BSA-2018-687

Security Advisory ID : BSA-2018-687 Component : Kernel Revision : 1.0: Final Security researchers have identified a speculative execution side-channel method called L1 Terminal Fault L1TF also known as Foreshadow. This method impacts select microprocessor products supporting Intel® Software Guard...

BSA-2018-686

Security Advisory ID : BSA-2018-686 Component : Kernel Revision : 1.0: Final Linux kernel versions 4.9+ can be forced to make very expensive calls to tcpcollapseofoqueue and tcppruneofoqueue for every incoming packet which can lead to a denial of service. An attacker can induce a denial of servic...

BSA-2018-536

Security Advisory ID : BSA-2018-536 Component : OpenSSH Revision : 2.0: Final A memory exhaustion issue in OpenSSH that can be triggered before user authentication was found. An unauthenticated attacker could consume approx. 400 MB of memory per each connection. The attacker could set up multiple...

BSA-2018-636

Security Advisory ID : BSA-2018-636 Component : OpenSSL Revision : 2.0: Final The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process coul...

BSA-2018-620

Security Advisory ID : BSA-2018-620 Component : TLS Revision : 2.0 The TLS protocol 1.2 and earlier supports the rsafixeddh, dssfixeddh, rsafixedecdh, and ecdsafixedecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations...

BSA-2018-662

Security Advisory ID : BSA-2018-662 Component : Zip Slip Revision : 1.1: update Snyk Security team discloses a widespread arbitrary file overwrite critical vulnerability, which typically results in remote command execution. The flaw which has been named Zip Slip affects numerous archive-extractio...

BSA-2018-611

Security Advisory ID : BSA-2018-611 Component : HW:CPU Revision : 1.0: Final Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may read an earlier value of the data. Subsequent speculati...

BSA-2018-612

Security Advisory ID : BSA-2018-612 Component : HW:CPU Revision : 1.0: Final Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may return a speculative register value that is then used in subsequent speculative load instructions...

BSA-2018-602

Security Advisory ID : BSA-2018-602 Component : Win32k Revision : 1.0: Final An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel...

BSA-2018-603

Security Advisory ID : BSA-2018-603 Component : WebGUI Revision : 1.0: Final Multiple GPON Home Routers could allow a remote attacker to bypass security restrictions, caused by a flaw in the authentication mechanism. By appending "?images/" to the end of the web address on any of the router's...

BSA-2018-601

Security Advisory ID : BSA-2018-601 Component : Kernel Revision : 1.0: Final In some circumstances, some operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception. The error appears to be due to developer interpretation of existing...

BSA-2018-604

Security Advisory ID : BSA-2018-604 Component : System Revision : 1.0: Final Multiple GPON Home Routers could allow a remote attacker to execute arbitrary commands on the system, caused by the ping and trace route commands running at root level on the diagnostic page. An attacker could exploit th...

BSA-2018-589

Security Advisory ID : BSA-2018-589 Component : Oracle WebLogic Revision : 1.0: Final Vulnerability in the Oracle WebLogicServer component of Oracle Fusion Middleware subcomponent: WLS Core Components. Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily...

BSA-2018-583

Security Advisory ID : BSA-2018-583 Component : Spring-framework Revision : 1.0: Final Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocketendpoints with a simple, in-memory STOMP broker...

BSA-2018-553

Security Advisory ID : BSA-2018-553 Component : Apache HTTPD Revision : 2.0: Final When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.33 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the...

BSA-2018-556

Security Advisory ID : BSA-2018-556 Component : Apache HTTPD Revision : 2.0: Final The expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are...

BSA-2018-559

Security Advisory ID : BSA-2018-559 Component : Apache HTTPD Revision : 2.0: Final Apache HTTP Server httpd modsession modulehas an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a "Session"...

BSA-2018-552

Security Advisory ID : BSA-2018-552 Component : Apache HTTPD Revision : 2.0: Final A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.33 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial...

BSA-2018-557

Security Advisory ID : BSA-2018-557 Component : Apache HTTPD Revision : 2.0: Final In Apache httpd, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not...

BSA-2018-538

Security Advisory ID : BSA-2018-538 Component : OpenSSH Revision : 2.0: Final The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. Affected Products Security updates have be...

BSA-2018-564

Security Advisory ID : BSA-2018-564 Component : Oracle Java Revision : 1.1: update The January 2018 Critical Patch Update provides security updatesfor certain Oracle Java Platform software libraries. Java SE JDK and JRE versions through 6u171, 7u161, 8u152, and 9.0.1 are affected by vulnerabiliti...

CVE-2017-3737 - Read, write after SSL object in error state. (BSA-2018-527).

Security Advisory ID: BSA-2018-527 Component: OpenSSL Revision : 3.0: Final OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake, then OpenSSL would move into the error state and would immediately fail i...

BSA-2018-527

Summary OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for...

