VARIoT IoT vulnerabilities database
| VAR-202006-1615 | CVE-2020-9819 | plural Apple Product Corruption Vulnerability |
CVSS V2: 4.3 CVSS V3: 4.3 Severity: MEDIUM |
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Mail is one of the email components. The Mail component in Apple iOS, iPadOS, and watchOS has security flaws. The following products and versions are affected: Apple iOS versions prior to 13.5 and versions prior to 12.4.7; iPadOS versions prior to 13.5; watchOS versions prior to 5.3.7 and versions prior to 6.2.5.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5
iOS 13.5 and iPadOS 13.5 address the following:
Accounts
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt
AirDrop
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9826: Dor Hadad of Palo Alto Networks
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-9842: Linus Henze (pinauten.de)
Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An issue existed with the use of a PRNG with low
entropy.
CVE-2020-6616: Jörn Tillmanns (@matedealer) and Jiska Classen
(@naehrdine) of Secure Mobile Networking Lab
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9838: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure
Mobile Networking Lab
CoreText
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted text message may lead to
application denial of service
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an
anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge,
Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan
Rathor of Arabic-Classroom.com
FaceTime
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user’s video may not be paused in a FaceTime call if they
exit the FaceTime app while the call is ringing
Description: An issue existed in the pausing of FaceTime video.
CVE-2020-9835: Olivier Levesque (@olilevesque)
File System
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to modify the file system
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9820: Thijs Alkemade of Computest
FontParser
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend
Micro Zero Day Initiative
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
IPSec
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9837: Thijs Alkemade of Computest
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to determine another
application's memory layout
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2020-9797: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local user may be able to read kernel memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9811: Tielei Wang of Pangu Lab
CVE-2020-9812: Derrek (@derrekr6)
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue existed resulting in memory corruption.
CVE-2020-9813: Xinru Chi of Pangu Lab
CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to determine kernel
memory layout
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9809: Benjamin Randazzo (@____benjamin)
Mail
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted mail message may lead to
heap corruption
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-9819: ZecOps.com
Mail
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted mail message may lead to
unexpected memory modification or application termination
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9818: ZecOps.com
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Users removed from an iMessage conversation may still be able
to alter state
Description: This issue was addressed with improved checks.
CVE-2020-9823: Suryansh Mansharamani, student of Community Middle
School, Plainsboro, New
Jersey
Notifications
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A person with physical access to an iOS device may be able to
view notification contents from the lockscreen
Description: An authorization issue was addressed with improved state
management.
CVE-2020-9848: Nima
Python
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-9793
Sandbox
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to bypass Privacy
preferences
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)
SQLite
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9794
System Preferences
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
USB Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A USB device may be able to cause a denial of service
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9792: Andy Davis of NCC Group
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9805: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9802: Samuel Groß of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9843: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2020-9803: Wen Xu of SSLab at Georgia Tech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9806: Wen Xu of SSLab at Georgia Tech
CVE-2020-9807: Wen Xu of SSLab at Georgia Tech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro
Zero Day Initiative
WebRTC
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An access issue was addressed with improved memory
management.
CVE-2019-20503: Natalie Silvanovich of Google Project Zero
Wi-Fi
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A double free issue was addressed with improved memory
management.
CVE-2020-9844: Ian Beer of Google Project Zero
zsh
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local attacker may be able to elevate their privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2019-20044: Sam Foxman
Additional recognition
Bluetooth
We would like to acknowledge Maximilian von Tschitschnitz of
Technical University Munich and Ludwig Peuckert of Technical
University Munich for their assistance.
CoreText
We would like to acknowledge Jiska Classen (@naehrdine) and Dennis
Heinze (@ttdennis) of Secure Mobile Networking Lab for their
assistance.
Device Analytics
We would like to acknowledge Mohamed Ghannam (@_simo36) for their
assistance.
ImageIO
We would like to acknowledge Lei Sun for their assistance.
IOHIDFamily
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Safari
We would like to acknowledge Jeffball of GRIMM and Luke Walker of
Manchester Metropolitan University for their assistance.
WebKit
We would like to acknowledge Aidan Dunlap of UT Austin for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 13.5 and iPadOS 13.5".
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJezV7MAAoJEAc+Lhnt8tDNdWwP/2NnLRWvziY/ilvylDEczut+
xbSNg719ckFBtvkuXirQdsjfTmW3M/RJXUtjOmRDDEQB0IfmIRkrL49moDLeY0rB
tjrsoVQESwYwbnb0xNzC3Oqr0tP3hitxFUpkKd7L0opo5vWhshBwqzWEtLTPxI1X
T81DCpYiKDMB57bXgRV26QIFgQpHGXV/bMDCksVc12phempeEldP7t4dueDZy526
kWinK9jlwzViWwSmm5VK0t9IbemAZ56Ca829ZmrkT7XfLRyxw0rb+2f9VcQz/kNe
RziJ3RwF2WZTe7yJpz6LV5h3RMo+MoHdVbPCYmcYNPiaHGTMl1POZXkjDHBHCSBY
etboXOyZNOsnTMIVNwwXK/aGsKBz6kkfbWODS2omtz5oZjzGdZJLC/nFZC2GG13E
Pnb0E5ULmA95poi07gWTy31APilQXfAzGJEOebsvH5s2EZ9HcANqrwtonfHSjeOU
ZFH8xfnCTgO37ZgevrjdreD8SYRJR3QfEEf/DDNx2xXgr4wzydgvdyNCI1QpEz5s
PS3JQECoBM9SsgXv02mCkNlK1crEqoxYURjcN3UIPGx8GVxtyiWJoEByxAgTtqv8
RPSqKGvPrznR1SxVNrXB2o08X3LUqK0LREABpuD/wbp8Qj8ma2fo3hLpvdoc9+De
fSLSaEAmjBkF5c4r1O3P
=zOSS
-----END PGP SIGNATURE-----
| VAR-202006-1614 | CVE-2020-9818 | plural Apple Out-of-bounds write vulnerabilities in the product |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Mail is one of the email components. A buffer error vulnerability exists in the Mail component in Apple iOS, iPadOS, and watchOS. The following products and versions are affected: Apple iOS versions prior to 13.5, versions prior to 12.4.7; iPadOS versions prior to 13.5; watchOS versions prior to 6.2.5.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5
iOS 13.5 and iPadOS 13.5 address the following:
Accounts
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt
AirDrop
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9826: Dor Hadad of Palo Alto Networks
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-9842: Linus Henze (pinauten.de)
Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An issue existed with the use of a PRNG with low
entropy.
