VARIoT IoT vulnerabilities database

On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in "Appliance Mode" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as "host-only" or "bridged" mode is required. plural F5 BIG-IP The product contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. An attacker can exploit this issue to cause a denial-of-service condition. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3; BIG-IP AAM version 13.0.0 to 13.1.0.5, 12.1.0 to version 12.1.3; BIG-IP AFM version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.3; BIG-IP Analytics version 13.0.0 to version 13.1.0.5, version 12.1.0 to 12.1 .3 versions; BIG-IP APM versions 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3; BIG-IP ASM versions 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3 Versions; BIG-IP DNS 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3; BIG-IP Edge Gateway 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3 ; BIG-IP GTM versions 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3; BIG-IP Link Controller 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3; BIG-IP PEM Version 13.0.0 through Version 13.1.0.5, Version 12.1.0 through Version 12.1.3; BIG-IP WebAccelerator Version 13.0.0 through Version 13.1.0.5, Version 12.1.0 through Version 12.1.3; BIG- IP WebSafe version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.3

On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.1.0; BIG-IP AAM version 13.1.0; BIG-IP AFM version 13.1.0; BIG-IP Analytics version 13.1.0; BIG-IP APM 13.1. 0 version; BIG-IP ASM version 13.1.0; BIG-IP DNS version 13.1.0; BIG-IP Edge Gateway version 13.1.0; BIG-IP GTM version 13.1.0; BIG-IP Link Controller version 13.1.0; BIG-IP PEM version 13.1.0; BIG-IP WebAccelerator version 13.1.0; BIG-IP WebSafe version 13.1.0

Due to the lack of firmware authentication in the upgrade process of T&W WIFI Repeater BE126 devices, an attacker can craft a malicious firmware and use it as an update. T&W WIFI Repeater BE126 The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GongjinElectronicsT&WWIFIRepeaterBE126 is a wireless Internet repeater from China's Gongjin Electronics. A security vulnerability exists in GongjinElectronicsT&WWIFIRepeaterBE126 that was caused by the upgrade process failing to authenticate the firmware. An attacker could exploit the vulnerability as a newer firmware with maliciously crafted firmware

A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server. Ipswitch WhatsUp Gold Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ipswitch WhatsUp Gold is a set of unified infrastructure and application monitoring software from Ipswitch in the United States. The software supports the performance management of networks, servers, virtual environments and applications

An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands. Ipswitch WhatsUp Gold Contains a server-side request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ipswitch WhatsUp Gold is a set of unified infrastructure and application monitoring software from Ipswitch in the United States. The software supports the performance management of networks, servers, virtual environments and applications

On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. When LargeReceiveOffload and SYNcookies are opened, an attacker can exploit the vulnerability to cause a denial of service (restart). F5 BIG-IP is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 to 13.1.0; BIG-IP AAM version 13.0.0 to 13.1.0; BIG-IP AFM version 13.0.0 to 13.1.0; BIG-IP Analytics version 13.0.0 through 13.1.0; BIG-IP APM version 13.0.0 through 13.1.0; BIG-IP ASM version 13.0.0 through 13.1.0; BIG-IP DNS version 13.0.0 to version 13.1.0; BIG-IP Edge Gateway version 13.0.0 to version 13.1.0; BIG-IP GTM version 13.0.0 to version 13.1.0; BIG-IP Link Controller version 13.0.0 to version 13.1.0; BIG-IP PEM version 13.0.0 through 13.1.0; BIG-IP WebAccelerator version 13.0.0 through 13.1.0; BIG-IP WebSafe version 13.0.0 through 13.1.0

On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. An attacker could exploit the vulnerability to cause a denial of service or potentially expose the data layer. F5 BIG-IP is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions. F5 BIG-IP LTM, etc. The following versions are affected: F5 BIG-IP LTM Version 13.1.0; BIG-IP AAM Version 13.1.0; BIG-IP AFM Version 13.1.0; BIG-IP APM Version 13.1.0; BIG-IP ASM Version 13.1.0 ; BIG-IP Link Controller Version 13.1.0; BIG-IP PEM Version 13.1.0; BIG-IP WebAccelerator Version 13.1.0; BIG-IP WebSafe Version 13.1.0

