc64le.rpm kernel-headers-3.10.0-514.48.3.el7.ppc64le.rpm kernel-tools-3.10.0-514.48.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.48.3.el7.ppc64le.rpm kernel-tools-libs-3.10.0-514.48.3.el7.ppc64le.rpm perf-3.10.0-514.48.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.48.3.el7.ppc64le.rpm python-perf-3.10.0-514.48.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.48.3.el7.ppc64le.rpm s390x: kernel-3.10.0-514.48.3.el7.s390x.rpm kernel-debug-3.10.0-514.48.3.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-514.48.3.el7.s390x.rpm kernel-debug-devel-3.10.0-514.48.3.el7.s390x.rpm kernel-debuginfo-3.10.0-514.48.3.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-514.48.3.el7.s390x.rpm kernel-devel-3.10.0-514.48.3.el7.s390x.rpm kernel-headers-3.10.0-514.48.3.el7.s390x.rpm kernel-kdump-3.10.0-514.48.3.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-514.48.3.el7.s390x.rpm kernel-kdump-devel-3.10.0-514.48.3.el7.s390x.rpm perf-3.10.0-514.48.3.el7.s390x.rpm perf-debuginfo-3.10.0-514.48.3.el7.s390x.rpm python-perf-3.10.0-514.48.3.el7.s390x.rpm python-perf-debuginfo-3.10.0-514.48.3.el7.s390x.rpm x86_64: kernel-3.10.0-514.48.3.el7.x86_64.rpm kernel-debug-3.10.0-514.48.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.48.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.48.3.el7.x86_64.rpm kernel-devel-3.10.0-514.48.3.el7.x86_64.rpm kernel-headers-3.10.0-514.48.3.el7.x86_64.rpm kernel-tools-3.10.0-514.48.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.48.3.el7.x86_64.rpm perf-3.10.0-514.48.3.el7.x86_64.rpm perf-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm python-perf-3.10.0-514.48.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.3): ppc64: kernel-debug-debuginfo-3.10.0-514.48.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-514.48.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-514.48.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-514.48.3.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-514.48.3.el7.ppc64.rpm perf-debuginfo-3.10.0-514.48.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-514.48.3.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-514.48.3.el7.ppc64le.rpm kernel-debug-devel-3.10.0-514.48.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.48.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.48.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.48.3.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-514.48.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.48.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.48.3.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.48.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.48.3.el7.x86_64.rpm perf-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.48.3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1087 https://access.redhat.com/security/cve/CVE-2018-8897 https://access.redhat.com/security/cve/CVE-2018-1000199 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFa8hyBXlSAg2UNWIIRAneEAKCislWXxms+w2cocgWLD3Mu2HMHkwCgiR+2 i4C0UytgQXhOcPkztivUlaU= =N2cw -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3641-2 May 08, 2018 linux, linux-lts-trusty vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for Ubuntu 12.04 ESM. A local attacker could use this to cause a denial of service (system crash). This issue only affected the amd64 architecture. A local attacker in a KVM virtual machine could use this to cause a denial of service (guest VM crash) or possibly escalate privileges inside of the virtual machine. This issue only affected the i386 and amd64 architectures. (CVE-2018-1087) Andy Lutomirski discovered that the Linux kernel did not properly perform error handling on virtualized debug registers. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1000199) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: linux-image-3.13.0-147-generic 3.13.0-147.196~precise1 linux-image-3.13.0-147-generic-lpae 3.13.0-147.196~precise1 linux-image-3.2.0-134-generic 3.2.0-134.180 linux-image-3.2.0-134-generic-pae 3.2.0-134.180 linux-image-3.2.0-134-highbank 3.2.0-134.180 linux-image-3.2.0-134-omap 3.2.0-134.180 linux-image-3.2.0-134-powerpc-smp 3.2.0-134.180 linux-image-3.2.0-134-powerpc64-smp 3.2.0-134.180 linux-image-3.2.0-134-virtual 3.2.0-134.180 linux-image-generic 3.2.0.134.149 linux-image-generic-lpae-lts-trusty 3.13.0.147.138 linux-image-generic-lts-trusty 3.13.0.147.138 linux-image-generic-pae 3.2.0.134.149 linux-image-highbank 3.2.0.134.149 linux-image-omap 3.2.0.134.149 linux-image-powerpc 3.2.0.134.149 linux-image-powerpc-smp 3.2.0.134.149 linux-image-powerpc64-smp 3.2.0.134.149 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. Summary: Updated redhat-virtualization-host packages that fix several bugs and add various enhancements are now available. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Includes GlusterFS fixes for CVE-2018-1088, dhcp fixes for CVE-2018-1111, kernel fixes for CVE-2018-1087, and kernel fixes for CVE-2018-8897. A list of bugs fixed in this update is available in the Technical Notes book: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2/ht ml/technical_notes/ 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1357247 - rhvh 4: reboot after install shows "4m[terminated]" and takes long to reboot 1374007 - [RFE] RHV-H does not default to LVM Thin Provisioning 1420068 - [RFE] RHV-H should meet NIST 800-53 partitioning requirements by default 1422676 - [Test Only] Test Ansible playbook for registration 1429485 - [RFE] Imgbased layers should be named with '%{name}-%{version}-%{release}' instead of %{name}-%{version} 1433394 - kdump could fill up /var filesystem while writing to /var/crash 1443965 - Libvirt is disabled on RHVH host 1454536 - HostedEngine setup fails if RHV-H timezone < UTC set during installation 1474268 - RHVH host displays "upgrade available" information on the engine after registering until an update is released 1489567 - Host Software tab does not show exact RHVH version anymore 1501161 - The version displays as "4.1" for subscribed product with RHVH 4.2 1502920 - File missing after upgrade of RHVH node from version RHVH-4.1-20170925.0 to latest. 1503148 - [RFE] translate between basic ntp configurations and chrony configurations 1516123 - tuned-adm timeout while adding the host in manager and the deployment will fail/take time to complete 1534855 - RHVH brand is missing on cockpit login screen. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:06.debugreg Security Advisory The FreeBSD Project Topic: Mishandling of x86 debug exceptions Category: core Module: kernel Announced: 2018-05-08 Credits: Nick Peterson, Everdox Tech LLC https://www.linkedin.com/in/everdox Andy Lutomirski Affects: All supported versions of FreeBSD. Corrected: 2018-05-08 17:03:33 UTC (stable/11, 11.2-PRERELEASE) 2018-05-08 17:12:10 UTC (releng/11.1, 11.1-RELEASE-p10) 2018-05-08 17:05:39 UTC (stable/10, 10.4-STABLE) 2018-05-08 17:12:10 UTC (releng/10.4, 10.4-RELEASE-p9) CVE Name: CVE-2018-8897 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. Background On x86 architecture systems, the stack is represented by the combination of a stack segment and a stack pointer, which must remain in sync for proper operation. Instructions related to manipulating the stack segment have special handling to facilitate consistency with changes to the stack pointer. II. If that instruction is a system call or similar instruction that transfers control to the operating system, the debug exception will be handled in the kernel context instead of the user context. III. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, using either a binary or source code patch, and then reboot. 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install And reboot. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.1] # fetch https://security.FreeBSD.org/patches/SA-18:06/debugreg.11.1.patch # fetch https://security.FreeBSD.org/patches/SA-18:06/debugreg.11.1.patch.asc # gpg --verify debugreg.11.1.patch.asc [FreeBSD 10.4] # fetch https://security.FreeBSD.org/patches/SA-18:06/debugreg.10.4.patch # fetch https://security.FreeBSD.org/patches/SA-18:06/debugreg.10.4.patch.asc # gpg --verify debugreg.10.4.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile and install your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r333370 releng/10.4/ r333371 stable/11/ r333369 releng/11.1/ r333371 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. (BZ#1554256) 4

