VARIoT IoT vulnerabilities database

Samsung (China) Investment Co., Ltd. is the headquarters of Samsung Group in China. As of the end of 2008, 20 of Samsung's more than 30 companies have invested in China, including Samsung Electronics, Samsung SDI, Samsung SDS, and Samsung Electro-Mechanics. Samsung WLAN AP has a weak password vulnerability. Attackers can use this vulnerability to log in to the router backend to obtain sensitive information.

Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware. Secomea SiteManager Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4. Secomea GateManager Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Secomea GateManager is a remote access server product of Denmark Secomea Company

Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4. Secomea GateManager Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Secomea GateManager is a remote access server product of Denmark Secomea Company. The vulnerability stems from incorrect input validation

Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4. Secomea GateManager Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Secomea GateManager is a remote access server product of Denmark Secomea Company

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG. Linux kernel 5.9.x through 5.11.3 contains a security vulnerability that could be exploited by an attacker to cause the driver to crash

An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. This update provides the corresponding Linux kernel updates targeted specifically for Raspberry Pi devices in those same Ubuntu Releases. ========================================================================== Ubuntu Security Notice USN-4984-1 June 04, 2021 linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-28038) It was discovered that the Realtek RTL8188EU Wireless device driver in the Linux kernel did not properly validate ssid lengths in some situations. An attacker could use this to cause a denial of service (system crash). A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-28688) It was discovered that the fuse user space file system implementation in the Linux kernel did not properly handle bad inodes in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2021-28950) John Stultz discovered that the audio driver for Qualcomm SDM845 systems in the Linux kernel did not properly validate port ID numbers. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-28952) Zygo Blaxell discovered that the btrfs file system implementation in the Linux kernel contained a race condition during certain cloning operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-28964) Vince Weaver discovered that the perf subsystem in the Linux kernel did not properly handle certain PEBS records properly for some Intel Haswell processors. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-28971) It was discovered that the RPA PCI Hotplug driver implementation in the Linux kernel did not properly handle device name writes via sysfs, leading to a buffer overflow. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-28972) It was discovered that the Qualcomm IPC router implementation in the Linux kernel did not properly initialize memory passed to user space. A local attacker could use this to expose sensitive information (kernel memory). A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-30002) Dan Carpenter discovered that the block device manager (dm) implementation in the Linux kernel contained a buffer overflow in the ioctl for listing devices. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2021-31916) It was discovered that the CIPSO implementation in the Linux kernel did not properly perform reference counting in some situations, leading to use- after-free vulnerabilities. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33033) 马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3483) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: linux-image-5.8.0-1028-kvm 5.8.0-1028.30 linux-image-5.8.0-1031-oracle 5.8.0-1031.32 linux-image-5.8.0-1032-gcp 5.8.0-1032.34 linux-image-5.8.0-1033-azure 5.8.0-1033.35 linux-image-5.8.0-1035-aws 5.8.0-1035.37 linux-image-5.8.0-55-generic 5.8.0-55.62 linux-image-5.8.0-55-generic-64k 5.8.0-55.62 linux-image-5.8.0-55-generic-lpae 5.8.0-55.62 linux-image-5.8.0-55-lowlatency 5.8.0-55.62 linux-image-aws 5.8.0.1035.37 linux-image-azure 5.8.0.1033.33 linux-image-gcp 5.8.0.1032.32 linux-image-generic 5.8.0.55.60 linux-image-generic-64k 5.8.0.55.60 linux-image-generic-lpae 5.8.0.55.60 linux-image-gke 5.8.0.1032.32 linux-image-kvm 5.8.0.1028.30 linux-image-lowlatency 5.8.0.55.60 linux-image-oracle 5.8.0.1031.30 linux-image-virtual 5.8.0.55.60 Ubuntu 20.04 LTS: linux-image-5.8.0-55-generic 5.8.0-55.62~20.04.1 linux-image-5.8.0-55-generic-64k 5.8.0-55.62~20.04.1 linux-image-5.8.0-55-generic-lpae 5.8.0-55.62~20.04.1 linux-image-5.8.0-55-lowlatency 5.8.0-55.62~20.04.1 linux-image-generic-64k-hwe-20.04 5.8.0.55.62~20.04.39 linux-image-generic-hwe-20.04 5.8.0.55.62~20.04.39 linux-image-generic-lpae-hwe-20.04 5.8.0.55.62~20.04.39 linux-image-lowlatency-hwe-20.04 5.8.0.55.62~20.04.39 linux-image-virtual-hwe-20.04 5.8.0.55.62~20.04.39 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-4984-1 CVE-2021-28038, CVE-2021-28660, CVE-2021-28688, CVE-2021-28950, CVE-2021-28952, CVE-2021-28964, CVE-2021-28971, CVE-2021-28972, CVE-2021-29647, CVE-2021-30002, CVE-2021-31916, CVE-2021-33033, CVE-2021-3483 Package Information: https://launchpad.net/ubuntu/+source/linux/5.8.0-55.62 https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1035.37 https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1033.35 https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1032.34 https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1028.30 https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1031.32 https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-55.62~20.04.1 . (CVE-2017-16644) It was discovered that the timer stats implementation in the Linux kernel allowed the discovery of a real PID value while inside a PID namespace. (CVE-2021-20261) Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H

