Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2910 Multiple vulnerabilities have been identified in IBM PowerKVM 27 September 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM PowerKVM Publisher: IBM Operating System: Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Privileged Data -- Remote/Unauthenticated Increased Privileges -- Existing Account Overwrite Arbitrary Files -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-1000001 CVE-2018-12020 CVE-2018-11235 CVE-2018-10915 CVE-2018-10897 CVE-2018-10881 CVE-2018-6412 CVE-2018-3620 CVE-2018-1093 CVE-2018-1092 CVE-2018-1087 CVE-2018-1068 CVE-2018-1063 CVE-2017-16939 CVE-2017-15804 CVE-2017-15670 CVE-2017-15116 CVE-2017-14992 CVE-2017-12190 CVE-2017-12132 CVE-2016-9962 CVE-2016-2183 CVE-2015-5180 CVE-2014-9402 Reference: ASB-2018.0204 ASB-2018.0203 ASB-2017.0219 ASB-2017.0169 ESB-2016.2263 ESB-2016.2239.2 ESB-2016.2238 ESB-2015.0428 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10730491 http://www.ibm.com/support/docview.wss?uid=ibm10716905 http://www.ibm.com/support/docview.wss?uid=ibm10716881 http://www.ibm.com/support/docview.wss?uid=ibm10720353 http://www.ibm.com/support/docview.wss?uid=ibm10728473 http://www.ibm.com/support/docview.wss?uid=ibm10728307 http://www.ibm.com/support/docview.wss?uid=ibm10733108 http://www.ibm.com/support/docview.wss?uid=ibm10725649 http://www.ibm.com/support/docview.wss?uid=ibm10716885 http://www.ibm.com/support/docview.wss?uid=ibm10716879 Comment: This bulletin contains ten (10) IBM security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: A vulnerability in PostgreSQL affects PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0730491 Modified date: 26 September 2018 Summary PowerKVM is affected by a vulnerability in PostgreSQL. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-10915 DESCRIPTION: PostgreSQL could allow a remote attacker to bypass security restrictions, caused by an issue with improperly resting internal state in between connections in the libpq library. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass client-side connection security features. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148225 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) Affected Products and Versions PowerKVM v3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 5 September 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: A vulnerability in Python affects PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0716905 Modified date: 26 September 2018 Summary PowerKVM is affected by a vulnerability in Python. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. CVSS Base Score: 3.7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 116337 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. This update modifies the Python SSL module to disable 3DES cipher suites by default. Workarounds and Mitigations none Change History 10 July 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: A vulnerability in git affects PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0716881 Modified date: 26 September 2018 Summary PowerKVM is affected by a vulnerability in git. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-11235 DESCRIPTION: Git could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of submodule "names" supplied via the untrusted .gitmodules file when appending them to the '$GIT_DIR/modules' directory. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 144075 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 10 July 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: A vulnerability in gnupg2 affects PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0720353 Modified date: 26 September 2018 Summary PowerKVM is affected by a vulnerability in gnupg2. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-12020 DESCRIPTION: GnuPG could allow a remote attacker to conduct spoofing attacks, caused by the improper handling of the original filename during decryption and verification actions in mainproc.c. An attacker could exploit this vulnerability to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the --status-fd 2 option. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 144556 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) Affected Products and Versions PowerKVM v3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 9 August 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: A vulnerability in policycoreutils affects PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0728473 Modified date: 26 September 2018 Summary PowerKVM is affected by a vulnerability in policycoreutils. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-1063 DESCRIPTION: Policycoreutils could allow a local authenticated attacker to launch a symlink attack. Context relabeling of filesystems creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 139845 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) Affected Products and Versions PowerKVM v3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 20 August 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: A vulnerability in yum-utils affects PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0728307 Modified date: 26 September 2018 Summary PowerKVM is affected by a vulnerability in yum-utils. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-10897 DESCRIPTION: reposync could allow a remote attacker to traverse directories on the system, caused by the improper sanitation of paths in remote repository configuration files. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability using path traversal to overwrite critical system files and compromise the system. CVSS Base Score: 8.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 147685 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Affected Products and Versions PowerKVM v3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 19 August 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: PowerKVM has released fixes in response to the vulnerabilities known as Foreshadow Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0733108 Modified date: 26 September 2018 Summary PowerKVM is affected by vulnerabilities in the Linux kernel. IBM has now addressed these vulnerabilities. Note that, although the CVE descriptions do not reference POWER, POWER CPUs are afftected. Vulnerability Details CVEID: CVE-2018-3620 DESCRIPTION: Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks and via a terminal page fault, an attacker could exploit this vulnerability to leak information residing in the L1 data cache and read data belonging to different security contexts. Note: This vulnerability is also known as the "L1 Terminal Fault (L1TF)" or "Foreshadow" attack. CVSS Base Score: 7.