Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1981 AirPort Base Station Firmware Update 7.9.1 3 June 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Apple AirPort Base Station Publisher: Apple Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-8588 CVE-2019-8581 CVE-2019-8580 CVE-2019-8578 CVE-2019-8575 CVE-2019-8572 CVE-2019-7291 CVE-2018-6918 Original Bulletin: https://support.apple.com/en-au/HT210090 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1 AirPort Base Station Firmware Update 7.9.1 is now available and addresses the following: AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8581: Lucio Albornoz AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8588: Vince Cali (@0x56) AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-6918: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8578: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A base station factory reset may not delete all user information Description: The issue was addressed with improved data deletion. CVE-2019-8575: joshua stein AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved memory handling. CVE-2019-7291: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: Source-routed IPv4 packets may be unexpectedly accepted Description: Source-routed IPv4 packets were disabled by default. CVE-2019-8580: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8572: Maxime Villard Installation note: Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzwO9kACgkQeC9tht7T K3E14A/+LIUEHIyDAewGNwmeNdmIEg25JJQbn2GheSuEo3toK8OTxxo0JEqIp8wO gDEWxC4WUgLUUliu4QpBl0R3Jy573EF5WEzDF0vl9vP6/AP0X5LT0kkuK7GSpRTA 7N+zvRCRjLYtBsqhRxqDwpDfrCgmjjPTPbjpx/Mk94mpWcLIbmfp8a9JUVXWpm17 60hhkWIc4NP15uZZ1GAt2IiWE8ZnvQ3SiWtj/bbbdw9IX5KRbfyRs/rWOwqqIXpb 1SKZClEfTECZtbCyvg9jFK3hKKUbW/A7rfkCqQGkYPU1O4L5eBQY+o+V9Hkwg6V9 WdqUOLF+bA1NlwqXinBypf0wmLfMImRHEID0w0660T+2+l6sOrJOEZDuMy47ltYi newJ92HL79uvKvz3gkpRS84hrZlcmp7JAS8+c+BV2SriY3J5V8hIAVmjbkxAUOM8 wRv2FJXbvibo5eI+ceYOXZ/gMtsH5trlbskKHCoiYnhqxu4vXnNK4UKik7xn+QtB Q1UxDAA8VmlK9hw/PNrA9RuBsrkxBGj5Hwr0WpiZrmFsDoCiSdjMb3NltSmKL+nd 0TthDSbr7iHTPtkREORvf+4FjGXfwUnOa6/xjAI6JN/RLcjNdqMli6TBUlVMGa2C ZVmolUQCqoB82IwmFt2ZhuQIa2liLv5zOeJuXuZcGQ7GpoEynV8= =VaIH - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXPSjOmaOgq3Tt24GAQidfw//b9uTWRGIOz167lGMy+gA+Yg5bTgSx1o2 9GXATNxevoWP+BKeLj3u4BwghG8NPLvBWRT54RTu1npmzpZwFTL/i+PK9E0VroT1 6QjmobbOGgUPg9vfCErg/IjpLKFOHMwt5nC2Fqhb7uU6OXwcz1cmmmDOrNXSBJUe xF4ojpfhj0VQBhrgtY8qfVio202MVza8rZxFDsICzXoj+Vj85ppJ2cguPh60ck7f LgqW7XfW+688qsnBDQWQltCpvPehQoEubvt8U7w8oXTtE0Vg1C824E2gKZDVEnxS bGBsG5MtSytx4MQChwfnmoDTMt4gYtibBmMs7IZpaD6xTelPtKKXRewwH7t+CdDf iSOcJtNpnvKFjmhDU3ua3X6095fXopJwI+Lq5qmS0IpeX9iwAhdG10OLE+xzuAr7 pe7Egdhk4YzZcu02M5a9vm31gmqISv46Gu4UvcWVecJjon9hQ5anAXJ970lhYVe7 wfQTxtxEcuvBuP1pZm/0wViBdT0h9k6M2zX1QXwNiMV4kN1YkCz9kUqYdr//5aCt wq3HmYLSqdb7Io7IQ4lRsdDHdWr4lzexfdgfeUebIz5tpfrVACbuiW9o4/wiXv3S NAaFaS5aROmSTr5/gWEgcgel8L4/JpgvQaR1sg7ApCvyEL6xRSqZvrB4SWInSt6n OVFwSoR4aDs= =HtXe -----END PGP SIGNATURE-----