VARIoT IoT vulnerabilities database

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing.CVE- 2020-26556 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26555 Affected Vendor Statement: Android has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26557 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26558 Affected Vendor Statement: Android has reviewed this report and assessed this vulnerability as having impact on Android OS. We will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26559 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26560 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. VU#799380.5 Affected Vendor Statement: Our assessment of this report is that it is of negligible security impact on Android.CVE- 2020-26556 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26555 Affected Vendor Statement: Android has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26557 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26558 Affected Vendor Statement: Android has reviewed this report and assessed this vulnerability as having impact on Android OS. We will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26559 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26560 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. VU#799380.5 Affected Vendor Statement: Our assessment of this report is that it is of negligible security impact on Android. Bluetooth Core Specification There is an authentication vulnerability in.Information may be obtained and information may be tampered with. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4951-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 07, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bluez CVE ID : CVE-2020-26558 CVE-2020-27153 CVE-2021-0129 Debian Bug : 989614 Several vulnerabilities were discovered in Bluez, the Linux Bluetooth protocol stack. For the stable distribution (buster), these problems have been fixed in version 5.50-1.2~deb10u2. We recommend that you upgrade your bluez packages. For the detailed security status of bluez please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bluez Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmEO1iRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QF3xAAkSvKZRi8690yAgH6kahX0wdjgjw6bwEm4AIisUYPcnmTe+eXWo65amXD Gu5RDkjJdwZuiOhjYuEQp/g79f2jRna1gtYhTrErO4G/W2ma8GF/R0ligiDAeUka wrzk5bpY1eeCbyI/EmMSAZdxOYgjoPgsA6Dqj9aRAhfHIJskCBg08KDm3XxAG/ZK 2rZpv/tHw6JU4WcSsyefY1ocPiUe1vcqH7m/cjgpYfW+0YhE01/khdWibNVXpXkl wwULv2HTXBMPY5xJb++3qcCNve1YZwNSpnfqsaoxdWmRvFYoWZHt231dr3GHZmUn GZ5h7Aaf7Ej7WtQ3TwIXNL5j46ibynxIL277Xqf3Ro1w/7qS0upY2NjkFCy4D24K slWJwm2+pWxrXypNnVNTVO7iWmM498MBaA7qQjtQyrFMulv9nY6WlVIxoVmQwUww mbDO/Lmghmwn7Y8cw9oWZ1+NpQg7wcsdDf0nfz59yAsiJoRoPv7ukXimYedL1lLJ ANS0M+ZQgKy1q9qKknD4LIHAZm6vN62/bU2WWLNErlB5mVuRxsEGuSb3Q1DwQzju akUX8tJemcOLif1aXRjut6isjr5w1lSj4WM4vNlFt/ncADwaWlLV/FzFnyViiw1v AlcVMh2v2aCa6kz1vTY+GCTq+qaBjzqvzeK/raepFbDgEzrIQQI= =Xh4j -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: BlueZ: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #797712, #835077 ID: 202209-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution. Background ========== BlueZ is the canonical bluetooth tools and system daemons package for Linux. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-wireless/bluez < 5.63 >= 5.63 Description =========== Multiple vulnerabilities have been discovered in BlueZ. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All BlueZ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-wireless/bluez-5.63" References ========== [ 1 ] CVE-2020-26558 https://nvd.nist.gov/vuln/detail/CVE-2020-26558 [ 2 ] CVE-2021-0129 https://nvd.nist.gov/vuln/detail/CVE-2021-0129 [ 3 ] CVE-2021-3588 https://nvd.nist.gov/vuln/detail/CVE-2021-3588 [ 4 ] CVE-2022-0204 https://nvd.nist.gov/vuln/detail/CVE-2022-0204 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202209-16 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Software Description: - bluez: Bluetooth tools and daemons Details: It was discovered that BlueZ incorrectly checked certain permissions when pairing. (CVE-2020-26558) Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-27153) Ziming Zhang discovered that BlueZ incorrectly handled certain array indexes. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. ========================================================================== Ubuntu Security Notice USN-5050-1 August 24, 2021 linux-aws-5.8, linux-azure-5.8, linux-gcp-5.8, linux-oracle-5.8 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-aws-5.8: Linux kernel for Amazon Web Services (AWS) systems - linux-azure-5.8: Linux kernel for Microsoft Azure cloud systems - linux-gcp-5.8: Linux kernel for Google Cloud Platform (GCP) systems - linux-oracle-5.8: Linux kernel for Oracle Cloud systems Details: It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129) Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-28691) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3564) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device detach events, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3573) It was discovered that the NFC implementation in the Linux kernel did not properly handle failed connect events leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2021-38208) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linux-image-5.8.0-1038-oracle 5.8.0-1038.39~20.04.1 linux-image-5.8.0-1039-gcp 5.8.0-1039.41 linux-image-5.8.0-1040-azure 5.8.0-1040.43~20.04.1 linux-image-5.8.0-1042-aws 5.8.0-1042.44~20.04.1 linux-image-aws 5.8.0.1042.44~20.04.14 linux-image-azure 5.8.0.1040.43~20.04.12 linux-image-gcp 5.8.0.1039.14 linux-image-oracle 5.8.0.1038.39~20.04.14 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5050-1 CVE-2020-26558, CVE-2021-0129, CVE-2021-28691, CVE-2021-3564, CVE-2021-3573, CVE-2021-38208 Package Information: https://launchpad.net/ubuntu/+source/linux-aws-5.8/5.8.0-1042.44~20.04.1 https://launchpad.net/ubuntu/+source/linux-azure-5.8/5.8.0-1040.43~20.04.1 https://launchpad.net/ubuntu/+source/linux-gcp-5.8/5.8.0-1039.41 https://launchpad.net/ubuntu/+source/linux-oracle-5.8/5.8.0-1038.39~20.04.1

