Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1971 Security updates for PowerKVM 9 July 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: PowerKVM Publisher: IBM Operating System: Linux variants Impact/Access: Root Compromise -- Remote/Unauthenticated Increased Privileges -- Remote/Unauthenticated Execute Arbitrary Code/Commands -- Remote with User Interaction Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-1000156 CVE-2018-1000004 CVE-2018-6927 CVE-2018-5748 CVE-2018-5146 CVE-2018-1126 CVE-2018-1124 CVE-2018-1111 CVE-2018-1064 CVE-2017-1000410 CVE-2017-1000380 CVE-2017-1000112 CVE-2017-1000111 CVE-2017-18203 CVE-2017-18017 CVE-2017-17558 CVE-2017-17449 CVE-2017-17448 CVE-2017-15906 CVE-2017-15649 CVE-2017-15265 CVE-2017-15116 CVE-2017-14140 CVE-2017-14106 CVE-2017-12193 CVE-2017-12192 CVE-2017-12190 CVE-2017-11671 CVE-2017-11368 CVE-2017-11176 CVE-2017-8824 CVE-2017-7562 CVE-2017-7558 CVE-2017-7542 CVE-2017-7541 CVE-2017-7472 CVE-2017-7294 CVE-2017-7184 CVE-2017-6464 CVE-2017-6463 CVE-2017-6462 CVE-2017-3738 CVE-2017-3737 CVE-2017-3736 CVE-2016-8633 CVE-2016-8399 CVE-2016-0701 CVE-2015-8539 Original Bulletin: https://www.ibm.com/support/docview.wss?uid=ibm10715803 https://www.ibm.com/support/docview.wss?uid=ibm10715817 https://www.ibm.com/support/docview.wss?uid=ibm10715801 https://www.ibm.com/support/docview.wss?uid=ibm10715755 https://www.ibm.com/support/docview.wss?uid=ibm10715791 https://www.ibm.com/support/docview.wss?uid=ibm10715797 https://www.ibm.com/support/docview.wss?uid=ibm10715809 https://www.ibm.com/support/docview.wss?uid=ibm10715813 https://www.ibm.com/support/docview.wss?uid=ibm10715821 https://www.ibm.com/support/docview.wss?uid=ibm10715825 https://www.ibm.com/support/docview.wss?uid=ibm10715827 https://www.ibm.com/support/docview.wss?uid=ibm10715829 Comment: This bulletin contains twelve (12) IBM security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: A vulnerability in DHCP affects PowerKVM Security Bulletin Document information Software version: 3.1 Operating system(s): Linux Reference #: 0715803 Modified date: 06 July 2018 Summary PowerKVM is affected by a vulnerability in the DHCP client. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-1111 DESCRIPTION: The DHCP client packages in Red Hat Enterprise Linux could allow a remote attacker on the local network to execute arbitrary commands on the system, caused by a command injection flaw in the NetworkManager integration script. By spoofing DHCP responses, an attacker could exploit this vulnerability using the DHCP protocol to inject and execute arbitrary commands on the system with root privileges. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 143382 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 14. Workarounds and Mitigations none Change History 28 June 2018 - Initial Version - -------------------------------------------------------------------------------- Security Bulletin: A vulnerability in OpenSSH affects PowerKVM Security Bulletin Document information Software version: 3.1 Operating system(s): Linux Reference #: 0715817 Modified date: 06 July 2018 Summary PowerKVM is affected by a vulnerability in OpenSSH. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2017-15906 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by an error in the process_open() function when in read-only mode. A remote authenticated attacker could exploit this vulnerability to create zero-length files and cause a denial of service. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 133128 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 14. Workarounds and Mitigations none Change History 28 June 2018 - Initial version - ------------------------------------------------------------------------------- Security Bulletin: A vulnerability in gcc affects PowerKVM Security Bulletin Document information Software version: 3.1 Operating system(s): Linux Reference #: 0715801 Modified date: 06 July 2018 Summary PowerKVM is affected by a vulnerability in the GNU Compiler Collection (GCC). IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2017-11671 DESCRIPTION: GNU Compiler Collection (GCC) could provide weaker than expected security, caused by a flaw in the ix86_expand_builtin function in i386.c. A remote attacker could exploit this vulnerability to cause less randomness in random number generation. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 129513 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 14. Workarounds and Mitigations none Change History 28 June 2018 - Initial version - ------------------------------------------------------------------------------- Security Bulletin: A vulnerability in libvorbis affects PowerKVM Security Bulletin Document information Software version: 3.1 Operating system(s): Linux Reference #: 0715821 Modified date: 06 July 2018 Summary PowerKVM is affected by a vulnerability in libvorbis. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-5146 DESCRIPTION: libvorbis, as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory write. By persuading a victim to open a specially-crafted media file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the browser to crash. CVSS Base Score: 8.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 140404 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 14. Workarounds and Mitigations none - ------------------------------------------------------------------------------- Security Bulletin: A vulnerability in patch affects PowerKVM Security Bulletin Document information Software version: 3.1 Operating system(s): Linux Reference #: 0715809 Modified date: 06 July 2018 Summary PowerKVM is affected by a vulnerability in GNU Patch. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-1000156 DESCRIPTION: GNU Patch could allow a remote attacker to execute arbitrary code on the system, caused by an input validation error when processing patch files. An attacker could exploit this vulnerability using a patch file processed via the patch utility to execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 141283 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 14. Workarounds and Mitigations none Change History 28 June 2018 - Initial version - ------------------------------------------------------------------------------- Security Bulletin: Vulnerabilities in NTP affect PowerKVM Security Bulletin Document information Software version: 3.1 Operating system(s): Linux Reference #: 0715825 Modified date: 06 July 2018 Summary PowerKVM is affected by vulnerabilities in NTP. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-6464 DESCRIPTION: NTP is vulnerable to a denial of service. A remote authenticated attacker could exploit this vulnerability using a malformed mode configuration directive to cause the application to crash. CVSS Base Score: 4.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 123610 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2017-6463 DESCRIPTION: NTP is vulnerable to a denial of service. By sending an invalid setting, a remote authenticated attacker could exploit this vulnerability using the :config directive to cause the daemon to crash. CVSS Base Score: 4.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 123612 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2017-6462 DESCRIPTION: NTP is vulnerable to a denial of service, caused by a buffer overflow in the legacy Datum Programmable Time Server refclock driver. By sending specially crafted packets, a local authenticated attacker could exploit this vulnerability to overflow a buffer and cause a denial of service. CVSS Base Score: 1.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 123611 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L) Affected Products and Versions PowerKVM v3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 14. Workarounds and Mitigations none Change History 28 June 2018 - Initial version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. - ------------------------------------------------------------------------------- Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM Security Bulletin Document information Software version: 3.1 Operating system(s): Linux Reference #: 0715827 Modified date: 06 July 2018 Summary PowerKVM is affected by vulnerabilities in OpenSSL. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-3738 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. An attacker could exploit this vulnerability to obtain information about the private key. Note: In order to exploit this vulnerability, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. CVSS Base Score: 3.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 136078 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-3737 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a flaw in the \"error state\" mechanism when directly calling SSL_read() or SSL_write() for an SSL object after receiving a fatal error. An attacker could exploit this vulnerability to bypass the decryption or encryption process and perform unauthorized actions. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 136077 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2017-3736 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. CVSS Base Score: 5.9 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 134397 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions PowerKVM v3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 14. Workarounds and Mitigations none Change History 28 June 2018 - Initial version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. - -------------------------------------------------------------------------------- Security Bulletin: Vulnerabilities in krb5 affect PowerKVM Security Bulletin Document information Software version: 3.1 Operating system(s): Linux Reference #: 0715797 Modified date: 06 July 2018 Summary PowerKVM is affected by vulnerabilities in MIT Kerberos 5 (krb5). IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-11368 DESCRIPTION: MIT Kerberos 5 is vulnerable to a denial of service, caused by a KDC assertion failure. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause memory allocation failure. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 130207 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-7562 DESCRIPTION: MIT krb5 could allow a remote authenticated attacker to bypass security restrictions, caused by the improper validation of a forged certificate EKU and SAN. An attacker could exploit vulnerability to gain unauthorized access to the system to impersonate arbitrary principals under rare and erroneous circumstances. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 143332 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update".\ Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 14. Workarounds and Mitigations none Change History 28 June 2018 - Initial version - ------------------------------------------------------------------------------- Security Bulletin: Vulnerabilities in libvirt affect PowerKVM Security Bulletin Document information Software version: 3.1 Operating system(s): Linux Reference #: 0715791 Modified date: 06 July 2018 Summary PowerKVM is affected by vulnerabilities in libvirt. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-5748 DESCRIPTION: QEMU is vulnerable to a denial of service, caused by an error in qemu/qemu_monitor.c in libvirt. By using a large QEMU reply, a local attacker could exploit this vulnerability to consume an overly large amount of memory resources. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 138320 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2018-1064 DESCRIPTION: libvirt is vulnerable to a denial of service, caused by a resource exhaustion in the QEMU monitor. A local authenticated attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 141312 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 14. Workarounds and Mitigations none Change History 28 June 2018 - Initial version - ------------------------------------------------------------------------------- Security Bulletin: Vulnerabilities in procps-ng affect PowerKVM Security Bulletin Document information Software version: 3.1 Operating system(s): Linux Reference #: 0715813 Modified date: 06 July 2018 Summary PowerKVM is affected by vulnerabilities in procps-ng. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-1126 DESCRIPTION: procps-ng procps is vulnerable to a buffer overflow, caused by improper bounds checking. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 143456 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2018-1124 DESCRIPTION: procps-ng procps could allow a local authenticated attacker to gain elevated privileges on the system, caused by an integer overflow in the file2strvec function in libprocps. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. CVSS Base Score: 7.