VARIoT IoT vulnerabilities database

In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected. F5 BIG-IP APM There is an access control vulnerability in the software.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IP APM is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. F5 BIG-IP Access Policy Manager (APM) is a set of access and security solutions from F5 Corporation of the United States. The solution provides unified access to business-critical applications and networks

A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible. Software House iStar Ultra The device contains an access control vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. IP-ACM Ethernet Door Module is an access control module. This system is used to control physical access to resources based on RFID-based badge readers. Badge readers interface with the IP-ACM board, which uses TCP/IP to communicate with the iStar Ultra controller. These were discovered during a black box assessment and therefore the vulnerability list should not be considered exhaustive; observations suggest that it is likely that further vulnerabilities exist. It is strongly recommended that Software House undertake a full whitebox security assessment of this application. Additionally, it is our suggestion that all communications be conducted over TLS. While alternatives are suggested below, cryptography is very difficult even for experts, and so using a well-understood cryptosystem like TLS is preferable to home-grown solutions. The version under test was indicated as: 6.5.2.20569. As of the time of disclosure, the issues remain unfixed. A working proof of concept has been demonstrated that allows an attacker with access to the IP network used by the IP-ACM and iStar Ultra to unlock doors connected to the IP-ACM. (This PoC will not be disclosed at this time, due to the issue remaining unfixed.) Impact & Workaround ------------------- An attacker with access to the network can unlock doors without generating any log entry of the door unlock. An attacker can also prevent legitimate unlock attempts. Organizations using these devices should ensure that the network used for IP-ACM to iStar Ultra communications is not accessible to potential attackers. Timeline -------- * 2017/07/01-2017/07/14 - Issues discovered * 2017/07/19 - Issues disclosed to Software House * 2017/08/29 - Issues acknowledged & proposed fixes discussed. Informed that current hardware could not be fixed and fixes would only apply to new products. * 2017/10/19 - 90 day window elapsed in accordance with disclosure policy. * 2017/12/18 - Public disclosure. Credit ------ These issues were discovered by David Tomaschik of the Google Security Team. -- David Tomaschik Security Engineer ISA Assessments Team Google, Inc

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html. BrightSign Digital Signage (4k242) is a set of digital signage multimedia player equipment from BrightSign Company in the United States. A remote attacker could use this vulnerability to execute code by sending a 'REF' parameter to the /network_diagnostics.html or /storage_info.html webpage to execute code and steal tokens. The pages: /network_diagnostics.html /storage_info.html Suffer from a Cross-Site Scripting vulnerability. The REF parameter for these pages do not sanitize user input, resulting in arbitrary execution, token theft and related attacks. The RP parameter in STORAGE.HTML suffers from a directory traversal/information leakage weakness: /storage.html?rp=%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc Through parameter manipulation, the file system can be traversed, unauthenticated, allowing for leakage of information and compromise of the device. This page also allows for unauthenticated upload of files. /tools.html Page allows for unauthenticated rename/manipulation of files. When combined, these vulnerabilities allow for compromise of both end users and the device itself. Ex. A malicious attacker can upload a malicious page of their choosing and steal credentials, host malicious content or distribute content through the device, which accepts large format SD cards

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html. An attacker could exploit this vulnerability by using the /tools.html web page to rename and modify files. The pages: /network_diagnostics.html /storage_info.html Suffer from a Cross-Site Scripting vulnerability. The REF parameter for these pages do not sanitize user input, resulting in arbitrary execution, token theft and related attacks. The RP parameter in STORAGE.HTML suffers from a directory traversal/information leakage weakness: /storage.html?rp=%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc Through parameter manipulation, the file system can be traversed, unauthenticated, allowing for leakage of information and compromise of the device. This page also allows for unauthenticated upload of files. /tools.html Page allows for unauthenticated rename/manipulation of files. When combined, these vulnerabilities allow for compromise of both end users and the device itself. Ex. A malicious attacker can upload a malicious page of their choosing and steal credentials, host malicious content or distribute content through the device, which accepts large format SD cards