An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/ Security Fix(es): * fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321) * fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500) * golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing - -u- extension (CVE-2020-28851) * golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852) * go-slug: partial protection against zip slip attacks (CVE-2020-29529) * nodejs-lodash: command injection via template (CVE-2021-23337) * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Documentation is referencing deprecated API for Service Export - Submariner (BZ#1936528) * Importing of cluster fails due to error/typo in generated command (BZ#1936642) * RHACM 2.2.2 images (BZ#1938215) * 2.2 clusterlifecycle fails to allow provision `fips: true` clusters on aws, vsphere (BZ#1941778) 3. Bugs fixed (https://bugzilla.redhat.com/): 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1914238 - CVE-2020-29529 go-slug: partial protection against zip slip attacks 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1936528 - Documentation is referencing deprecated API for Service Export - Submariner 1936642 - Importing of cluster fails due to error/typo in generated command 1938215 - RHACM 2.2.2 images 1941778 - 2.2 clusterlifecycle fails to allow provision `fips: true` clusters on aws, vsphere 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 5. 8.2) - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:1376-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1376 Issue date: 2021-04-27 CVE Names: CVE-2020-15436 CVE-2020-28374 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, x86_64 3. Security Fix(es): * kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374) * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * kernel: use-after-free in fs/block_dev.c (CVE-2020-15436) * kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [infiniband] Backport Request to fix Multicast Sendonly joins (BZ#1937820) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1899804 - CVE-2020-28374 kernel: SCSI target (LIO) write to any block on ILO backstore 1901168 - CVE-2020-15436 kernel: use-after-free in fs/block_dev.c 1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem 1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles 1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6): Source: kernel-3.10.0-957.72.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.72.1.el7.noarch.rpm kernel-doc-3.10.0-957.72.1.el7.noarch.rpm x86_64: bpftool-3.10.0-957.72.1.el7.x86_64.rpm kernel-3.10.0-957.72.1.el7.x86_64.rpm kernel-debug-3.10.0-957.72.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.72.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.72.1.el7.x86_64.rpm kernel-devel-3.10.0-957.72.1.el7.x86_64.rpm kernel-headers-3.10.0-957.72.1.el7.x86_64.rpm kernel-tools-3.10.0-957.72.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.72.1.el7.x86_64.rpm perf-3.10.0-957.72.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm python-perf-3.10.0-957.72.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6): x86_64: kernel-debug-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.72.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.72.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.6): Source: kernel-3.10.0-957.72.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.72.1.el7.noarch.rpm kernel-doc-3.10.0-957.72.1.el7.noarch.rpm ppc64: kernel-3.10.0-957.72.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-957.72.1.el7.ppc64.rpm kernel-debug-3.10.0-957.72.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-957.72.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-957.72.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-957.72.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-957.72.1.el7.ppc64.rpm kernel-devel-3.10.0-957.72.1.el7.ppc64.rpm kernel-headers-3.10.0-957.72.1.el7.ppc64.rpm kernel-tools-3.10.0-957.72.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-957.72.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-957.72.1.el7.ppc64.rpm perf-3.10.0-957.72.1.el7.ppc64.rpm perf-debuginfo-3.10.0-957.72.1.el7.ppc64.rpm python-perf-3.10.0-957.72.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-957.72.1.el7.ppc64.rpm ppc64le: kernel-3.10.0-957.72.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-957.72.1.el7.ppc64le.rpm kernel-debug-3.10.0-957.72.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-957.72.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.72.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.72.1.el7.ppc64le.rpm kernel-devel-3.10.0-957.72.1.el7.ppc64le.rpm kernel-headers-3.10.0-957.72.1.el7.ppc64le.rpm kernel-tools-3.10.0-957.72.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.72.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-957.72.1.el7.ppc64le.rpm perf-3.10.0-957.72.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.72.1.el7.ppc64le.rpm python-perf-3.10.0-957.72.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.72.1.el7.ppc64le.rpm s390x: kernel-3.10.0-957.72.1.el7.s390x.rpm kernel-debug-3.10.0-957.72.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-957.72.1.el7.s390x.rpm kernel-debug-devel-3.10.0-957.72.1.el7.s390x.rpm kernel-debuginfo-3.10.0-957.72.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-957.72.1.el7.s390x.rpm kernel-devel-3.10.0-957.72.1.el7.s390x.rpm kernel-headers-3.10.0-957.72.1.el7.s390x.rpm kernel-kdump-3.10.0-957.72.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-957.72.