Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.0670
Security Bulletin: Multiple vulnerabilities affecting PowerKVM
5 March 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM PowerKVM
Publisher: IBM
Operating System: Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Increased Privileges -- Existing Account
Overwrite Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-6454 CVE-2019-6133 CVE-2019-6116
CVE-2019-3815 CVE-2019-3813 CVE-2018-19477
CVE-2018-19476 CVE-2018-19475 CVE-2018-19115
CVE-2018-18710 CVE-2018-18311 CVE-2018-16865
CVE-2018-16864 CVE-2018-16540 CVE-2018-16539
CVE-2018-16511 CVE-2018-16395 CVE-2018-15911
CVE-2018-15909 CVE-2018-15908 CVE-2018-15688
CVE-2018-14682 CVE-2018-14681 CVE-2018-14680
CVE-2018-14679 CVE-2018-11237 CVE-2018-11236
CVE-2018-6485 CVE-2018-5742 CVE-2017-17807
CVE-2017-16997
Reference: ESB-2019.0609
ESB-2019.0595
ESB-2019.0554
ESB-2019.0512
ESB-2019.0404
ESB-2019.0333
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=ibm10870068
http://www.ibm.com/support/docview.wss?uid=ibm10794307
http://www.ibm.com/support/docview.wss?uid=ibm10871786
http://www.ibm.com/support/docview.wss?uid=ibm10871626
http://www.ibm.com/support/docview.wss?uid=ibm10791547
http://www.ibm.com/support/docview.wss?uid=ibm10871830
http://www.ibm.com/support/docview.wss?uid=ibm10794743
http://www.ibm.com/support/docview.wss?uid=ibm10870872
http://www.ibm.com/support/docview.wss?uid=ibm10792175
http://www.ibm.com/support/docview.wss?uid=ibm10869078
http://www.ibm.com/support/docview.wss?uid=ibm10791549
http://www.ibm.com/support/docview.wss?uid=ibm10794373
Comment: This bulletin contains twelve (12) IBM security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: A vulnerability in Bind affects PowerKVM
Document information
More support for: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0870068
Modified date: 04 March 2019
Summary
PowerKVM is affected by a vulnerability in Bind. IBM has now addressed this
vulnerability.
Vulnerability Details
CVEID: CVE-2018-5742 DESCRIPTION: BIND packages in RedHat and CentOS are
vulnerable to a denial of service, caused by an assertion error when debug log
level is 10 or higher. A remote attacker could exploit this vulnerability to
cause the application to crash. CVSS Base Score: 5.9 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 154625 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.
Workarounds and Mitigations
none
Change History
1 February 2019 - Initial Version
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
===============================================================================
Security Bulletin: A vulnerability in NetworkManager affects PowerKVM
Document information
More support for: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0794307
Modified date: 04 March 2019
Summary
PowerKVM is affected by a vulnerability in systemd (NetworkManager). IBM has
now addressed this vulnerability.
Vulnerability Details
CVEID: CVE-2018-15688 DESCRIPTION: systemd is vulnerable to a heap-based
buffer overflow, caused by improper bounds checking by the dhcp6 client. By
sending a specially-crafted request, a remote attacker could overflow a buffer
and execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal
Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152041 for
the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.
Workarounds and Mitigations
none
Change History
8 Jan 2019 - Initial Version
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
===============================================================================
Security Bulletin: A vulnerability in Perl affects PowerKVM
Document information
More support for: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0871786
Modified date: 04 March 2019
Summary
PowerKVM is affected by a vulnerability in Perl. IBM has now addressed this
vulnerability.
Vulnerability Details
CVEID: CVE-2018-18311 DESCRIPTION: Perl is vulnerable to a heap-based buffer
overflow, caused by an integer overflow in the Perl_my_setenv function. By
sending a specially-crafted request, a local attacker could overflow a buffer
and execute arbitrary code or cause a denial of service condition. CVSS Base
Score: 8.4 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153586 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.
Workarounds and Mitigations
none
Change History
12 February 2019 - Initial Version
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
===============================================================================
Security Bulletin: A vulnerability in Polkit affects PowerKVM
Document information
More support for: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0871626
Modified date: 04 March 2019
Summary
PowerKVM is affected by a vulnerability in Polkit. IBM has now addressed this
vulnerability.
Vulnerability Details
CVEID: CVE-2019-6133 DESCRIPTION: PolicyKit could allow a remote attacker to
bypass security restrictions, caused by the lack of uid checking in
polkitbackend/ polkitbackendinteractiveauthority.c. By sending a
specially-crafted request, an attacker could exploit this vulnerability to
bypass the start time protection mechanism and improperly cache authoriztaion
decisions. CVSS Base Score: 5.3 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155439 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.
Workarounds and Mitigations
none
Change History
12 February 2019 - Initial Version
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
===============================================================================
Security Bulletin: A vulnerability in Ruby affects PowerKVM
Document information
More support for: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0791547
Modified date: 04 March 2019
Summary
PowerKVM is affected by a vulnerability in Ruby. IBM has now addressed this
vulnerability.
Vulnerability Details
CVEID: CVE-2018-16395 DESCRIPTION: Ruby could allow a remote attacker to
bypass security restrictions, caused by a flaw when comparing two
OpenSSL::X509::Name objects using == in the OpenSSL library. By sending
specially-crafted arguments, an attacker could exploit this vulnerability to
to create an illegitimate certificate that may be accepted as legitimate. CVSS
Base Score: 7.5 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153077 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.
Workarounds and Mitigations
none
Change History
17 December 2018 - Initial Version
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
===============================================================================
Security Bulletin: A vulnerability in Spice affects PowerKVM
Document information
More support for: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0871830
Modified date: 04 March 2019
Summary
PowerKVM is affected by a vulnerability in Spice. IBM has now addressed this
vulnerability.
Vulnerability Details
CVEID: CVE-2019-3813 DESCRIPTION: Spice is vulnerable to a denial of service,
caused by an off-by-one error in array access in spice/server/memslot.c. A
local attacker could exploit this vulnerability to cause the host to crash or
possibly execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS
Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
156290 for the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.
Workarounds and Mitigations
none
Change History
12 February 2019 - Initial Version
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
===============================================================================
Security Bulletin: A vulnerability in keepalived affects PowerKVM
Document information
More support for: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0794743
Modified date: 04 March 2019
Summary
PowerKVM is affected by a vulnerability in keepalived. IBM has now addressed
this vulnerability.
Vulnerability Details
CVEID: CVE-2018-19115 DESCRIPTION: keepalived is vulnerable to a denial of
service, caused by a heap-based buffer overflow flaw in the
extract_status_code function in lib/ html.c. By sending specially-crafted HTTP
status codes, a remote attacker could exploit this vulnerability to cause a
denial of service condition. CVSS Base Score: 5.3 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152796 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.
Workarounds and Mitigations
none
Change History
9 Jan 2019 - Initial Version
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
===============================================================================
Security Bulletin: Vulnerabiliies in glibc affect PowerKVM
Document information
More support for: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0870872
Modified date: 04 March 2019
Summary
PowerKVM is affected by vulnerabilities in glibc. IBM has now addressed these
vulnerabilities.
Vulnerability Details
CVEID: CVE-2018-11237 DESCRIPTION: GNU glibc is vulnerable to a buffer
overflow, caused by improper bounds of checking by the
__mempcpy_avx512_no_vzeroupper function. By executing a specially-crafted
program, a local attacker could overflow a buffer and execute arbitrary code
on the system. CVSS Base Score: 7.8 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 143580 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-11236 DESCRIPTION: GNU glibc is vulnerable to a stack-based
buffer overflow, caused by improper bounds of checking by the pathname
arguments in the realpath function in stdlib/canonicalize.c. By using
specially-crafted pathname arguments, a remote attacker could overflow a
buffer and execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS
Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
143578 for the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2018-6485 DESCRIPTION: GNU C Library is vulnerable to a denial of
service, caused by an integer overflow in the implementation of the
posix_memalign in memalign functions. A local attacker could exploit this
vulnerability to cause the application to crash. CVSS Base Score: 4 CVSS
Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
138627 for the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-16997 DESCRIPTION: GNU C Library could allow a local attacker
to gain elevated privileges on the system, caused by a flaw in the
elf/dl-load.c. By using a Trojan horse library, an attacker could exploit this
vulnerability to gain elevated privileges on the system. CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
136491 for the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.
Workarounds and Mitigations
none
Change History
7 February 2019 - Initial Version
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
===============================================================================
Security Bulletin: Vulnerabiliies in libmspack affect PowerKVM
Document information
More support for: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0792175
Modified date: 04 March 2019
Summary
PowerKVM is affected by vulnerabilities in libmspack. IBM has now addressed
these vulnerabilities.
Vulnerability Details
CVEID: CVE-2018-14682 DESCRIPTION: libmspack is vulnerable to a denial of
service, caused by an off-by-one in mspack/chmd.c in the TOLOWER() macro for
CHM decompression. A remote attacker could exploit this vulnerability to cause
a denial of service. CVSS Base Score: 5.3 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 147666 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-14681 DESCRIPTION: libmspack could allow a remote attacker to
overwrite arbitrary files, caused by an error in the kwajd_read_headers
function in mspack/kwajd.c in libmspack. An attacker could exploit this
vulnerability using bad KWAJ file header extensions to cause a one or two byte
overwrite. CVSS Base Score: 5.3 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 147669 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2018-14680 DESCRIPTION: An unspecified error in libmspack related
to the failure to reject blank CHM filenames has an unknown impact and attack
vector. CVSS Base Score: 5.3 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 147668 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2018-14679 DESCRIPTION: libmspack is vulnerable to a denial of
service, caused by an off-by-one error in the CHM PMGI/PMGL chunk number
validity checks in mspack/ chmd.c. A remote attacker could exploit this
vulnerability to cause the application to crash. CVSS Base Score: 5.3 CVSS
Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
147667 for the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.
Workarounds and Mitigations
none
Change History
19 December 2018 - Initial Version
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
===============================================================================
Security Bulletin: Vulnerabiliies in systemd affect PowerKVM
Document information
More support for: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0869078
Modified date: 04 March 2019
Summary
PowerKVM is affected by vulnerabilities in systemd. IBM has now addressed
these vulnerabilities.
Vulnerability Details
CVEID: CVE-2018-16865 DESCRIPTION: systemd is vulnerable to a denial of
service, caused by a memory corruption flaw when calling the alloca function.
By sending specially-crafted command arguments, a local attacker could exploit
this vulnerability to cause a denial of service. CVSS Base Score: 6.2 CVSS
Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155359 for the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-16864 DESCRIPTION: systemd is vulnerable to a denial of
service, caused by a memory corruption flaw when calling the syslog function.
By sending specially-crafted command arguments, a local attacker could exploit
this vulnerability to cause a denial of service. CVSS Base Score: 6.2 CVSS
Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155358 for the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-15688 DESCRIPTION: systemd is vulnerable to a heap-based
buffer overflow, caused by improper bounds checking by the dhcp6 client. By
sending a specially-crafted request, a remote attacker could overflow a buffer
and execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal
Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152041 for
the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2019-3815 DESCRIPTION: systemd is vulnerable to a denial of
service, caused by a memory leak in the function dispatch_message_real() in
journald-server.c. A local attacker could exploit this vulnerability to make
systemd-journald crash. CVSS Base Score: 4 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 156227 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-6454 DESCRIPTION: systemd is vulnerable to a denial of
service, caused by a flaw in the bus_process_object function in bus-objects.c.
By sending a specially-crafted DBUS nessage, a local authenticated attacker
could exploit this vulnerability to crash PID 1 and result in a subsequent
kernel panic. CVSS Base Score: 5.5 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 157193 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.
Workarounds and Mitigations
none
Change History
24 January 2019 - Initial Version
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
===============================================================================
Security Bulletin: Vulnerabilities in Ghostscript affect PowerKVM
Document information
More support for: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0791549
Modified date: 04 March 2019
Summary
PowerKVM is affected by vulnerabilities in Artifex Ghostscript. IBM has now
addressed these vulnerabilities.
Vulnerability Details
CVEID: CVE-2018-16539 DESCRIPTION: Artifex Ghostscript could allow a remote
attacker to obtain sensitive information, caused by improper access checking
in temp file handling.By persuading a victim to open a specially-crafted file,
a remote attacker could exploit this vulnerability to obtain contents of files
on the system. CVSS Base Score: 5.5 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 149465 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVEID: CVE-2018-16511 DESCRIPTION: Artifex Ghostscript is vulnerable to a
denial of service, caused by a type confusion flaw in ztype. By persuading a
victim to open a specially-crafted file, a remote attacker could exploit this
vulnerability to crash the interpreter. CVSS Base Score: 5.5 CVSS Temporal
Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 149463 for
the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-15909 DESCRIPTION: Artifex Ghostscript could allow a remote
attacker to execute arbitrary code on the system, caused by a type confusion