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. BrightSignDigitalSignage (4k242) is a multimedia playback device from BrightSign Corporation of the United States. A directory traversal vulnerability exists in BrightSignDigitalSignage (4k242) using 6.2.63 and earlier firmware. The pages: /network_diagnostics.html /storage_info.html Suffer from a Cross-Site Scripting vulnerability. The REF parameter for these pages do not sanitize user input, resulting in arbitrary execution, token theft and related attacks. This page also allows for unauthenticated upload of files. /tools.html Page allows for unauthenticated rename/manipulation of files. When combined, these vulnerabilities allow for compromise of both end users and the device itself. Ex. A malicious attacker can upload a malicious page of their choosing and steal credentials, host malicious content or distribute content through the device, which accepts large format SD cards

Zhejiang Yushi Technology Co., Ltd. (\"Yushi Technology\") is a video surveillance product and solution provider. A remote command execution vulnerability exists in the full version of UniviewNVR devices. The attacker can exploit the vulnerability to execute arbitrary commands because the background is not fully filtered and the user's input is directly spliced into the command.

DGND3700 / DGN2200 is a wireless router from Netgear. An information disclosure vulnerability exists in DGND3700 / DGN2200. The vulnerability is caused by a privileged page. An attacker can use this vulnerability to obtain sensitive information in the respnose annotation.

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. In multiple mail clients OpenPGP and S/MIME A plaintext message may be leaked when decrypting the message. OpenPGP and S/MIME For e-mail clients that support, it is possible to establish a channel for sending plaintext by decrypting encrypted e-mail inserted with content crafted by an attacker with the user's e-mail client. The discoverer can attack with this vulnerability "CBC/CFB gadget attack" I call it. For example HTML image By inserting a tag, the decrypted message is HTTP It may be sent as part of the request. * *CVE-2017-17688: OpenPGP CFB Attacks * *CVE-2017-17689: S/MIME CBC Attacks Some email clients also use multipart MIME Because the message is not properly separated and processed, attackers can process encrypted mail in plain text. MIME It can be included in the part. in this case, CBC/CFB gadget attack The plaintext message may be sent without executing. Detail is, <a href="https://efail.de/efail-attack-paper.pdf" target="blank"> Articles provided by the discoverer </a> Please refer to.A remote attacker may obtain plaintext from encrypted mail without the key information required for decryption. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. S/MIME is a certificate implementation for email encryption. A security vulnerability exists in S/MIME. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4244-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 13, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : thunderbird CVE ID : CVE-2017-17689 CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails. For the stable distribution (stretch), these problems have been fixed in version 1:52.9.1-1~deb9u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltI+2sACgkQEMKTtsN8 TjZXHRAAgOmSvTwwmmzxRH/4tSSpndZCFCtkHrG5PU5D3XesLGnWpNZk9aINsaU2 ih3fmEKzQgHHfAzK3d9TcGjyiI+PoVuWkVknsVqTrHd+xQtxUs7B/5Pfz5WKiYDJ QJ4NhjTgHHystYa0j2CvK28/ZoPVZgwnc/D051ChTInPWXimJI+TxpsndW/NPuaJ SphoPP34OMO2EARjrKCxiL6NRv6kD4CJv0AgoYfdO0qPXomuA8HpDAH1itd7GbRq yVJoZRnpz9dGjJSM5wyFCc1BIqmA/CMphhmqiRTuFBA+rOSEDblzfc2tg9t82CVQ caA7rF3VrYx8qmgpP3akCju+SDOEWLerFGHH1iaQ+GBqiXvduvMl/MSXCZmVZzIC 92Ko2m9kURkak4yKccEbHJ5Vh8i0oLUOc+Ee3MUUfWUblYbCcB4z34p9hRwc8u83 mmGUbsq+qWvdcd9NkekKC/ENQZt4Egb3doeEzqSkaa4uhFaQ1gGosHXGslNTCqLl 6RyeFON9Q5CWphQET+rmnlcJ8B1cSHgpG1ZTN6szlsQpiVgcRu/JYrgyzX9Y6WdY rAape6t+gsEeLOP7n9pZ/KYSadUF5CvYY/nX9H6kJO1RmG9y0A+8wAEuW+nSOMMJ vh2U09+y5XJHQqV0MMTKbnadxlyi8Oerc0zrYaoBuYhR7wmvkus= =R2OH -----END PGP SIGNATURE-----