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-957.72.1.el7.s390x.rpm perf-3.10.0-957.72.1.el7.s390x.rpm perf-debuginfo-3.10.0-957.72.1.el7.s390x.rpm python-perf-3.10.0-957.72.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-957.72.1.el7.s390x.rpm x86_64: bpftool-3.10.0-957.72.1.el7.x86_64.rpm kernel-3.10.0-957.72.1.el7.x86_64.rpm kernel-debug-3.10.0-957.72.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.72.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.72.1.el7.x86_64.rpm kernel-devel-3.10.0-957.72.1.el7.x86_64.rpm kernel-headers-3.10.0-957.72.1.el7.x86_64.rpm kernel-tools-3.10.0-957.72.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.72.1.el7.x86_64.rpm perf-3.10.0-957.72.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm python-perf-3.10.0-957.72.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.6): ppc64: kernel-debug-debuginfo-3.10.0-957.72.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-957.72.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-957.72.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-957.72.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-957.72.1.el7.ppc64.rpm perf-debuginfo-3.10.0-957.72.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-957.72.1.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-957.72.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-957.72.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.72.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.72.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.72.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-957.72.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.72.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.72.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.72.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.72.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.72.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-15436 https://access.redhat.com/security/cve/CVE-2020-28374 https://access.redhat.com/security/cve/CVE-2021-27363 https://access.redhat.com/security/cve/CVE-2021-27364 https://access.redhat.com/security/cve/CVE-2021-27365 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYIfMpNzjgjWX9erEAQj7LQ/9ECPSAh1Xpx1WpLkhQ7VPoCaC69GIrbYD lziapGIDQBVwlfEFHnWByXfmb49FswgnXvdZcCBk+dRtln7R5a1CM1gUFoZ0qpDk 5UNcnbYd8Kg3J5doYqYeckqm2EZi+uh42zsxFNh4oPw9/1xQ/QZ8DEeOGr229xOZ crsBQv05xGgPwrk4eNPJmAbiyVD75qCJzy0H6p/ikUpM13OEKLfHI/g7blA1bXLd VSSPyJiE3XMEthhW1ro2ND9BYAgAjcjzHOK/9kenAJ+HqiUbjvWFaLQcSiYTKYWb JfDWgllvWKsFB1eOZTdHubyFdB6EPyLWy1WK6u6T94o5rRiyjuCvUhaNPLlV3Qua POfArpNakkJx7sZgbzBC1Bhx+ibnz+5H+JsmywktMxK6Y+trPGq2+Z86+3EYZh6j i+QYV4yeansM1pBGJpV1ZxfnI9UZbuqnQGBtu699eIO5mVnyEk2J068KC5TyoS+2 T83gspyr0vC6NHivRpA5nnfSErIp748DPiLxuTCCd8iyCRmlEUFWxlGiO86euCV2 CC2xeb6dbHpeFGJBw4ZpChmUKR4mi0kgIteMH0T3x3TBLL7gf1WX6rx/LfgJeZ/f uHX4Z3C98S9n5zhFHZRDjzlawBIffiNuAVTj4fUOsoTdTsUYVe/7cDcCQBACHKPY 0uU3hW8cSYY= =hKEW -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * RHEL7.9 Realtime crashes due to a blocked task detection. The blocked task is stuck in unregister_shrinker() where multiple tasks have taken the shrinker_rwsem and are fighting on a dentry's d_lockref lock rt_mutex. [kernel-rt] (BZ#1935557) * kernel-rt: update to the latest RHEL7.9.z5 source tree (BZ#1939220) 4. Linux kernel vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 20.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary Several security issues were fixed in the kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27170) Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly compute a speculative execution limit on pointer arithmetic in some situations. A local attacker could use this to expose sensitive information (kernel memory). A local attacker could use this to cause a denial of service (system crash). (CVE-2020-29372) It was discovered that the memory management subsystem in the Linux kernel did not properly handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages. (CVE-2020-29374) De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2021-3444) Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-27365) Update instructions The problem can be corrected by updating your kernel livepatch to the following versions: Ubuntu 18.04 LTS aws - 75.2 generic - 75.2 gke - 75.2 gkeop - 75.2 lowlatency - 75.2 oem - 75.2 Ubuntu 20.04 LTS aws - 75.2 azure - 75.2 gcp - 75.2 generic - 75.2 gke - 75.2 gkeop - 75.2 lowlatency - 75.2 Ubuntu 16.04 LTS aws - 75.3 azure - 75.2 generic - 75.3 lowlatency - 75.3 Ubuntu 14.04 ESM generic - 75.3 lowlatency - 75.3 Support Information Kernels older than the levels listed below do not receive livepatch updates. If you are running a kernel version earlier than the one listed below, please upgrade your kernel as soon as possible. Ubuntu 18.04 LTS linux-aws - 4.15.0-1054 linux-gke-4.15 - 4.15.0-1076 linux-gke-5.4 - 5.4.0-1009 linux-gkeop-5.4 - 5.4.0-1007 linux-hwe-5.4 - 5.4.0-26 linux-oem - 4.15.0-1063 linux - 4.15.0-69 Ubuntu 20.04 LTS linux-aws - 5.4.0-1009 linux-azure - 5.4.0-1010 linux-gcp - 5.4.0-1009 linux-gke - 5.4.0-1033 linux-gkeop - 5.4.0-1009 linux-oem - 5.4.0-26 linux - 5.4.0-26 Ubuntu 16.04 LTS linux-aws - 4.4.0-1098 linux-azure - 4.15.0-1063 linux-hwe - 4.15.0-69 linux - 4.4.0-168 Ubuntu 14.04 ESM linux-lts-xenial - 4.4.0-168 References - CVE-2020-27170 - CVE-2020-27171 - CVE-2020-29372 - CVE-2020-29374 - CVE-2021-3444 - CVE-2021-27363 - CVE-2021-27364 - CVE-2021-27365 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well

SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls. SonicWall SSO-agent Contains an authentication vulnerability.Information may be obtained and information may be tampered with. SonicWall SSO-agent is an application software of the US (SonicWall) company. Provides a single login to provide access to multiple network resources based on administrator-configured group membership and policy matching. A security vulnerability exists in the SonicWall SSO-agent that could allow an attacker to bypass firewall access controls

ZXHN F460 is the optical modem of ZTE's EPON mode. ZTE Corporation ZXHN F460 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service attack.

ZTE Corporation is the world's leading provider of integrated communications solutions. ZTE Corporation ZXHN F460S has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service attack.

DIAView is an automated management system with real-time system monitoring, data acquisition and analysis functions. The DIAView configuration software of Delta Electronics Enterprise Management (Shanghai) Co., Ltd. has an arbitrary file reading vulnerability. Attackers can use this vulnerability to obtain sensitive information.

The business scope of Beijing Xinnuoride Software System Co., Ltd. includes: software development; computer system services; technology promotion services; technical development of network equipment, communication products, computer hardware and software, etc. The WiseGrid Huimin application delivery gateway has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

ZTE Corporation is the world's leading provider of integrated communications solutions. ZTE Corporation ZXHN F4600U has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service attack.

An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality. FortiProxy Contains an improper authentication vulnerability.Information may be obtained. Fortinet FortiProxy SSL VPN is an application software of the United States (Fortinet) company. An intrusion detection function is provided. There is a security vulnerability in FortiProxy SSL VPN, which allows attackers to exploit the vulnerability to obtain credentials of SSL VPN users

When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header. FortiGate Contains an unspecified vulnerability.Information may be tampered with. Opera Software Opera is a web browser produced by Opera Software in Norway. It supports multi-window browsing, custom user interface and other functions. HTTPS (Hypertext Transfer Protocol Secure) is a network security transmission protocol, which communicates via Hypertext Transfer Protocol (HTTP) on a computer network, and uses SSL/TLS to encrypt data packets. The main purpose of HTTPS development is to provide identity authentication to web servers and protect the privacy and integrity of exchanged data. Vulnerabilities exist in Opera Software Opera and HTTPS. The following products and versions are affected:

XINJE XL5E-16T is a series of Ethernet controller products. XINJE XL5E-16T ModbusTCP protocol has a denial of service vulnerability. Attackers can use this vulnerability to cause the device to crash and fail to work normally.

Moxa is a leading manufacturer of industrial automation, providing complete industrial equipment networking, industrial computers and industrial network solutions, and is committed to the joint promotion and practice of industrial Internet. The MOXA AWK-1131A Ethernet 802LLC protocol has a denial of service vulnerability, which can be exploited by an attacker to cause the device to fail to work normally.

XINJE XDME-30T4-E is a controller product of the Ethernet series. XINJE XDME-30T4-E ModbusTCP protocol has a denial of service vulnerability. Attackers can use this vulnerability to cause the device to crash and fail to work normally.

Mitsubishi Electric FX5U-32MT/ES is a programmable logic controller (PLC) product of the MELSEC FX series. The ARP protocol of MITSUBISHI Electric FX5U-32MT/ES has a denial of service vulnerability. Attackers can use this vulnerability to cause the device to fail to work normally.