OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0228) (Spectre)

The remote OracleVM system is missing necessary patches to address critical security updates : - netlink: add a start callback for starting a netlink dump Tom Herbert Orabug: 27169581 CVE-2017-16939 - ipsec: Fix aborted xfrm policy dump crash Herbert Xu Orabug: 27169581 CVE-2017-16939 - net/rds:...

Unbreakable Enterprise kernel security update

4.1.12-124.16.2 - netlink: add a start callback for starting a netlink dump Tom Herbert Orabug: 27169581 CVE-2017-16939 - ipsec: Fix aborted xfrm policy dump crash Herbert Xu Orabug: 27169581 CVE-2017-16939...

CentOS Update for kernel CESA-2018:1318 centos7

Check the version of kernel SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882900";...

[SECURITY] Fedora 27 Update: strongswan-5.6.2-6.fc27

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2018:1318 An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

[SECURITY] Fedora 28 Update: strongswan-5.6.2-6.fc28

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...

RHEL 7 : kernel-rt (RHSA-2018:1355)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1355 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation

The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interfaceCONFIGXFRMUSER compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrmdumppolicydone. A user/process could abuse this flaw to potentially...

Cisco ASR StarOS IPsec Manager Denial of Service Vulnerability (cisco-sa-20180418-starosasr)

According to its self-reported version and model number, the remote Cisco ASR device is affected by a denial of service vulnerability. Please see the included Cisco BID and the Cisco Security Advisory for more information. C Tenable Network Security, Inc. include"compat.inc"; if description...

Cisco ASR 5000 Series Router Denial of Service Vulnerability

The Cisco Aggregation Services Router ASR 5000 Series Routers and Virtualized Packet Core VPC System Software are both products of Cisco, Inc. The Cisco Aggregation Services Router ASR 5000 Series Routers are a 5000 series of secure router appliances.The Virtualized Packet Core VPC System Softwar...

CVE-2018-0273

A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router ASR 5000 Series Routers and Virtualized Packet Core VPC System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being...

CVE-2018-0273

A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router ASR 5000 Series Routers and Virtualized Packet Core VPC System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being...

Race condition

A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router ASR 5000 Series Routers and Virtualized Packet Core VPC System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being...

CVE-2018-0273

A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router ASR 5000 Series Routers and Virtualized Packet Core VPC System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being...

CVE-2018-0273

Cisco StarOS IPsec Manager on ASR 5000 and VPC is affected by CVE-2018-0273 due to improper handling of corrupted IKEv2 messages. An unauthenticated, remote attacker could trigger ipsecmgr to reload, terminating all active IPsec VPN tunnels and preventing new ones until the service restarts (DoS)...

CVE-2018-0273

A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router ASR 5000 Series Routers and Virtualized Packet Core VPC System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being...

Cisco StarOS IPsec Manager Denial of Service Vulnerability

A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router ASR 5000 Series Routers and Virtualized Packet Core VPC System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being...

CVE-2016-10455

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD...

FreeBSD : ipsec-tools -- remotely exploitable computational-complexity attack (974a6d32-3fda-11e8-aea4-001b216d295b)

Robert Foggia via NetBSD GNATS reports : The ipsec-tools racoon daemon contains a remotely exploitable computational complexity attack when parsing and storing isakmp fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly...

Design/Logic Flaw

When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary...