Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-5383 (GCVE-0-2018-5383)
Vulnerability from cvelistv5 – Published: 2018-08-07 21:00 – Updated: 2024-09-16 20:36
VLAI?
EPSS
Title
Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
Summary
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
Credits
Lior Neumann and Eli Biham of the Techion Israel Institute of Technology
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.technion.ac.il/~biham/BT/"
},
{
"name": "1041432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041432"
},
{
"name": "VU#304725",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"name": "104879",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104879"
},
{
"name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"name": "RHSA-2019:2169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"name": "USN-4094-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4095-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"name": "USN-4095-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "USN-4351-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4351-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.13.6",
"status": "affected",
"version": "10.13 High Sierra",
"versionType": "custom"
}
]
},
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.4",
"status": "affected",
"version": "11",
"versionType": "custom"
}
]
},
{
"product": "Android",
"vendor": "Android Open Source Project",
"versions": [
{
"lessThan": "2018-06-05 patch level",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lior Neumann and Eli Biham of the Techion Israel Institute of Technology"
}
],
"datePublic": "2018-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "CWE-325",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-11T01:06:04",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.technion.ac.il/~biham/BT/"
},
{
"name": "1041432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041432"
},
{
"name": "VU#304725",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"name": "104879",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104879"
},
{
"name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"name": "RHSA-2019:2169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"name": "USN-4094-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4095-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"name": "USN-4095-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "USN-4351-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4351-1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2018-07-03T04:00:00.000Z",
"ID": "CVE-2018-5383",
"STATE": "PUBLIC",
"TITLE": "Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "10.13 High Sierra",
"version_value": "10.13.6"
}
]
}
},
{
"product_name": "iOS",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "11",
"version_value": "11.4"
}
]
}
}
]
},
"vendor_name": "Apple"
},
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "2018-06-05 patch level"
}
]
}
}
]
},
"vendor_name": "Android Open Source Project"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lior Neumann and Eli Biham of the Techion Israel Institute of Technology"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-325"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.technion.ac.il/~biham/BT/",
"refsource": "MISC",
"url": "http://www.cs.technion.ac.il/~biham/BT/"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
},
{
"name": "VU#304725",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"name": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update",
"refsource": "CONFIRM",
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"name": "104879",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104879"
},
{
"name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"name": "RHSA-2019:2169",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"name": "USN-4094-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4095-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"name": "USN-4095-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"name": "USN-4118-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "USN-4351-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4351-1/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2018-5383",
"datePublished": "2018-08-07T21:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-16T20:36:44.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-5383\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2018-08-07T21:29:00.287\",\"lastModified\":\"2024-11-21T04:08:42.640\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.\"},{\"lang\":\"es\",\"value\":\"El firmware bluetooth o los controladores de software del sistema operativo en versiones de macOS anteriores a la 10.13, versiones High Sierra e iOS anteriores a la 11.4 y versiones de Android anteriores al parche del 05/06/2018, podr\u00edan no validar lo suficiente par\u00e1metros de curva el\u00edptica empleados para generar claves p\u00fablicas durante un intercambio de claves Diffie-Hellman, lo que podr\u00eda permitir que un atacante remoto obtenga la clave de cifrado empleada por el dispositivo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":5.8},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":5.5,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-325\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E70C6D8D-C9C3-4D92-8DFC-71F59E068295\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"691FA41B-C2CE-413F-ABB1-0B22CB322807\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D835D592-2423-44C6-804A-3AD010112E7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"568E2561-A068-46A2-B331-BBA91FC96F0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B578E383-0D77-4AC7-9C81-3F0B8C18E033\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.4\",\"matchCriteriaId\":\"618A2297-91F6-4533-B345-1620635CDA93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.13\",\"matchCriteriaId\":\"089EFF21-6A9B-40E4-9154-44174E26D5B5\"}]}]}],\"references\":[{\"url\":\"http://www.cs.technion.ac.il/~biham/BT/\",\"source\":\"cret@cert.org\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104879\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041432\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2169\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html\",\"source\":\"cret@cert.org\"},{\"url\":\"https://usn.ubuntu.com/4094-1/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://usn.ubuntu.com/4095-1/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://usn.ubuntu.com/4095-2/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://usn.ubuntu.com/4118-1/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://usn.ubuntu.com/4351-1/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/304725\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.cs.technion.ac.il/~biham/BT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104879\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041432\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2169\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4094-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4095-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4095-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4118-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4351-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/304725\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
CERTFR-2019-AVI-419
Vulnerability from certfr_avis - Published: 2019-09-03 - Updated: 2019-09-03
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 19.04",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-20784",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20784"
},
{
"name": "CVE-2019-2024",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2024"
},
{
"name": "CVE-2019-15221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15221"
},
{
"name": "CVE-2018-13100",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13100"
},
{
"name": "CVE-2019-15215",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15215"
},
{
"name": "CVE-2018-14615",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14615"
},
{
"name": "CVE-2018-20856",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20856"
},
{
"name": "CVE-2019-10207",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10207"
},
{
"name": "CVE-2019-14763",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14763"
},
{
"name": "CVE-2018-19985",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
},
{