On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart. plural F5 BIG-IP The product contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. When LargeReceiveOffload and SYNcookies are opened, an attacker can exploit the vulnerability to cause a denial of service (restart). F5 BIG-IP is prone to a remote denial-of-service vulnerability. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.1.0 to 13.1.0.5; BIG-IP AAM version 13.1.0 to 13.1.0.5; BIG-IP AFM version 13.1.0 to 13.1.0.5; BIG-IP Analytics 13.1.0 through 13.1.0.5; BIG-IP APM 13.1.0 through 13.1.0.5; BIG-IP ASM 13.1.0 through 13.1.0.5; BIG-IP DNS 13.1.0 to version 13.1.0.5; BIG-IP Edge Gateway version 13.1.0 to version 13.1.0.5; BIG-IP GTM version 13.1.0 to version 13.1.0.5; BIG-IP Link Controller version 13.1.0 to version 13.1.0.5; BIG-IP PEM version 13.1.0 through 13.1.0.5; BIG-IP WebAccelerator version 13.1.0 through 13.1.0.5; BIG-IP WebSafe version 13.1.0 through 13.1.0.5

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user). WatchGuard AP100 , AP102 ,and AP200 An authentication vulnerability exists in the device software.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. WatchGuardAP100, AP102 and AP200 are different series of indoor wireless access point devices from WatchGuard. A security vulnerability exists in WatchGuardAP100, AP102, and AP200 using firmware prior to 1.2.9.15, which stems from the failure of the local AccessPoint WebUI to properly handle authentication. An attacker can use this vulnerability to gain access to an AP device with the help of a local system account. Introduction ============ Multiple vulnerabilities can be chained together in a number of WatchGuard AP products which result in pre-authenticated remote code execution. The vendor has produced a knowledge-base article[1] and announcement[2] regarding these issues. ZX Security would like to commend the prompt response and resolution of these reported issues by the vendor. Product ======= Several WatchGuard Access Points running firmware before v1.2.9.15 are affected, including: * AP100 * AP102 * AP200 The AP300 is also affected by issues 2, 3 and 4 when running firmware before 2.0.0.10. The latest firmware update resolves these issues. Technical Details ================= 1) Hard-coded credentials ------------------------- CVE-2018-10575 A hard-coded user exists in /etc/passwd. The vendor has requested the specific password and hash be withheld until users can apply the patch. There is no way for a user of the access point to change this password. An attacker who is aware of this password is able to access the device over SSH and pivot network requests through the device, though they may not run commands as the shell is set to /bin/false. 2) Hidden authentication method in web interface allows for authentication bypass --------------------------------------------------------------------------------- CVE-2018-10576 The standard authentication method for accessing the webserver involves submitting an HTML form. This uses a username and password separate from the standard Linux based /etc/passwd authentication. An alternative authentication method was identified from reviewing the source code whereby setting the HTTP headers AUTH_USER and AUTH_PASS, credentials are instead tested against the standard Linux /etc/passwd file. This allows an attacker to use the hardcoded credentials found previously (see 1. Hard-coded credentials) to gain web access to the device. An example command that demonstrates this issue is: curl https://watchguard-ap200/cgi-bin/luci -H "AUTH_USER: admin" -H "AUTH_PASS: [REDACTED]" -k -v This session allows for complete access to the web interface as an administrator. 3) Hidden "wgupload" functionality allows for file uploads as root and remote code execution -------------------------------------------------------------------------------------------- CVE-2018-10577 Reviewing the code reveals file upload functionality that is not shown to the user via the web interface. An attacker needs only a serial number (which is displayed to the user when they login to the device through the standard web interface and can be retrieved programmatically) and a valid session. An example request to demonstrate this issue is: res = send_request_cgi({ 'method' => 'POST', 'uri' => "/cgi-bin/luci/;#{stok}/wgupload", 'headers' => { 'AUTH_USER' => 'admin', 'AUTH_PASS' => '[REDACTED]', }, 'cookie' => "#{sysauth}; serial=#{serial}; filename=/www/cgi-bin/payload.luci; md5sum=fail", 'data' => "#!/usr/bin/lua os.execute('touch /code-execution'); }) An attacker can then visit the URL http://watchguard-ap200/cgi-bin/payload.luci to execute this command (or any other command). 4) Change password functionality incorrectly verifies old password ------------------------------------------------------------------ CVE-2018-10578 The change password functionality within the web interface attempts to verify the old password before setting a new one, however, this is done through AJAX. An attacker is able to simply modify the JavaScript to avoid this check or perform the POST request manually. Metasploit Module ================= ZX Security will be releasing a Metasploit module which automates exploitation of this chain of vulnerabilities. This has been delayed till 30 days after the initial patch was made available to ensure users are able to patch their devices. The module and the hard-coded password will be released on May the 14th 2018. Disclosure Timeline =================== Vendor notification: April 04, 2018 Vendor response: April 06, 2018 Firmware update released to public: April 13, 2018 Metasploit module release: May 14, 2018 References ========== [1] https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000LIy [2] https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300-security-vulnerability-fixes