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148318 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 12. Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1026853 Workarounds and Mitigations none Change History 10 July 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: Vulnerabilities in docker affect PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0725649 Modified date: 26 September 2018 Summary PowerKVM is affected by vulnerabilities in docker. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-14992 DESCRIPTION: Docker-CE (Also known as Moby) is vulnerable to a denial of service, caused by the lack of content verification. By using a specially-crafted image layer payload, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 134421 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2016-9962 DESCRIPTION: Docker Engine could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error in the RunC when running as root. By using "runc exec", an attacker could exploit this vulnerability to gain access to file-descriptors and escape or modify runC state. CVSS Base Score: 7.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 120498 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions PowerKVM V3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 10 August 2018 - Initial version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: Vulnerabilities in glibc affect PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0716885 Modified date: 26 September 2018 Summary PowerKVM is affected by vulnerabilities in the GNU C Library (aka glibc or libc6). IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-1000001 DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on the system, caused by a buffer underflow in the __realpath() function in stdlib /canonicalize.c. An attacker could exploit this vulnerability to execute arbitrary code on the system and obtain privileges. CVSS Base Score: 8.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 137516 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2017-15804 DESCRIPTION: GNU C Library (aka glibc or libc6) is vulnerable to a buffer overflow, caused by improper bounds checking by glob function in glob.c. By using a specially-crafted file, a local attacker could overflow a buffer. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 133996 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) CVEID: CVE-2017-15670 DESCRIPTION: GNU C Library is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the glob function in glob.c. By sending a specially-crafted string, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 133915 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2017-12132 DESCRIPTION: GNU C Library (aka glibc or libc6) could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the DNS stub resolver. An attacker could exploit this vulnerability to perform off-path DNS spoofing attacks. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 129949 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2015-5180 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a NULL pointer dereference in the res_query function in libresolv. By using a malformed pattern, a remote attacker could cause the process to crash. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 130620 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2014-9402 DESCRIPTION: glibc is vulnerable to a denial of service, caused by an error in the getanswer_r() function. If the DNS backend is activated, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 99289 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Affected Products and Versions PowerKVM v3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 10 July 2018 - Initial version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0716879 Modified date: 26 September 2018 Summary PowerKVM is affected by vulnerabilities in the Linux kernel . IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-15116 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by NULL pointer dereference in the rngapi_reset function in crypto/rng.c. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 135735 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2017-12190 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-memory condition in the bio_map_user_iov and bio_unmap_user functions in block/bio.c. A local attacker could exploit this vulnerability to cause the system to crash. CVSS Base Score: 4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 135759 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2018-10881 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bound access in the ext4_get_group_info function. By mounting and operating on a specially crafted ext4 filesystem image, a local attacker could exploit this vulnerability to cause the system to crash. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 147820 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2018-6412 DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive information, caused by an integer signedness error in the sbusfb_ioctl_helper function in drivers/video/fbdev/sbuslib.c. By using vector related to the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands, a remote attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 138494 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2018-1093 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the ext4_valid_block_bitmap function in fs/ext4/ balloc.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the system to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 141197 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2018-1092 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the ext4_iget function in fs/ext4/inode.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the system to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 141196 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2018-1087 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the improper handling of exceptions delivered after a stack switch operation using the MOV to SS and POP SS instructions by the KVM hypervisor. An attacker could exploit this vulnerability to gain elevated privileges or cause the guest to crash. CVSS Base Score: 8.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 142976 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2018-1068 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error in the implementation of 32 bit syscall interface. An attacker could exploit this vulnerability to gain root privileges on the system. CVSS Base Score: 8.