The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification. In multiple mail clients OpenPGP and S/MIME A plaintext message may be leaked when decrypting the message. OpenPGP and S/MIME For e-mail clients that support, it is possible to establish a channel for sending plaintext by decrypting encrypted e-mail inserted with content crafted by an attacker with the user's e-mail client. The discoverer can attack with this vulnerability "CBC/CFB gadget attack" I call it. For example HTML image By inserting a tag, the decrypted message is HTTP It may be sent as part of the request. * *CVE-2017-17688: OpenPGP CFB Attacks * *CVE-2017-17689: S/MIME CBC Attacks Some email clients also use multipart MIME Because the message is not properly separated and processed, attackers can process encrypted mail in plain text. MIME It can be included in the part. in this case, CBC/CFB gadget attack The plaintext message may be sent without executing. Detail is, <a href="https://efail.de/efail-attack-paper.pdf" target="blank"> Articles provided by the discoverer </a> Please refer to.A remote attacker may obtain plaintext from encrypted mail without the key information required for decryption. OpenPGP is prone to an information disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. OpenPGP is a set of email encryption standards that supports multiple platforms

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of polymorphic access within JavaScript functions. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 11.2; Safari prior to 11.0.2; Windows-based iCloud prior to 7.2; Windows-based iTunes prior to 12.7.2; tvOS prior to 11.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-12-13-6 Additional information for APPLE-SA-2017-12-6-2 iOS 11.2 iOS 11.2 addresses the following: IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues were addressed through improved state management. CVE-2017-13847: Ian Beer of Google Project Zero IOMobileFrameBuffer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privilege Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13879: Apple IOSurface Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13861: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13862: Apple CVE-2017-13876: Ian Beer of Google Project Zero CVE-2017-13867: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2017-13833: Brandon Azad Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A type confusion issue was addressed with improved memory handling. CVE-2017-13855: Jann Horn of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13865: Ian Beer of Google Project Zero CVE-2017-13868: Brandon Azad CVE-2017-13869: Jann Horn of Google Project Zero Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Incorrect certificate is used for encryption Description: A S/MIME issue existed in the handling of encrypted email. This issue was addressed through improved selection of the encryption certificate. CVE-2017-13874: an anonymous researcher Mail Drafts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker with a privileged network position may be able to intercept mail Description: An encryption issue existed with S/MIME credetials. The issue was addressed with additional checks and user control. CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH Mail Message Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-2433: an anonymous researcher, an anonymous researcher, an anonymous researcher WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7156: an anonymous researcher CVE-2017-7157: an anonymous researcher CVE-2017-13856: Jeonghoon Shin CVE-2017-13870: an anonymous researcher CVE-2017-13866: an anonymous researcher Entry added December 13, 2017 Wi-Fi Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2, iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2, and iPod touch 6th generation Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016) and later in iOS 11.1. Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "11.2". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAloxpFkpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZl4BAA mIM4eryXVEmYPSwJFEm6vobzCLahEng05NHE5Vm8eD94T/ZS1HCnkkWwD9KVQEMT HvoZsEB+UZSQQ8VtR3zXDnRJTY1ajSC47CT5GPIZUFTpDb6QrprVEtsFqaqtO+G8 B2JpRL6OY4KRFiSQWPgjr0BaxC6oRc9LmgYByJLyQp5dNAlzhuUsGcK/Dd6NWQgH 0GOqHe/xLc4evNsJTfPKPzXTaH0BvBUOhtYJo9pof4xBxRQES4vNcJpR366eBP1z zSmQwvB9+Hkcol2Cclt+p6pPHLgqFXbd+xDVOEE1aGdlC29cIF46kKu3PGwwMUTA xSCrVGLWvwnoF5LhHKhhN3D1i35NmJcL1Fq7AF/na2POFrM3uyC8iRBKBwUeRyGG GZwPwFvRzPVXW8iVVte0qgJ4PYEwbXvh8Ju5F1U7s0g2Fvqw9XIasQeK4Uf/lvsl c9SsDQaePBbBDrskL77ZQviMW9H1p/o2KHbFNgnpJzqdTwj4eFMdp/3zmRPULFT4 jd8n0TRjI/oB7/5r89jQ+5rp3cX0Nupfq0Fvf5pl6A3t4YYUHHQGjJF6Rbgu2EPy Pn+9WOt6mHhp/e5D5Z4lLCe2q+WeeWGI425UaJC60VTXy4mwKWDQpwGpSnSDkawE Ja6XuvBRDwFQSQTbXG7vdIKPEtzHWpHY3YUHipa5XKU= =ptgx -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201801-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: January 07, 2018 Bugs: #641752 ID: 201801-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebkitGTK+, the worst of which may lead to arbitrary code execution. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.18.4:4 >= 2.18.4:4 Description =========== Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the referenced CVE Identifiers for details. Workaround ========== There are no known workarounds at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.18.4:4" References ========== [ 1 ] CVE-2017-13856 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13856 [ 2 ] CVE-2017-13866 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13866 [ 3 ] CVE-2017-13870 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13870 [ 4 ] CVE-2017-7156 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7156 [ 5 ] CVE-2017-7157 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7157 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201801-09 Concerns? ========= . =========================================================================== Ubuntu Security Notice USN-3514-1 January 03, 2018 webkit2gtk vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 17.04 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: libjavascriptcoregtk-4.0-18 2.18.4-0ubuntu0.17.10.1 libwebkit2gtk-4.0-37 2.18.4-0ubuntu0.17.10.1 Ubuntu 17.04: libjavascriptcoregtk-4.0-18 2.18.4-0ubuntu0.17.04.1 libwebkit2gtk-4.0-37 2.18.4-0ubuntu0.17.04.1 Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.18.4-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.18.4-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3514-1 CVE-2017-13856, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.4-0ubuntu0.17.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.4-0ubuntu0.17.04.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.4-0ubuntu0.16.04.1 --elmHxowxr98hwrBf4C0nQIBgQF8rioMSa--