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false. WatchGuard AP100 , AP102 ,and AP200 The device software contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WatchGuardAP100, AP102 and AP200 are different series of indoor wireless access point devices from WatchGuard. A security vulnerability exists in WatchGuardAP100, AP102, and AP200 using firmware prior to 1.2.9.15, which was caused by the program using hard-coded credentials. An attacker could use this vulnerability to gain access to an AP device. Introduction ============ Multiple vulnerabilities can be chained together in a number of WatchGuard AP products which result in pre-authenticated remote code execution. The vendor has produced a knowledge-base article[1] and announcement[2] regarding these issues. ZX Security would like to commend the prompt response and resolution of these reported issues by the vendor. Product ======= Several WatchGuard Access Points running firmware before v1.2.9.15 are affected, including: * AP100 * AP102 * AP200 The AP300 is also affected by issues 2, 3 and 4 when running firmware before 2.0.0.10. The latest firmware update resolves these issues. The vendor has requested the specific password and hash be withheld until users can apply the patch. There is no way for a user of the access point to change this password. An attacker who is aware of this password is able to access the device over SSH and pivot network requests through the device, though they may not run commands as the shell is set to /bin/false. 2) Hidden authentication method in web interface allows for authentication bypass --------------------------------------------------------------------------------- CVE-2018-10576 The standard authentication method for accessing the webserver involves submitting an HTML form. This uses a username and password separate from the standard Linux based /etc/passwd authentication. An alternative authentication method was identified from reviewing the source code whereby setting the HTTP headers AUTH_USER and AUTH_PASS, credentials are instead tested against the standard Linux /etc/passwd file. This allows an attacker to use the hardcoded credentials found previously (see 1. An example command that demonstrates this issue is: curl https://watchguard-ap200/cgi-bin/luci -H "AUTH_USER: admin" -H "AUTH_PASS: [REDACTED]" -k -v This session allows for complete access to the web interface as an administrator. 3) Hidden "wgupload" functionality allows for file uploads as root and remote code execution -------------------------------------------------------------------------------------------- CVE-2018-10577 Reviewing the code reveals file upload functionality that is not shown to the user via the web interface. An attacker needs only a serial number (which is displayed to the user when they login to the device through the standard web interface and can be retrieved programmatically) and a valid session. An example request to demonstrate this issue is: res = send_request_cgi({ 'method' => 'POST', 'uri' => "/cgi-bin/luci/;#{stok}/wgupload", 'headers' => { 'AUTH_USER' => 'admin', 'AUTH_PASS' => '[REDACTED]', }, 'cookie' => "#{sysauth}; serial=#{serial}; filename=/www/cgi-bin/payload.luci; md5sum=fail", 'data' => "#!/usr/bin/lua os.execute('touch /code-execution'); }) An attacker can then visit the URL http://watchguard-ap200/cgi-bin/payload.luci to execute this command (or any other command). 4) Change password functionality incorrectly verifies old password ------------------------------------------------------------------ CVE-2018-10578 The change password functionality within the web interface attempts to verify the old password before setting a new one, however, this is done through AJAX. An attacker is able to simply modify the JavaScript to avoid this check or perform the POST request manually. Metasploit Module ================= ZX Security will be releasing a Metasploit module which automates exploitation of this chain of vulnerabilities. This has been delayed till 30 days after the initial patch was made available to ensure users are able to patch their devices. The module and the hard-coded password will be released on May the 14th 2018. Disclosure Timeline =================== Vendor notification: April 04, 2018 Vendor response: April 06, 2018 Firmware update released to public: April 13, 2018 Metasploit module release: May 14, 2018 References ========== [1] https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000LIy [2] https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300-security-vulnerability-fixes

