ESB-2019.0670 - [Linux] IBM PowerKVM: Multiple vulnerabilities 2019-03-05

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.0670
      Security Bulletin: Multiple vulnerabilities affecting PowerKVM
                               5 March 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM PowerKVM
Publisher:         IBM
Operating System:  Linux variants
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                   Increased Privileges            -- Existing Account            
                   Overwrite Arbitrary Files       -- Remote/Unauthenticated      
                   Denial of Service               -- Remote/Unauthenticated      
                   Provide Misleading Information  -- Remote/Unauthenticated      
                   Unauthorised Access             -- Remote/Unauthenticated      
                   Access Confidential Data        -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-6454 CVE-2019-6133 CVE-2019-6116
                   CVE-2019-3815 CVE-2019-3813 CVE-2018-19477
                   CVE-2018-19476 CVE-2018-19475 CVE-2018-19115
                   CVE-2018-18710 CVE-2018-18311 CVE-2018-16865
                   CVE-2018-16864 CVE-2018-16540 CVE-2018-16539
                   CVE-2018-16511 CVE-2018-16395 CVE-2018-15911
                   CVE-2018-15909 CVE-2018-15908 CVE-2018-15688
                   CVE-2018-14682 CVE-2018-14681 CVE-2018-14680
                   CVE-2018-14679 CVE-2018-11237 CVE-2018-11236
                   CVE-2018-6485 CVE-2018-5742 CVE-2017-17807
                   CVE-2017-16997  

Reference:         ESB-2019.0609
                   ESB-2019.0595
                   ESB-2019.0554
                   ESB-2019.0512
                   ESB-2019.0404
                   ESB-2019.0333

Original Bulletin: 
   http://www.ibm.com/support/docview.wss?uid=ibm10870068
   http://www.ibm.com/support/docview.wss?uid=ibm10794307
   http://www.ibm.com/support/docview.wss?uid=ibm10871786
   http://www.ibm.com/support/docview.wss?uid=ibm10871626
   http://www.ibm.com/support/docview.wss?uid=ibm10791547
   http://www.ibm.com/support/docview.wss?uid=ibm10871830
   http://www.ibm.com/support/docview.wss?uid=ibm10794743
   http://www.ibm.com/support/docview.wss?uid=ibm10870872
   http://www.ibm.com/support/docview.wss?uid=ibm10792175
   http://www.ibm.com/support/docview.wss?uid=ibm10869078
   http://www.ibm.com/support/docview.wss?uid=ibm10791549
   http://www.ibm.com/support/docview.wss?uid=ibm10794373

Comment: This bulletin contains twelve (12) IBM security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: A vulnerability in Bind affects PowerKVM

Document information

More support for: PowerKVM

Software version: 3.1

Operating system(s): Linux

Reference #: 0870068

Modified date: 04 March 2019

Summary

PowerKVM is affected by a vulnerability in Bind. IBM has now addressed this 
vulnerability.

Vulnerability Details

CVEID: CVE-2018-5742 DESCRIPTION: BIND packages in RedHat and CentOS are 
vulnerable to a denial of service, caused by an assertion error when debug log
level is 10 or higher. A remote attacker could exploit this vulnerability to 
cause the application to crash. CVSS Base Score: 5.9 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 154625 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using "yum update".

Fix images are made available via Fix Central. For version 3.1, see https:// 
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.

Workarounds and Mitigations

none

Change History

1 February 2019 - Initial Version

*The CVSS Environment Score is customer environment specific and will 
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the 
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the 
Common Vulnerability Scoring System (CVSS) is an "industry open standard 
designed to convey vulnerability severity and help to determine urgency and 
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT 
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

===============================================================================

Security Bulletin: A vulnerability in NetworkManager affects PowerKVM

Document information

More support for: PowerKVM

Software version: 3.1

Operating system(s): Linux

Reference #: 0794307

Modified date: 04 March 2019

Summary

PowerKVM is affected by a vulnerability in systemd (NetworkManager). IBM has 
now addressed this vulnerability.

Vulnerability Details

CVEID: CVE-2018-15688 DESCRIPTION: systemd is vulnerable to a heap-based 
buffer overflow, caused by improper bounds checking by the dhcp6 client. By 
sending a specially-crafted request, a remote attacker could overflow a buffer
and execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal 
Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152041 for 
the current score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using "yum update".

Fix images are made available via Fix Central. For version 3.1, see https:// 
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.

Workarounds and Mitigations

none

Change History

8 Jan 2019 - Initial Version

*The CVSS Environment Score is customer environment specific and will 
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the 
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the 
Common Vulnerability Scoring System (CVSS) is an "industry open standard 
designed to convey vulnerability severity and help to determine urgency and 
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT 
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

===============================================================================

Security Bulletin: A vulnerability in Perl affects PowerKVM

Document information

More support for: PowerKVM

Software version: 3.1

Operating system(s): Linux

Reference #: 0871786

Modified date: 04 March 2019

Summary

PowerKVM is affected by a vulnerability in Perl. IBM has now addressed this 
vulnerability.

Vulnerability Details

CVEID: CVE-2018-18311 DESCRIPTION: Perl is vulnerable to a heap-based buffer 
overflow, caused by an integer overflow in the Perl_my_setenv function. By 
sending a specially-crafted request, a local attacker could overflow a buffer
and execute arbitrary code or cause a denial of service condition. CVSS Base 
Score: 8.4 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153586 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using "yum update".

Fix images are made available via Fix Central. For version 3.1, see https:// 
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.

Workarounds and Mitigations

none

Change History

12 February 2019 - Initial Version

*The CVSS Environment Score is customer environment specific and will 
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the 
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the 
Common Vulnerability Scoring System (CVSS) is an "industry open standard 
designed to convey vulnerability severity and help to determine urgency and 
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT 
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

===============================================================================

Security Bulletin: A vulnerability in Polkit affects PowerKVM

Document information

More support for: PowerKVM

Software version: 3.1

Operating system(s): Linux

Reference #: 0871626

Modified date: 04 March 2019

Summary

PowerKVM is affected by a vulnerability in Polkit. IBM has now addressed this
vulnerability.

Vulnerability Details

CVEID: CVE-2019-6133 DESCRIPTION: PolicyKit could allow a remote attacker to 
bypass security restrictions, caused by the lack of uid checking in 
polkitbackend/ polkitbackendinteractiveauthority.c. By sending a 
specially-crafted request, an attacker could exploit this vulnerability to 
bypass the start time protection mechanism and improperly cache authoriztaion
decisions. CVSS Base Score: 5.3 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155439 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using "yum update".

Fix images are made available via Fix Central. For version 3.1, see https:// 
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.

Workarounds and Mitigations

none

Change History

12 February 2019 - Initial Version

*The CVSS Environment Score is customer environment specific and will 
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the 
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the 
Common Vulnerability Scoring System (CVSS) is an "industry open standard 
designed to convey vulnerability severity and help to determine urgency and 
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT 
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

===============================================================================

Security Bulletin: A vulnerability in Ruby affects PowerKVM

Document information

More support for: PowerKVM

Software version: 3.1

Operating system(s): Linux

Reference #: 0791547

Modified date: 04 March 2019

Summary

PowerKVM is affected by a vulnerability in Ruby. IBM has now addressed this 
vulnerability.

Vulnerability Details

CVEID: CVE-2018-16395 DESCRIPTION: Ruby could allow a remote attacker to 
bypass security restrictions, caused by a flaw when comparing two 
OpenSSL::X509::Name objects using == in the OpenSSL library. By sending 
specially-crafted arguments, an attacker could exploit this vulnerability to 
to create an illegitimate certificate that may be accepted as legitimate. CVSS
Base Score: 7.5 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153077 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using "yum update".

Fix images are made available via Fix Central. For version 3.1, see https:// 
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.