using the .shfill operator. An attacker could exploit this vulnerability using
a PostScript file to crash the interpreter or possibly execute arbitrary code
on the system. CVSS Base Score: 5.3 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148959 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2018-15908 DESCRIPTION: Artifex Ghostscript could allow a remote
attacker to bypass security restrictions. An attacker could exploit this
vulnerability using specially crafted PostScript files to bypass .tempfile
restrictions and write files. CVSS Base Score: 5.5 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148960 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID: CVE-2018-15911 DESCRIPTION: Artifex Ghostscript could allow a remote
attacker to execute arbitrary code on the system, caused by an uninitialized
memory access error in the aesdecode operator. An attacker could exploit this
vulnerability to crash the interpreter or possibly execute arbitrary code on
the system. CVSS Base Score: 7.3 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148957 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2019-6116 DESCRIPTION: Artifex Ghostscript could allow a remote
attacker to execute arbitrary commands on the system, caused by the failure to
mark subroutines as executeonly and make them pseudo-operators. An attacker
could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base Score: 9.8 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 156003 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-19477 DESCRIPTION: Artifex Ghostscript could allow a remote
attacker to bypass security restrictions, caused by a JBIG2Decode type
confusion in psi/ zfjbig2.c. By sending a specially-crafted request, an
attacker could exploit this vulnerability to bypass access restrictions. CVSS
Base Score: 5.3 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153246 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2018-19476 DESCRIPTION: Artifex Ghostscript could allow a remote
attacker to bypass security restrictions, caused by a setcolorspace type
confusion in psi/zicc.c. By sending a specially-crafted request, an attacker
could exploit this vulnerability to bypass access restrictions. CVSS Base
Score: 5.3 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153245 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2018-19475 DESCRIPTION: Artifex Ghostscript could allow a remote
attacker to bypass security restrictions, caused by improper validation of
stack space in psi/ zdevice2.c. By sending a specially-crafted request, an
attacker could exploit this vulnerability to bypass access restrictions. CVSS
Base Score: 5.3 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153244 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2018-16540 DESCRIPTION: Artifex Ghostscript is vulnerable to a
denial of service, caused by a use-after-free in copydevice handling in PDF14
converter. By persuading a victim to open a specially-crafted file, a remote
attacker could exploit this vulnerability to crash the interpreter. CVSS Base
Score: 5.5 CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/ 149466 for the current
score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.
Workarounds and Mitigations
none
Change History
17 December 2018 - Initial Version
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
===============================================================================
Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM
Document information
More support for: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0794373
Modified date: 04 March 2019
Summary
PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now
addressed these vulnerabilities.
Vulnerability Details
CVEID: CVE-2018-18710 DESCRIPTION: Linux Kernel could allow a local attacker
to obtain sensitive information, caused by improper bounds checking in
cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c. An attacker could exploit
this vulnerability to obtain sensitive information. CVSS Base Score: 4 CVSS
Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152126 for the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2017-17807 DESCRIPTION: Linux Kernel could allow a local
authenticated attacker to bypass security restrictions, caused by omitting an
access-control check when adding a key to the current task''s default
request-key keyring in the KEYS subsystem. By using a sequence of
specially-crafted system calls, an attacker could exploit this vulnerability
to add keys to a keyring with only Search permission. CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
136628 for the current score CVSS Environmental Score*: Undefined CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.
Workarounds and Mitigations
none
Change History
8 January 2019 - Initial Version
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXH260WaOgq3Tt24GAQgHZxAAvtr1FpZqnT6Co2qljdDqC7nw2D0FmzYY
+K57P8zIPIXqMf+eMB7d38FWTAZ0kVmyH/T0+8yFayy8TSkTcwTkuFCtmoTEm875
7KqfxDRrYxJd8Vq9G8aw717gmwOgaiYE6equaOPjaryn2Ga8wkrik7UE2qX9i8zH
RW4yZ6azf7UxleWa4+9chkKWeuZmX5584qlcrPXrFC5o+h4q8/1Lp3/7JMKpxHiF
q3NrlFrFfKiE5Bj1edJ3il+Ehs1qmJcXmGC8F8ZqsRIi1h0H53VM2ruNZu6D0iEX
I2DWGQ1QIeo+RWC7feYHucXTn/pO5DftYyvJAkRf7/08JPVQ4nhXv94R8LI7w22Q
dV/3sGY/VK2dp59PLUl1a/FYJYPmLdwbxph415e1k1YS5/0L+soDlqtTWeme7yq4
U2WHbITWW4wsVXCrjbuNyR6m9kNX0nbRNspTWziwr/Y86StstlJthTryMsyGBvmG
p+l2NTNlQTZhm8DGqcf5wkIVl/7WyE5TQK2el+ud3HESASRt7x119hNZ5IiBRgsn
/i0ifamNbp+hXsLhc6P3GpSfbFzmWzzJq96ucJZDc65XgYtS/u90HneG6vu2oO9Q
kpc0TyobO2ZTkXxNb6BjpC+7x580/rArm7DxSeCyIdYHJdHTNpGtJIVPHhwzoXkM
qEZKo3KPeDc=
=huaA
-----END PGP SIGNATURE-----