The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution. Siemens Milestone XProtect Video Management Software is a set of video management software for managing surveillance video and other content. A remote attacker could use this vulnerability to execute code. Siemens Siveillance VMS is prone to a remote privilege-escalation vulnerability because it fails to properly sanitize user-supplied input. Failed exploit attempts may result in a denial of service condition

RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the attacker to control keyboard remotely. Huawei ALP-AL00B Smartphone and BLA-AL00B Smartphones have vulnerabilities related to authorization, authority, and access control.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. HuaweiALP-AL00B and BLA-AL00B are both Huawei's smartphone products. RCSmodule is one of the converged communication modules

Huawei MBB (Mobile Broadband) products E5771h-937 with the versions before E5771h-937TCPU-V200R001B328D62SP00C1133 and the versions before E5771h-937TCPU-V200R001B329D05SP00C1308 have a Denial of Service (DoS) vulnerability. When an attacker accessing device sends special http request to device, the webserver process will try to apply too much memory which can cause the device to become unable to respond. An attacker can launch a DoS attack by exploiting this vulnerability. HuaweiE5771h-937 is a portable wireless router from China's Huawei company

The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a type of attack in which the goal is execution of arbitrary commands on the host system via vulnerable software. Symantec Norton Corerouter is a home security router device from Symantec Corporation of the United States

Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an invalid memory access vulnerability. An unauthenticated attacker has to find a way to send malformed SCCP messages to the affected products. Due to insufficient input validation of some values in the messages, successful exploit may cause buffer error and some service abnormal. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are all products of China Huawei. The DP300 is a video conferencing terminal. The RP200 is a video conferencing machine. A security vulnerability exists in several Huawei products due to a failure of the program to verify some of the fields in the message. There are security vulnerabilities in several Huawei products. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version

Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url. SeagateMediaServer is one of the media servers. SeagatePersonalCloud 4.3.1. An attacker could exploit this vulnerability to retrieve sensitive information from the NAS using the \342\200\230url\342\200\231 parameter

An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754. Xen Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Xen is an open source virtual machine monitor product developed by the University of Cambridge, England. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure proper operation and avoid downtime. There are security vulnerabilities in Xen 4.10.x and earlier. An attacker could exploit the vulnerability to cause a denial of service (virtual machine monitor crash). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4201-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2018-8897 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981 CVE-2018-10982 Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-8897 Andy Lutomirski and Nick Peterson discovered that incorrect handling of debug exceptions could result in privilege escalation. CVE-2018-10471 An error was discovered in the mitigations against Meltdown which could result in denial of service. CVE-2018-10472 Anthony Perard discovered that incorrect parsing of CDROM images can result in information disclosure. CVE-2018-10981 Jan Beulich discovered that malformed device models could result in denial of service. CVE-2018-10982 Roger Pau Monne discovered that incorrect handling of high precision event timers could result in denial of service and potentially privilege escalation. For the stable distribution (stretch), these problems have been fixed in version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u6. We recommend that you upgrade your xen packages. For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xen Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlr7PHoACgkQEMKTtsN8 TjbvyBAAqSJFsDcTo75hggE1faIttXR3UKOwJ4eSKbkf3G6/JnvotuO5z4bQXDBC XZfkL6kOTl579vmCGgCvBv/SrrPrJ1ibhrw+Dz1MIcjX4Yt9mb6NriWuMTObknca uw6qJakWZTB3tFcp3LlmN80B8lY/67XR8mQaZ4f0yHhGEfqIunEtSgLelmp5lLu2 M/m1iH9zQon3muhQiXiHJeMg1ghJ3xvFKbuEU9prih4NNinxquv0pmAzfbPCCBN6 E4cuEjArzdnwLydeWfCoLrFOZh5rvoMTmmK8gj2/KVlbC5YgJ5/xVlc89B4PaJKL m3oUV2dnLEpubC7uuXSOoejMnfbPcOGM4VYrmuIuxEfZZVNYE/NxvmNCZ+JDzQV7 Z939vOgyqyuojFFt7lgvoCWM2Q3xDRMrE9akK1KyAGmvyRzoczblw8N6dzL8sain gs5LUE/5dCJWQWv4IPz/V/nl50Lh+tYjbdVuZaiXxKYiqiWuCY0Ea+8QIb2UWGrk rC2BUYaoYBEo0vQhzBIi91E2hyQ+2Y6+zP6zTVTEA8PDw2YnfdffzydQ3Z9l4OSN IoTOojXPpMdcCSVzBC5OkvzBuQ6qzkVh3vftxajYazuiSrPJl8KenLJ6jFlpCzA3 p+140rFiElDCUkHacCmfs4zWQ+/ZLcoAppIxvxDEZYWyRJp3qgU= =KAUD -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xen: Multiple vulnerabilities Date: October 30, 2018 Bugs: #643350, #655188, #655544, #659442 ID: 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, the worst of which could cause a Denial of Service condition. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/xen < 4.10.1-r2 >= 4.10.1-r2 2 app-emulation/xen-tools < 4.10.1-r2 >= 4.10.1-r2 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.10.1-r2" All Xen tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.10.1-r2" References ========== [ 1 ] CVE-2017-5715 https://nvd.nist.gov/vuln/detail/CVE-2017-5715 [ 2 ] CVE-2017-5753 https://nvd.nist.gov/vuln/detail/CVE-2017-5753 [ 3 ] CVE-2017-5754 https://nvd.nist.gov/vuln/detail/CVE-2017-5754 [ 4 ] CVE-2018-10471 https://nvd.nist.gov/vuln/detail/CVE-2018-10471 [ 5 ] CVE-2018-10472 https://nvd.nist.gov/vuln/detail/CVE-2018-10472 [ 6 ] CVE-2018-10981 https://nvd.nist.gov/vuln/detail/CVE-2018-10981 [ 7 ] CVE-2018-10982 https://nvd.nist.gov/vuln/detail/CVE-2018-10982 [ 8 ] CVE-2018-12891 https://nvd.nist.gov/vuln/detail/CVE-2018-12891 [ 9 ] CVE-2018-12892 https://nvd.nist.gov/vuln/detail/CVE-2018-12892 [ 10 ] CVE-2018-12893 https://nvd.nist.gov/vuln/detail/CVE-2018-12893 [ 11 ] CVE-2018-15468 https://nvd.nist.gov/vuln/detail/CVE-2018-15468 [ 12 ] CVE-2018-15469 https://nvd.nist.gov/vuln/detail/CVE-2018-15469 [ 13 ] CVE-2018-15470 https://nvd.nist.gov/vuln/detail/CVE-2018-15470 [ 14 ] CVE-2018-3620 https://nvd.nist.gov/vuln/detail/CVE-2018-3620 [ 15 ] CVE-2018-3646 https://nvd.nist.gov/vuln/detail/CVE-2018-3646 [ 16 ] CVE-2018-5244 https://nvd.nist.gov/vuln/detail/CVE-2018-5244 [ 17 ] CVE-2018-7540 https://nvd.nist.gov/vuln/detail/CVE-2018-7540 [ 18 ] CVE-2018-7541 https://nvd.nist.gov/vuln/detail/CVE-2018-7541 [ 19 ] CVE-2018-7542 https://nvd.nist.gov/vuln/detail/CVE-2018-7542 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201810-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Smart STB is a set-top box product of ZTE Corporation. Mobile custom "Magic Box" smart set-top boxes have intelligent hardware vulnerabilities. Attackers can use vulnerabilities to communicate with devices using ttl lines, log in to the operating system without password authentication, and install third-party applications.