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 140403 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) CVEID: CVE-2017-16939 DESCRIPTION: Linux Kernel could allow a remote attacker to gain elevated privileges on the system, caused by an use-after-free in the Netlink socket subsystem XFRM. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain privileges. CVSS Base Score: 9.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 135317 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 10 July 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. Security Bulletin: A vulnerability in PostgreSQL affects PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0730491 Modified date: 26 September 2018 Summary PowerKVM is affected by a vulnerability in PostgreSQL. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-10915 DESCRIPTION: PostgreSQL could allow a remote attacker to bypass security restrictions, caused by an issue with improperly resting internal state in between connections in the libpq library. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass client-side connection security features. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148225 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) Affected Products and Versions PowerKVM v3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 5 September 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: A vulnerability in Python affects PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0716905 Modified date: 26 September 2018 Summary PowerKVM is affected by a vulnerability in Python. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. CVSS Base Score: 3.7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 116337 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. This update modifies the Python SSL module to disable 3DES cipher suites by default. Workarounds and Mitigations none Change History 10 July 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: A vulnerability in git affects PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0716881 Modified date: 26 September 2018 Summary PowerKVM is affected by a vulnerability in git. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-11235 DESCRIPTION: Git could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of submodule "names" supplied via the untrusted .gitmodules file when appending them to the '$GIT_DIR/modules' directory. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 144075 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 10 July 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: A vulnerability in gnupg2 affects PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0720353 Modified date: 26 September 2018 Summary PowerKVM is affected by a vulnerability in gnupg2. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-12020 DESCRIPTION: GnuPG could allow a remote attacker to conduct spoofing attacks, caused by the improper handling of the original filename during decryption and verification actions in mainproc.c. An attacker could exploit this vulnerability to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the --status-fd 2 option. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 144556 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) Affected Products and Versions PowerKVM v3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 9 August 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: A vulnerability in policycoreutils affects PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0728473 Modified date: 26 September 2018 Summary PowerKVM is affected by a vulnerability in policycoreutils. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-1063 DESCRIPTION: Policycoreutils could allow a local authenticated attacker to launch a symlink attack. Context relabeling of filesystems creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 139845 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) Affected Products and Versions PowerKVM v3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 20 August 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: A vulnerability in yum-utils affects PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0728307 Modified date: 26 September 2018 Summary PowerKVM is affected by a vulnerability in yum-utils. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-10897 DESCRIPTION: reposync could allow a remote attacker to traverse directories on the system, caused by the improper sanitation of paths in remote repository configuration files. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability using path traversal to overwrite critical system files and compromise the system. CVSS Base Score: 8.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 147685 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Affected Products and Versions PowerKVM v3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 19 August 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: PowerKVM has released fixes in response to the vulnerabilities known as Foreshadow Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0733108 Modified date: 26 September 2018 Summary PowerKVM is affected by vulnerabilities in the Linux kernel. IBM has now addressed these vulnerabilities. Note that, although the CVE descriptions do not reference POWER, POWER CPUs are afftected. Vulnerability Details CVEID: CVE-2018-3620 DESCRIPTION: Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks and via a terminal page fault, an attacker could exploit this vulnerability to leak information residing in the L1 data cache and read data belonging to different security contexts. Note: This vulnerability is also known as the "L1 Terminal Fault (L1TF)" or "Foreshadow" attack. CVSS Base Score: 7.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148318 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 12. Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1026853 Workarounds and Mitigations none Change History 10 July 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: Vulnerabilities in docker affect PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0725649 Modified date: 26 September 2018 Summary PowerKVM is affected by vulnerabilities in docker. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-14992 DESCRIPTION: Docker-CE (Also known as Moby) is vulnerable to a denial of service, caused by the lack of content verification. By using a specially-crafted image layer payload, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 134421 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2016-9962 DESCRIPTION: Docker Engine could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error in the RunC when running as root. By using "runc exec", an attacker could exploit this vulnerability to gain access to file-descriptors and escape or modify runC state. CVSS Base Score: 7.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 120498 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions PowerKVM V3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 10 August 2018 - Initial version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: Vulnerabilities in glibc affect PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0716885 Modified date: 26 September 2018 Summary PowerKVM is affected by vulnerabilities in the GNU C Library (aka glibc or libc6). IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-1000001 DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on the system, caused by a buffer underflow in the __realpath() function in stdlib /canonicalize.c. An attacker could exploit this vulnerability to execute arbitrary code on the system and obtain privileges. CVSS Base Score: 8.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 137516 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2017-15804 DESCRIPTION: GNU C Library (aka glibc or libc6) is vulnerable to a buffer overflow, caused by improper bounds checking by glob function in glob.c. By using a specially-crafted file, a local attacker could overflow a buffer. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 133996 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) CVEID: CVE-2017-15670 DESCRIPTION: GNU C Library is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the glob function in glob.c. By sending a specially-crafted string, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 133915 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2017-12132 DESCRIPTION: GNU C Library (aka glibc or libc6) could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the DNS stub resolver. An attacker could exploit this vulnerability to perform off-path DNS spoofing attacks. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 129949 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2015-5180 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a NULL pointer dereference in the res_query function in libresolv. By using a malformed pattern, a remote attacker could cause the process to crash. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 130620 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2014-9402 DESCRIPTION: glibc is vulnerable to a denial of service, caused by an error in the getanswer_r() function. If the DNS backend is activated, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 99289 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Affected Products and Versions PowerKVM v3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. Reference Complete CVSS v2 Guide On-line Calculator v2 Complete CVSS v3 Guide On-line Calculator v3 Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 10 July 2018 - Initial version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0716879 Modified date: 26 September 2018 Summary PowerKVM is affected by vulnerabilities in the Linux kernel . IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-15116 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by NULL pointer dereference in the rngapi_reset function in crypto/rng.c. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 135735 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2017-12190 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-memory condition in the bio_map_user_iov and bio_unmap_user functions in block/bio.c. A local attacker could exploit this vulnerability to cause the system to crash. CVSS Base Score: 4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 135759 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2018-10881 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bound access in the ext4_get_group_info function. By mounting and operating on a specially crafted ext4 filesystem image, a local attacker could exploit this vulnerability to cause the system to crash. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 147820 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2018-6412 DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive information, caused by an integer signedness error in the sbusfb_ioctl_helper function in drivers/video/fbdev/sbuslib.c. By using vector related to the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands, a remote attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 138494 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2018-1093 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the ext4_valid_block_bitmap function in fs/ext4/ balloc.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the system to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 141197 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2018-1092 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the ext4_iget function in fs/ext4/inode.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the system to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 141196 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2018-1087 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the improper handling of exceptions delivered after a stack switch operation using the MOV to SS and POP SS instructions by the KVM hypervisor. An attacker could exploit this vulnerability to gain elevated privileges or cause the guest to crash. CVSS Base Score: 8.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 142976 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2018-1068 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error in the implementation of 32 bit syscall interface. An attacker could exploit this vulnerability to gain root privileges on the system. CVSS Base Score: 8.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 140403 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) CVEID: CVE-2017-16939 DESCRIPTION: Linux Kernel could allow a remote attacker to gain elevated privileges on the system, caused by an use-after-free in the Netlink socket subsystem XFRM. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain privileges. CVSS Base Score: 9.