ID

VAR-201806-1505

CVE

CVE-2018-3665

TITLE

Intel Core Information disclosure vulnerability in systems with microprocessors

DESCRIPTION

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. Intel Core Systems with microprocessors contain information disclosure vulnerabilities.Information may be obtained. An attacker could exploit this vulnerability to obtain values about other processes stored in a number register. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Red Hat would like to thank Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting CVE-2018-3665. Enhancement(s): * The kernel-rt packages have been upgraded to version 3.10.0-693.35.1.rt56.623, which provides a number of bug fixes over the previous version. (BZ#1579972) Users of kernel-rt are advised to upgrade to these updated packages, which add this enhancement. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1579972 - Update the kernel-rt sources with the latest 3.10 sources. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:07.lazyfpu Security Advisory The FreeBSD Project Topic: Lazy FPU State Restore Information Disclosure Category: core Module: kernel Announced: 2018-06-21 Credits: Julian Stecklina from Amazon Germany Thomas Prescher from Cyberus Technology GmbH Zdenek Sojka from SYSGO AG Colin Percival Affects: All supported version of FreeBSD. Corrected: 2018-06-14 18:50:49 UTC (stable/11, 11.2-PRERELEASE) 2018-06-15 13:21:37 UTC (releng/11.2, 11.2-RC3) 2018-06-21 05:17:13 UTC (releng/11.1, 11.1-RELEASE-p11) CVE Name: CVE-2018-3665 Special Note: This advisory only addresses this issue for FreeBSD 11.x on i386 and amd64. We expect to update this advisory to include 10.x in the near future. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. Background Modern CPUs have a floating point unit (FPU) which needs to maintain state per thread. One technique is to only save and to only restore the FPU state for a thread when a thread attempts to utilize the FPU. This technique is called Lazy FPU state restore. II. III. Impact Any local thread can potentially read FPU state information from other threads running on the host. This could include cryptographic keys when the AES-NI CPU feature is present. IV. Workaround No workaround is available, but non-Intel branded CPUs are not believed to be vulnerable. V. Solution The patch changes from Lazy FPU state restore to Eager FPU state restore. This new technique is the recommended practice from Intel and in some cases can actually increase performance, depending on workload. Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Afterward, reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Afterward, reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.1] # fetch https://security.FreeBSD.org/patches/SA-18:07/lazyfpu-11.patch # fetch https://security.FreeBSD.org/patches/SA-18:07/lazyfpu-11.patch.asc # gpg --verify lazyfpu-11.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r335169 releng/11.2/ r335196 releng/11.1/ r335465 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. (CVE-2018-3665) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-124.148 | 40.6 | lowlatency, generic | | 4.4.0-124.148~14.04.1 | 40.6 | generic, lowlatency | | 4.4.0-127.153 | 40.6 | lowlatency, generic | | 4.4.0-127.153~14.04.1 | 40.6 | lowlatency, generic | | 4.4.0-128.154 | 40.6 | generic, lowlatency | | 4.4.0-128.154~14.04.1 | 40.6 | generic, lowlatency | | 4.15.0-20.21 | 40.7 | generic, lowlatency | | 4.15.0-22.24 | 40.7 | lowlatency, generic | | 4.15.0-23.25 | 40.7 | lowlatency, generic | References: CVE-2018-1093, CVE-2018-1092, CVE-2018-7755, CVE-2018-3665 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . ========================================================================= Ubuntu Security Notice USN-3696-1 July 02, 2018 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18255) Wei Fang discovered an integer overflow in the F2FS filesystem implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18257) It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. (CVE-2018-1000204) It was discovered that the wait4() system call in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10087) It was discovered that the kill() system call implementation in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5814) It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. (CVE-2018-7755) Seunghun Han discovered an information leak in the ACPI handling code in the Linux kernel when handling early termination of ACPI table loading. A local attacker could use this to expose sensitive informal (kernel address locations). (CVE-2017-13695) It was discovered that a memory leak existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-10021) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: linux-image-4.4.0-1029-kvm 4.4.0-1029.34 linux-image-4.4.0-1062-aws 4.4.0-1062.71 linux-image-4.4.0-1092-raspi2 4.4.0-1092.100 linux-image-4.4.0-1095-snapdragon 4.4.0-1095.100 linux-image-4.4.0-130-generic 4.4.0-130.156 linux-image-4.4.0-130-generic-lpae 4.4.0-130.156 linux-image-4.4.0-130-lowlatency 4.4.0-130.156 linux-image-4.4.0-130-powerpc-e500mc 4.4.0-130.156 linux-image-4.4.0-130-powerpc-smp 4.4.0-130.156 linux-image-4.4.0-130-powerpc64-emb 4.4.0-130.156 linux-image-4.4.0-130-powerpc64-smp 4.4.0-130.156 linux-image-aws 4.4.0.1062.64 linux-image-generic 4.4.0.130.136 linux-image-generic-lpae 4.4.0.130.136 linux-image-kvm 4.4.0.1029.28 linux-image-lowlatency 4.4.0.130.136 linux-image-powerpc-e500mc 4.4.0.130.136 linux-image-powerpc-smp 4.4.0.130.136 linux-image-powerpc64-emb 4.4.0.130.136 linux-image-powerpc64-smp 4.4.0.130.136 linux-image-raspi2 4.4.0.1092.92 linux-image-snapdragon 4.4.0.1095.87 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2019:1170-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1170 Issue date: 2019-05-14 CVE Names: CVE-2016-7913 CVE-2016-8633 CVE-2017-11600 CVE-2017-12190 CVE-2017-13215 CVE-2017-16939 CVE-2017-17558 CVE-2017-1000407 CVE-2018-1068 CVE-2018-3665 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-18559 CVE-2019-11091 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.4) - ppc64, ppc64le, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2019-11091) * kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633) * kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215) * Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939) * kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068) * kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) * kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913) * kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600) * kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190) * kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558) * Kernel: KVM: DoS via write flood to I/O port 0x80 (CVE-2017-1000407) * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * rwsem in inconsistent state leading system to hung (BZ#1690321) * efi_bgrt_init fails to ioremap error during boot (BZ#1692284) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1391490 - CVE-2016-8633 kernel: Buffer overflow in firewire driver via crafted incoming packets 1402885 - CVE-2016-7913 kernel: media: use-after-free in [tuner-xc2028] media driver 1474928 - CVE-2017-11600 kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message 1495089 - CVE-2017-12190 kernel: memory leak when merging buffers in SCSI IO vectors 1517220 - CVE-2017-16939 Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation 1520328 - CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80 1525474 - CVE-2017-17558 kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow 1535173 - CVE-2017-13215 kernel: crypto: privilege escalation in skcipher_recvmsg function 1552048 - CVE-2018-1068 kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c 1585011 - CVE-2018-3665 Kernel: FPU state information leakage via lazy FPU restore 1641878 - CVE-2018-18559 kernel: Use-after-free due to race condition in AF_PACKET implementation 1646781 - CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) 1646784 - CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) 1667782 - CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) 1705312 - CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.4): Source: kernel-3.10.0-693.47.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.47.2.el7.noarch.rpm kernel-doc-3.10.0-693.47.2.el7.noarch.rpm x86_64: kernel-3.10.0-693.47.2.el7.x86_64.rpm kernel-debug-3.10.0-693.47.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.47.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.47.2.el7.x86_64.rpm kernel-devel-3.10.0-693.47.2.el7.x86_64.rpm kernel-headers-3.10.0-693.47.2.el7.x86_64.rpm kernel-tools-3.10.0-693.47.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.47.2.el7.x86_64.rpm perf-3.10.0-693.47.2.el7.x86_64.rpm perf-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm python-perf-3.10.0-693.47.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.47.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.47.2.el7.x86_64.rpm perf-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.4): Source: kernel-3.10.0-693.47.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.47.2.el7.noarch.rpm kernel-doc-3.10.0-693.47.2.el7.noarch.rpm ppc64: kernel-3.10.0-693.47.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-693.47.2.el7.ppc64.rpm kernel-debug-3.10.0-693.47.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-693.47.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-693.47.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-693.47.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-693.47.2.el7.ppc64.rpm kernel-devel-3.10.0-693.47.2.el7.ppc64.rpm kernel-headers-3.10.0-693.47.2.el7.ppc64.rpm kernel-tools-3.10.0-693.47.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-693.47.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-693.47.2.el7.ppc64.rpm perf-3.10.0-693.47.2.el7.ppc64.rpm perf-debuginfo-3.10.0-693.47.2.el7.ppc64.rpm python-perf-3.10.0-693.47.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-693.47.2.el7.ppc64.rpm ppc64le: kernel-3.10.0-693.47.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-693.47.2.el7.ppc64le.rpm kernel-debug-3.10.0-693.47.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-693.47.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.47.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.47.2.el7.ppc64le.rpm kernel-devel-3.10.0-693.47.2.el7.ppc64le.rpm kernel-headers-3.10.0-693.47.2.el7.ppc64le.rpm kernel-tools-3.10.0-693.47.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.47.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-693.47.2.el7.ppc64le.rpm perf-3.10.0-693.47.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.47.2.el7.ppc64le.rpm python-perf-3.10.0-693.47.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.47.2.el7.ppc64le.rpm s390x: kernel-3.10.0-693.47.2.el7.s390x.rpm kernel-debug-3.10.0-693.47.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-693.47.2.el7.s390x.rpm kernel-debug-devel-3.10.0-693.47.2.el7.s390x.rpm kernel-debuginfo-3.10.0-693.47.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-693.47.2.el7.s390x.rpm kernel-devel-3.10.0-693.47.2.el7.s390x.rpm kernel-headers-3.10.0-693.47.2.el7.s390x.rpm kernel-kdump-3.10.0-693.47.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-693.47.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-693.47.2.el7.s390x.rpm perf-3.10.0-693.47.2.el7.s390x.rpm perf-debuginfo-3.10.0-693.47.2.el7.s390x.rpm python-perf-3.10.0-693.47.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-693.47.2.el7.s390x.rpm x86_64: kernel-3.10.0-693.47.2.el7.x86_64.rpm kernel-debug-3.10.0-693.47.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.47.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.47.2.el7.x86_64.rpm kernel-devel-3.10.0-693.47.2.el7.x86_64.rpm kernel-headers-3.10.0-693.47.2.el7.x86_64.rpm kernel-tools-3.10.0-693.47.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.47.2.el7.x86_64.rpm perf-3.10.0-693.47.2.el7.x86_64.rpm perf-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm python-perf-3.10.0-693.47.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.4): ppc64: kernel-debug-debuginfo-3.10.0-693.47.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-693.47.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-693.47.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-693.47.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-693.47.2.el7.ppc64.rpm perf-debuginfo-3.10.0-693.47.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-693.47.2.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-693.47.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-693.47.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.47.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.47.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.47.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-693.47.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.47.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.47.2.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.47.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.47.2.el7.x86_64.rpm perf-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.47.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-7913 https://access.redhat.com/security/cve/CVE-2016-8633 https://access.redhat.com/security/cve/CVE-2017-11600 https://access.redhat.com/security/cve/CVE-2017-12190 https://access.redhat.com/security/cve/CVE-2017-13215 https://access.redhat.com/security/cve/CVE-2017-16939 https://access.redhat.com/security/cve/CVE-2017-17558 https://access.redhat.com/security/cve/CVE-2017-1000407 https://access.redhat.com/security/cve/CVE-2018-1068 https://access.redhat.com/security/cve/CVE-2018-3665 https://access.redhat.com/security/cve/CVE-2018-12126 https://access.redhat.com/security/cve/CVE-2018-12127 https://access.redhat.com/security/cve/CVE-2018-12130 https://access.redhat.com/security/cve/CVE-2018-18559 https://access.redhat.com/security/cve/CVE-2019-11091 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/mds 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXNsSadzjgjWX9erEAQgP9w//UOww3aPtqTYiBUzHHXgpOdxbU3bUjQo9 AL+l/A6WPXAz/RJpSMuxliNuRj9MXSZCHqn1cnalTIZfJGh58wIZEi3Nh/NYbHDd b4HFEy2CoaFJ24aiLC+hheslmgsXLxyx334lrNq+o/t48KKC5dfuOSta+g9+y6XG 7SugZR/GCgZUj0DdLaEmCdLcla9unxiegRACUgMatTzZQTI3h/nQWkRF5D0Vwq+g hz/5+p5HCUJTr9n/5el5Q12AipHkzVjakiGbjK1NCoPiRVHRKo+no0tRQsx+a0kN H/vL2QevSYv2RGNrtKX0irAMmQvccaaapvX3rDR/7Pyk+QdZz2d8SbPIec5xsvm3 52g+jqL/gQKP4dNch37LVfCiNPHt/IjEBHjy2dES6Q2uXPdL6OjT1++ygN96l3yu bJeNcbBVDxLoZR8w7yrNoRDjR06y2fo7Q8Gvw/BjyXe7Ka/gNGBujHroAvgQVGPi K92PQlnnKzTwzkQ0G6i/klPzyh07yqmH/vpygphFUcHztiLCQ26DpPamc0PFwXAs URu1erbnWsl4HPlvzu3vMIdZEkwN8CUr1rj9a140N05+jhjhDqXb+gzq+DpSYhR3 T4W8Vq9CFczOm0wY4VojDEyPQuHuheg49lzshwnr65r77vWWNfZlo6BwmK/uRT8d mS+Mf+im58s= =ebla -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2017-12154) Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Available for: macOS High Sierra 10.13.5 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2018-4289: shrek_wzw of Qihoo 360 Nirvan Team APFS Available for: macOS High Sierra 10.13.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4268: Mac working with Trend Micro's Zero Day Initiative ATS Available for: macOS High Sierra 10.13.5 Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4285: Mohamed Ghannam (@_simo36) Bluetooth Available for: MacBook Pro (15-inch, 2018), and MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports) Other Mac models were addressed with macOS High Sierra 10.13.5. Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham CFNetwork Available for: macOS High Sierra 10.13.5 Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks. CVE-2018-4293: an anonymous researcher CoreCrypto Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4269: Abraham Masri (@cheesecakeufo) CUPS Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2018-4276: Jakub Jirasek of Secunia Research at Flexera Entry added October 30, 2018 DesktopServices Available for: macOS Sierra 10.12.6 Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. CVE-2018-4178: Arjen Hendrikse IOGraphics Available for: macOS High Sierra 10.13.5 Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. An information disclosure issue was addressed with FP/SIMD register state sanitization. CVE-2018-3665: Julian Stecklina of Amazon Germany, Thomas Prescher of Cyberus Technology GmbH (cyberus-technology.de), Zdenek Sojka of SYSGO AG (sysgo.com), and Colin Percival Kernel Available for: macOS High Sierra 10.13.5 Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4259: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4286: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4287: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4288: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4291: Kevin Backhouse of Semmle and LGTM.com Entry added October 30, 2018 libxpc Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4280: Brandon Azad libxpc Available for: macOS High Sierra 10.13.5 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4248: Brandon Azad LinkPresentation Available for: macOS High Sierra 10.13.5 Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com) Perl Available for: macOS High Sierra 10.13.5 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2018-6797: Brian Carpenter CVE-2018-6913: GwanYeong Kim Entry added October 30, 2018 Ruby Available for: macOS High Sierra 10.13.5 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple issues in Ruby were addressed in this update. CVE-2017-898 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 Entry added October 30, 2018 Additional recognition App Store We would like to acknowledge Jesse Endahl & Stevie Hryciw of Fleetsmith and and Max BA(c)langer of Dropbox for their assistance. Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance. Kernel We would like to acknowledge juwei lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative for their assistance. Security We would like to acknowledge Brad Dahlsten of Iowa State University for their assistance. Installation note: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EgwhAA rut4Qepkh88tcd23FV/Fz6uEdqa2MDPRPhVs6rM5iM7912vhtVZHz1sDUpSwNFe+ Hfdx0qsZaxY1sKjqMejq5mpanjFWhCCWb7MxifGm1HTJRMibuTAW7zVwD51jsG7z GpQtZ8ASaW9NErn+3IPB0O//CCvAKR/qyqn+KyEhYw+xtz2j+dzneB6lpwFkiqG2 0Iz5DQ2Hwms/88byzoXLWljAApvgSeant1YAiShq9bvQ3iWSkLSoo1dEa9jhhGJV jKyc+XloM7AfAHl6sjR6t3Cgdmfpy7s4osx17tqa4B5CYUloBGcZ0SZrL6iJDDvV 5OTsXHCQ9NLwZrdAwIgfcVcs01Y8hVkpjhCmm2InGwREJUtpYefCQ/kIlDa1YOym 3ua/SEO5+UYSVspG45vTdRB6SNSzeWzcQvJohrXavSllttcGyNx9RxMSr9CGxNSE Vjmo30J8D2Oow2hMtK1PWXxI+t4UadO33rL1H2u8ivl9J1BI9sEL0linFTUpEnIS iIRYUdrr+ZduSsC21NBLhMOak61GWYQRSN+p3nbL7fDqZCFdBSwvye4q2MmZG1Op aDePXQWSPgzlXzfi2C6KiR+lSyZlgCwtwhPGlzDFH5MGxr5Tleov98GB4uml91lj PVSMCsvYvRarIh6enmy+SR/6X7gVgrpx4m/fdraBwTw= =e0YF -----END PGP SIGNATURE-----

IOT TAXONOMY

AFFECTED PRODUCTS