Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.0670 Security Bulletin: Multiple vulnerabilities affecting PowerKVM 5 March 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM PowerKVM Publisher: IBM Operating System: Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Increased Privileges -- Existing Account Overwrite Arbitrary Files -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-6454 CVE-2019-6133 CVE-2019-6116 CVE-2019-3815 CVE-2019-3813 CVE-2018-19477 CVE-2018-19476 CVE-2018-19475 CVE-2018-19115 CVE-2018-18710 CVE-2018-18311 CVE-2018-16865 CVE-2018-16864 CVE-2018-16540 CVE-2018-16539 CVE-2018-16511 CVE-2018-16395 CVE-2018-15911 CVE-2018-15909 CVE-2018-15908 CVE-2018-15688 CVE-2018-14682 CVE-2018-14681 CVE-2018-14680 CVE-2018-14679 CVE-2018-11237 CVE-2018-11236 CVE-2018-6485 CVE-2018-5742 CVE-2017-17807 CVE-2017-16997 Reference: ESB-2019.0609 ESB-2019.0595 ESB-2019.0554 ESB-2019.0512 ESB-2019.0404 ESB-2019.0333 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10870068 http://www.ibm.com/support/docview.wss?uid=ibm10794307 http://www.ibm.com/support/docview.wss?uid=ibm10871786 http://www.ibm.com/support/docview.wss?uid=ibm10871626 http://www.ibm.com/support/docview.wss?uid=ibm10791547 http://www.ibm.com/support/docview.wss?uid=ibm10871830 http://www.ibm.com/support/docview.wss?uid=ibm10794743 http://www.ibm.com/support/docview.wss?uid=ibm10870872 http://www.ibm.com/support/docview.wss?uid=ibm10792175 http://www.ibm.com/support/docview.wss?uid=ibm10869078 http://www.ibm.com/support/docview.wss?uid=ibm10791549 http://www.ibm.com/support/docview.wss?uid=ibm10794373 Comment: This bulletin contains twelve (12) IBM security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: A vulnerability in Bind affects PowerKVM Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0870068 Modified date: 04 March 2019 Summary PowerKVM is affected by a vulnerability in Bind. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-5742 DESCRIPTION: BIND packages in RedHat and CentOS are vulnerable to a denial of service, caused by an assertion error when debug log level is 10 or higher. A remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 5.9 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 154625 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17. Workarounds and Mitigations none Change History 1 February 2019 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. =============================================================================== Security Bulletin: A vulnerability in NetworkManager affects PowerKVM Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0794307 Modified date: 04 March 2019 Summary PowerKVM is affected by a vulnerability in systemd (NetworkManager). IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-15688 DESCRIPTION: systemd is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the dhcp6 client. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152041 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17. Workarounds and Mitigations none Change History 8 Jan 2019 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. =============================================================================== Security Bulletin: A vulnerability in Perl affects PowerKVM Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0871786 Modified date: 04 March 2019 Summary PowerKVM is affected by a vulnerability in Perl. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-18311 DESCRIPTION: Perl is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the Perl_my_setenv function. By sending a specially-crafted request, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition. CVSS Base Score: 8.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153586 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17. Workarounds and Mitigations none Change History 12 February 2019 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. =============================================================================== Security Bulletin: A vulnerability in Polkit affects PowerKVM Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0871626 Modified date: 04 March 2019 Summary PowerKVM is affected by a vulnerability in Polkit. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2019-6133 DESCRIPTION: PolicyKit could allow a remote attacker to bypass security restrictions, caused by the lack of uid checking in polkitbackend/ polkitbackendinteractiveauthority.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass the start time protection mechanism and improperly cache authoriztaion decisions. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155439 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17. Workarounds and Mitigations none Change History 12 February 2019 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. =============================================================================== Security Bulletin: A vulnerability in Ruby affects PowerKVM Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0791547 Modified date: 04 March 2019 Summary PowerKVM is affected by a vulnerability in Ruby. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-16395 DESCRIPTION: Ruby could allow a remote attacker to bypass security restrictions, caused by a flaw when comparing two OpenSSL::X509::Name objects using == in the OpenSSL library. By sending specially-crafted arguments, an attacker could exploit this vulnerability to to create an illegitimate certificate that may be accepted as legitimate. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153077 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17. Workarounds and Mitigations none Change History 17 December 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. =============================================================================== Security Bulletin: A vulnerability in Spice affects PowerKVM Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0871830 Modified date: 04 March 2019 Summary PowerKVM is affected by a vulnerability in Spice. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2019-3813 DESCRIPTION: Spice is vulnerable to a denial of service, caused by an off-by-one error in array access in spice/server/memslot.c. A local attacker could exploit this vulnerability to cause the host to crash or possibly execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 156290 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17. Workarounds and Mitigations none Change History 12 February 2019 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. =============================================================================== Security Bulletin: A vulnerability in keepalived affects PowerKVM Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0794743 Modified date: 04 March 2019 Summary PowerKVM is affected by a vulnerability in keepalived. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-19115 DESCRIPTION: keepalived is vulnerable to a denial of service, caused by a heap-based buffer overflow flaw in the extract_status_code function in lib/ html.c. By sending specially-crafted HTTP status codes, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152796 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17. Workarounds and Mitigations none Change History 9 Jan 2019 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. =============================================================================== Security Bulletin: Vulnerabiliies in glibc affect PowerKVM Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0870872 Modified date: 04 March 2019 Summary PowerKVM is affected by vulnerabilities in glibc. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-11237 DESCRIPTION: GNU glibc is vulnerable to a buffer overflow, caused by improper bounds of checking by the __mempcpy_avx512_no_vzeroupper function. By executing a specially-crafted program, a local attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 7.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 143580 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2018-11236 DESCRIPTION: GNU glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds of checking by the pathname arguments in the realpath function in stdlib/canonicalize.c. By using specially-crafted pathname arguments, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 143578 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2018-6485 DESCRIPTION: GNU C Library is vulnerable to a denial of service, caused by an integer overflow in the implementation of the posix_memalign in memalign functions. A local attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 138627 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2017-16997 DESCRIPTION: GNU C Library could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the elf/dl-load.c. By using a Trojan horse library, an attacker could exploit this vulnerability to gain elevated privileges on the system. CVSS Base Score: 8.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 136491 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17. Workarounds and Mitigations none Change History 7 February 2019 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. =============================================================================== Security Bulletin: Vulnerabiliies in libmspack affect PowerKVM Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0792175 Modified date: 04 March 2019 Summary PowerKVM is affected by vulnerabilities in libmspack. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-14682 DESCRIPTION: libmspack is vulnerable to a denial of service, caused by an off-by-one in mspack/chmd.c in the TOLOWER() macro for CHM decompression. A remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 147666 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2018-14681 DESCRIPTION: libmspack could allow a remote attacker to overwrite arbitrary files, caused by an error in the kwajd_read_headers function in mspack/kwajd.c in libmspack. An attacker could exploit this vulnerability using bad KWAJ file header extensions to cause a one or two byte overwrite. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 147669 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2018-14680 DESCRIPTION: An unspecified error in libmspack related to the failure to reject blank CHM filenames has an unknown impact and attack vector. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 147668 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2018-14679 DESCRIPTION: libmspack is vulnerable to a denial of service, caused by an off-by-one error in the CHM PMGI/PMGL chunk number validity checks in mspack/ chmd.c. A remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 147667 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17. Workarounds and Mitigations none Change History 19 December 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. =============================================================================== Security Bulletin: Vulnerabiliies in systemd affect PowerKVM Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0869078 Modified date: 04 March 2019 Summary PowerKVM is affected by vulnerabilities in systemd. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-16865 DESCRIPTION: systemd is vulnerable to a denial of service, caused by a memory corruption flaw when calling the alloca function. By sending specially-crafted command arguments, a local attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155359 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2018-16864 DESCRIPTION: systemd is vulnerable to a denial of service, caused by a memory corruption flaw when calling the syslog function. By sending specially-crafted command arguments, a local attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155358 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2018-15688 DESCRIPTION: systemd is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the dhcp6 client. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152041 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2019-3815 DESCRIPTION: systemd is vulnerable to a denial of service, caused by a memory leak in the function dispatch_message_real() in journald-server.c. A local attacker could exploit this vulnerability to make systemd-journald crash. CVSS Base Score: 4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 156227 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2019-6454 DESCRIPTION: systemd is vulnerable to a denial of service, caused by a flaw in the bus_process_object function in bus-objects.c. By sending a specially-crafted DBUS nessage, a local authenticated attacker could exploit this vulnerability to crash PID 1 and result in a subsequent kernel panic. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 157193 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17. Workarounds and Mitigations none Change History 24 January 2019 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. =============================================================================== Security Bulletin: Vulnerabilities in Ghostscript affect PowerKVM Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0791549 Modified date: 04 March 2019 Summary PowerKVM is affected by vulnerabilities in Artifex Ghostscript. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-16539 DESCRIPTION: Artifex Ghostscript could allow a remote attacker to obtain sensitive information, caused by improper access checking in temp file handling.By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to obtain contents of files on the system. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 149465 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) CVEID: CVE-2018-16511 DESCRIPTION: Artifex Ghostscript is vulnerable to a denial of service, caused by a type confusion flaw in ztype. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to crash the interpreter. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 149463 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2018-15909 DESCRIPTION: Artifex Ghostscript could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion using the .shfill operator. An attacker could exploit this vulnerability using a PostScript file to crash the interpreter or possibly execute arbitrary code on the system. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148959 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) CVEID: CVE-2018-15908 DESCRIPTION: Artifex Ghostscript could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using specially crafted PostScript files to bypass .tempfile restrictions and write files. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148960 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) CVEID: CVE-2018-15911 DESCRIPTION: Artifex Ghostscript could allow a remote attacker to execute arbitrary code on the system, caused by an uninitialized memory access error in the aesdecode operator. An attacker could exploit this vulnerability to crash the interpreter or possibly execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148957 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2019-6116 DESCRIPTION: Artifex Ghostscript could allow a remote attacker to execute arbitrary commands on the system, caused by the failure to mark subroutines as executeonly and make them pseudo-operators. An attacker could exploit this vulnerability to execute arbitrary commands on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 156003 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2018-19477 DESCRIPTION: Artifex Ghostscript could allow a remote attacker to bypass security restrictions, caused by a JBIG2Decode type confusion in psi/ zfjbig2.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153246 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2018-19476 DESCRIPTION: Artifex Ghostscript could allow a remote attacker to bypass security restrictions, caused by a setcolorspace type confusion in psi/zicc.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153245 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2018-19475 DESCRIPTION: Artifex Ghostscript could allow a remote attacker to bypass security restrictions, caused by improper validation of stack space in psi/ zdevice2.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153244 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2018-16540 DESCRIPTION: Artifex Ghostscript is vulnerable to a denial of service, caused by a use-after-free in copydevice handling in PDF14 converter. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to crash the interpreter. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 149466 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17. Workarounds and Mitigations none Change History 17 December 2018 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. =============================================================================== Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM Document information More support for: PowerKVM Software version: 3.1 Operating system(s): Linux Reference #: 0794373 Modified date: 04 March 2019 Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-18710 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by improper bounds checking in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c. An attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152126 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-17807 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by omitting an access-control check when adding a key to the current task''s default request-key keyring in the KEYS subsystem. By using a sequence of specially-crafted system calls, an attacker could exploit this vulnerability to add keys to a keyring with only Search permission. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 136628 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) Affected Products and Versions PowerKVM 3.1 Remediation/Fixes Customers can update PowerKVM systems by using "yum update". Fix images are made available via Fix Central. For version 3.1, see https:// ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17. Workarounds and Mitigations none Change History 8 January 2019 - Initial Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXH260WaOgq3Tt24GAQgHZxAAvtr1FpZqnT6Co2qljdDqC7nw2D0FmzYY +K57P8zIPIXqMf+eMB7d38FWTAZ0kVmyH/T0+8yFayy8TSkTcwTkuFCtmoTEm875 7KqfxDRrYxJd8Vq9G8aw717gmwOgaiYE6equaOPjaryn2Ga8wkrik7UE2qX9i8zH RW4yZ6azf7UxleWa4+9chkKWeuZmX5584qlcrPXrFC5o+h4q8/1Lp3/7JMKpxHiF q3NrlFrFfKiE5Bj1edJ3il+Ehs1qmJcXmGC8F8ZqsRIi1h0H53VM2ruNZu6D0iEX I2DWGQ1QIeo+RWC7feYHucXTn/pO5DftYyvJAkRf7/08JPVQ4nhXv94R8LI7w22Q dV/3sGY/VK2dp59PLUl1a/FYJYPmLdwbxph415e1k1YS5/0L+soDlqtTWeme7yq4 U2WHbITWW4wsVXCrjbuNyR6m9kNX0nbRNspTWziwr/Y86StstlJthTryMsyGBvmG p+l2NTNlQTZhm8DGqcf5wkIVl/7WyE5TQK2el+ud3HESASRt7x119hNZ5IiBRgsn /i0ifamNbp+hXsLhc6P3GpSfbFzmWzzJq96ucJZDc65XgYtS/u90HneG6vu2oO9Q kpc0TyobO2ZTkXxNb6BjpC+7x580/rArm7DxSeCyIdYHJdHTNpGtJIVPHhwzoXkM qEZKo3KPeDc= =huaA -----END PGP SIGNATURE-----