Ruijie Networks Co., Ltd. is a data communication solution provider. RG-BCR810W has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Ruijie Networks Co., Ltd. is a data communication solution provider. Ruijie Networks Co., Ltd. NBR router has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centric intelligent IoT solution provider and operation service provider. Based on technological innovation, it provides end-to-end video surveillance solutions, systems and services. Zhejiang Dahua camera has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Fuji Xerox (China) Co., Ltd. was established on January 3, 1995. Its business scope includes investment in the document processing industry; research, consulting, market research and training on products and technologies related to document processing; production document processing Products; assist them in importing their own products, equipment, components, and selling products to provide after-sales service and technical support. The digital multifunction machine has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Samsung (China) Investment Co., Ltd. is the headquarters of Samsung Group in China. As of the end of 2008, 20 of Samsung's more than 30 companies have invested in China, including Samsung Electronics, Samsung SDI, Samsung SDS, and Samsung Electro-Mechanics. Samsung SL-J2920W, Samsung SL-J1560W Series, and Samsung SL-J3560FW have an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.

D-Link Electronic Equipment (Shanghai) Co., Ltd. is a company mainly engaged in network equipment, wireless equipment, switches and other projects. DHP-W310AV has an unauthorized access vulnerability, and attackers can use the leak to obtain sensitive information.

The business of Huawei Technologies Co., Ltd. includes switches, transmission equipment, data communication equipment, broadband multimedia equipment, power supplies, wireless communication equipment, microelectronics products, software, etc. Huawei Technologies Co., Ltd. S7706 and S9303 have a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Youku Roubao is a smart router. Youku Lubao has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

ONU EB01 is a router product. Cianet ONU EB01 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Shenzhen Baoruiming Technology Co., Ltd. is a high-tech camera manufacturer integrating R&D, manufacturing, sales and service. It provides high-quality products based on HiSilicon smart hardware such as face recognition and live detection for global users. Shenzhen Baoruiming Technology Co., Ltd. WEB IPCAMERA has a logic defect vulnerability. Attackers can use vulnerabilities to modify data packets by capturing packets, log in to the background, and obtain sensitive information.

FameView configuration software is a high-performance configuration monitoring software independently researched and developed by Beijing Jiekong Co., Ltd. with many years of engineering application and service experience, based on the Windows operating system, and provides economical and complete automation solutions. Beijing Jiekong FameView configuration software has a memory corruption vulnerability. Attackers can use this vulnerability to cause the program to crash.