"name": "CVE-2019-10638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10638"
},
{
"name": "CVE-2019-11810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11810"
},
{
"name": "CVE-2019-13648",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13648"
},
{
"name": "CVE-2019-15292",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15292"
},
{
"name": "CVE-2019-15214",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15214"
},
{
"name": "CVE-2018-13053",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13053"
},
{
"name": "CVE-2018-13093",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13093"
},
{
"name": "CVE-2019-11833",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11833"
},
{
"name": "CVE-2018-14613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14613"
},
{
"name": "CVE-2019-15212",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15212"
},
{
"name": "CVE-2018-13096",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13096"
},
{
"name": "CVE-2019-11085",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11085"
},
{
"name": "CVE-2019-3846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3846"
},
{
"name": "CVE-2018-14609",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14609"
},
{
"name": "CVE-2019-13272",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13272"
},
{
"name": "CVE-2018-20511",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20511"
},
{
"name": "CVE-2019-14284",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14284"
},
{
"name": "CVE-2018-16862",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16862"
},
{
"name": "CVE-2019-10639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10639"
},
{
"name": "CVE-2018-20169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
},
{
"name": "CVE-2018-14616",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14616"
},
{
"name": "CVE-2019-12984",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12984"
},
{
"name": "CVE-2019-15220",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15220"
},
{
"name": "CVE-2019-11884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11884"
},
{
"name": "CVE-2019-3819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3819"
},
{
"name": "CVE-2018-14617",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14617"
},
{
"name": "CVE-2019-3701",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3701"
},
{
"name": "CVE-2019-3900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3900"
},
{
"name": "CVE-2019-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12818"
},
{
"name": "CVE-2019-15211",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15211"
},
{
"name": "CVE-2019-11815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11815"
},
{
"name": "CVE-2018-13097",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13097"
},
{
"name": "CVE-2019-13233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
},
{
"name": "CVE-2019-2101",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2101"
},
{
"name": "CVE-2018-13099",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13099"
},
{
"name": "CVE-2019-11599",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11599"
},
{
"name": "CVE-2018-14614",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14614"
},
{
"name": "CVE-2019-15218",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15218"
},
{
"name": "CVE-2018-14610",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14610"
},
{
"name": "CVE-2018-13098",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13098"
},
{
"name": "CVE-2018-14612",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14612"
},
{
"name": "CVE-2019-10126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10126"
},
{
"name": "CVE-2019-11487",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11487"
},
{
"name": "CVE-2019-15090",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15090"
},
{
"name": "CVE-2019-0136",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0136"
},
{
"name": "CVE-2019-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13631"
},
{
"name": "CVE-2019-9506",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9506"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2019-12819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12819"
},
{
"name": "CVE-2018-14611",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14611"
},
{
"name": "CVE-2019-15216",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15216"
},
{
"name": "CVE-2019-14283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14283"
}
],
"initial_release_date": "2019-09-03T00:00:00",
"last_revision_date": "2019-09-03T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-419",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-09-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu du 02 septembre 2019",
"url": "https://usn.ubuntu.com/4118-1/"
}
]
}
CERTFR-2018-AVI-455
Vulnerability from certfr_avis - Published: 2018-09-25 - Updated: 2018-09-25
De multiples vulnérabilités ont été découvertes dans Apple macOS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS versions 10.13 et ant\u00e9rieurs",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-4353",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4353"
},
{
"name": "CVE-2018-4336",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4336"
},
{
"name": "CVE-2018-4321",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4321"
},
{
"name": "CVE-2018-4324",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4324"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2018-4344",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4344"
},
{
"name": "CVE-2018-4333",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4333"
}
],
"initial_release_date": "2018-09-25T00:00:00",
"last_revision_date": "2018-09-25T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-455",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple macOS. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun contournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple macOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209139 du 24 septembre 2018",
"url": "https://support.apple.com/en-us/HT209139"
}
]
}
CERTFR-2019-AVI-077
Vulnerability from certfr_avis - Published: 2019-02-25 - Updated: 2019-02-25
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE . Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP2-LTSS | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP3 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP3 | ||
| SUSE | N/A | SUSE CaaS Platform 3.0 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP2-BCL | ||
| SUSE | N/A | SUSE CaaS Platform ALL | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3 | ||
| SUSE | N/A | SUSE OpenStack Cloud 7 | ||
| SUSE | N/A | SUSE Enterprise Storage 4 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 12-SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE CaaS Platform 3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE CaaS Platform ALL",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-18249",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18249"
},
{
"name": "CVE-2019-3460",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3460"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2019-3459",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3459"
}
],
"initial_release_date": "2019-02-25T00:00:00",
"last_revision_date": "2019-02-25T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-077",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-02-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE . Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0466-1 du 22 f\u00e9vrier 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190466-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0470-1 du 22 f\u00e9vrier 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190470-1/"
}
]
}
CERTFR-2019-AVI-391
Vulnerability from certfr_avis - Published: 2019-08-14 - Updated: 2019-08-14
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 19.04",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12614"
},
{
"name": "CVE-2019-1125",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1125"
},
{
"name": "CVE-2019-2024",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2024"
},
{
"name": "CVE-2018-13100",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13100"
},
{
"name": "CVE-2018-14615",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14615"
},
{
"name": "CVE-2019-9503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
},
{
"name": "CVE-2018-20856",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20856"
},
{
"name": "CVE-2018-13053",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13053"
},
{
"name": "CVE-2018-13093",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13093"
},
{
"name": "CVE-2019-11833",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11833"
},
{
"name": "CVE-2018-14613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14613"
},
{
"name": "CVE-2018-13096",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13096"
},
{
"name": "CVE-2019-3846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3846"
},
{
"name": "CVE-2018-14609",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14609"
},
{
"name": "CVE-2019-13272",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13272"
},
{
"name": "CVE-2018-20511",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20511"
},
{
"name": "CVE-2018-16862",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16862"
},
{
"name": "CVE-2018-20169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
},
{
"name": "CVE-2018-14616",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14616"
},
{
"name": "CVE-2019-12984",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12984"
},
{
"name": "CVE-2018-14617",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14617"
},
{
"name": "CVE-2019-2054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2054"
},
{
"name": "CVE-2019-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12818"
},
{
"name": "CVE-2018-13097",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13097"
},
{
"name": "CVE-2019-13233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
},
{
"name": "CVE-2019-2101",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2101"
},
{
"name": "CVE-2018-13099",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13099"
},
{
"name": "CVE-2019-11599",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11599"
},
{
"name": "CVE-2018-14614",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14614"
},
{
"name": "CVE-2018-14610",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14610"
},
{
"name": "CVE-2018-13098",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13098"
},
{
"name": "CVE-2018-14612",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14612"
},
{
"name": "CVE-2019-10126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10126"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2019-12819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12819"
},
{
"name": "CVE-2018-14611",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14611"
}
],
"initial_release_date": "2019-08-14T00:00:00",
"last_revision_date": "2019-08-14T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-391",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4094-1 du 13 ao\u00fbt 2019",
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4093-1 du 13 ao\u00fbt 2019",
"url": "https://usn.ubuntu.com/4093-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4096-1 du 13 ao\u00fbt 2019",
"url": "https://usn.ubuntu.com/4096-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4095-2 du 13 ao\u00fbt 2019",
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4095-1 du 13 ao\u00fbt 2019",
"url": "https://usn.ubuntu.com/4095-1/"
}
]
}
CERTFR-2018-AVI-443
Vulnerability from certfr_avis - Published: 2018-09-18 - Updated: 2018-09-19
De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "watchOS versions ant\u00e9rieures \u00e0 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Support pour iOS versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-4322",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4322"
},
{
"name": "CVE-2018-4363",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4363"
},
{
"name": "CVE-2018-4325",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4325"
},
{
"name": "CVE-2018-4329",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4329"
},
{
"name": "CVE-2018-4352",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4352"
},
{
"name": "CVE-2018-4195",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4195"
},
{
"name": "CVE-2018-4307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4307"
},
{
"name": "CVE-2018-4313",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4313"
},
{
"name": "CVE-2018-4397",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4397"
},
{
"name": "CVE-2018-4357",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4357"
},
{
"name": "CVE-2018-4305",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4305"
},
{
"name": "CVE-2018-4335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4335"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2018-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4330"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2018-4338",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4338"
},
{
"name": "CVE-2018-4362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4362"
},
{
"name": "CVE-2018-4356",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4356"
}
],
"initial_release_date": "2018-09-18T00:00:00",
"last_revision_date": "2018-09-19T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-443",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-18T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 Apple HT209135 du 17 septembre 2018",
"revision_date": "2018-09-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209117 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209117"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209108 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209108"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209135 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209135"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209106 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209106"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209109 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209109"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209107 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209107"
}
]
}
CERTFR-2019-AVI-188
Vulnerability from certfr_avis - Published: 2019-04-29 - Updated: 2019-04-29
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-16658",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16658"
},
{
"name": "CVE-2018-10883",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10883"
},
{
"name": "CVE-2018-10902",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
},
{
"name": "CVE-2018-14634",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14634"
},
{
"name": "CVE-2018-10879",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10879"
},
{
"name": "CVE-2018-10880",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10880"
},
{
"name": "CVE-2018-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10878"
},
{
"name": "CVE-2018-6554",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6554"
},
{
"name": "CVE-2018-13093",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13093"
},
{
"name": "CVE-2018-10881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10881"
},
{
"name": "CVE-2018-12896",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12896"
},
{
"name": "CVE-2018-6555",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6555"
},
{
"name": "CVE-2018-14617",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14617"
},
{
"name": "CVE-2018-10877",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10877"
},
{
"name": "CVE-2018-10882",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10882"
},
{
"name": "CVE-2018-10876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10876"
},
{
"name": "CVE-2018-10940",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10940"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2018-10853",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10853"
},
{
"name": "CVE-2018-16276",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16276"
}
],
"initial_release_date": "2019-04-29T00:00:00",
"last_revision_date": "2019-04-29T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-188",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20190427-2 du 27 avril 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190427-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20182908-2 du 27 avril 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20182908-2/"
}
]
}
CERTFR-2018-AVI-372
Vulnerability from certfr_avis - Published: 2018-08-07 - Updated: 2018-08-07
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Android toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 06 ao\u00fbt 2018",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-18292",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18292"
},
{
"name": "CVE-2018-9446",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9446"
},
{
"name": "CVE-2018-9454",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9454"
},
{
"name": "CVE-2018-5903",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5903"
},
{
"name": "CVE-2018-9437",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9437"
},
{
"name": "CVE-2017-18296",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18296"
},
{
"name": "CVE-2018-1068",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1068"
},
{
"name": "CVE-2017-9711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9711"
},
{
"name": "CVE-2018-9427",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9427"
},
{
"name": "CVE-2018-9444",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9444"
},
{
"name": "CVE-2017-13322",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13322"
},
{
"name": "CVE-2017-18293",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18293"
},
{
"name": "CVE-2018-11305",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11305"
},
{
"name": "CVE-2018-9461",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9461"
},
{
"name": "CVE-2018-9439",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9439"
},
{
"name": "CVE-2018-5908",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5908"
},
{
"name": "CVE-2018-5904",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5904"
},
{
"name": "CVE-2018-9463",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9463"
},
{
"name": "CVE-2017-8261",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8261"
},
{
"name": "CVE-2017-18304",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18304"
},
{
"name": "CVE-2018-9464",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9464"
},
{
"name": "CVE-2018-9436",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9436"
},
{
"name": "CVE-2018-9457",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9457"
},
{
"name": "CVE-2018-3587",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3587"
},
{
"name": "CVE-2018-9445",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9445"
},
{
"name": "CVE-2017-13242",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13242"
},
{
"name": "CVE-2018-9451",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9451"
},
{
"name": "CVE-2018-9453",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9453"
},
{
"name": "CVE-2018-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9458"
},
{
"name": "CVE-2018-9449",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9449"
},
{
"name": "CVE-2018-9447",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9447"
},
{
"name": "CVE-2018-5905",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5905"
},
{
"name": "CVE-2017-18295",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18295"
},
{
"name": "CVE-2017-18283",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18283"
},
{
"name": "CVE-2017-18281",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18281"
},
{
"name": "CVE-2018-9450",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9450"
},
{
"name": "CVE-2017-18249",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18249"
},
{
"name": "CVE-2017-18309",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18309"
},
{
"name": "CVE-2017-18303",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18303"
},
{
"name": "CVE-2018-9459",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9459"
},
{
"name": "CVE-2018-11263",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11263"
},
{
"name": "CVE-2018-9448",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9448"
},
{
"name": "CVE-2018-9438",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9438"
},
{
"name": "CVE-2018-9465",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9465"
},
{
"name": "CVE-2017-18299",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18299"
},
{
"name": "CVE-2018-11258",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11258"
},
{
"name": "CVE-2017-18307",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18307"
},
{
"name": "CVE-2018-9455",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9455"
},
{
"name": "CVE-2017-18301",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18301"
},
{
"name": "CVE-2017-18306",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18306"
},
{
"name": "CVE-2018-9435",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9435"
},
{
"name": "CVE-2017-18297",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18297"
},
{
"name": "CVE-2017-18294",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18294"
},
{
"name": "CVE-2017-18280",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18280"
},
{
"name": "CVE-2017-13295",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13295"
},
{
"name": "CVE-2017-18300",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18300"
},
{
"name": "CVE-2017-18298",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18298"
},
{
"name": "CVE-2017-15817",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15817"
},
{
"name": "CVE-2017-18308",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18308"
},
{
"name": "CVE-2017-18310",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18310"
},
{
"name": "CVE-2017-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18282"
},
{
"name": "CVE-2017-1000100",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000100"
},
{
"name": "CVE-2017-18302",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18302"
},
{
"name": "CVE-2018-9462",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9462"
},
{
"name": "CVE-2018-11260",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11260"
},
{
"name": "CVE-2017-18305",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18305"
},
{
"name": "CVE-2018-9441",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9441"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2018-5909",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5909"
},
{
"name": "CVE-2018-5910",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5910"
},
{
"name": "CVE-2017-13077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
}
],
"initial_release_date": "2018-08-07T00:00:00",
"last_revision_date": "2018-08-07T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-372",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-08-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Pixel/Nexus du 06 ao\u00fbt 2018",
"url": "https://source.android.com/security/bulletin/pixel/2018-08-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 06 ao\u00fbt 2018",
"url": "https://source.android.com/security/bulletin/2018-08-01"
}
]
}
SUSE-SU-2019:0466-1
Vulnerability from csaf_suse - Published: 2019-02-22 09:52 - Updated: 2019-02-22 09:52Summary
Security update for kernel-firmware
Notes
Title of the patch
Security update for kernel-firmware
Description of the patch
This update for kernel-firmware fixes the following issues:
Security issue fixed:
- CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters
were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301).
Patchnames
SUSE-2019-466,SUSE-OpenStack-Cloud-7-2019-466,SUSE-SLE-DESKTOP-12-SP3-2019-466,SUSE-SLE-SAP-12-SP2-2019-466,SUSE-SLE-SERVER-12-SP2-2019-466,SUSE-SLE-SERVER-12-SP2-BCL-2019-466,SUSE-SLE-SERVER-12-SP3-2019-466,SUSE-Storage-4-2019-466
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-firmware",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-firmware fixes the following issues:\n \nSecurity issue fixed:\n\n- CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters \n were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-466,SUSE-OpenStack-Cloud-7-2019-466,SUSE-SLE-DESKTOP-12-SP3-2019-466,SUSE-SLE-SAP-12-SP2-2019-466,SUSE-SLE-SERVER-12-SP2-2019-466,SUSE-SLE-SERVER-12-SP2-BCL-2019-466,SUSE-SLE-SERVER-12-SP3-2019-466,SUSE-Storage-4-2019-466",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0466-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0466-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190466-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0466-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-February/005145.html"
},
{
"category": "self",
"summary": "SUSE Bug 1104301",
"url": "https://bugzilla.suse.com/1104301"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5383 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5383/"
}
],
"title": "Security update for kernel-firmware",
"tracking": {
"current_release_date": "2019-02-22T09:52:49Z",
"generator": {
"date": "2019-02-22T09:52:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0466-1",
"initial_release_date": "2019-02-22T09:52:49Z",
"revision_history": [
{
"date": "2019-02-22T09:52:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-firmware-20170530-21.28.1.noarch",
"product": {
"name": "kernel-firmware-20170530-21.28.1.noarch",
"product_id": "kernel-firmware-20170530-21.28.1.noarch"
}
},
{
"category": "product_version",
"name": "ucode-amd-20170530-21.28.1.noarch",
"product": {
"name": "ucode-amd-20170530-21.28.1.noarch",
"product_id": "ucode-amd-20170530-21.28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20170530-21.28.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:kernel-firmware-20170530-21.28.1.noarch"
},
"product_reference": "kernel-firmware-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20170530-21.28.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ucode-amd-20170530-21.28.1.noarch"
},
"product_reference": "ucode-amd-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:kernel-firmware-20170530-21.28.1.noarch"
},
"product_reference": "kernel-firmware-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:ucode-amd-20170530-21.28.1.noarch"
},
"product_reference": "ucode-amd-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:kernel-firmware-20170530-21.28.1.noarch"
},
"product_reference": "kernel-firmware-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-amd-20170530-21.28.1.noarch"
},
"product_reference": "ucode-amd-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:kernel-firmware-20170530-21.28.1.noarch"
},
"product_reference": "kernel-firmware-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-amd-20170530-21.28.1.noarch"
},
"product_reference": "ucode-amd-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:kernel-firmware-20170530-21.28.1.noarch"
},
"product_reference": "kernel-firmware-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-amd-20170530-21.28.1.noarch"
},
"product_reference": "ucode-amd-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:kernel-firmware-20170530-21.28.1.noarch"
},
"product_reference": "kernel-firmware-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:ucode-amd-20170530-21.28.1.noarch"
},
"product_reference": "ucode-amd-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-firmware-20170530-21.28.1.noarch"
},
"product_reference": "kernel-firmware-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-amd-20170530-21.28.1.noarch"
},
"product_reference": "ucode-amd-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20170530-21.28.1.noarch as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:kernel-firmware-20170530-21.28.1.noarch"
},
"product_reference": "kernel-firmware-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20170530-21.28.1.noarch as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ucode-amd-20170530-21.28.1.noarch"
},
"product_reference": "ucode-amd-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-5383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5383"
}
],
"notes": [
{
"category": "general",
"text": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Enterprise Storage 4:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-amd-20170530-21.28.1.noarch",
"SUSE OpenStack Cloud 7:kernel-firmware-20170530-21.28.1.noarch",
"SUSE OpenStack Cloud 7:ucode-amd-20170530-21.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5383",
"url": "https://www.suse.com/security/cve/CVE-2018-5383"
},
{
"category": "external",
"summary": "SUSE Bug 1104301 for CVE-2018-5383",
"url": "https://bugzilla.suse.com/1104301"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5383",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Enterprise Storage 4:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-amd-20170530-21.28.1.noarch",
"SUSE OpenStack Cloud 7:kernel-firmware-20170530-21.28.1.noarch",
"SUSE OpenStack Cloud 7:ucode-amd-20170530-21.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Enterprise Storage 4:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-amd-20170530-21.28.1.noarch",
"SUSE OpenStack Cloud 7:kernel-firmware-20170530-21.28.1.noarch",
"SUSE OpenStack Cloud 7:ucode-amd-20170530-21.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-22T09:52:49Z",
"details": "important"
}
],
"title": "CVE-2018-5383"
}
]
}
SUSE-SU-2019:0427-2
Vulnerability from csaf_suse - Published: 2019-04-27 13:57 - Updated: 2019-04-27 13:57Summary
Security update for kernel-firmware
Notes
Title of the patch
Security update for kernel-firmware
Description of the patch
This update for kernel-firmware fixes the following issues:
Security issue fixed:
- CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters
were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301).
Patchnames
SUSE-2019-427,SUSE-SLE-SAP-12-SP1-2019-427
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-firmware",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-firmware fixes the following issues:\n\t \nSecurity issue fixed:\n\n- CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters \n were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-427,SUSE-SLE-SAP-12-SP1-2019-427",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0427-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0427-2",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190427-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0427-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-April/005381.html"
},
{
"category": "self",
"summary": "SUSE Bug 1104301",
"url": "https://bugzilla.suse.com/1104301"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5383 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5383/"
}
],
"title": "Security update for kernel-firmware",
"tracking": {
"current_release_date": "2019-04-27T13:57:15Z",
"generator": {
"date": "2019-04-27T13:57:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0427-2",
"initial_release_date": "2019-04-27T13:57:15Z",
"revision_history": [
{
"date": "2019-04-27T13:57:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-firmware-20160516git-10.16.1.noarch",
"product": {
"name": "kernel-firmware-20160516git-10.16.1.noarch",
"product_id": "kernel-firmware-20160516git-10.16.1.noarch"
}
},
{
"category": "product_version",
"name": "ucode-amd-20160516git-10.16.1.noarch",
"product": {
"name": "ucode-amd-20160516git-10.16.1.noarch",
"product_id": "ucode-amd-20160516git-10.16.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20160516git-10.16.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kernel-firmware-20160516git-10.16.1.noarch"
},
"product_reference": "kernel-firmware-20160516git-10.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20160516git-10.16.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-amd-20160516git-10.16.1.noarch"
},
"product_reference": "ucode-amd-20160516git-10.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-5383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5383"
}
],
"notes": [
{
"category": "general",
"text": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kernel-firmware-20160516git-10.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-amd-20160516git-10.16.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5383",
"url": "https://www.suse.com/security/cve/CVE-2018-5383"
},
{
"category": "external",
"summary": "SUSE Bug 1104301 for CVE-2018-5383",
"url": "https://bugzilla.suse.com/1104301"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5383",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kernel-firmware-20160516git-10.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-amd-20160516git-10.16.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kernel-firmware-20160516git-10.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-amd-20160516git-10.16.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T13:57:15Z",
"details": "important"
}
],
"title": "CVE-2018-5383"
}
]
}
SUSE-SU-2019:0427-1
Vulnerability from csaf_suse - Published: 2019-02-19 08:26 - Updated: 2019-02-19 08:26Summary
Security update for kernel-firmware
Notes
Title of the patch
Security update for kernel-firmware
Description of the patch
This update for kernel-firmware fixes the following issues:
Security issue fixed:
- CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters
were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301).
Patchnames
SUSE-2019-427,SUSE-SLE-SERVER-12-SP1-2019-427
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-firmware",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-firmware fixes the following issues:\n\t \nSecurity issue fixed:\n\n- CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters \n were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-427,SUSE-SLE-SERVER-12-SP1-2019-427",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0427-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0427-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190427-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0427-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-February/005134.html"
},
{
"category": "self",
"summary": "SUSE Bug 1104301",
"url": "https://bugzilla.suse.com/1104301"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5383 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5383/"
}
],
"title": "Security update for kernel-firmware",
"tracking": {
"current_release_date": "2019-02-19T08:26:52Z",
"generator": {
"date": "2019-02-19T08:26:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0427-1",
"initial_release_date": "2019-02-19T08:26:52Z",
"revision_history": [
{
"date": "2019-02-19T08:26:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-firmware-20160516git-10.16.1.noarch",
"product": {
"name": "kernel-firmware-20160516git-10.16.1.noarch",
"product_id": "kernel-firmware-20160516git-10.16.1.noarch"
}
},
{
"category": "product_version",
"name": "ucode-amd-20160516git-10.16.1.noarch",
"product": {
"name": "ucode-amd-20160516git-10.16.1.noarch",
"product_id": "ucode-amd-20160516git-10.16.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20160516git-10.16.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kernel-firmware-20160516git-10.16.1.noarch"
},
"product_reference": "kernel-firmware-20160516git-10.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20160516git-10.16.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-amd-20160516git-10.16.1.noarch"
},
"product_reference": "ucode-amd-20160516git-10.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-5383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5383"
}
],
"notes": [
{
"category": "general",
"text": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kernel-firmware-20160516git-10.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-amd-20160516git-10.16.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5383",
"url": "https://www.suse.com/security/cve/CVE-2018-5383"
},
{
"category": "external",
"summary": "SUSE Bug 1104301 for CVE-2018-5383",
"url": "https://bugzilla.suse.com/1104301"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5383",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kernel-firmware-20160516git-10.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-amd-20160516git-10.16.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kernel-firmware-20160516git-10.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-amd-20160516git-10.16.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-19T08:26:52Z",
"details": "important"
}
],
"title": "CVE-2018-5383"
}
]
}
SUSE-SU-2019:0422-1
Vulnerability from csaf_suse - Published: 2019-02-18 15:26 - Updated: 2019-02-18 15:26Summary
Security update for kernel-firmware
Notes
Title of the patch
Security update for kernel-firmware
Description of the patch
This update for kernel-firmware fixes the following issues:
Security issue fixed:
- CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters
were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301).
Patchnames
SUSE-2019-422,SUSE-SLE-SERVER-12-2019-422
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-firmware",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-firmware fixes the following issues:\n\nSecurity issue fixed: \n\n- CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters\n were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-422,SUSE-SLE-SERVER-12-2019-422",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0422-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0422-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190422-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0422-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-February/005129.html"
},
{
"category": "self",
"summary": "SUSE Bug 1104301",
"url": "https://bugzilla.suse.com/1104301"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5383 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5383/"
}
],
"title": "Security update for kernel-firmware",
"tracking": {
"current_release_date": "2019-02-18T15:26:13Z",
"generator": {
"date": "2019-02-18T15:26:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0422-1",
"initial_release_date": "2019-02-18T15:26:13Z",
"revision_history": [
{
"date": "2019-02-18T15:26:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-firmware-20140807git-5.11.1.noarch",
"product": {
"name": "kernel-firmware-20140807git-5.11.1.noarch",
"product_id": "kernel-firmware-20140807git-5.11.1.noarch"
}
},
{
"category": "product_version",
"name": "ucode-amd-20140807git-5.11.1.noarch",
"product": {
"name": "ucode-amd-20140807git-5.11.1.noarch",
"product_id": "ucode-amd-20140807git-5.11.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20140807git-5.11.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-firmware-20140807git-5.11.1.noarch"
},
"product_reference": "kernel-firmware-20140807git-5.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20140807git-5.11.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:ucode-amd-20140807git-5.11.1.noarch"
},
"product_reference": "ucode-amd-20140807git-5.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-5383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5383"
}
],
"notes": [
{
"category": "general",
"text": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:kernel-firmware-20140807git-5.11.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:ucode-amd-20140807git-5.11.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5383",
"url": "https://www.suse.com/security/cve/CVE-2018-5383"
},
{
"category": "external",
"summary": "SUSE Bug 1104301 for CVE-2018-5383",
"url": "https://bugzilla.suse.com/1104301"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5383",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:kernel-firmware-20140807git-5.11.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:ucode-amd-20140807git-5.11.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:kernel-firmware-20140807git-5.11.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:ucode-amd-20140807git-5.11.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-18T15:26:13Z",
"details": "important"
}
],
"title": "CVE-2018-5383"
}
]
}
GSD-2018-5383
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-5383",
"description": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.",
"id": "GSD-2018-5383",
"references": [
"https://www.suse.com/security/cve/CVE-2018-5383.html",
"https://access.redhat.com/errata/RHSA-2019:2169",
"https://ubuntu.com/security/CVE-2018-5383"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-5383"
],
"details": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.",
"id": "GSD-2018-5383",
"modified": "2023-12-13T01:22:39.623389Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2018-07-03T04:00:00.000Z",
"ID": "CVE-2018-5383",
"STATE": "PUBLIC",
"TITLE": "Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_name": "10.13 High Sierra",
"version_value": "10.13.6"
}
]
}
},
{
"product_name": "iOS",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_name": "11",
"version_value": "11.4"
}
]
}
}
]
},
"vendor_name": "Apple"
},
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_value": "2018-06-05 patch level"
}
]
}
}
]
},
"vendor_name": "Android Open Source Project"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lior Neumann and Eli Biham of the Techion Israel Institute of Technology"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-325"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.technion.ac.il/~biham/BT/",
"refsource": "MISC",
"url": "http://www.cs.technion.ac.il/~biham/BT/"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
},
{
"name": "VU#304725",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"name": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update",
"refsource": "CONFIRM",
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"name": "104879",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104879"
},
{
"name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"name": "RHSA-2019:2169",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"name": "USN-4094-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4095-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"name": "USN-4095-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"name": "USN-4118-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "USN-4351-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4351-1/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.13",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2018-5383"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#304725",
"refsource": "CERT-VN",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"name": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"name": "http://www.cs.technion.ac.il/~biham/BT/",
"refsource": "MISC",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.cs.technion.ac.il/~biham/BT/"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041432"
},
{
"name": "104879",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104879"
},
{
"name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"name": "RHSA-2019:2169",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"name": "USN-4094-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4095-2",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"name": "USN-4095-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"name": "USN-4118-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "USN-4351-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4351-1/"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
},
"lastModifiedDate": "2019-10-03T00:03Z",
"publishedDate": "2018-08-07T21:29Z"
}
}
}
GHSA-3JM5-8QWR-JVWM
Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2022-05-13 01:52
VLAI?
Details
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
Severity ?
6.8 (Medium)
{
"affected": [],
"aliases": [
"CVE-2018-5383"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-07T21:29:00Z",
"severity": "MODERATE"
},
"details": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.",
"id": "GHSA-3jm5-8qwr-jvwm",
"modified": "2022-05-13T01:52:48Z",
"published": "2022-05-13T01:52:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5383"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4094-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4095-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4095-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4118-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4351-1"
},
{
"type": "WEB",
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"type": "WEB",
"url": "http://www.cs.technion.ac.il/~biham/BT"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104879"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041432"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
RHSA-2019:2169
Vulnerability from csaf_redhat - Published: 2019-08-06 12:41 - Updated: 2025-11-21 18:09Summary
Red Hat Security Advisory: linux-firmware security, bug fix, and enhancement update
Notes
Topic
An update for linux-firmware is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The linux-firmware packages contain all of the firmware files that are required by various devices to operate.
Security Fix(es):
* kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange (CVE-2018-5383)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for linux-firmware is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The linux-firmware packages contain all of the firmware files that are required by various devices to operate.\n\nSecurity Fix(es):\n\n* kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange (CVE-2018-5383)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2169",
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
},
{
"category": "external",
"summary": "1614159",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614159"
},
{
"category": "external",
"summary": "1654809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1654809"
},
{
"category": "external",
"summary": "1671610",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671610"
},
{
"category": "external",
"summary": "1698960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1698960"
},
{
"category": "external",
"summary": "1702330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1702330"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2169.json"
}
],
"title": "Red Hat Security Advisory: linux-firmware security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T18:09:32+00:00",
"generator": {
"date": "2025-11-21T18:09:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:2169",
"initial_release_date": "2019-08-06T12:41:22+00:00",
"revision_history": [
{
"date": "2019-08-06T12:41:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-08-06T12:41:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:09:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"product": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"product_id": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl5150-firmware@8.24.2.2-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"product": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"product_id": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl6000g2a-firmware@17.168.5.3-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"product": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"product_id": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl6000g2b-firmware@17.168.5.2-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"product": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"product_id": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl7265-firmware@22.0.7.0-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"product": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"product_id": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl100-firmware@39.31.5.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"product": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"product_id": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl2000-firmware@18.168.6.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"product": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"product_id": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl105-firmware@18.168.6.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"product": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"product_id": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl6000-firmware@9.221.4.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"product": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"product_id": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl1000-firmware@39.31.5.1-72.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"product": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"product_id": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl3160-firmware@22.0.7.0-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"product": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"product_id": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/linux-firmware@20190429-72.gitddde598.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"product": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"product_id": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl7260-firmware@22.0.7.0-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"product": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"product_id": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl135-firmware@18.168.6.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"product": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"product_id": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl3945-firmware@15.32.2.9-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"product": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"product_id": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl4965-firmware@228.61.2.24-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"product": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"product_id": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl5000-firmware@8.83.5.1_1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"product": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"product_id": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl6050-firmware@41.28.5.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"product": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"product_id": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl2030-firmware@18.168.6.1-72.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"product": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"product_id": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/linux-firmware@20190429-72.gitddde598.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch"
},
"product_reference": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch"
},
"product_reference": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch"
},
"product_reference": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch"
},
"product_reference": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch"
},
"product_reference": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch"
},
"product_reference": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch"
},
"product_reference": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch"
},
"product_reference": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch"
},
"product_reference": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch"
},
"product_reference": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch"
},
"product_reference": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch"
},
"product_reference": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch"
},
"product_reference": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch"
},
"product_reference": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch"
},
"product_reference": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch"
},
"product_reference": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch"
},
"product_reference": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch"
},
"product_reference": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch"
},
"product_reference": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch"
},
"product_reference": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch"
},
"product_reference": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch"
},
"product_reference": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch"
},
"product_reference": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch"
},
"product_reference": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch"
},
"product_reference": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch"
},
"product_reference": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch"
},
"product_reference": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch"
},
"product_reference": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch"
},
"product_reference": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch"
},
"product_reference": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch"
},
"product_reference": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch"
},
"product_reference": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"relates_to_product_reference": "7Workstation-7.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-5383",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2018-07-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1614159"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Client-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Client-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Client-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Client-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Client-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Client-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Client-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Client-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7ComputeNode-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7ComputeNode-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7ComputeNode-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7ComputeNode-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Server-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Server-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Server-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Server-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Server-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Server-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Server-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Server-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Server-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Workstation-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Workstation-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Workstation-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Workstation-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Workstation-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Workstation-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Workstation-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Workstation-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Workstation-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5383"
},
{
"category": "external",
"summary": "RHBZ#1614159",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614159"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5383",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5383"
},
{
"category": "external",
"summary": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update",
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"category": "external",
"summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/304725",
"url": "https://www.kb.cert.org/vuls/id/304725"
}
],
"release_date": "2018-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-06T12:41:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Client-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Client-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Client-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Client-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Client-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Client-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Client-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Client-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7ComputeNode-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7ComputeNode-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7ComputeNode-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7ComputeNode-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Server-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Server-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Server-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Server-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Server-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Server-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Server-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Server-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Server-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Workstation-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Workstation-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Workstation-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Workstation-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Workstation-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Workstation-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Workstation-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Workstation-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Workstation-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Client-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Client-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Client-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Client-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Client-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Client-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Client-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Client-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7ComputeNode-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7ComputeNode-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7ComputeNode-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7ComputeNode-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Server-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Server-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Server-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Server-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Server-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Server-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Server-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Server-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Server-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Workstation-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Workstation-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Workstation-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Workstation-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Workstation-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Workstation-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Workstation-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Workstation-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Workstation-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange"
}
]
}
CNVD-2018-21103
Vulnerability from cnvd - Published: 2018-10-17
VLAI Severity ?