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892. Linksys WVBR0 In OS A command injection vulnerability exists. Zero Day Initiative Does not address this vulnerability ZDI-CAN-4892 Was numbered.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. LinksysWVBR0 is a wireless network repeater device. The vulnerability stems from the failure to properly detect the user's data before the system call is executed. Linksys WVBR0-25 is vulnerable; other versions may also be affected

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to multiple memory corruption vulnerabilities. Failed exploit attempts may result in a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 11.2; Safari prior to 11.0.2; Windows-based iCloud prior to 7.2; Windows-based iTunes prior to 12.7.2; tvOS prior to 11.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-12-13-6 Additional information for APPLE-SA-2017-12-6-2 iOS 11.2 iOS 11.2 addresses the following: IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues were addressed through improved state management. CVE-2017-13847: Ian Beer of Google Project Zero IOMobileFrameBuffer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privilege Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13879: Apple IOSurface Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13861: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13862: Apple CVE-2017-13876: Ian Beer of Google Project Zero CVE-2017-13867: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2017-13833: Brandon Azad Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A type confusion issue was addressed with improved memory handling. CVE-2017-13855: Jann Horn of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13865: Ian Beer of Google Project Zero CVE-2017-13868: Brandon Azad CVE-2017-13869: Jann Horn of Google Project Zero Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Incorrect certificate is used for encryption Description: A S/MIME issue existed in the handling of encrypted email. This issue was addressed through improved selection of the encryption certificate. CVE-2017-13874: an anonymous researcher Mail Drafts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker with a privileged network position may be able to intercept mail Description: An encryption issue existed with S/MIME credetials. The issue was addressed with additional checks and user control. CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH Mail Message Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-2433: an anonymous researcher, an anonymous researcher, an anonymous researcher WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7156: an anonymous researcher CVE-2017-7157: an anonymous researcher CVE-2017-13856: Jeonghoon Shin CVE-2017-13870: an anonymous researcher CVE-2017-13866: an anonymous researcher Entry added December 13, 2017 Wi-Fi Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2, iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2, and iPod touch 6th generation Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016) and later in iOS 11.1. Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "11.2". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAloxpFkpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZl4BAA mIM4eryXVEmYPSwJFEm6vobzCLahEng05NHE5Vm8eD94T/ZS1HCnkkWwD9KVQEMT HvoZsEB+UZSQQ8VtR3zXDnRJTY1ajSC47CT5GPIZUFTpDb6QrprVEtsFqaqtO+G8 B2JpRL6OY4KRFiSQWPgjr0BaxC6oRc9LmgYByJLyQp5dNAlzhuUsGcK/Dd6NWQgH 0GOqHe/xLc4evNsJTfPKPzXTaH0BvBUOhtYJo9pof4xBxRQES4vNcJpR366eBP1z zSmQwvB9+Hkcol2Cclt+p6pPHLgqFXbd+xDVOEE1aGdlC29cIF46kKu3PGwwMUTA xSCrVGLWvwnoF5LhHKhhN3D1i35NmJcL1Fq7AF/na2POFrM3uyC8iRBKBwUeRyGG GZwPwFvRzPVXW8iVVte0qgJ4PYEwbXvh8Ju5F1U7s0g2Fvqw9XIasQeK4Uf/lvsl c9SsDQaePBbBDrskL77ZQviMW9H1p/o2KHbFNgnpJzqdTwj4eFMdp/3zmRPULFT4 jd8n0TRjI/oB7/5r89jQ+5rp3cX0Nupfq0Fvf5pl6A3t4YYUHHQGjJF6Rbgu2EPy Pn+9WOt6mHhp/e5D5Z4lLCe2q+WeeWGI425UaJC60VTXy4mwKWDQpwGpSnSDkawE Ja6XuvBRDwFQSQTbXG7vdIKPEtzHWpHY3YUHipa5XKU= =ptgx -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201801-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: January 07, 2018 Bugs: #641752 ID: 201801-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebkitGTK+, the worst of which may lead to arbitrary code execution. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.18.4:4 >= 2.18.4:4 Description =========== Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the referenced CVE Identifiers for details. Workaround ========== There are no known workarounds at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.18.4:4" References ========== [ 1 ] CVE-2017-13856 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13856 [ 2 ] CVE-2017-13866 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13866 [ 3 ] CVE-2017-13870 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13870 [ 4 ] CVE-2017-7156 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7156 [ 5 ] CVE-2017-7157 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7157 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201801-09 Concerns? ========= . =========================================================================== Ubuntu Security Notice USN-3514-1 January 03, 2018 webkit2gtk vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 17.04 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: libjavascriptcoregtk-4.0-18 2.18.4-0ubuntu0.17.10.1 libwebkit2gtk-4.0-37 2.18.4-0ubuntu0.17.10.1 Ubuntu 17.04: libjavascriptcoregtk-4.0-18 2.18.4-0ubuntu0.17.04.1 libwebkit2gtk-4.0-37 2.18.4-0ubuntu0.17.04.1 Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.18.4-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.18.4-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3514-1 CVE-2017-13856, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.4-0ubuntu0.17.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.4-0ubuntu0.17.04.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.4-0ubuntu0.16.04.1 --elmHxowxr98hwrBf4C0nQIBgQF8rioMSa--

An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch to obtain an encryption key and unlock a door. of the United States. The former is a set of operating systems developed for mobile devices; the latter is a set of smart TV operating systems. HomeKit is one of the smart home platform components. Security bypass bypass exists in AppleKit versions prior to iOS 11.2.1 and HomeKit components in versions prior to tvOS 11.2.1. Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-12-13-1 iOS 11.2.1 iOS 11.2.1 is now available and addresses the following: HomeKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to unexpectedly alter application state Description: A message handling issue was addressed with improved input validation. CVE-2017-13903: Tian Zhang Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "11.2.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAloxbW0pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEaQMw/7 B8AJYxkCRVbT+E+UD3bcbK/TnG/xCLEE/GLzJwRrTUWiqoedjI5UUAivKO4C/Jro nTqPCU1+VRNKJKWno6qsscYOoCezuLVU4aI6eQejj9WlmHrnjBBEfPjnxDYnGNfo 1d/hLcWtozteLtbFc/CQVa2zmsgn6jrbVWSL6rqX1jnwtDBLcm18bh9xga8j7drC +HjhmvCzdndJczPA2ezwnm/8381LGt87XQ2b2nQNu5qqIb43oU/dyxIihusgD2lK In3BylVApHyKoWnvtgsmuBvzPYNiGwLQOuXwSkrZEB26jyWJQT3ppsaZvdCvQGVa KOS5EjHmb1DnL7wll+OKNml9XKQ/qqSovcC1dfrUSXt4FgOVPTwUqSVHai3I+Dyk gVDsjsBojjbok/cLGd7zL+UeOLAjWRjCN4d7T/dSXudXtWhOatg+DeO/mvDtooLl b6+ay9UdG+Lqb7Ql6M03ajtdxg1aUkvZv6eNkrpVO8PrSadngEmPcnCOvJ/Q4XNz 9loq6CyVTpLQKcrwKFW6ouyjHPO95lYy8PGqMhkICz8WAyTSpNj7DC5B7wMQL+b0 zJfX1rgJjOW80gOn3YHrbDtKrK09LelFnFZd9J5hmN58uhtS/uYcStwoOzRLl9SZ xH7ulIi3W7rfXwyORO6M5ush9JHcoIl61UAGPADvp0k= =rlI9 -----END PGP SIGNATURE-----