CVE-2020-6616: Jörn Tillmanns (@matedealer) and Jiska Classen
(@naehrdine) of Secure Mobile Networking Lab
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9838: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure
Mobile Networking Lab
CoreText
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted text message may lead to
application denial of service
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an
anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge,
Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan
Rathor of Arabic-Classroom.com
FaceTime
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user’s video may not be paused in a FaceTime call if they
exit the FaceTime app while the call is ringing
Description: An issue existed in the pausing of FaceTime video.
CVE-2020-9835: Olivier Levesque (@olilevesque)
File System
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to modify the file system
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9820: Thijs Alkemade of Computest
FontParser
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend
Micro Zero Day Initiative
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
IPSec
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9837: Thijs Alkemade of Computest
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to determine another
application's memory layout
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2020-9797: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local user may be able to read kernel memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9811: Tielei Wang of Pangu Lab
CVE-2020-9812: Derrek (@derrekr6)
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue existed resulting in memory corruption.
This was addressed with improved state management.
CVE-2020-9813: Xinru Chi of Pangu Lab
CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to determine kernel
memory layout
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9809: Benjamin Randazzo (@____benjamin)
Mail
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted mail message may lead to
heap corruption
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-9818: ZecOps.com
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Users removed from an iMessage conversation may still be able
to alter state
Description: This issue was addressed with improved checks.
CVE-2020-9823: Suryansh Mansharamani, student of Community Middle
School, Plainsboro, New
Jersey
Notifications
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A person with physical access to an iOS device may be able to
view notification contents from the lockscreen
Description: An authorization issue was addressed with improved state
management.
CVE-2020-9848: Nima
Python
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-9793
Sandbox
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to bypass Privacy
preferences
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)
SQLite
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9794
System Preferences
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
USB Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A USB device may be able to cause a denial of service
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9792: Andy Davis of NCC Group
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9805: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9802: Samuel Groß of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9843: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2020-9803: Wen Xu of SSLab at Georgia Tech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9806: Wen Xu of SSLab at Georgia Tech
CVE-2020-9807: Wen Xu of SSLab at Georgia Tech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro
Zero Day Initiative
WebRTC
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An access issue was addressed with improved memory
management.
CVE-2019-20503: Natalie Silvanovich of Google Project Zero
Wi-Fi
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A double free issue was addressed with improved memory
management.
CVE-2020-9844: Ian Beer of Google Project Zero
zsh
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local attacker may be able to elevate their privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2019-20044: Sam Foxman
Additional recognition
Bluetooth
We would like to acknowledge Maximilian von Tschitschnitz of
Technical University Munich and Ludwig Peuckert of Technical
University Munich for their assistance.
CoreText
We would like to acknowledge Jiska Classen (@naehrdine) and Dennis
Heinze (@ttdennis) of Secure Mobile Networking Lab for their
assistance.
Device Analytics
We would like to acknowledge Mohamed Ghannam (@_simo36) for their
assistance.
ImageIO
We would like to acknowledge Lei Sun for their assistance.
IOHIDFamily
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Safari
We would like to acknowledge Jeffball of GRIMM and Luke Walker of
Manchester Metropolitan University for their assistance.
WebKit
We would like to acknowledge Aidan Dunlap of UT Austin for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 13.5 and iPadOS 13.5".