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 135317 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 10 July 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. Security Bulletin: A vulnerability in PostgreSQL affects PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0730491 Modified date: 26 September 2018 Summary PowerKVM is affected by a vulnerability in PostgreSQL. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-10915 DESCRIPTION: PostgreSQL could allow a remote attacker to bypass security restrictions, caused by an issue with improperly resting internal state in between connections in the libpq library. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass client-side connection security features. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148225 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) Affected Products and Versions PowerKVM v3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 5 September 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: A vulnerability in Python affects PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0716905 Modified date: 26 September 2018 Summary PowerKVM is affected by a vulnerability in Python. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. CVSS Base Score: 3.7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 116337 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. This update modifies the Python SSL module to disable 3DES cipher suites by default. Workarounds and Mitigations none Change History 10 July 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: A vulnerability in git affects PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0716881 Modified date: 26 September 2018 Summary PowerKVM is affected by a vulnerability in git. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-11235 DESCRIPTION: Git could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of submodule "names" supplied via the untrusted .gitmodules file when appending them to the '$GIT_DIR/modules' directory. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 144075 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 10 July 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: A vulnerability in gnupg2 affects PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0720353 Modified date: 26 September 2018 Summary PowerKVM is affected by a vulnerability in gnupg2. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-12020 DESCRIPTION: GnuPG could allow a remote attacker to conduct spoofing attacks, caused by the improper handling of the original filename during decryption and verification actions in mainproc.c. An attacker could exploit this vulnerability to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the --status-fd 2 option. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 144556 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) Affected Products and Versions PowerKVM v3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 9 August 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: A vulnerability in policycoreutils affects PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0728473 Modified date: 26 September 2018 Summary PowerKVM is affected by a vulnerability in policycoreutils. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-1063 DESCRIPTION: Policycoreutils could allow a local authenticated attacker to launch a symlink attack. Context relabeling of filesystems creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 139845 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) Affected Products and Versions PowerKVM v3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 20 August 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: A vulnerability in yum-utils affects PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0728307 Modified date: 26 September 2018 Summary PowerKVM is affected by a vulnerability in yum-utils. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-10897 DESCRIPTION: reposync could allow a remote attacker to traverse directories on the system, caused by the improper sanitation of paths in remote repository configuration files. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability using path traversal to overwrite critical system files and compromise the system. CVSS Base Score: 8.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 147685 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Affected Products and Versions PowerKVM v3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 19 August 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: PowerKVM has released fixes in response to the vulnerabilities known as Foreshadow Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0733108 Modified date: 26 September 2018 Summary PowerKVM is affected by vulnerabilities in the Linux kernel. IBM has now addressed these vulnerabilities. Note that, although the CVE descriptions do not reference POWER, POWER CPUs are afftected. Vulnerability Details CVEID: CVE-2018-3620 DESCRIPTION: Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks and via a terminal page fault, an attacker could exploit this vulnerability to leak information residing in the L1 data cache and read data belonging to different security contexts. Note: This vulnerability is also known as the "L1 Terminal Fault (L1TF)" or "Foreshadow" attack. CVSS Base Score: 7.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148318 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 12. Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1026853 Workarounds and Mitigations none Change History 10 July 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: Vulnerabilities in docker affect PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0725649 Modified date: 26 September 2018 Summary PowerKVM is affected by vulnerabilities in docker. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-14992 DESCRIPTION: Docker-CE (Also known as Moby) is vulnerable to a denial of service, caused by the lack of content verification. By using a specially-crafted image layer payload, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 134421 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2016-9962 DESCRIPTION: Docker Engine could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error in the RunC when running as root. By using "runc exec", an attacker could exploit this vulnerability to gain access to file-descriptors and escape or modify runC state. CVSS Base Score: 7.