Workarounds and Mitigations

none

Change History

17 December 2018 - Initial Version

*The CVSS Environment Score is customer environment specific and will 
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the 
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the 
Common Vulnerability Scoring System (CVSS) is an "industry open standard 
designed to convey vulnerability severity and help to determine urgency and 
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT 
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

===============================================================================

Security Bulletin: A vulnerability in Spice affects PowerKVM

Document information

More support for: PowerKVM

Software version: 3.1

Operating system(s): Linux

Reference #: 0871830

Modified date: 04 March 2019

Summary

PowerKVM is affected by a vulnerability in Spice. IBM has now addressed this 
vulnerability.

Vulnerability Details

CVEID: CVE-2019-3813 DESCRIPTION: Spice is vulnerable to a denial of service,
caused by an off-by-one error in array access in spice/server/memslot.c. A 
local attacker could exploit this vulnerability to cause the host to crash or
possibly execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS 
Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 
156290 for the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using "yum update".

Fix images are made available via Fix Central. For version 3.1, see https:// 
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.

Workarounds and Mitigations

none

Change History

12 February 2019 - Initial Version

*The CVSS Environment Score is customer environment specific and will 
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the 
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the 
Common Vulnerability Scoring System (CVSS) is an "industry open standard 
designed to convey vulnerability severity and help to determine urgency and 
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT 
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

===============================================================================

Security Bulletin: A vulnerability in keepalived affects PowerKVM

Document information

More support for: PowerKVM

Software version: 3.1

Operating system(s): Linux

Reference #: 0794743

Modified date: 04 March 2019

Summary

PowerKVM is affected by a vulnerability in keepalived. IBM has now addressed 
this vulnerability.

Vulnerability Details

CVEID: CVE-2018-19115 DESCRIPTION: keepalived is vulnerable to a denial of 
service, caused by a heap-based buffer overflow flaw in the 
extract_status_code function in lib/ html.c. By sending specially-crafted HTTP
status codes, a remote attacker could exploit this vulnerability to cause a 
denial of service condition. CVSS Base Score: 5.3 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152796 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using "yum update".

Fix images are made available via Fix Central. For version 3.1, see https:// 
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.

Workarounds and Mitigations

none

Change History

9 Jan 2019 - Initial Version

*The CVSS Environment Score is customer environment specific and will 
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the 
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the 
Common Vulnerability Scoring System (CVSS) is an "industry open standard 
designed to convey vulnerability severity and help to determine urgency and 
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT 
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

===============================================================================

Security Bulletin: Vulnerabiliies in glibc affect PowerKVM

Document information

More support for: PowerKVM

Software version: 3.1

Operating system(s): Linux

Reference #: 0870872

Modified date: 04 March 2019

Summary

PowerKVM is affected by vulnerabilities in glibc. IBM has now addressed these
vulnerabilities.

Vulnerability Details

CVEID: CVE-2018-11237 DESCRIPTION: GNU glibc is vulnerable to a buffer 
overflow, caused by improper bounds of checking by the 
__mempcpy_avx512_no_vzeroupper function. By executing a specially-crafted 
program, a local attacker could overflow a buffer and execute arbitrary code 
on the system. CVSS Base Score: 7.8 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 143580 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-11236 DESCRIPTION: GNU glibc is vulnerable to a stack-based 
buffer overflow, caused by improper bounds of checking by the pathname 
arguments in the realpath function in stdlib/canonicalize.c. By using 
specially-crafted pathname arguments, a remote attacker could overflow a 
buffer and execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS 
Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 
143578 for the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2018-6485 DESCRIPTION: GNU C Library is vulnerable to a denial of 
service, caused by an integer overflow in the implementation of the 
posix_memalign in memalign functions. A local attacker could exploit this 
vulnerability to cause the application to crash. CVSS Base Score: 4 CVSS 
Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 
138627 for the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2017-16997 DESCRIPTION: GNU C Library could allow a local attacker
to gain elevated privileges on the system, caused by a flaw in the 
elf/dl-load.c. By using a Trojan horse library, an attacker could exploit this
vulnerability to gain elevated privileges on the system. CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
136491 for the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using "yum update".