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJezV7MAAoJEAc+Lhnt8tDNdWwP/2NnLRWvziY/ilvylDEczut+
xbSNg719ckFBtvkuXirQdsjfTmW3M/RJXUtjOmRDDEQB0IfmIRkrL49moDLeY0rB
tjrsoVQESwYwbnb0xNzC3Oqr0tP3hitxFUpkKd7L0opo5vWhshBwqzWEtLTPxI1X
T81DCpYiKDMB57bXgRV26QIFgQpHGXV/bMDCksVc12phempeEldP7t4dueDZy526
kWinK9jlwzViWwSmm5VK0t9IbemAZ56Ca829ZmrkT7XfLRyxw0rb+2f9VcQz/kNe
RziJ3RwF2WZTe7yJpz6LV5h3RMo+MoHdVbPCYmcYNPiaHGTMl1POZXkjDHBHCSBY
etboXOyZNOsnTMIVNwwXK/aGsKBz6kkfbWODS2omtz5oZjzGdZJLC/nFZC2GG13E
Pnb0E5ULmA95poi07gWTy31APilQXfAzGJEOebsvH5s2EZ9HcANqrwtonfHSjeOU
ZFH8xfnCTgO37ZgevrjdreD8SYRJR3QfEEf/DDNx2xXgr4wzydgvdyNCI1QpEz5s
PS3JQECoBM9SsgXv02mCkNlK1crEqoxYURjcN3UIPGx8GVxtyiWJoEByxAgTtqv8
RPSqKGvPrznR1SxVNrXB2o08X3LUqK0LREABpuD/wbp8Qj8ma2fo3hLpvdoc9+De
fSLSaEAmjBkF5c4r1O3P
=zOSS
-----END PGP SIGNATURE-----
| VAR-202005-0880 | CVE-2020-5365 | Dell EMC Isilon Vulnerability regarding the use of inadequate random values in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable. Dell EMC Isilon OneFS is a scale-out storage system for unstructured data from Dell. An attacker could use the 'remotesupport' account to exploit this vulnerability to compromise the affected system
| VAR-202005-0879 | CVE-2020-5364 | Dell EMC Isilon OneFS Vulnerability regarding information leakage in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access. Attackers can exploit this vulnerability to read part of the Isilon cluster
| VAR-202005-0721 | CVE-2020-3344 | Endpoints Linux Connector and Endpoints Mac Connector For software Cisco AMP Classic buffer overflow vulnerability in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. The program analyzes malware behavior and intent, the impact of threats, defense methods, and more. The program analyzes malware behavior and intent, the impact of threats, defense methods, and more
| VAR-202005-0720 | CVE-2020-3343 | Endpoints Linux Connector and Endpoints Mac Connector For software Cisco AMP Classic buffer overflow vulnerability in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. The program analyzes malware behavior and intent, the impact of threats, defense methods, and more. The program analyzes malware behavior and intent, the impact of threats, defense methods, and more
| VAR-202005-0714 | CVE-2020-3314 | Cisco AMP for Endpoints Mac Input verification vulnerability in connector software |
CVSS V2: 5.8 CVSS V3: 6.1 Severity: MEDIUM |
A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of local files, resulting in a restart of the AMP Connector and a denial of service (DoS) condition of the Cisco AMP for Endpoints service. The vulnerability is due to insufficient input validation of specific file attributes. An attacker could exploit this vulnerability by providing a crafted file to a user of an affected system. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash, resulting in missed detection and logging of the potentially malicious file. Continued attempts to scan the file could result in a DoS condition of the Cisco AMP for Endpoints service. The program analyzes malware behavior and intent, the impact of threats, defense methods, and more
| VAR-202005-0313 | CVE-2020-12034 | Rockwell Automation Made EDS Subsystem Multiple vulnerabilities in |
CVSS V2: 4.8 CVSS V3: 8.2 Severity: HIGH |
Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable.The EDS subsystem does not provide adequate input sanitation, which may allow an attacker to craft specialized EDS files to inject SQL queries and manipulate the database storing the EDS files. This can lead to denial-of-service conditions. Rockwell Automation Provided by the company EDS Subsystem The following multiple vulnerabilities exist in. * SQL injection (CWE-89) - CVE-2020-12034 * Buffer error (CWE-199) - CVE-2020-12038The expected impact depends on each vulnerability, but it may be affected as follows. * Crafted by a third party on an adjacent network EDS Illegal by reading a file SQL Statement is executed and service operation is interrupted (DoS) Attack is triggered - CVE-2020-12034 * Crafted by a local third party EDS Memory corruption occurs by reading the file, which interferes with service operation. (DoS) Attack is triggered - CVE-2020-12038. An attacker can exploit this vulnerability with a specially crafted EDS file to cause a denial of service
| VAR-202005-0314 | CVE-2020-12038 | Rockwell Automation Made EDS Subsystem Multiple vulnerabilities in |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable. A memory corruption vulnerability exists in the algorithm that matches square brackets in the EDS subsystem. This may allow an attacker to craft specialized EDS files to crash the EDSParser COM object, leading to denial-of-service conditions. Rockwell Automation Provided by the company EDS Subsystem The following multiple vulnerabilities exist in. * SQL injection (CWE-89) - CVE-2020-12034 * Buffer error (CWE-199) - CVE-2020-12038The expected impact depends on each vulnerability, but it may be affected as follows. * Crafted by a third party on an adjacent network EDS Illegal by reading a file SQL Statement is executed and service operation is interrupted (DoS) Attack is triggered - CVE-2020-12034 * Crafted by a local third party EDS Memory corruption occurs by reading the file, which interferes with service operation. (DoS) Attack is triggered - CVE-2020-12038
| VAR-202005-1060 | CVE-2020-10632 | Emerson Made OpenEnterprise Multiple vulnerabilities |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner. OpenEnterprise teeth Emerson Industrial SCADA It's software. OpenEnterprise contains the following multiple vulnerabilities: * Improper ownership management (CWE-282) - CVE-2020-10632* Inadequate cipher strength (CWE-326) - CVE-2020-10636* Lack of authentication for critical features (CWE-306) - CVE-2020-10640The potential impact will vary for each vulnerability, but you may be affected by: * Incorrect settings of access permissions for folders in the system allow a local third party to tamper with important configuration files, resulting in system failures or unexpected behavior. - CVE-2020-10632* By a local third party OpenEnterprise The password of the user account is obtained - CVE-2020-10636* A remote third party may execute arbitrary commands with system privileges or execute arbitrary code via a specific communication path. - CVE-2020-10640. Emerson Electric OpenEnterprise is a set of data acquisition and monitoring system (SCADA) mainly used for remote oil and gas applications by Emerson Electric.