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 120498 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions PowerKVM V3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 10 August 2018 - Initial version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: Vulnerabilities in glibc affect PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0716885 Modified date: 26 September 2018 Summary PowerKVM is affected by vulnerabilities in the GNU C Library (aka glibc or libc6). IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-1000001 DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on the system, caused by a buffer underflow in the __realpath() function in stdlib /canonicalize.c. An attacker could exploit this vulnerability to execute arbitrary code on the system and obtain privileges. CVSS Base Score: 8.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 137516 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2017-15804 DESCRIPTION: GNU C Library (aka glibc or libc6) is vulnerable to a buffer overflow, caused by improper bounds checking by glob function in glob.c. By using a specially-crafted file, a local attacker could overflow a buffer. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 133996 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) CVEID: CVE-2017-15670 DESCRIPTION: GNU C Library is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the glob function in glob.c. By sending a specially-crafted string, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 133915 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2017-12132 DESCRIPTION: GNU C Library (aka glibc or libc6) could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the DNS stub resolver. An attacker could exploit this vulnerability to perform off-path DNS spoofing attacks. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 129949 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2015-5180 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a NULL pointer dereference in the res_query function in libresolv. By using a malformed pattern, a remote attacker could cause the process to crash. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 130620 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2014-9402 DESCRIPTION: glibc is vulnerable to a denial of service, caused by an error in the getanswer_r() function. If the DNS backend is activated, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 99289 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Affected Products and Versions PowerKVM v3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 10 July 2018 - Initial version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM Security Bulletin Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0716879 Modified date: 26 September 2018 Summary PowerKVM is affected by vulnerabilities in the Linux kernel . IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-15116 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by NULL pointer dereference in the rngapi_reset function in crypto/rng.c. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 135735 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2017-12190 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-memory condition in the bio_map_user_iov and bio_unmap_user functions in block/bio.c. A local attacker could exploit this vulnerability to cause the system to crash. CVSS Base Score: 4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 135759 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2018-10881 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bound access in the ext4_get_group_info function. By mounting and operating on a specially crafted ext4 filesystem image, a local attacker could exploit this vulnerability to cause the system to crash. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 147820 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2018-6412 DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive information, caused by an integer signedness error in the sbusfb_ioctl_helper function in drivers/video/fbdev/sbuslib.c. By using vector related to the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands, a remote attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 138494 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2018-1093 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the ext4_valid_block_bitmap function in fs/ext4/ balloc.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the system to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 141197 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2018-1092 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the ext4_iget function in fs/ext4/inode.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the system to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 141196 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2018-1087 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the improper handling of exceptions delivered after a stack switch operation using the MOV to SS and POP SS instructions by the KVM hypervisor. An attacker could exploit this vulnerability to gain elevated privileges or cause the guest to crash. CVSS Base Score: 8.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 142976 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2018-1068 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error in the implementation of 32 bit syscall interface. An attacker could exploit this vulnerability to gain root privileges on the system. CVSS Base Score: 8.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 140403 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) CVEID: CVE-2017-16939 DESCRIPTION: Linux Kernel could allow a remote attacker to gain elevated privileges on the system, caused by an use-after-free in the Netlink socket subsystem XFRM. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain privileges. CVSS Base Score: 9.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 135317 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 15. Workarounds and Mitigations none Change History 10 July 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW6xfLGaOgq3Tt24GAQjTxRAAmBWrlGp6ULV5d/wWxF6UwL6DtvdrYWJT LF5IFIg9VGEsvuleplgEMpUbr/VFCG3c97Ih+xbAWYMnENG/Bl+nHI0/lhYPuyX0 VP1Bj8cqm2mlsMbpNYkNyKQ/ywlBp7fIDD35oGjH9wnnn+4OvI61bTnudgpAh5BK mdSRiYspsFja8hgIONLW4GSgaKd9bX7O7YjGznYdqTuBtTkj9bTgVPLvSLCuwP4O e5UzfjOJrY6aEB5p92WJ0uq0UshirUTaqDxUOZes5sUJ35Max7Pp3uaw1qUIvfQf kCXoccJmtIsXUrCWBowa2e0jufXTjxE39rdAP0vMEcjUVTb6lhg9aF1U228X0/WE ROgI9qqSwbYXwVD+00lhvildrLzSMX3hXhGOtPdzehFz4dXDajcG16KNNYiE7fLv rtYGMlEcfjzg1llfoPCLTgw2vPF9EUHC8KjBdtntE37W+1n2b5tLjcTFWcxLWH+j 9kbN2anKIFDmJUFQbSM+w5UYRTm7vOZI0cjgC0pBd4BAIaZavTl8oDQhe1Vfgx7z MFDfPh5iJXmHZQpMOl7eH37poLsv95osP9HDAQGtQt7K+40xZI91ydASlrs5hSnm AlaQpBuDTJIFedHnsBeKk5oC6NQ2VpwLlwIEzP6Fn46OkMPKEQynLxJ5qbL5joET 31KajXicvzE= =tJTE -----END PGP SIGNATURE-----