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Node objects. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. WebKit is prone to multiple memory corruption vulnerabilities. Failed exploit attempts may result in a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 11.2; Safari prior to 11.0.2; Windows-based iCloud prior to 7.2; Windows-based iTunes prior to 12.7.2; tvOS prior to 11.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-12-13-6 Additional information for APPLE-SA-2017-12-6-2 iOS 11.2 iOS 11.2 addresses the following: IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues were addressed through improved state management. CVE-2017-13847: Ian Beer of Google Project Zero IOMobileFrameBuffer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privilege Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13879: Apple IOSurface Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13861: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13862: Apple CVE-2017-13876: Ian Beer of Google Project Zero CVE-2017-13867: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2017-13833: Brandon Azad Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A type confusion issue was addressed with improved memory handling. CVE-2017-13855: Jann Horn of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13865: Ian Beer of Google Project Zero CVE-2017-13868: Brandon Azad CVE-2017-13869: Jann Horn of Google Project Zero Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Incorrect certificate is used for encryption Description: A S/MIME issue existed in the handling of encrypted email. This issue was addressed through improved selection of the encryption certificate. CVE-2017-13874: an anonymous researcher Mail Drafts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker with a privileged network position may be able to intercept mail Description: An encryption issue existed with S/MIME credetials. The issue was addressed with additional checks and user control. CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH Mail Message Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-2433: an anonymous researcher, an anonymous researcher, an anonymous researcher WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7156: an anonymous researcher CVE-2017-7157: an anonymous researcher CVE-2017-13856: Jeonghoon Shin CVE-2017-13870: an anonymous researcher CVE-2017-13866: an anonymous researcher Entry added December 13, 2017 Wi-Fi Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2, iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2, and iPod touch 6th generation Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016) and later in iOS 11.1. Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "11.2". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAloxpFkpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZl4BAA mIM4eryXVEmYPSwJFEm6vobzCLahEng05NHE5Vm8eD94T/ZS1HCnkkWwD9KVQEMT HvoZsEB+UZSQQ8VtR3zXDnRJTY1ajSC47CT5GPIZUFTpDb6QrprVEtsFqaqtO+G8 B2JpRL6OY4KRFiSQWPgjr0BaxC6oRc9LmgYByJLyQp5dNAlzhuUsGcK/Dd6NWQgH 0GOqHe/xLc4evNsJTfPKPzXTaH0BvBUOhtYJo9pof4xBxRQES4vNcJpR366eBP1z zSmQwvB9+Hkcol2Cclt+p6pPHLgqFXbd+xDVOEE1aGdlC29cIF46kKu3PGwwMUTA xSCrVGLWvwnoF5LhHKhhN3D1i35NmJcL1Fq7AF/na2POFrM3uyC8iRBKBwUeRyGG GZwPwFvRzPVXW8iVVte0qgJ4PYEwbXvh8Ju5F1U7s0g2Fvqw9XIasQeK4Uf/lvsl c9SsDQaePBbBDrskL77ZQviMW9H1p/o2KHbFNgnpJzqdTwj4eFMdp/3zmRPULFT4 jd8n0TRjI/oB7/5r89jQ+5rp3cX0Nupfq0Fvf5pl6A3t4YYUHHQGjJF6Rbgu2EPy Pn+9WOt6mHhp/e5D5Z4lLCe2q+WeeWGI425UaJC60VTXy4mwKWDQpwGpSnSDkawE Ja6XuvBRDwFQSQTbXG7vdIKPEtzHWpHY3YUHipa5XKU= =ptgx -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201801-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: January 07, 2018 Bugs: #641752 ID: 201801-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebkitGTK+, the worst of which may lead to arbitrary code execution. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.18.4:4 >= 2.18.4:4 Description =========== Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the referenced CVE Identifiers for details. Workaround ========== There are no known workarounds at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.18.4:4" References ========== [ 1 ] CVE-2017-13856 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13856 [ 2 ] CVE-2017-13866 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13866 [ 3 ] CVE-2017-13870 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13870 [ 4 ] CVE-2017-7156 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7156 [ 5 ] CVE-2017-7157 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7157 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201801-09 Concerns? ========= . =========================================================================== Ubuntu Security Notice USN-3514-1 January 03, 2018 webkit2gtk vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 17.04 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: libjavascriptcoregtk-4.0-18 2.18.4-0ubuntu0.17.10.1 libwebkit2gtk-4.0-37 2.18.4-0ubuntu0.17.10.1 Ubuntu 17.04: libjavascriptcoregtk-4.0-18 2.18.4-0ubuntu0.17.04.1 libwebkit2gtk-4.0-37 2.18.4-0ubuntu0.17.04.1 Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.18.4-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.18.4-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3514-1 CVE-2017-13856, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.4-0ubuntu0.17.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.4-0ubuntu0.17.04.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.4-0ubuntu0.16.04.1 --elmHxowxr98hwrBf4C0nQIBgQF8rioMSa--