There is a security vulnerability in Emerson Electric OpenEnterprise 3.3.4 and earlier versions. The vulnerability results from the program setting unsafe permissions for folders. Attackers can use this vulnerability to modify important configuration files, causing system failures or anomalies. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
| VAR-202005-1059 | CVE-2020-10636 | Emerson Electric OpenEnterprise encryption problem vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. OpenEnterprise teeth Emerson Industrial SCADA It's software. OpenEnterprise contains the following multiple vulnerabilities: * Improper ownership management (CWE-282) - CVE-2020-10632* Inadequate cipher strength (CWE-326) - CVE-2020-10636* Lack of authentication for critical features (CWE-306) - CVE-2020-10640The potential impact will vary for each vulnerability, but you may be affected by: * Incorrect settings of access permissions for folders in the system allow a local third party to tamper with important configuration files, resulting in system failures or unexpected behavior. - CVE-2020-10632* By a local third party OpenEnterprise The password of the user account is obtained - CVE-2020-10636* A remote third party may execute arbitrary commands with system privileges or execute arbitrary code via a specific communication path. - CVE-2020-10640. Emerson Electric OpenEnterprise is a set of data acquisition and monitoring system (SCADA) mainly used for remote oil and gas applications by Emerson Electric. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
| VAR-202005-1061 | CVE-2020-10640 | Emerson Made OpenEnterprise Multiple vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. OpenEnterprise teeth Emerson Industrial SCADA It's software. OpenEnterprise contains the following multiple vulnerabilities: * Improper ownership management (CWE-282) - CVE-2020-10632* Inadequate cipher strength (CWE-326) - CVE-2020-10636* Lack of authentication for critical features (CWE-306) - CVE-2020-10640The potential impact will vary for each vulnerability, but you may be affected by: * Incorrect settings of access permissions for folders in the system allow a local third party to tamper with important configuration files, resulting in system failures or unexpected behavior. - CVE-2020-10640. Emerson Electric OpenEnterprise is a set of data acquisition and monitoring system (SCADA) mainly used for remote oil and gas applications by Emerson Electric.
Emerson Electric OpenEnterprise 3.3.4 and previous versions have security vulnerabilities. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
| VAR-202005-1028 | CVE-2020-8616 | XACK DNS Service operation interruption in (DoS) Vulnerability |
CVSS V2: 5.0 CVSS V3: 8.6 Severity: HIGH |
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. XACK DNS Is a corporation XACK Provides DNS Software for servers. XACK DNS In general NXNSAttack Service disruption due to a problem called (DoS) There are vulnerabilities that can be attacked. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. IPA Report to JPCERT/CC Coordinated with the developer.The following service operation interruptions by a remote third party (DoS) You may be attacked. -Increases the load of the full resolver and reduces performance. ・ Abuse the full resolver as a stepping stone for reflection attacks. 8.0) - aarch64, ppc64le, s390x, x86_64
3. ==========================================================================
Ubuntu Security Notice USN-4365-1
May 19, 2020
bind9 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Bind.
Software Description:
- bind9: Internet Domain Name Server
Details:
Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind
incorrectly limited certain fetches. A remote attacker could possibly use
this issue to cause Bind to consume resources, leading to a denial of
service, or possibly use Bind to perform a reflection attack.
(CVE-2020-8616)
Tobias Klein discovered that Bind incorrectly handled checking TSIG
validity. A remote attacker could use this issue to cause Bind to crash,
resulting in a denial of service, or possibly perform other attacks.
(CVE-2020-8617)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
bind9 1:9.16.1-0ubuntu2.1
Ubuntu 19.10:
bind9 1:9.11.5.P4+dfsg-5.1ubuntu2.2
Ubuntu 18.04 LTS:
bind9 1:9.11.3+dfsg-1ubuntu1.12
Ubuntu 16.04 LTS:
bind9 1:9.10.3.dfsg.P4-8ubuntu1.16
In general, a standard system update will make all the necessary changes. 7.4) - noarch, x86_64
3. 6) - i386, x86_64
3. Solution:
For OpenShift Container Platform 4.3 see the following documentation, which
will be updated shortly for release 4.3.25, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:
https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel
ease-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.3/updating/updating-cluster
- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
1821583 - CVE-2020-8555 kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information
5. Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for
Red Hat OpenShift Container Platform.
Additional Changes:
This update also fixes several bugs and adds various enhancements.