Xpon-ONU is a router. Xpon-ONU has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

TP-LINK TL-WR840N is a wireless router with 13 channels and supports VPN function. TP-LINK WR840N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Shenzhen Heweishun Network Technology Co., Ltd. provides high-speed, safe, and easy-to-maintain network equipment products and solutions for global small and medium-sized enterprises. Shenzhen Heweishun Network Technology Co., Ltd. enterprise-level router has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

Founded in 1987, Huawei is the world's leading provider of ICT (information and communications) infrastructure and smart terminals. HUAWEI Secoway USG5120 has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

Founded in 1987, Huawei is the world's leading provider of ICT (information and communications) infrastructure and smart terminals. HUAWEI Secoway USG2110-F has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTP_USER_AGENT;' with an OS command in the User-Agent field. This affects GC108P before 1.0.7.3, GC108PP before 1.0.7.3, GS108Tv3 before 7.0.6.3, GS110TPPv1 before 7.0.6.3, GS110TPv3 before 7.0.6.3, GS110TUPv1 before 1.0.4.3, GS710TUPv1 before 1.0.4.3, GS716TP before 1.0.2.3, GS716TPP before 1.0.2.3, GS724TPPv1 before 2.0.4.3, GS724TPv2 before 2.0.4.3, GS728TPPv2 before 6.0.6.3, GS728TPv2 before 6.0.6.3, GS752TPPv1 before 6.0.6.3, GS752TPv2 before 6.0.6.3, MS510TXM before 1.0.2.3, and MS510TXUP before 1.0.2.3. This affects GC108P prior to 1.0.7.3, GC108PP prior to 1.0.7.3, GS108Tv3 prior to 7.0.6.3, GS110TPPv1 prior to 7.0.6.3, GS110TPv3 prior to 7.0.6.3, GS110TUPv1 prior to 1.0.4.3, GS710TUPv1 prior to 1.0.4.3, GS716TP prior to 1.0.2.3, GS716TPP prior to 1.0.2.3, GS724TPPv1 prior to 2.0.4.3, GS724TPv2 prior to 2.0.4.3, GS728TPPv2 prior to 6.0.6.3, GS728TPv2 prior to 6.0.6.3, GS752TPPv1 prior to 6.0.6.3, GS752TPv2 prior to 6.0.6.3, MS510TXM prior to 1.0.2.3, and MS510TXUP prior to 1.0.2.3

In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak. Trusted Firmware-M Is vulnerable to a lack of free memory after expiration.Denial of service (DoS) It may be put into a state. Acorn Trusted Firmware-M (TFM) is an open source software from Acorn Company in the UK, which runs in a hardware-isolated security environment and provides security services. There are security vulnerabilities in Trusted Firmware-M 1.3.0 and earlier versions, which can lead to memory leaks

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. libwebp Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Versions of libwebp prior to 1.0.1 have security vulnerabilities. For the stable distribution (buster), these problems have been fixed in version 0.6.1-2+deb10u1. We recommend that you upgrade your libwebp packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7 iOS 14.7 and iPadOS 14.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212601. iOS 14.7 released July 19, 2021; iPadOS 14.7 released July 21, 2021 ActionKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A shortcut may be able to bypass Internet permission requirements Description: An input validation issue was addressed with improved input validation. CVE-2021-30763: Zachary Keffaber (@QuickUpdate5) Audio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30781: tr3e AVEVideoEncoder Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30748: George Nosenko CoreAudio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A logic issue was addressed with improved validation. CVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab CoreGraphics Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A race condition was addressed with improved state handling. CVE-2021-30786: ryuzaki CoreText Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30789: Mickey Jin (@patch1t) of Trend Micro, Sunglin of Knownsec 404 team Crash Reporter Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2021-30774: Yizhuo Wang of Group of Software Security In Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University CVMS Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to gain root privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video Communications dyld Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved validation. CVE-2021-30768: Linus Henze (pinauten.de) Find My Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to access Find My data Description: A permissions issue was addressed with improved validation. CVE-2021-30804: Csaba Fitzl (@theevilbit) of Offensive Security FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2021-30760: Sunglin of Knownsec 404 team FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day Initiative Identity Service Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2021-30773: Linus Henze (pinauten.de) Image Processing Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30802: Matthew Denton of Google Chrome Security ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30779: Jzhu, Ye Zhang(@co0py_Cat) of Baidu Security ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30785: CFF of Topsec Alpha Team, Mickey Jin (@patch1t) of Trend Micro Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved state management. CVE-2021-30769: Linus Henze (pinauten.de) Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A logic issue was addressed with improved validation. CVE-2021-30770: Linus Henze (pinauten.de) libxml2 Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-3518 Measure Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Multiple issues in libwebp Description: Multiple issues were addressed by updating to version 1.2.0. CVE-2018-25010 CVE-2018-25011 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: A logic issue was addressed with improved validation. CVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-30792: Anonymous working with Trend Micro Zero Day Initiative Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30791: Anonymous working with Trend Micro Zero Day Initiative TCC Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2021-30798: Mickey Jin (@patch1t) of Trend Micro WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. CVE-2021-30758: Christoph Guttandin of Media Codings WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30795: Sergei Glazunov of Google Project Zero WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to code execution Description: This issue was addressed with improved checks. CVE-2021-30797: Ivan Fratric of Google Project Zero WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30799: Sergei Glazunov of Google Project Zero Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30800: vm_call, Nozhdar Abdulkhaleq Shukri Additional recognition Assets We would like to acknowledge Cees Elzinga for their assistance. CoreText We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance. Safari We would like to acknowledge an anonymous researcher for their assistance. Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About * The version after applying this update will be "14.7" Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmD4r8YACgkQZcsbuWJ6 jjB5LBAAkEy25fNpo8rg42bsyJwWsSQQxPN79JFxQ6L8tqdsM+MZk86dUKtsRQ47 mxarMf4uBwiIOtrGSCGHLIxXAzLqPY47NDhO+ls0dVxGMETkoR/287AeLnw2ITh3 DM0H/pco4hRhPh8neYTMjNPMAgkepx+r7IqbaHWapn42nRC4/2VkEtVGltVDLs3L K0UQP0cjy2w9KvRF33H3uKNCaCTJrVkDBLKWC7rPPpomwp3bfmbQHjs0ixV5Y8l5 3MfNmCuhIt34zAjVELvbE/PUXgkmsECbXHNZOct7ZLAbceneVKtSmynDtoEN0ajM JiJ6j+FCtdfB3xHk3cHqB6sQZm7fDxdK3z91MZvSZwwmdhJeHD/TxcItRlHNOYA1 FSi0Q954DpIqz3Fs4DGE7Vwz0g5+o5qup8cnw9oLXBdqZwWANuLsQlHlioPbcDhl r1DmwtghmDYFUeSMnzHu/iuRepEju+BRMS3ybCm5j+I3kyvAV8pyvqNNRLfJn+w+ Wl/lwXTtXbgsNPR7WJCBJffxB0gOGZaIG1blSGCY89t2if0vD95R5sRsrnaxuqWc qmtRdBfbmjxk/G+6t1sd4wFglTNovHiLIHXh17cwdIWMB35yFs7VA35833/rF4Oo jOF1D12o58uAewxAsK+cTixe7I9U5Awkad2Jz19V3qHnRWGqtVg\x8e1h -----END PGP SIGNATURE----- . Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor 3. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload 1979134 - Placeholder bug for OCP 4.6.0 extras release 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: libwebp security update Advisory ID: RHSA-2021:2260-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2260 Issue date: 2021-06-07 CVE Names: CVE-2018-25011 CVE-2020-36328 CVE-2020-36329 ===================================================================== 1. Summary: An update for libwebp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libwebp-0.3.0-10.el7_9.src.rpm x86_64: libwebp-0.3.0-10.el7_9.i686.rpm libwebp-0.3.0-10.el7_9.x86_64.rpm libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm libwebp-devel-0.3.0-10.el7_9.i686.rpm libwebp-devel-0.3.0-10.el7_9.x86_64.rpm libwebp-java-0.3.0-10.el7_9.x86_64.rpm libwebp-tools-0.3.0-10.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libwebp-0.3.0-10.el7_9.src.rpm x86_64: libwebp-0.3.0-10.el7_9.i686.rpm libwebp-0.3.0-10.el7_9.x86_64.rpm libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm libwebp-devel-0.3.0-10.el7_9.i686.rpm libwebp-devel-0.3.0-10.el7_9.x86_64.rpm libwebp-java-0.3.0-10.el7_9.x86_64.rpm libwebp-tools-0.3.0-10.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libwebp-0.3.0-10.el7_9.src.rpm ppc64: libwebp-0.3.0-10.el7_9.ppc.rpm libwebp-0.3.0-10.el7_9.ppc64.rpm libwebp-debuginfo-0.3.0-10.el7_9.ppc.rpm libwebp-debuginfo-0.3.0-10.el7_9.ppc64.rpm ppc64le: libwebp-0.3.0-10.el7_9.ppc64le.rpm libwebp-debuginfo-0.3.0-10.el7_9.ppc64le.rpm s390x: libwebp-0.3.0-10.el7_9.s390.rpm libwebp-0.3.0-10.el7_9.s390x.rpm libwebp-debuginfo-0.3.0-10.el7_9.s390.rpm libwebp-debuginfo-0.3.0-10.el7_9.s390x.rpm x86_64: libwebp-0.3.0-10.el7_9.i686.rpm libwebp-0.3.0-10.el7_9.x86_64.rpm libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libwebp-debuginfo-0.3.0-10.el7_9.ppc.rpm libwebp-debuginfo-0.3.0-10.el7_9.ppc64.rpm libwebp-devel-0.3.0-10.el7_9.ppc.rpm libwebp-devel-0.3.0-10.el7_9.ppc64.rpm libwebp-java-0.3.0-10.el7_9.ppc64.rpm libwebp-tools-0.3.0-10.el7_9.ppc64.rpm ppc64le: libwebp-debuginfo-0.3.0-10.el7_9.ppc64le.rpm libwebp-devel-0.3.0-10.el7_9.ppc64le.rpm libwebp-java-0.3.0-10.el7_9.ppc64le.rpm libwebp-tools-0.3.0-10.el7_9.ppc64le.rpm s390x: libwebp-debuginfo-0.3.0-10.el7_9.s390.rpm libwebp-debuginfo-0.3.0-10.el7_9.s390x.rpm libwebp-devel-0.3.0-10.el7_9.s390.rpm libwebp-devel-0.3.0-10.el7_9.s390x.rpm libwebp-java-0.3.0-10.el7_9.s390x.rpm libwebp-tools-0.3.0-10.el7_9.s390x.rpm x86_64: libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm libwebp-devel-0.3.0-10.el7_9.i686.rpm libwebp-devel-0.3.0-10.el7_9.x86_64.rpm libwebp-java-0.3.0-10.el7_9.x86_64.rpm libwebp-tools-0.3.0-10.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libwebp-0.3.0-10.el7_9.src.rpm x86_64: libwebp-0.3.0-10.el7_9.i686.rpm libwebp-0.3.0-10.el7_9.x86_64.rpm libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm libwebp-devel-0.3.0-10.el7_9.i686.rpm libwebp-devel-0.3.0-10.el7_9.x86_64.rpm libwebp-java-0.3.0-10.el7_9.x86_64.rpm libwebp-tools-0.3.0-10.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-25011 https://access.redhat.com/security/cve/CVE-2020-36328 https://access.redhat.com/security/cve/CVE-2020-36329 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYL4OxtzjgjWX9erEAQi1Yw//ZajpWKH7bKTBXifw2DXrc61fOReKCwR9 sQ/djSkMMo+hwhFNtqq9zHDmI81tuOzBRgzA0FzA6qeNZGzsJmNX/RrNgnep9um7 X08Dvb6+5VuHWBrrBv26wV5wGq/t2VKgGXSoJi6CDDDRlLn/RiAJzuZqhdhp3Ijn xBHIDIEYoNTYoDvbvZUVhY1kRKJ2sr3UxjcWPqDCNZdu51Z8ssW5up/Uh3NaY8yv iB7PIoIHrtBD0nGQcy5h4qE47wFbe9RdLTOaqGDAGaOrHWWT56eC72YnCYKMxO4K 8X9EXjhEmmH4a4Pl4dND7D1wiiOQe5kSA8IhYdgHVZQyo9WBJTD6g6C5IERwwjat s3Z7vhzA+/cLEo8+Jc5orRGoLArU5rOl4uqh64AEPaON9UB8bMOnqm24y+Ebyi0B S+zZ2kQ1FGeQIMnrjAer3OUcVnf26e6qNWBK+HCjdfmbhgtZxTtXyOKcM4lSFVcm LY8pLMWzZpcSCpYh15YtRRCWr4bJyX1UD8V3l2Zzek9zmFq5ogVX78KBYV3c4oWn ReVMDEpXb3bYoV/EsMk7WOaDBKM1eU2OjVp2e7r2Fnt8GESxSpZ1pKegkxXdPnmX EmPhXKZNnwh4Z4Aw2AYIsQVo9QTyvCnZjfjAy9WfIqbyg8OTGJOeQqQLlKsq6ddb YXjUcIgJv2g= =kWSg -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 7) - noarch 3. Description: The Qt Image Formats in an add-on module for the core Qt Gui library that provides support for additional image formats including MNG, TGA, TIFF, WBMP, and WebP. 8.1) - aarch64, ppc64le, s390x, x86_64 3