An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates. Apple iCloud/iTunes are prone to a security bypass vulnerability. Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions. Apple iCloud for Windows is a cloud service based on the Windows platform, which supports storage of music, photos, Apps and contacts, etc. A remote attacker could exploit this vulnerability to track users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-12-13-3 iCloud for Windows 7.2 iCloud for Windows 7.2 is now available and addresses the following: APNs Server Available for: Windows 7 and later Impact: An attacker in a privileged network position can track a user Description: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol. CVE-2017-13864: FURIOUSMAC Team of United States Naval Academy WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7156: an anonymous researcher CVE-2017-7157: an anonymous researcher CVE-2017-13856: Jeonghoon Shin CVE-2017-13870: an anonymous researcher CVE-2017-13866: an anonymous researcher Installation note: iCloud for Windows 7.2 may be obtained from: https://support.apple.com/HT204283 Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAloxnUIpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEaAFBAA j1labMyPbFVE/pyYnyry4oO7ngi1PbCs0llErrZUYflZ6X2S32WE4y0wT4VPQqxQ Ew4/bzqTCtlcFEt0oeqNFicfuau6ti63+vct+yD7cTPJeA4Gk9U6uPFalmINUOfA X+8z/6L7eONrI4TKBtOMf3B67blOQdFLG3jOIuyHV7v4GWwbLLuZ6meBAhn3Q+K5 MWP79j7UKYJi2qCYOyafyO+WWU1P0h4LSooer4fDkp8jA5c17TylUhWjv4xJvrOD FGerSvQFC+fp+9ehD2UozXN+smQcYKKaHxp2ZIxU+p9KdeXtgW3cZMuU1kMY3A88 QqLLsXKHJF0+y2YMu6/0dZBNNsiATQ42RbCAot7uo1cEgei64jBsxPC2piHqsxSA wU9hjrqPMweRh64oPC8AOlR4NOAndSmUwEEosIibe/++Na8jyMwXYQh3pgilFIY7 6UfO0ZPP4f5ZWDnu0BDMwR8NFwyHn29tJbYqPVJ3/BZ8SrTHfozrJVXJzwmyeyw7 gd3UU6cTu43Z5x2/uenWYZltymptzfV/x1A7TuqpYD5IMjZDZWnBaQ2AkdWDdj3K wTjVzGtk66lo8L+n58eypJNKbgZ+KowEVMNRUh7HjcBeXod6F9u8hyBhkE4vsj63 7bIP0UwSnZ8RFUf+T4xqciQ72grjhlk+3ykt3xs6h4Q= =MPzc -----END PGP SIGNATURE-----