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 143454 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 14. Workarounds and Mitigations none Change History 28 June 2018 - Initial version - ------------------------------------------------------------------------------- Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM Security Bulletin Document information Software version: 3.1 Operating system(s): Linux Reference #: 0715755 Modified date: 06 July 2018 Summary PowerKVM is affected by vulnerabilities in the Linux kernel . IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-1000004 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in the sound system. A remote attacker could exploit this vulnerability to cause the system to crash. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 137756 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2018-6927 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an integer overflow in the futex_requeue function in kernel/futex.c. By triggering a negative wake or requeue value, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 139067 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-1000410 DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive information, caused by a flaw when processing the incoming of L2CAP commands, ConfigRequest and ConfigResponse messages. By manipulating the code flows that precede the handling of the configuration messages, a remote attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 136155 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2017-18203 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in the dm_get_from_kobject function in drivers/md/dm.c. By leveraging a race condition with __dm_destroy during creation and removal of DM devices, a local attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 139759 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2017-18017 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the tcpmss_mangle_packet function in net/netfilter/ xt_TCPMSS.c. By leveraging the presence of xt_TCPMSS in an iptables action, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 137122 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-17558 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds write in the usb_destroy_configuration function in drivers/usb/ core/config.c in the USB core subsystem. By using a specially-crafted USB device, a local attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 136403 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-17449 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by the failure to restrict observations of Netlink messages to a single net namespace when CONFIG_NLMON is enabled in the __netlink_deliver_tap_skb function in net/netlink/af_netlink.c. By leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 136106 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2017-15116 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by NULL pointer dereference in the rngapi_reset function in crypto/rng.c. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 135735 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2017-14140 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by improper validation of effective uid of the target process in the move_pages system call in mm/migrate.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to learn the memory layout of a setuid executable despite ASLR. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131413 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2017-12190 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-memory condition in the bio_map_user_iov and bio_unmap_user functions in block/bio.c. A local attacker could exploit this vulnerability to cause the system to crash. CVSS Base Score: 4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 135759 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2017-8824 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the dccp_disconnect function in net/dccp/proto.c. By using a specially-crafted system call, an attacker could exploit this vulnerability to gain privileges or cause a denial of service. CVSS Base Score: 5.9 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 135913 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2017-7294 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds write in the vmw_surface_define_ioctl function. A local attacker could exploit this vulnerability using a specially crafted ioctl call for a / dev/dri/renderD* device to cause the system to hang or crash. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 127410 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2016-8633 DESCRIPTION: Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by an error in drivers/firewire/net.c. By sending specially-crafted fragmented packets. An attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 119632 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2017-17448 DESCRIPTION: Linux Kernel could allow a local attacker to bypass security restrictions, caused by the failure to require the CAP_NET_ADMIN capability for new, get, and del operations in net/netfilter/nfnetlink_cthelper.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass intended access restrictions. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 136105 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2017-15265 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free memory error in the ALSA sequencer interface (/dev/snd/seq). By persuading a victim to open a specially-crafted application, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. CVSS Base Score: 7.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 133342 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVEID: CVE-2017-15649 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free in net/packet/ af_packet.c. By using specially-crafted system calls, an authenticated attacker could exploit this vulnerability to gain elevated privileges on the system. CVSS Base Score: 7.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 133861 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2017-12193 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the assoc_array implementation. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the system to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 134628 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-12192 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the Key Management sub component. By issuing a KEYTCL_READ on negative key, a local attacker could exploit this vulnerability to cause the kernel to crash. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 133523 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-7472 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the leaking of a thread keyring by the keyctl_set_reqkey_keyring(). A local authenticated attacker could exploit this vulnerability to exhaust all available kernel memory. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 125573 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2015-8539 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by an error in key management code. An attacker could exploit this vulnerability to gain elevated privileges on the system or cause the machine to crash. CVSS Base Score: 8.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 109142 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2017-1000380 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a flaw in the sound/core/timer.c. A local attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 130294 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-7558 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by flaws in the inet_diag_msg_sctpaddrs_fill, inet_diag_msg_sctpladdrs_fill and sctp_get_sctp_info functions. An attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 130875 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2017-7542 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by integer overflow in ip6_find_1stfragopt function in net/ipv6/output_core.c. By leveraging the ability to open a raw socket, a local attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 129328 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-7541 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a buffer overflow in the brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/ broadcom/brcm80211/brcmfmac/cfg80211.c. By using a specially- a crafted NL80211_CMD_FRAME Netlink packet, a local attacker could exploit this vulnerability to cause the system to crash or or possibly gain privileges. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 129314 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-7184 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by heap-based out-of-bounds access. An attacker could exploit this vulnerability to gain root privileges or cause a denial of service. CVSS Base Score: 8.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 123470 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2017-14106 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a divide-by-zero flaw in the tcp_disconnect function in net/ipv4/tcp.c. By triggering a disconnect within a certain tcp_recvmsg code path, a local authenticated attacker could exploit this vulnerability to cause the system to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131363 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-11176 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a sock pointer not set to NULL in the mq_notify function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 9.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 129055 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2017-1000112 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a memory corruption when switching from UFO to non-UFO path. By sending specially crafted UFO packets, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base Score: 7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 130408 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2017-1000111 DESCRIPTION: Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the packet_set_ring function. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges. CVSS Base Score: 7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 130243 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2016-8399 DESCRIPTION: Google Android could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the kernel networking subsystem. By persuading a victim to install a specially-crafted application, an attacker could exploit this vulnerability to execute arbitrary code within the context of a privileged process. CVSS Base Score: 7.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 121227 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 14. Workarounds and Mitigations none Change History 28 June 2018 - Initial Version - ------------------------------------------------------------------------------- Vulnerabilities in libXpm, libXdmcp, and libICE affect PowerKVMSecurity Bulletin: Security Bulletin Document information Software version: 3.1 Operating system(s): Linux Reference #: 0715829 Modified date: 06 July 2018 Summary PowerKVM is affected by vulnerabilities in libXpm, libXdmcp, and libICE . IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-3738 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. An attacker could exploit this vulnerability to obtain information about the private key. Note: In order to exploit this vulnerability, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. CVSS Base Score: 3.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 136078 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-3737 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a flaw in the \"error state\" mechanism when directly calling SSL_read() or SSL_write() for an SSL object after receiving a fatal error. An attacker could exploit this vulnerability to bypass the decryption or encryption process and perform unauthorized actions. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 136077 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2017-3736 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. CVSS Base Score: 5.9 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 134397 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions PowerKVM v3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 14. Workarounds and Mitigations none Change History 28 June 2018 - Intitial version - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW0K93GaOgq3Tt24GAQjTsQ//cgd0v1rFRKmQUGAZwDDnGsRz5zDxJRx5 J24L00dW5iGn8LfOp/VIW0fsfs2Kzt1daAEzQdZanGJhGZ79tVdLM/JtrzySZwHy EEytcsBuHWEjWyj88meX6RTpRogCV1LBptWuxo58jT5TX0eIa7KL0NAo8frSFLAb KJqkamrLsjii4uosNEN46LFrJPOL5enVv7glaMgP7x4lw+8YF5xRS9SXfVKA00Bg u3rz8uVpQm3Tfn4ASR5cd+8Ck/YwrK0lmV5H98VvQR2cExuv8+1bqRUuold5+SkX svmo+BU5f7ar4s/FVDpiaCiOekXzaUxAXiuFAL87K7Z5PXkW33CUAj+56vVJ3jdy n5QPnm7p4oaCwrbbBHW0R2nq0HFjxAp1+7Ll8wRsETE9XtYlIz/qX8XuVKJ3PPfo 1sqO3JmGSuJ+DZBaLXlmm80la5akbzlc/ySdHdeHeMhRdqgSvtpkbLgZBGjQi7Ty a09o/qVf9ZBRYiKFZa7RUvGnjbUPtLKjLXyJtezcCCeDGMPnu8jbIYAI8TekzBnk b+W6AFCb3nCmJhJoccncWKaq4O/OTa++6agVu2LyztEfLAkZgrwC70awzJSA4ALG u2Mx99V41m1A8u2jOa5t/FVlv5kqeUjzE6IDQnBpocDnXtZBJ0Wq6DB9zGJokg9H jGQPtqekY/I= =WasY -----END PGP SIGNATURE-----