BSA-2018-525

Security Advisory ID : BSA-2018-525 Component : Fabric OS Web GUI Revision : 1.0: Initial XSS vulnerabilities in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS FOS could allow remote unauthenticated attackers to execute arbitrary script code in...

BSA-2018-526

Security Advisory ID : BSA-2018-526 Component : Fabric OS IPv6 stack Revision : 2.0: Final A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS FOS could allow an unauthenticated, adjacent attacker to cause a denial of service CPU consumption and devic...

BSA-2018-514

Security Advisory ID : BSA-2018-514 Component : TLS Implementations Revision : 1.1: Final TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. An attacker could...

BSA-2018-522

Security Advisory ID : BSA-2018-522 Component : HW: CPU Revision : 1.2: Interim In total, security researchers disclosed three variants of CPU Data cache timing abuse. The variants lead to vulnerabilities that take advantage of the implementation of speculative execution of instructions on many...

BSA-2017-497

Security Advisory ID : BSA-2017-497 Component : Apache HTTPD Revision : 1.0: Final The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer...

BSA-2018-588

Security Advisory ID : BSA-2018-588 Component : Apache Strusts2 Revision : 2.0: Final In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload...

BSA-2018-528

Security Advisory ID : BSA-2018-528 Component : OpenSSL Revision : 1.0: Final There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this...

BSA-2017-451

Security Advisory ID : BSA-2017-451 Component : dhcp6 Revision : 2.0: Final A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code...

BSA-2017-457

Security Advisory ID : BSA-2017-457 Component : GnuPG & Libgcrypt Revision : 2.0: Final GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka...

BSA-2017-449

Security Advisory ID : BSA-2017-449 Component : dnsmasq Revision : 2.0: Final A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code...

BSA-2017-450

Security Advisory ID : BSA-2017-450 Component : IPV6RA Revision : 2.0: Final A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement RA handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially...

BSA-2017-455

Security Advisory ID : BSA-2017-455 Component : dnsmasq Revision : 2.0: Final An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the DNS code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash...

BSA-2017-469

Security Advisory ID : BSA-2017-469 Component : JBOSS Application Revision : 1.0: Interim Cross-site request forgery CSRF vulnerability in the Web Console web-console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly formerly JBoss Application Server before 2.0.0.CR9 allows remo...

BSA-2017-472

Security Advisory ID : BSA-2017-472 Component : JBOSS WildFly Revision : 1.0: Interim Red Hat JBoss Enterprise Application Platform JBEAP 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container MSC service...

BSA-2017-470

Security Advisory ID : BSA-2017-470 Component : Expand Entity References Revision : 1.0: Interim The 1 BasicParserPool, 2 StaticBasicParserPool, 3 XML Decrypter, and 4 SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote...

BSA-2017-473

Security Advisory ID : BSA-2017-473 Component : Kernel Revision : 2.0: Final On Linux running on PowerPC hardware Power8 or later a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception interrupt, and use the r1 value from the signal frame as the...

BSA-2017-471

Security Advisory ID : BSA-2017-471 Component : Apache Santuario Revision : 2.0: Final Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service memory consumption via crafted Document Type Definitions DTDs, related to...

BSA-2017-452

Security Advisory ID : BSA-2017-452 Component : dhcp6 Revision : 2.0: Final An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking...

BSA-2017-454

Security Advisory ID : BSA-2017-454 Component : dnsmasq Revision : 2.0: Final An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configuration...

BSA-2017-458

Security Advisory ID : BSA-2017-458 Component : Libgcrypt Revision : 2.0: Final libgcrypt: use ciphertext blinding for Elgamal decryption new side-channel attack...

BSA-2017-453

Security Advisory ID : BSA-2017-453 Component : EDNS0 Revision : 2.0: Final A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and...

BSA-2017-474

Security Advisory ID : BSA-2017-474 Component : Infineon RSA Library Revision : 2.0: Final The Infineon RSA library version 1.02.013 in Infineon Trusted Platform Module TPM firmware mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection...

BSA-2017-447

Security Advisory ID : BSA-2017-447 Component : Apache Revision : 2.0: Final When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to fals...

BSA-2017-435

Security Advisory ID : BSA-2017-435 Component : Apache HTTPD Revision : 3.0: Final Apachehttpdallows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccessfile, or ifhttpd.confhas certain misconfigurations, akaOptionsbleed. This affects th...

BSA-2017-444

Security Advisory ID : BSA-2017-444 Component : DENX Das U-Boot Revision : 3.0: Final Das U-Boot is a devicebootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper...

BSA-2017-439

Security Advisory ID : BSA-2017-439 Component : Samba Revision : 2.0: Interim A flaw was found in the way samba client used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alte...

BSA-2017-443

Security Advisory ID : BSA-2017-443 Component : DHCP Revision : 1.0: Interim A resource-consumption flaw was discovered in the DHCP server. dhcpd did not restrict the number of open connections to OMAPI and failover ports. A remote attacker able to establish TCP connections to one of these ports...