This advisory contains the following OpenShift Virtualization 2.4.0 images:
RHEL-7-CNV-2.4
==============
kubevirt-ssp-operator-container-v2.4.0-71
RHEL-8-CNV-2.4
==============
virt-cdi-controller-container-v2.4.0-29
virt-cdi-uploadproxy-container-v2.4.0-29
hostpath-provisioner-container-v2.4.0-25
virt-cdi-operator-container-v2.4.0-29
kubevirt-metrics-collector-container-v2.4.0-18
cnv-containernetworking-plugins-container-v2.4.0-36
kubevirt-kvm-info-nfd-plugin-container-v2.4.0-18
hostpath-provisioner-operator-container-v2.4.0-31
virt-cdi-uploadserver-container-v2.4.0-29
virt-cdi-apiserver-container-v2.4.0-29
virt-controller-container-v2.4.0-58
virt-cdi-cloner-container-v2.4.0-29
kubevirt-template-validator-container-v2.4.0-21
vm-import-operator-container-v2.4.0-21
kubernetes-nmstate-handler-container-v2.4.0-37
node-maintenance-operator-container-v2.4.0-27
virt-operator-container-v2.4.0-58
kubevirt-v2v-conversion-container-v2.4.0-23
cnv-must-gather-container-v2.4.0-73
virtio-win-container-v2.4.0-15
kubevirt-cpu-node-labeller-container-v2.4.0-19
ovs-cni-plugin-container-v2.4.0-37
kubevirt-vmware-container-v2.4.0-21
hyperconverged-cluster-operator-container-v2.4.0-70
virt-handler-container-v2.4.0-58
virt-cdi-importer-container-v2.4.0-29
virt-launcher-container-v2.4.0-58
kubevirt-cpu-model-nfd-plugin-container-v2.4.0-17
virt-api-container-v2.4.0-58
ovs-cni-marker-container-v2.4.0-38
kubemacpool-container-v2.4.0-39
cluster-network-addons-operator-container-v2.4.0-38
bridge-marker-container-v2.4.0-39
vm-import-controller-container-v2.4.0-21
hco-bundle-registry-container-v2.3.0-497
3. Bugs fixed (https://bugzilla.redhat.com/):
1684772 - virt-launcher images do not have the edk2-ovmf package installed
1716329 - missing Status, Version and Label for a number of CNV components, and Status term inconsistency
1724978 - [RFE][v2v] Improve the way we display progress percent in UI
1725672 - CDI: getting error with "unknown reason" when trying to create UploadTokenRequest for a none existing pvc
1727117 - [RFE] Reduce installed libvirt components
1780473 - Delete VM is hanging if the corresponding template does not exist anymore
1787213 - KubeMacpool may not work from time to time since it is skipped when we face certificate issue.
1789564 - Failed to allocate a SRIOV VF to VMI
1795889 - internal IP shown on VMI spec instead of public one on VMI with guest-agent
1796342 - VM Failing to start since hard disk not ready
1802554 - [SSP] cpu-feature-lahf_lm and Conroe are enabled on one worker (test issue)
1805044 - No mem/filesystem/Network Utilization in VM overview
1806288 - [CDI] fails to import images that comes from url that reject HEAD requests
1806436 - [SSP] Windows common templates - Windows10 should be removed from windows-server* templates, windows-server* should not have desktop version
1811111 - All the VM templates are visible in the developer catalog but not really/easily instantiable
1811417 - Failed to install cnv-2.4 on top of ocp 4.4 (hco operator in crashLoopBackOff state)
1816518 - [SSP] Common templates - template name under objects -> metadata -> labels should be identical to the template actual name
1817080 - node maintenance CRD is marked with NonStructuralSchema condition
1819252 - kubevirt-ssp-operator cannot create ServiceMonitor object
1820651 - CDI import fails using block volume (available size -1)
1821209 - Debug log message looks unprofessional
1822079 - nmstate-handler fails to start and keeps restarting
1822315 - status.desiredState: doesn't pick the correct value and is null
1823342 - Invalid qcow2 image causes HTTP range error and difficult to read stack trace
1823699 - [CNV-2.4] Failing to deploy NetworkAddons
1823701 - [CNV-2.4] when a single component is failing, HCO can continue reporting outdated negative conditions also on other components
1825801 - [CNV-2.4] Failing to deploy due issues in CRD of cluster network operator
1826044 - [CNV-2.4] Failing to deploy due issues in CRD of cluster host-path-provisioner operator
1827257 - VMs' connectivity is available even the two VMs are in different vlan
1828401 - misconfigured prow job e2e-aws-4.5-cnv resulting in step e2e-aws failed: step needs a lease but no lease client provided
1829376 - VMs with blank block volumes fail to spin up
1830780 - virt-v2v-wrapper - 0% VM migration progress in UI
1831536 - kubevirt-{handler,apiserver,controller} service accounts added to the privileged SCC
1832179 - [virt] VM with runStrategy attribute (instead of 'running' attribute) does not have 'RUNNING' state in cli
1832283 - [SSP operator] Common templates and template_validator are missing after clean installation
1832291 - SSP installation is successful even with some components missing
1832769 - [kubevirt version] is not reported correctly
1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters
1833376 - Hardcoded VMware-vix-disklib version 6 - import fail with version 7
1833786 - kubevirt hyperconverged-cluster-operator deploy_marketplace.sh fails in disconnected cluster
1834253 - VMs are stuck in Starting state
1835242 - Can't query SSP CRs after upgrade from 2.3 to 2.4
1835426 - [RFE] Provide a clear error message when VM and VMI name does not match
1836792 - [CNV deployment] kubevirt components are missing
1837182 - VMI virt-launcher reaches Error state after running for 10-24 hours
1837670 - Specifying "Ubuntu 18.04 LTS" force the Conroe CPU model
1838066 - [CNV deployment] kubevirt failing to create cpu-plugin-configmap obsoleteCPUs
1838424 - [Installation] CNV 2.4.0 virt-handler and kubevirt-node-labeller pods are not showing up
1839982 - [CNV][DOC] Lack of explanation for StorageClass default accessMode in openshift-cnv kubevirt-storage-class-defaults
1840047 - [CNV-2.4] virt-handler failing on /usr/bin/container-disk: no such file or directory
1840220 - [CNV-2.4] node-maintenance-operator failing to create deployment - invalid format of manifest
1840652 - Upgrade indication is missing
1841065 - [v2v] RHV to CNV: VM import fail on network mapping validation
1841325 - [CNV][V2V] VM migration fails if VMWare host isn't under Cluster but directly under Datacenter
1841505 - [CNV-2.4] virt-template-validator container fails to start
1842869 - vmi cannot be scheduled, because node labeller doesn't report correct labels
1842958 - [SSP] Fail to create Windows VMs from templates - windows-cd-bus validation added but cdrom is missing from the template
1843219 - node-labeller SCC is privileged, which appears too relaxed
1843456 - virt-launcher goes from running to error state due to panic: timed out waiting for domain to be defined
1843467 - [CNV network KMP] kubemacpool causes worker node to be Ready,SchedulingDisabled
1843519 - HCO CR is not listed when running "kubectl get all" from command line
1843948 - [Network operator] Upgrade from 2.3 to 2.4 - Network operator fails to upgrade ovs-cni pods, upgrade is not completed
1844057 - [CNV-2.4] cluster-network-addons-operator failing to start
1844105 - [SSP operator] Upgrade from 2.3.0 to 2.4.0- SSP operator fails to upgrade node labeller and template validator
1844907 - kubemacpool deployment status errors regarding replicas
1845060 - Node-labeller is in pending state when node doesn't have kvm device
1845061 - Version displayed in Container Native Virtualization OperatorHub side panel
1845477 - [SSP] Template validator fails to "Extract the CA bundle"; template validator is not called when a VM is created
1845557 - [CNV-2.4] template validator webhook fails with certification issues
1845604 - [v2v] RHV to CNV VM import: Prevent a second vm-import from starting.
1845899 - [CNV-2.5] cluster-network-addons-operator failing to start
1845901 - Filesystem corruption related to smart clone
1847070 - vmi cannot be scheduled , qemu-kvm core dump
1847594 - pods in openshift-cnv namespace no longer have openshift.io/scc under metadata.annotations
1848004 - [CNV-2.5] Deployment fails on NetworkAddonsConfigNotAvailable
1848007 - [CNV-2.4] Deployment fails on NetworkAddonsConfigNotAvailable
1848951 - CVE-2020-14316 kubevirt: VMIs can be used to access host files
1849527 - [v2v] [api] VM import RHV to CNV importer should stop send requests to RHV if they are rejected because of wrong user/pass
1849915 - [v2v] VM import RHV to CNV: The timezone data is not available in the vm-import-controller image.
1850425 - [v2v][VM import RHV to CNV] Add validation for network target type in network mapping
1850467 - [v2v] [api] VM import RHV to CNV invalid target network type should not crash the controller
1850482 - [v2v][VM import from RHV to CNV] 2 nics are mapped to a new network though second was mapped to pod.
1850937 - kubemacpool fails in a specific order of components startup
1851856 - Deployment not progressing due to PriorityClass missing
1851886 - [CNV][V2V] VMWare pod is failing when running wizard to migrate from RHV
1852446 - [v2v][RHV to CNV VM import] Windows10 VM import fail on: timezone is not UTC-compatible
1853028 - CNV must-gather failure on CNV-QE BM-RHCOS environment
1853133 - [CNV-2.4] Deployment fails on KubeVirtMetricsAggregationNotAvailable
1853373 - virtctl image-upload fails to upload an image if the dv name includes a "."
1854419 - [Re-brand] Align CSV
1854744 - To stabilize some tests I need to backport PRs which change production code
1855256 - [v2v][RHV to CNV VM import] Empty directories created for vm-import-operator/controller logs in cnv-must-gather
1856438 - [CNAO] Upgrade is not completed (wrong operatorVersion), CR is not updated.
1856447 - CNV upgrade - HCO fails to identify wrong observedVersion in CR, HCO is reported as READY
1856979 - Domain notify errors break VMI migrations and graceful shutdown
5. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: bind security update
Advisory ID: RHSA-2020:2344-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2344
Issue date: 2020-06-01
CVE Names: CVE-2020-8616 CVE-2020-8617
====================================================================
1. Summary:
An update for bind is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.
Security Fix(es):
* bind: BIND does not sufficiently limit the number of fetches performed
when processing referrals (CVE-2020-8616)
* bind: A logic error in code which checks TSIG validity can be used to
trigger an assertion failure in tsig.c (CVE-2020-8617)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, the BIND daemon (named) will be restarted
automatically.