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Vendors have scripted this vulnerability It has been released as “Engine Memory Corruption Vulnerability”. This vulnerability CVE-2017-11886 , CVE-2017-11889 , CVE-2017-11890 , CVE-2017-11893 , CVE-2017-11894 , CVE-2017-11895 , CVE-2017-11901 , CVE-2017-11905 , CVE-2017-11907 , CVE-2017-11908 , CVE-2017-11909 , CVE-2017-11910 , CVE-2017-11911 , CVE-2017-11912 , CVE-2017-11913 , CVE-2017-11914 , CVE-2017-11916 , CVE-2017-11918 ,and CVE-2017-11930 Is a different vulnerability.An attacker could gain the same user rights as the current user. Router DNS The dynamic registration / update function is enabled and the client PC In the network where the auto-detection function is enabled in "wpad" If a device with the host name is added to the network, the contents of the communication may be obtained or altered. Used in home and office (Google WiFi And Ubiquiti UniFi General including etc. ) In routers, often DNS Dynamic registration / update function is used. DNS Dynamic registration / update function DHCP Use the host name sent from the client side in the request as it is A Records are automatically registered / updated. An attacker with access to the network "wpad" And "isatap" A device with a host name of DNS By registering with, you may attract access to the device and attack it. Also, the discoverer mDNS Clients in the network without using a router PC In "wpad" And "isatap" It is confirmed that it can be accessed in combination with the automatic detection function. WPAD About proxy auto-configuration by so-called Nora DHCP Server or higher DNS On the server <a href="https://googleprojectzero.blogspot.fi/2017/12/apacolypse-now-exploiting-windows-10-in_18.html"target="blank"> Has been considered a problem </a> But, LAN/WLAN There was no mention of the internal auto-configuration function. This problem, Arctic Security Company Ossi Salmi , Mika Seppanen , Marko Laakso , Kasper Kyllonen Discovered and verified by NCSC-FI Made adjustments.In an internal network, an attacker "wpad" If a device with the host name is added to the network, the device can be used as an attack proxy, and as a result, the contents of the communication may be obtained or altered. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 9, 10 and 11 are vulnerable

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a "ROBOT attack". The CiscoASA family of security appliances protects corporate networks of all sizes. It allows users to use any device, anytime, anywhere for highly secure data access. The Cisco Application Control Engine Module (ACE) family of products for the Cisco Catalyst\302\256 6500 delivers the highest levels of application infrastructure control, application performance, application security, and infrastructure simplicity. The Cisco Next-Generation Firewall ASA and the Cisco Application Control Engine ACE have information disclosure vulnerabilities that allow attackers to exploit man-in-the-middle attacks and obtain sensitive information. A successful attack can help to implement further attacks. Multiple Cisco Products are prone to multiple information-disclosure vulnerabilities. These issues are being tracked by Cisco Bug ID's CSCvg74693 and CSCvg97652. Cavium Nitrox SSL is a security processor for Nitrox. Nitrox V SSL SSL is a security processor for Nitrox V SSL. TurboSSL software development kits (SDKs) are a set of software development kits. A remote attacker could exploit this vulnerability by sending a specially crafted TLS message to the device to decrypt TLS ciphertext data

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. Fortinet FortiManager and FortiAnalyzer Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiManager and FortiAnalyzer are prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. The following products are affected: FortiManager 6.0.0, 5.6.4 and prior FortiAnalyzer 6.0.0, 5.6.4 and prior. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution. Cross-site scripting vulnerabilities exist in Fortinet FortiManager 6.0.0, 5.6.4 and earlier versions and FortiAnalyzer 6.0.0, 5.6.4 and earlier versions

SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application. SAP Netweaver is prone to a vulnerability that lets attackers inject and execute arbitrary code. Successful exploits may allow an attacker to inject and run arbitrary code or obtain sensitive information that may aid in further attacks. Failed exploit attempts may result in a denial-of-service condition

Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application. plural SAP The product contains a server-side request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAP NetWeaver is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks