Third Party Patch Roundup  – September 2019


September signals the real end of summer and beginning of autumn. The changing of the seasons here in Texas brings some relief from the heat. It also traditionally brings some tumultuous weather events such as hurricanes, and this September was no exception.3rd Party Patch Roundup

On the IT security front, there was plenty of turbulence as well. Malware was the name of the game both on the desktop and mobile devices. We saw the discovery of hidden app malware on over 2 million downloads from the Google Play store, malware infections disrupting operations at defense contractor facilities in three different countries, thousands of PCs in the United States and Europe affected by Nodersok/Divergent malware, and more.

Microsoft issued updates to fix eight security vulnerabilities in its products and services on this month’s Patch Tuesday, but it was by no means the only software vendor scrambling to keep up with the exploits. All of the major software companies continue to work hard to patch up the vulnerabilities that enable some of the attacks and breaches. Let’s take a look at what came our way from them this month.

Apple released an astonishing fifteen updates for various products over the course of this month – far more than is the norm. These included the following:

September 11

  • iTunes 12.10 for Windows, for Windows 7 and later.

September 19

  • watchOS 6 for Apple Watch Series 3 and later (Apple Watch Series 1 and 2 will support watchOS 6 later this year)
  • Safari 13 for macOS Mojave 10.14.6 and macOS High Sierra 10.13.6
  • iOS 13 for iPhone 6s and later

September 20

  • Xcode 11.0 for macOS Mojave 10.14.4 and later

September 24

  • iOS 13.1 and iPadOS 13.1 for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
  • Safari 13.0.1 for macOS Mojave 10.14.6 and macOS High Sierra 10.13.6
  • Apple TV Software 7.4 for Apple TV (3rd generation)
  • tvOS 13 for Apple TV 4K and Apple TV HD

September 26

  • macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, Security Update 2019-005 Sierra for macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14.6
  • watchOS 5.3.2 for Apple Watch Series 1 and Apple Watch Series 2
  • iOS 12.4.2 for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPad touch 6th generation

September 27

  • iOS 13.1.1 and iPadOS 13.1.1 for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

September 30

  • watchOS 6.0.1 for Apple Watch Series 3 and later (Apple Watch Series 1 and 2 will support watchOS 6 later this year)
  • iOS 13.1.2 and iPadOS 13.1.2 for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

The good news is that, with the exception of iOS 13, most of these updates address only one or two vulnerabilities. The major update to the mobile operating system includes fixes for only nine security flaws (fewer than usual). These include vulnerabilities in such components as Bluetooth, CoreAudio, Face ID, Foundation, Keyboards, Messages, Quick Look, Safari, and WebKit Page Loading. Issues include information disclosure, information leakage, address bar spoofing, cross-site scripting, disclosure of process memory, and in the most severe impact, arbitrary code execution.

An exploit that has not been patched, and is in fact being labeled “unpatchable” by the security researcher who discovered it, is the iOS exploit called checkm8. It was announced in late September that this exploit can lead to permanent “jailbreak” in iPhones from v4 to the iPhone X. We’ll have to wait and see how Apple responds.

For more information about the current and past patches and the vulnerabilities that they address, see the Apple Support web site at https://support.apple.com/en-us/HT201222

Adobe released only three patches this month, down from eight in August. Two were released on their regular Patch Tuesday schedule (September 10), with one released out-of-band on September 24:

  • APSB19-46 Security updates available for Adobe Flash Player (Sept 10)
  • APSB19-45 Security update available for Adobe Application Manager (Sept 10)
  • APSB19-47 Security updates available for Adobe ColdFusion (Sept 24)

The Flash Player update is the most far-reaching, and applies to the software running on Windows, macOS, Linux, and Chrome OS. It addresses two critical issues, either of which could be exploited to accomplish arbitrary code execution. One is a use-after-free vulnerability and the other is a same origin method execution issue.

The Application Manager is only rated important and addresses a single arbitrary code execution vulnerability (insecure library loading/DLL hijacking).  However, the Cold Fusion update address a pair of critical flaws, one an arbitrary code execution issue and one path traversal vulnerability, along with a security bypass issue that’s rated important.

For more information, see the security bulletin summary at
https://helpx.adobe.com/security.html

Chrome Operating System The latest stable channel update for the Chrome OS was released on September 27 (version 77.0.3865.105. According to Google, it contains a number of security updates but they are not specified.

Chrome web browser The latest stable channel update for the Chrome web browser for Windows, Mac, and Linux was released on September 18 (version 77.0.3865.90). According to Google’s Chrome releases blog, it contains four security fixes, all of which are use-after-free issues. Three of these are rated high severity and one is rated critical.

For more information, see https://chromereleases.googleblog.com/

Android Google published the monthly Android security bulletin on September 3. The most severe of the  issues addressed is a critical security vulnerability in the Media framework component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. Additional vulnerabilities include an arbitrary code execution issue in Framework, and a System vulnerability that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.

Android updates for August include a fix for a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted PAC file to execute arbitrary code within the context of a privileged process. Vulnerabilities addressed include issues in Android runtime, Framework, Media Framework, System, Broadcom and Qualcomm components.

Google was criticized by some for failing to include a fix for a zero day vulnerability that was reported to the company back in March by Trend Micro.

For more information about the vulnerabilities that are addressed by the Android updates, see https://source.android.com/security/bulletin/2018-08-01

Oracle normally releases security updates on a quarterly cycle, in January, April, July and October.  The most recent update was released in July. The next scheduled release will be in October.

Oracle customers can read more about previous patches in the executive summary on the Oracle Support site at https://login.oracle.com/mysso/signon.jsp

Mozilla released Firefox 69 on September 3, and followed up with Firefox 69.0.1 on September 18. The following 20 security issues (only one of which is rated critical) were addressed in Firefox 69:

  • #CVE-2019-11751: Malicious code execution through command line parameters (critical) Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows ‘Startup’ folder.
  • #CVE-2019-11746: Use-after-free while manipulating video (high) A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash.
  • #CVE-2019-11744: XSS by breaking out of title and text area elements using innerHTML (high) Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements.
  • #CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (high) A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft.
  • #CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service (high) The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during checks for junctions and symbolic links by the Maintenance Service, allowing for potential local file and directory manipulation to be undetected in some circumstances. This allows for potential privilege escalation by a user with unprivileged local access. Note: These attacks requires local system access and only affects Windows. Other operating systems are not affected.
  • #CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location (high) The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.
  • #CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB (high) It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash.
  • #CVE-2019-9812: Sandbox escape through Firefox Sync (high) Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered.
  • #CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com (high) A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these sites within the browser can potentially be used to modify a user’s Firefox configuration. These two sites will now be isolated into their own process and not allowed to be loaded in a standard content process.
  • #CVE-2019-11743: Cross-origin access to unload event attributes (moderate) Navigation events were not fully adhering to the W3C’s “Navigation-Timing Level 2” draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks.
  • #CVE-2019-11748: Persistence of WebRTC permissions in a third party context (moderate) WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use.
  • #CVE-2019-11749: Camera information available without prompting using getUserMedia (moderate) A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users.
  • #CVE-2019-5849: Out-of-bounds read in Skia (moderate) An out-of-bounds read vulnerability exists in the Skia graphics library, allowing for the possible leaking of data from memory.
  • #CVE-2019-11750: Type confusion in Spidermonkey (moderate) A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash.
  • #CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard (low) If a wildcard (‘*’) is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content.
  • #CVE-2019-11738: Content security policy bypass through hash-based sources in directives (low) If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions.
  • #CVE-2019-11747: ‘Forget about this site’ removes sites from pre-loaded HSTS list (low) The “Forget about this site” feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the pre-load list also have their HSTS setting removed. On the next visit to that site if the user specifies an http: URL rather than secure https: they will not be protected by the pre-loaded HSTS setting. After that visit the site’s HSTS setting will be restored.
  • #CVE-2019-11734: Memory safety bugs fixed in Firefox 69 (high) Mozilla developers and community members Randell Jesup, Philipp, Cosmin Sabou, and Natalia Csoregi reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
  • #CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1 (high) Mozilla developers and community members Mikhail Gavrilov, Tyson Smith, Marcia Knous, Tom Ritter, Philipp, and Bob Owens reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
  • #CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (high) Mozilla developers and community members Tyson Smith and Nathan Froyd reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
READ ALSO  8 Signs You're Wired to Major in Technology

Another vulnerability, rated moderate severity, was addressed in Firefox 69.0.1:

  • CVE-2019-11754: Pointer Lock is enabled with no user notification. When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users.

For more information about these and other vulnerabilities patched by Mozilla, see https://www.mozilla.org/en-US/security/advisories/.

Popular Linux distros, as usual, have seen a number of security advisories and updates this month. As of September 30, Ubuntu has issued the following 44 security advisories since last month’s roundup. Some of these advisories address a large number of vulnerabilities in one advisory. In some cases, there are multiple advisories for the same vulnerabilities. Other commercial Linux vendors issued a similar number of updates.

  • USN-4143-1: SDL 2.0 vulnerabilities. It was discovered that SDL 2.0 mishandled crafted image files resulting in an integer overflow. If a user were tricked into opening a malicious file, SDL 2.0 could be caused to crash or potentially run arbitrary code. (CVE-2017-2888) It was discovered that SDL 2.0 mishandled crafted image files. 30 September 2019
  • USN-4142-2: e2fsprogs vulnerability. USN-4142-1 fixed a vulnerability in e2fsprogs. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code.30 September 2019
  • USN-4142-1: e2fsprogs vulnerability. It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code.30 September 2019
  • USN-4141-1: Exim vulnerability. It was discovered that Exim incorrectly handled certain string operations. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code. 28 September 2019
  • USN-4140-1: Firefox vulnerability. It was discovered that no user notification was given when pointer lock is enabled. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to hijack the mouse pointer and confuse users.25 September 2019
  • USN-4139-1: File Roller vulnerability. It was discovered that File Roller incorrectly handled certain TAR files. An attacker could possibly use this issue to overwrite sensitive files during extraction.25 September 2019
  • USN-4138-1: LibreOffice vulnerability. It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary code.24 September 2019
  • USN-4137-1: Mosquitto vulnerability. It was discovered that Mosquitto incorrectly handled certain specially crafted input and network packets. A remote attacker could use this to cause a denial of service.23 September 2019
  • USN-4134-2: IBus regression. USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a regression when being used with Qt applications. This update reverts the security fix pending further investigation. Original advisory details: Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. 23 September 2019
  • USN-4128-2: Tomcat vulnerabilities. It was discovered that the Tomcat 9 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221) It was discovered that Tomcat 9 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. 18 September 2019
  • USN-4136-2: wpa_supplicant and hostapd vulnerability. USN-4136-1 fixed a vulnerability in wpa_supplicant. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that wpa_supplicant incorrectly handled certain management frames. An attacker could possibly use this issue to cause a denial of service.18 September 2019
  • USN-4136-1: wpa_supplicant and hostapd vulnerability. It was discovered that wpa_supplicant incorrectly handled certain management frames. An attacker could possibly use this issue to cause a denial of service.18 September 2019
  • USN-4135-2: Linux kernel vulnerabilities. Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. 18 September 2019
  • USN-4135-1: Linux kernel vulnerabilities. Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. 18 September 2019
  • USN-4113-2: Apache HTTP Server regression. USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem. We apologize for the inconvenience. 17 September 2019
  • USN-4124-2: Exim vulnerability. USN-4124-1 fixed a vulnerability in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands.16 September 2019
  • USN-4134-1: IBus vulnerability. Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.16 September 2019
  • USN-4133-1: Wireshark vulnerabilities. It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.16 September 2019 USN-4129-2: curl vulnerability.
  • USN-4129-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service. 12 September 2019
  • USN-4132-2: Expat vulnerability. USN-4132-1 fixed a vulnerability in Expat. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. 12 September 2019
  • USN-4132-1: Expat vulnerability. It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. 12 September 2019
  • USN-4131-1: VLC vulnerabilities. It was discovered that VLC incorrectly handled certain media files. If a user were tricked into opening a specially-crafted file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code. 11 September 2019
  • USN-4130-1: WebKitGTK+ vulnerabilities. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.11 September 2019
  • USN-4129-1: curl vulnerabilities. Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. (CVE-2019-5481) Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. 11 September 2019
  • USN-4115-2: Linux kernel regression. USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update, a regression was introduced that caused a kernel crash when handling fragmented packets in some situations. This update addresses the issue. We apologize for the inconvenience. 11 September 2019
  • USN-4120-2: systemd regression. USN-4120-1 fixed a vulnerability in systemd. The update included a recent SRU from the updates pocket that introduced networking problems for some users. This update fixes the problem. We apologize for the inconvenience. 10 September 2019
  • USN-4128-1: Tomcat vulnerabilities. It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221) It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. 10 September 2019
  • USN-4127-2: Python vulnerabilities. USN-4127-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. 10 September 2019
  • USN-4126-2: FreeType vulnerabilities. USN-4126-1 fixed a vulnerability in FreeType. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information. 9 September 2019
  • USN-4127-1: Python vulnerabilities. It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-20406) It was discovered that Python incorrectly validated the domain when handling cookies. 9 September 2019
  • USN-4126-1: FreeType vulnerability. It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information. 9 September 2019
  • USN-4125-1: Memcached vulnerability. It was discovered that Memcached incorrectly handled certain UNIX sockets. An attacker could possibly use this issue to access sensitive information. 9 September 2019
  • USN-4124-1: Exim vulnerability. It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands. 6 September 2019
  • USN-4123-1: npm/fstream vulnerability. It was discovered that npm/fstream incorrectly handled certain crafted tarballs. An attacker could use this vulnerability to write aritrary files to the filesystem.5 September 2019
  • USN-4122-1: Firefox vulnerabilities. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy (CSP) protections, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, cause a denial of service, etc. 4 September 2019
  • USN-4121-1: Samba vulnerability. Stefan Metzmacher discovered that the Samba SMB server did not properly prevent clients from escaping outside the share root directory in some situations. An attacker could use this to gain access to files outside of the Samba share, where allowed by the permissions of the underlying filesystem. 3 September 2019
  • USN-4120-1: systemd vulnerability. It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system’s DNS resolver settings. 3 September 2019
  • USN-4119-1: Irssi vulnerability. It was discovered that Irssi incorrectly handled certain CAP requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. 3 September 2019
  • USN-4118-1: Linux kernel (AWS) vulnerabilities. It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. 2 September 2019
  • USN-4117-1: Linux kernel (AWS) vulnerabilities. It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. 2 September 2019
  • USN-4116-1: Linux kernel vulnerabilities. It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. 2 September 2019
  • USN-4115-1: Linux kernel vulnerabilities. Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). 2 September 2019
  • USN-4114-1: Linux kernel vulnerabilities. Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) Praveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations. 2 September 2019
  • USN-3934-2: PolicyKit vulnerability. USN-3934-1 fixed a vulnerability in Policykit. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that PolicyKit incorrectly relied on the fork() system call in the Linux kernel being atomic. 2 September 2019
READ ALSO  It’s not too late to get biometrics right





Source link

?
WP Twitter Auto Publish Powered By : XYZScripts.com