Fix images are made available via Fix Central. For version 3.1, see https:// 
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.

Workarounds and Mitigations

none

Change History

7 February 2019 - Initial Version

*The CVSS Environment Score is customer environment specific and will 
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the 
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the 
Common Vulnerability Scoring System (CVSS) is an "industry open standard 
designed to convey vulnerability severity and help to determine urgency and 
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT 
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

===============================================================================

Security Bulletin: Vulnerabiliies in libmspack affect PowerKVM

Document information

More support for: PowerKVM

Software version: 3.1

Operating system(s): Linux

Reference #: 0792175

Modified date: 04 March 2019

Summary

PowerKVM is affected by vulnerabilities in libmspack. IBM has now addressed 
these vulnerabilities.

Vulnerability Details

CVEID: CVE-2018-14682 DESCRIPTION: libmspack is vulnerable to a denial of 
service, caused by an off-by-one in mspack/chmd.c in the TOLOWER() macro for 
CHM decompression. A remote attacker could exploit this vulnerability to cause
a denial of service. CVSS Base Score: 5.3 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 147666 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-14681 DESCRIPTION: libmspack could allow a remote attacker to
overwrite arbitrary files, caused by an error in the kwajd_read_headers 
function in mspack/kwajd.c in libmspack. An attacker could exploit this 
vulnerability using bad KWAJ file header extensions to cause a one or two byte
overwrite. CVSS Base Score: 5.3 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 147669 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2018-14680 DESCRIPTION: An unspecified error in libmspack related 
to the failure to reject blank CHM filenames has an unknown impact and attack
vector. CVSS Base Score: 5.3 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 147668 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2018-14679 DESCRIPTION: libmspack is vulnerable to a denial of 
service, caused by an off-by-one error in the CHM PMGI/PMGL chunk number 
validity checks in mspack/ chmd.c. A remote attacker could exploit this 
vulnerability to cause the application to crash. CVSS Base Score: 5.3 CVSS 
Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 
147667 for the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using "yum update".

Fix images are made available via Fix Central. For version 3.1, see https:// 
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.

Workarounds and Mitigations

none

Change History

19 December 2018 - Initial Version

*The CVSS Environment Score is customer environment specific and will 
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the 
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the 
Common Vulnerability Scoring System (CVSS) is an "industry open standard 
designed to convey vulnerability severity and help to determine urgency and 
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT 
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

===============================================================================

Security Bulletin: Vulnerabiliies in systemd affect PowerKVM

Document information

More support for: PowerKVM

Software version: 3.1

Operating system(s): Linux

Reference #: 0869078

Modified date: 04 March 2019

Summary

PowerKVM is affected by vulnerabilities in systemd. IBM has now addressed 
these vulnerabilities.

Vulnerability Details

CVEID: CVE-2018-16865 DESCRIPTION: systemd is vulnerable to a denial of 
service, caused by a memory corruption flaw when calling the alloca function.
By sending specially-crafted command arguments, a local attacker could exploit
this vulnerability to cause a denial of service. CVSS Base Score: 6.2 CVSS 
Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 
155359 for the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-16864 DESCRIPTION: systemd is vulnerable to a denial of 
service, caused by a memory corruption flaw when calling the syslog function.
By sending specially-crafted command arguments, a local attacker could exploit
this vulnerability to cause a denial of service. CVSS Base Score: 6.2 CVSS 
Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 
155358 for the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-15688 DESCRIPTION: systemd is vulnerable to a heap-based 
buffer overflow, caused by improper bounds checking by the dhcp6 client. By 
sending a specially-crafted request, a remote attacker could overflow a buffer
and execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal 
Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152041 for 
the current score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2019-3815 DESCRIPTION: systemd is vulnerable to a denial of 
service, caused by a memory leak in the function dispatch_message_real() in 
journald-server.c. A local attacker could exploit this vulnerability to make 
systemd-journald crash. CVSS Base Score: 4 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 156227 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2019-6454 DESCRIPTION: systemd is vulnerable to a denial of 
service, caused by a flaw in the bus_process_object function in bus-objects.c.
By sending a specially-crafted DBUS nessage, a local authenticated attacker 
could exploit this vulnerability to crash PID 1 and result in a subsequent 
kernel panic. CVSS Base Score: 5.5 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 157193 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using "yum update".