5. Bugs fixed (https://bugzilla.redhat.com/):
1836118 - CVE-2020-8616 bind: BIND does not sufficiently limit the number of fetches performed when processing referrals
1836124 - CVE-2020-8617 bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
bind-9.11.4-16.P2.el7_8.6.src.rpm
noarch:
bind-license-9.11.4-16.P2.el7_8.6.noarch.rpm
x86_64:
bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpm
bind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-libs-9.11.4-16.P2.el7_8.6.i686.rpm
bind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpm
bind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
bind-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-devel-9.11.4-16.P2.el7_8.6.i686.rpm
bind-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-export-devel-9.11.4-16.P2.el7_8.6.i686.rpm
bind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-lite-devel-9.11.4-16.P2.el7_8.6.i686.rpm
bind-lite-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.i686.rpm
bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpm
bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-sdb-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-sdb-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
bind-9.11.4-16.P2.el7_8.6.src.rpm
noarch:
bind-license-9.11.4-16.P2.el7_8.6.noarch.rpm
x86_64:
bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpm
bind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-libs-9.11.4-16.P2.el7_8.6.i686.rpm
bind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpm
bind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
bind-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-devel-9.11.4-16.P2.el7_8.6.i686.rpm
bind-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-export-devel-9.11.4-16.P2.el7_8.6.i686.rpm
bind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-lite-devel-9.11.4-16.P2.el7_8.6.i686.rpm
bind-lite-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.i686.rpm
bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpm
bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-sdb-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-sdb-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
bind-9.11.4-16.P2.el7_8.6.src.rpm
noarch:
bind-license-9.11.4-16.P2.el7_8.6.noarch.rpm
ppc64:
bind-9.11.4-16.P2.el7_8.6.ppc64.rpm
bind-chroot-9.11.4-16.P2.el7_8.6.ppc64.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.ppc.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.ppc64.rpm
bind-export-libs-9.11.4-16.P2.el7_8.6.ppc.rpm
bind-export-libs-9.11.4-16.P2.el7_8.6.ppc64.rpm
bind-libs-9.11.4-16.P2.el7_8.6.ppc.rpm
bind-libs-9.11.4-16.P2.el7_8.6.ppc64.rpm
bind-libs-lite-9.11.4-16.P2.el7_8.6.ppc.rpm
bind-libs-lite-9.11.4-16.P2.el7_8.6.ppc64.rpm
bind-pkcs11-9.11.4-16.P2.el7_8.6.ppc64.rpm
bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.ppc.rpm
bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.ppc64.rpm
bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.ppc64.rpm
bind-utils-9.11.4-16.P2.el7_8.6.ppc64.rpm
ppc64le:
bind-9.11.4-16.P2.el7_8.6.ppc64le.rpm
bind-chroot-9.11.4-16.P2.el7_8.6.ppc64le.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.ppc64le.rpm
bind-export-libs-9.11.4-16.P2.el7_8.6.ppc64le.rpm
bind-libs-9.11.4-16.P2.el7_8.6.ppc64le.rpm
bind-libs-lite-9.11.4-16.P2.el7_8.6.ppc64le.rpm
bind-pkcs11-9.11.4-16.P2.el7_8.6.ppc64le.rpm
bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.ppc64le.rpm
bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.ppc64le.rpm
bind-utils-9.11.4-16.P2.el7_8.6.ppc64le.rpm
s390x:
bind-9.11.4-16.P2.el7_8.6.s390x.rpm
bind-chroot-9.11.4-16.P2.el7_8.6.s390x.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.s390.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.s390x.rpm
bind-export-libs-9.11.4-16.P2.el7_8.6.s390.rpm
bind-export-libs-9.11.4-16.P2.el7_8.6.s390x.rpm
bind-libs-9.11.4-16.P2.el7_8.6.s390.rpm
bind-libs-9.11.4-16.P2.el7_8.6.s390x.rpm
bind-libs-lite-9.11.4-16.P2.el7_8.6.s390.rpm
bind-libs-lite-9.11.4-16.P2.el7_8.6.s390x.rpm
bind-pkcs11-9.11.4-16.P2.el7_8.6.s390x.rpm
bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.s390.rpm
bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.s390x.rpm
bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.s390x.rpm
bind-utils-9.11.4-16.P2.el7_8.6.s390x.rpm
x86_64:
bind-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpm
bind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-libs-9.11.4-16.P2.el7_8.6.i686.rpm
bind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpm
bind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpm
bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
bind-debuginfo-9.11.4-16.P2.el7_8.6.ppc.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.ppc64.rpm
bind-devel-9.11.4-16.P2.el7_8.6.ppc.rpm
bind-devel-9.11.4-16.P2.el7_8.6.ppc64.rpm
bind-export-devel-9.11.4-16.P2.el7_8.6.ppc.rpm
bind-export-devel-9.11.4-16.P2.el7_8.6.ppc64.rpm
bind-lite-devel-9.11.4-16.P2.el7_8.6.ppc.rpm
bind-lite-devel-9.11.4-16.P2.el7_8.6.ppc64.rpm
bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.ppc.rpm
bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.ppc64.rpm
bind-sdb-9.11.4-16.P2.el7_8.6.ppc64.rpm
bind-sdb-chroot-9.11.4-16.P2.el7_8.6.ppc64.rpm
ppc64le:
bind-debuginfo-9.11.4-16.P2.el7_8.6.ppc64le.rpm
bind-devel-9.11.4-16.P2.el7_8.6.ppc64le.rpm
bind-export-devel-9.11.4-16.P2.el7_8.6.ppc64le.rpm
bind-lite-devel-9.11.4-16.P2.el7_8.6.ppc64le.rpm
bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.ppc64le.rpm
bind-sdb-9.11.4-16.P2.el7_8.6.ppc64le.rpm
bind-sdb-chroot-9.11.4-16.P2.el7_8.6.ppc64le.rpm
s390x:
bind-debuginfo-9.11.4-16.P2.el7_8.6.s390.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.s390x.rpm
bind-devel-9.11.4-16.P2.el7_8.6.s390.rpm
bind-devel-9.11.4-16.P2.el7_8.6.s390x.rpm
bind-export-devel-9.11.4-16.P2.el7_8.6.s390.rpm
bind-export-devel-9.11.4-16.P2.el7_8.6.s390x.rpm
bind-lite-devel-9.11.4-16.P2.el7_8.6.s390.rpm
bind-lite-devel-9.11.4-16.P2.el7_8.6.s390x.rpm
bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.s390.rpm
bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.s390x.rpm
bind-sdb-9.11.4-16.P2.el7_8.6.s390x.rpm
bind-sdb-chroot-9.11.4-16.P2.el7_8.6.s390x.rpm
x86_64:
bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-devel-9.11.4-16.P2.el7_8.6.i686.rpm
bind-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-export-devel-9.11.4-16.P2.el7_8.6.i686.rpm
bind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-lite-devel-9.11.4-16.P2.el7_8.6.i686.rpm
bind-lite-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.i686.rpm
bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-sdb-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-sdb-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
bind-9.11.4-16.P2.el7_8.6.src.rpm
noarch:
bind-license-9.11.4-16.P2.el7_8.6.noarch.rpm
x86_64:
bind-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpm
bind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-libs-9.11.4-16.P2.el7_8.6.i686.rpm
bind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpm
bind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpm
bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm
bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-devel-9.11.4-16.P2.el7_8.6.i686.rpm
bind-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-export-devel-9.11.4-16.P2.el7_8.6.i686.rpm
bind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-lite-devel-9.11.4-16.P2.el7_8.6.i686.rpm
bind-lite-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.i686.rpm
bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-sdb-9.11.4-16.P2.el7_8.6.x86_64.rpm
bind-sdb-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-8616
https://access.redhat.com/security/cve/CVE-2020-8617
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXtTLT9zjgjWX9erEAQgZIhAApcPTwXOJR5ZcZSycdasXkiT5KuLsEXGl
ZzYZC1xN62FE00ctUoNtGIP9xwVTUp8C7K8vDvpi38Fu/br0oWKfdudldn/iYIlW
lVRNyD71aHS0CcE29+eFF8TofsNRZ2hYbTcYJIX1AbsqEb5IqAwhOxEoKdraTzG8
zx5MQc/61aRr/kjAdaamy8dLdKCXwPZ43471xsABXqGXtuBbOJCbPpbKV6iUhNFD
RQc2m0D8W7/mbduKnBbMI/FmSMY2j9jfJmVHVHlfczvIiXey/ntzso+Fe292OFoR
3dhI8wjHgxA1XuQXGt+xxxqwFfGF8QBdqqzBFzZdyf7hxHtv/RxoTNj3JXrFZtex
tx9JBsk8sBmJl2pb17ak6LplCQhTP0E4GplWb62P9mr4EwZyfN/Qq09WyiN7B6te
8frV/h8n1rQu2etLQSJjXwA6/05h1ScRdl0dcxi+8PqCI7ik0QBKw6zbRzKr/XEd
YJgGVBHVYbrCtAxqZ8Mtl1WoN9SuwAb06hHH8lVotpU0JrB+RZtfQbxmKycX8MHd
q+4FtmEKSiiblhvQ4qQaOpXzkONvSlOpsQx+y5795IM4eXVA2dIv+/E6F0dNApJC
nW887uzHRKTymT6/2p5sDVTm8ioN2LGGX9KoiHrhIsmLWwI4UzVrUQJZFGsOMYSj
N3gJ4Ik0DPQ=qhuZ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-202005-0956 | CVE-2020-7137 | HPE Superdome Flex Server Input verification vulnerability in |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Apply HPE Superdome Flex Server version 3.25.46 or later to resolve this issue. HPE Superdome Flex Server There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202005-1116 | No CVE | D-Link DIR-816 A1 has command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
D-Link DIR-816 A1 is a wireless router of D-Link Electronic Equipment (Shanghai) Co., Ltd.
There is a command execution vulnerability in D-Link DIR-816 A1. An attacker can use this vulnerability to execute arbitrary commands by sending a POST request with the ‘datetime’ parameter to form2systime.cgi.
| VAR-202005-1108 | No CVE | Control Expert has a denial of service vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Control Expert (formerly known as Unity Pro) is a PLC configuration software launched by Schneider, through which the PLC program can be written and downloaded.
There is a denial of service vulnerability in Control Expert, which can be exploited by attackers to cause a denial of service.
| VAR-202005-1091 | No CVE | Codesys v3 has a denial of service vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Codesys is a powerful PLC software programming tool.
Codesys v3 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202005-0124 | CVE-2020-11550 | plural NETGEAR Information leakage vulnerabilities in products |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK)
| VAR-202005-0158 | CVE-2020-13136 | D-Link DSP-W215 Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. D-Link DSP-W215 The device contains a vulnerability related to information leakage.Information may be obtained. D-Link DSP-W215 is a smart plug product of D-Link, Taiwan.
D-Link DSP-W215 1.26b03 version has a security vulnerability
| VAR-202005-0122 | CVE-2020-11549 | plural NETGEAR Vulnerabilities in the use of hard-coded credentials in products |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting CVE-2020-11551, it is possible to achieve remote code execution with root privileges on the embedded Linux system. (DoS) It may be put into a state