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability. A crafted Client field in ppreg files can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to execute code under the context of root. Multiple SQL-injection vulnerabilities 2. A command-injection vulnerability 3. An insecure authentication weakness Exploiting these issues could allow an attacker to access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary command, bypass authentication mechanism, execute arbitrary code and obtain sensitive information. This may aid in further attacks. Email Encryption Gateway 5.5 Build 1111 and prior are vulnerable. There is an SQL injection vulnerability in the formRegistration2 class in Trend Micro TMEEG version 5.5

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerability. The issue results from the lack of proper validation of user-supplied strings before using them to construct SQL queries. An attacker can leverage this vulnerability to execute code under the context of root. Multiple SQL-injection vulnerabilities 2. A command-injection vulnerability 3. An insecure authentication weakness Exploiting these issues could allow an attacker to access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary command, bypass authentication mechanism, execute arbitrary code and obtain sensitive information. This may aid in further attacks. There is an SQL injection vulnerability in the formConfiguration class in Trend Micro TMEEG version 5.5

A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of root. Multiple SQL-injection vulnerabilities 2. A command-injection vulnerability 3. This may aid in further attacks

A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this vulnerability. When parsing the username parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to disclose sensitive information under the context of the database. Multiple SQL-injection vulnerabilities 2. A command-injection vulnerability 3. An insecure authentication weakness Exploiting these issues could allow an attacker to access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary command, bypass authentication mechanism, execute arbitrary code and obtain sensitive information. This may aid in further attacks

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. D-Link DSL-3782 EU Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDSL-3782 is a wireless router product from D-Link. A buffer overflow vulnerability exists in the /userfs/bin/tcapi binary in D-LinkDSL-3782

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. D-Link DSL-3782 EU Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDSL-3782 is a wireless router product from D-Link. A buffer overflow vulnerability exists in the /userfs/bin/tcapi binary in D-LinkDSL-3782

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. D-Link DSL-3782 EU Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDSL-3782 is a wireless router product from D-Link. A buffer overflow vulnerability exists in the /userfs/bin/tcapi binary in D-LinkDSL-3782

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. D-Link DSL-3782 EU Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDSL-3782 is a wireless router product from D-Link. A buffer overflow vulnerability exists in the /userfs/bin/tcapi binary in D-LinkDSL-3782EU1.01

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. D-Link DSL-3782 EU Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDSL-3782 is a wireless router product from D-Link. A buffer overflow vulnerability exists in the /userfs/bin/tcapi binary in D-LinkDSL-3782

A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. plural Sierra Wireless Router firmware contains vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SierraWirelessAirLinkGX400 and others are router products of SierraWireless Canada. There are security holes in several SierraWireless products. Sierra Wireless AirLink GX400 and so on are the router products of Canadian Sierra Wireless company. The following products and versions are affected: Sierra Wireless AirLink GX400 with firmware prior to 4.4.7; Sierra Wireless AirLink GX440 with firmware prior to 4.4.7; Sierra Wireless AirLink ES440 with firmware prior to 4.4.7; Sierra Wireless AirLink LS300 with firmware prior to 4.9.3; Sierra Wireless AirLink GX450 with firmware prior to 4.9.3; Sierra Wireless AirLink ES450 with firmware prior to 4.9.3; Sierra Wireless AirLink RV50 with firmware prior to 4.9.3; Sierra Wireless AirLink RV50X with firmware prior to .3; Sierra Wireless AirLink MP70 with firmware prior to 4.9.3; Sierra Wireless AirLink MP70E with firmware prior to 4.9.3

A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system. plural Sierra Wireless Vulnerability related to input validation exists in the firmware of routers made by the manufacturer.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SierraWirelessAirLinkGX400 and others are router products of SierraWireless Canada

D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext. D-Link DIR-601 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-601 is a wireless router product from D-Link. A security vulnerability exists in the D-LinkDIR-601A11.02NA release, which is caused by the fact that the user does not need the current password when changing the password and the program passes the new username and password in clear text. An attacker could exploit the vulnerability to obtain information by intercepting passed parameters. There is a security vulnerability in D-Link DIR-601 A1 version 1.02NA. ------------------------------------------ [Additional Information] Insecure Authentication Practices in D-LINK DIR-601 Router, Hardware version A1, Firmware Version 1.02NA When logging into the router, the authentication module passes the username and password BASE64 encoded vice encrypted. There is also no support for HTTPS connections to the router. Due to no schedule viability D-Link asks that two items are mentioned in disclosure: a) For this out of service router, users are encouraged too used DD-WRT firmware here <http://www.dd-wrt.com/site/support/router-database> b) They can contact support@dlink.com for the latest information on updates. ------------------------------------------ [VulnerabilityType Other] Weak Authentication and No HTTPS support ------------------------------------------ [Vendor of Product] D-Link ------------------------------------------ [Affected Product Code Base] DIR 601 - Hardware A1, Firmware 1.02NA ------------------------------------------ [Affected Component] Login, Password Changing ------------------------------------------ [Attack Type] Context-dependent ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] To exploit this, an attacker must have a proxy or man-in-the-middle attack completed and be able to discern the URLs to intercept passed parameters. ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Remediation] Due to no schedule viability D-Link asks that two items are mentioned in disclosure: a) For this out of service router, users are encouraged too used DD-WRT firmware here b) They can contact support@dlink.com for the latest information on updates. ------------------------------------------ [References] http://us.dlink.com/security-advisories/ <http://us.dlink.com/security-advisories/> https://advancedpersistentsecurity.net/cve-2018-10641/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10641 Joe Gray