Fix images are made available via Fix Central. For version 3.1, see https:// 
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.

Workarounds and Mitigations

none

Change History

24 January 2019 - Initial Version

*The CVSS Environment Score is customer environment specific and will 
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the 
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the 
Common Vulnerability Scoring System (CVSS) is an "industry open standard 
designed to convey vulnerability severity and help to determine urgency and 
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT 
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

===============================================================================

Security Bulletin: Vulnerabilities in Ghostscript affect PowerKVM

Document information

More support for: PowerKVM

Software version: 3.1

Operating system(s): Linux

Reference #: 0791549

Modified date: 04 March 2019

Summary

PowerKVM is affected by vulnerabilities in Artifex Ghostscript. IBM has now 
addressed these vulnerabilities.

Vulnerability Details

CVEID: CVE-2018-16539 DESCRIPTION: Artifex Ghostscript could allow a remote 
attacker to obtain sensitive information, caused by improper access checking 
in temp file handling.By persuading a victim to open a specially-crafted file,
a remote attacker could exploit this vulnerability to obtain contents of files
on the system. CVSS Base Score: 5.5 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 149465 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID: CVE-2018-16511 DESCRIPTION: Artifex Ghostscript is vulnerable to a 
denial of service, caused by a type confusion flaw in ztype. By persuading a 
victim to open a specially-crafted file, a remote attacker could exploit this
vulnerability to crash the interpreter. CVSS Base Score: 5.5 CVSS Temporal 
Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 149463 for 
the current score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-15909 DESCRIPTION: Artifex Ghostscript could allow a remote 
attacker to execute arbitrary code on the system, caused by a type confusion 
using the .shfill operator. An attacker could exploit this vulnerability using
a PostScript file to crash the interpreter or possibly execute arbitrary code
on the system. CVSS Base Score: 5.3 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148959 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID: CVE-2018-15908 DESCRIPTION: Artifex Ghostscript could allow a remote 
attacker to bypass security restrictions. An attacker could exploit this 
vulnerability using specially crafted PostScript files to bypass .tempfile 
restrictions and write files. CVSS Base Score: 5.5 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148960 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID: CVE-2018-15911 DESCRIPTION: Artifex Ghostscript could allow a remote 
attacker to execute arbitrary code on the system, caused by an uninitialized 
memory access error in the aesdecode operator. An attacker could exploit this
vulnerability to crash the interpreter or possibly execute arbitrary code on 
the system. CVSS Base Score: 7.3 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148957 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2019-6116 DESCRIPTION: Artifex Ghostscript could allow a remote 
attacker to execute arbitrary commands on the system, caused by the failure to
mark subroutines as executeonly and make them pseudo-operators. An attacker 
could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base Score: 9.8 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 156003 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-19477 DESCRIPTION: Artifex Ghostscript could allow a remote 
attacker to bypass security restrictions, caused by a JBIG2Decode type 
confusion in psi/ zfjbig2.c. By sending a specially-crafted request, an 
attacker could exploit this vulnerability to bypass access restrictions. CVSS
Base Score: 5.3 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153246 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2018-19476 DESCRIPTION: Artifex Ghostscript could allow a remote 
attacker to bypass security restrictions, caused by a setcolorspace type 
confusion in psi/zicc.c. By sending a specially-crafted request, an attacker 
could exploit this vulnerability to bypass access restrictions. CVSS Base 
Score: 5.3 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153245 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2018-19475 DESCRIPTION: Artifex Ghostscript could allow a remote 
attacker to bypass security restrictions, caused by improper validation of 
stack space in psi/ zdevice2.c. By sending a specially-crafted request, an 
attacker could exploit this vulnerability to bypass access restrictions. CVSS
Base Score: 5.3 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153244 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2018-16540 DESCRIPTION: Artifex Ghostscript is vulnerable to a 
denial of service, caused by a use-after-free in copydevice handling in PDF14
converter. By persuading a victim to open a specially-crafted file, a remote 
attacker could exploit this vulnerability to crash the interpreter. CVSS Base
Score: 5.5 CVSS Temporal Score: See 
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 149466 for the current 
score CVSS Environmental Score*: Undefined CVSS Vector: 
(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using "yum update".