An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free. Both Apple iOS and Safari are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A memory corruption vulnerability exists in the WebKit component of Apple Safari versions prior to 11.1 and iOS versions prior to 11.3.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) may be obtained from the Mac App Store. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201808-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: August 22, 2018 Bugs: #652820, #658168, #662974 ID: 201808-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4" References ========== [ 1 ] CVE-2018-11646 https://nvd.nist.gov/vuln/detail/CVE-2018-11646 [ 2 ] CVE-2018-11712 https://nvd.nist.gov/vuln/detail/CVE-2018-11712 [ 3 ] CVE-2018-11713 https://nvd.nist.gov/vuln/detail/CVE-2018-11713 [ 4 ] CVE-2018-12293 https://nvd.nist.gov/vuln/detail/CVE-2018-12293 [ 5 ] CVE-2018-12294 https://nvd.nist.gov/vuln/detail/CVE-2018-12294 [ 6 ] CVE-2018-4101 https://nvd.nist.gov/vuln/detail/CVE-2018-4101 [ 7 ] CVE-2018-4113 https://nvd.nist.gov/vuln/detail/CVE-2018-4113 [ 8 ] CVE-2018-4114 https://nvd.nist.gov/vuln/detail/CVE-2018-4114 [ 9 ] CVE-2018-4117 https://nvd.nist.gov/vuln/detail/CVE-2018-4117 [ 10 ] CVE-2018-4118 https://nvd.nist.gov/vuln/detail/CVE-2018-4118 [ 11 ] CVE-2018-4119 https://nvd.nist.gov/vuln/detail/CVE-2018-4119 [ 12 ] CVE-2018-4120 https://nvd.nist.gov/vuln/detail/CVE-2018-4120 [ 13 ] CVE-2018-4121 https://nvd.nist.gov/vuln/detail/CVE-2018-4121 [ 14 ] CVE-2018-4122 https://nvd.nist.gov/vuln/detail/CVE-2018-4122 [ 15 ] CVE-2018-4125 https://nvd.nist.gov/vuln/detail/CVE-2018-4125 [ 16 ] CVE-2018-4127 https://nvd.nist.gov/vuln/detail/CVE-2018-4127 [ 17 ] CVE-2018-4128 https://nvd.nist.gov/vuln/detail/CVE-2018-4128 [ 18 ] CVE-2018-4129 https://nvd.nist.gov/vuln/detail/CVE-2018-4129 [ 19 ] CVE-2018-4133 https://nvd.nist.gov/vuln/detail/CVE-2018-4133 [ 20 ] CVE-2018-4146 https://nvd.nist.gov/vuln/detail/CVE-2018-4146 [ 21 ] CVE-2018-4162 https://nvd.nist.gov/vuln/detail/CVE-2018-4162 [ 22 ] CVE-2018-4163 https://nvd.nist.gov/vuln/detail/CVE-2018-4163 [ 23 ] CVE-2018-4165 https://nvd.nist.gov/vuln/detail/CVE-2018-4165 [ 24 ] CVE-2018-4190 https://nvd.nist.gov/vuln/detail/CVE-2018-4190 [ 25 ] CVE-2018-4192 https://nvd.nist.gov/vuln/detail/CVE-2018-4192 [ 26 ] CVE-2018-4199 https://nvd.nist.gov/vuln/detail/CVE-2018-4199 [ 27 ] CVE-2018-4200 https://nvd.nist.gov/vuln/detail/CVE-2018-4200 [ 28 ] CVE-2018-4201 https://nvd.nist.gov/vuln/detail/CVE-2018-4201 [ 29 ] CVE-2018-4204 https://nvd.nist.gov/vuln/detail/CVE-2018-4204 [ 30 ] CVE-2018-4214 https://nvd.nist.gov/vuln/detail/CVE-2018-4214 [ 31 ] CVE-2018-4218 https://nvd.nist.gov/vuln/detail/CVE-2018-4218 [ 32 ] CVE-2018-4222 https://nvd.nist.gov/vuln/detail/CVE-2018-4222 [ 33 ] CVE-2018-4232 https://nvd.nist.gov/vuln/detail/CVE-2018-4232 [ 34 ] CVE-2018-4233 https://nvd.nist.gov/vuln/detail/CVE-2018-4233 [ 35 ] CVE-2018-4261 https://nvd.nist.gov/vuln/detail/CVE-2018-4261 [ 36 ] CVE-2018-4262 https://nvd.nist.gov/vuln/detail/CVE-2018-4262 [ 37 ] CVE-2018-4263 https://nvd.nist.gov/vuln/detail/CVE-2018-4263 [ 38 ] CVE-2018-4264 https://nvd.nist.gov/vuln/detail/CVE-2018-4264 [ 39 ] CVE-2018-4265 https://nvd.nist.gov/vuln/detail/CVE-2018-4265 [ 40 ] CVE-2018-4266 https://nvd.nist.gov/vuln/detail/CVE-2018-4266 [ 41 ] CVE-2018-4267 https://nvd.nist.gov/vuln/detail/CVE-2018-4267 [ 42 ] CVE-2018-4270 https://nvd.nist.gov/vuln/detail/CVE-2018-4270 [ 43 ] CVE-2018-4272 https://nvd.nist.gov/vuln/detail/CVE-2018-4272 [ 44 ] CVE-2018-4273 https://nvd.nist.gov/vuln/detail/CVE-2018-4273 [ 45 ] CVE-2018-4278 https://nvd.nist.gov/vuln/detail/CVE-2018-4278 [ 46 ] CVE-2018-4284 https://nvd.nist.gov/vuln/detail/CVE-2018-4284 [ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003 https://webkitgtk.org/security/WSA-2018-0003.html [ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004 https://webkitgtk.org/security/WSA-2018-0004.html [ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005 https://webkitgtk.org/security/WSA-2018-0005.html [ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006 https://webkitgtk.org/security/WSA-2018-0006.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201808-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4 tvOS 11.4 addresses the following: Bluetooth Available for: Apple TV 4K Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham Entry added July 23, 2018 Crash Reporter Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved error handling. CVE-2018-4206: Ian Beer of Google Project Zero FontParser Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2018-4241: Ian Beer of Google Project Zero CVE-2018-4243: Ian Beer of Google Project Zero Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4249: Kevin Backhouse of Semmle Ltd. libxpc Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved validation. CVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative Messages Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to conduct impersonation attacks Description: An injection issue was addressed with improved input validation. CVE-2018-4235: Anurodh Pokharel of Salesforce.com Messages Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted message may lead to a denial of service Description: This issue was addressed with improved message validation. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to read a persistent device identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4224: Abraham Masri (@cheesecakeufo) Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to read a persistent account identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4223: Abraham Masri (@cheesecakeufo) UIKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A validation issue existed in the handling of text. This issue was addressed with improved validation of text. CVE-2018-4198: Hunter Byrnes WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2018-4232: an anonymous researcher, Aymeric Chaib WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved locking. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4214: found by OSS-Fuzz WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4246: found by OSS-Fuzz WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4200: Ivan Fratric of Google Project Zero WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4201: an anonymous researcher CVE-2018-4218: Natalie Silvanovich of Google Project Zero CVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a maliciously crafted website may leak sensitive data Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. CVE-2018-4190: Jun Kokatsu (@shhnjk) WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4222: Natalie Silvanovich of Google Project Zero Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltUsiMACgkQ8ecVjteJ iCYcZBAAusSQ6lM5Qebyc48iNEu/DUrOwUVyN6MNjo0699Xm+kbu+0u/JQNf75jw ZeelK31NLRyRx9BuK7u4J20gi+hsWI7N9wtVkeOaPiE/Ha45uEVaJ6lSSJOIZ3rZ oXb4PiL8+bSukiRgBvFhnxDwGCGefg8udRjtONRlCuMvyZAY09LT6cgZOXSEJEbF ecVmvDAEEwH1hcTV7PJbQ4nCkv97DA8dPVTbUUbtPXCOPYjsClz1JSUubOSDw3d4 7tq4pfs6ZJFZCE8JFJFY+CCIWuE1FppTE7FVJVfFdpAri+prTeGZJppzEjJDZR2g 4lCOyx926Mp5tqZx6WZc1Xkz8LJaZbEWPrfGW4wKMFIC7WPwhyi7y2NqVfcjbubW aOsfQFwbCx9KlfOfUMJtbAaha7TBiDJV5u2PMILL3ct2BRX+LqEUrlrR1uwhF5VZ npPX9cEwMbWRCj7QJC9bmRT1mPYKD+sK5HqBc7Ftp3NYv1hjhEz6iVcF7HYY9T2j aYzvsXaMilihEaDRu4H/0wLX4abUrOtUwFowuehUkNF30cgBrtyWcJl6K6/WaW2C IdmF0IB4T4MRWyPKY2r1A+rBerCaoxb0IBucOP9JO4V1uDrCoHdxEL9LfjXlz/tx CiPvy4EaV2aIDjSfkf75IXtHx2ueIFfdTGVH1OEdX9JoCSqNRPQ= =8ofX -----END PGP SIGNATURE----- . ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2018-0004 ------------------------------------------------------------------------ Date reported : May 07, 2018 Advisory ID : WSA-2018-0004 Advisory URL : https://webkitgtk.org/security/WSA-2018-0004.html CVE identifiers : CVE-2018-4121, CVE-2018-4200, CVE-2018-4204. Several vulnerabilities were discovered in WebKitGTK+. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Credit to Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative, found by OSS-Fuzz. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, May 07, 2018 . ========================================================================== Ubuntu Security Notice USN-3640-1 May 08, 2018 webkit2gtk vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 17.10 - Ubuntu 16.04 LTS Summary: A security issue was fixed in WebKitGTK+. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: Ivan Fratric discovered that WebKitGTK+ incorrectly handled certain web content. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libjavascriptcoregtk-4.0-18 2.20.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 2.20.2-0ubuntu0.18.04.1 Ubuntu 17.10: libjavascriptcoregtk-4.0-18 2.20.2-0ubuntu0.17.10.1 libwebkit2gtk-4.0-37 2.20.2-0ubuntu0.17.10.1 Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.20.2-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.20.2-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3640-1 CVE-2018-4200 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.2-0ubuntu0.18.04.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.2-0ubuntu0.17.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.2-0ubuntu0.16.04.1 . Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About

A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within DataLogTool.exe. When parsing a string within an INI file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Multiple Wecon Products are prone to a stack-based buffer-overflow vulnerability. Failed exploit attempts will likely cause denial-of-service conditions