Fix images are made available via Fix Central. For version 3.1, see https:// 
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.

Workarounds and Mitigations

none

Change History

17 December 2018 - Initial Version

*The CVSS Environment Score is customer environment specific and will 
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the 
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the 
Common Vulnerability Scoring System (CVSS) is an "industry open standard 
designed to convey vulnerability severity and help to determine urgency and 
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT 
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

===============================================================================

Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM

Document information

More support for: PowerKVM

Software version: 3.1

Operating system(s): Linux

Reference #: 0794373

Modified date: 04 March 2019

Summary

PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now 
addressed these vulnerabilities.

Vulnerability Details

CVEID: CVE-2018-18710 DESCRIPTION: Linux Kernel could allow a local attacker 
to obtain sensitive information, caused by improper bounds checking in 
cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c. An attacker could exploit 
this vulnerability to obtain sensitive information. CVSS Base Score: 4 CVSS 
Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 
152126 for the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2017-17807 DESCRIPTION: Linux Kernel could allow a local 
authenticated attacker to bypass security restrictions, caused by omitting an
access-control check when adding a key to the current task''s default 
request-key keyring in the KEYS subsystem. By using a sequence of 
specially-crafted system calls, an attacker could exploit this vulnerability 
to add keys to a keyring with only Search permission. CVSS Base Score: 5.5 
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
136628 for the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using "yum update".

Fix images are made available via Fix Central. For version 3.1, see https:// 
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.

Workarounds and Mitigations

none

Change History

8 January 2019 - Initial Version

*The CVSS Environment Score is customer environment specific and will 
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the 
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the 
Common Vulnerability Scoring System (CVSS) is an "industry open standard 
designed to convey vulnerability severity and help to determine urgency and 
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT 
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXH260WaOgq3Tt24GAQgHZxAAvtr1FpZqnT6Co2qljdDqC7nw2D0FmzYY
+K57P8zIPIXqMf+eMB7d38FWTAZ0kVmyH/T0+8yFayy8TSkTcwTkuFCtmoTEm875
7KqfxDRrYxJd8Vq9G8aw717gmwOgaiYE6equaOPjaryn2Ga8wkrik7UE2qX9i8zH
RW4yZ6azf7UxleWa4+9chkKWeuZmX5584qlcrPXrFC5o+h4q8/1Lp3/7JMKpxHiF
q3NrlFrFfKiE5Bj1edJ3il+Ehs1qmJcXmGC8F8ZqsRIi1h0H53VM2ruNZu6D0iEX
I2DWGQ1QIeo+RWC7feYHucXTn/pO5DftYyvJAkRf7/08JPVQ4nhXv94R8LI7w22Q
dV/3sGY/VK2dp59PLUl1a/FYJYPmLdwbxph415e1k1YS5/0L+soDlqtTWeme7yq4
U2WHbITWW4wsVXCrjbuNyR6m9kNX0nbRNspTWziwr/Y86StstlJthTryMsyGBvmG
p+l2NTNlQTZhm8DGqcf5wkIVl/7WyE5TQK2el+ud3HESASRt7x119hNZ5IiBRgsn
/i0ifamNbp+hXsLhc6P3GpSfbFzmWzzJq96ucJZDc65XgYtS/u90HneG6vu2oO9Q
kpc0TyobO2ZTkXxNb6BjpC+7x580/rArm7DxSeCyIdYHJdHTNpGtJIVPHhwzoXkM
qEZKo3KPeDc=
=huaA
-----END PGP SIGNATURE-----

« Back to bulletins