Title
Bluetooth安全绕过漏洞
Description
Bluetooth是一种无线技术标准,它能够实现固定设备、移动设备和楼宇个人域网之间的短距离数据交换。
Bluetooth的实现存在安全漏洞,该漏洞源于程序未能充分的验证椭圆曲线参数。远程攻击者可利用该漏洞获取加密密钥,进而拦截并解密设备信息,伪造并注入恶意的消息。
Severity
高
Patch Name
Bluetooth安全绕过漏洞的补丁
Patch Description
Bluetooth是一种无线技术标准,它能够实现固定设备、移动设备和楼宇个人域网之间的短距离数据交换。
Bluetooth的实现存在安全漏洞,该漏洞源于程序未能充分的验证椭圆曲线参数。远程攻击者可利用该漏洞获取加密密钥,进而拦截并解密设备信息,伪造并注入恶意的消息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update
Reference
https://www.kb.cert.org/vuls/id/304725
Impacted products
| Name | Bluetooth Bluetooth |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-5383"
}
},
"description": "Bluetooth\u662f\u4e00\u79cd\u65e0\u7ebf\u6280\u672f\u6807\u51c6\uff0c\u5b83\u80fd\u591f\u5b9e\u73b0\u56fa\u5b9a\u8bbe\u5907\u3001\u79fb\u52a8\u8bbe\u5907\u548c\u697c\u5b87\u4e2a\u4eba\u57df\u7f51\u4e4b\u95f4\u7684\u77ed\u8ddd\u79bb\u6570\u636e\u4ea4\u6362\u3002\r\n\r\nBluetooth\u7684\u5b9e\u73b0\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u9a8c\u8bc1\u692d\u5706\u66f2\u7ebf\u53c2\u6570\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u52a0\u5bc6\u5bc6\u94a5\uff0c\u8fdb\u800c\u62e6\u622a\u5e76\u89e3\u5bc6\u8bbe\u5907\u4fe1\u606f\uff0c\u4f2a\u9020\u5e76\u6ce8\u5165\u6076\u610f\u7684\u6d88\u606f\u3002",
"discovererName": "Lior Neumann and Eli Biham.",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5:\r\nhttps://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-21103",
"openTime": "2018-10-17",
"patchDescription": "Bluetooth\u662f\u4e00\u79cd\u65e0\u7ebf\u6280\u672f\u6807\u51c6\uff0c\u5b83\u80fd\u591f\u5b9e\u73b0\u56fa\u5b9a\u8bbe\u5907\u3001\u79fb\u52a8\u8bbe\u5907\u548c\u697c\u5b87\u4e2a\u4eba\u57df\u7f51\u4e4b\u95f4\u7684\u77ed\u8ddd\u79bb\u6570\u636e\u4ea4\u6362\u3002\r\n\r\nBluetooth\u7684\u5b9e\u73b0\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u9a8c\u8bc1\u692d\u5706\u66f2\u7ebf\u53c2\u6570\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u52a0\u5bc6\u5bc6\u94a5\uff0c\u8fdb\u800c\u62e6\u622a\u5e76\u89e3\u5bc6\u8bbe\u5907\u4fe1\u606f\uff0c\u4f2a\u9020\u5e76\u6ce8\u5165\u6076\u610f\u7684\u6d88\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Bluetooth\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Bluetooth Bluetooth"
},
"referenceLink": "https://www.kb.cert.org/vuls/id/304725",
"serverity": "\u9ad8",
"submitTime": "2018-07-27",
"title": "Bluetooth\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}
VAR-201808-1004
Vulnerability from variot - Updated: 2025-12-22 21:50Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Multiple Bluetooth drivers are prone to a security-bypass vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and certain unauthorized actions, which will aid in further attacks. Bluetooth is a wireless technology standard that enables short-range data exchange between fixed and mobile devices and personal area networks in buildings. The following systems are affected: macOS prior to 10.13; macOS High Sierra prior to 11.4; iOS prior to 11.4; Android prior to Patch 2018-06-05. ========================================================================= Ubuntu Security Notice USN-4095-1 August 13, 2019
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors
Details:
Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383)
It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126)
Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125)
Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599)
It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614)
Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272)
It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: linux-image-4.4.0-1054-kvm 4.4.0-1054.61 linux-image-4.4.0-1090-aws 4.4.0-1090.101 linux-image-4.4.0-1118-raspi2 4.4.0-1118.127 linux-image-4.4.0-1122-snapdragon 4.4.0-1122.128 linux-image-4.4.0-159-generic 4.4.0-159.187 linux-image-4.4.0-159-generic-lpae 4.4.0-159.187 linux-image-4.4.0-159-lowlatency 4.4.0-159.187 linux-image-4.4.0-159-powerpc-e500mc 4.4.0-159.187 linux-image-4.4.0-159-powerpc-smp 4.4.0-159.187 linux-image-4.4.0-159-powerpc64-emb 4.4.0-159.187 linux-image-4.4.0-159-powerpc64-smp 4.4.0-159.187 linux-image-aws 4.4.0.1090.94 linux-image-generic 4.4.0.159.167 linux-image-generic-lpae 4.4.0.159.167 linux-image-kvm 4.4.0.1054.54 linux-image-lowlatency 4.4.0.159.167 linux-image-powerpc-e500mc 4.4.0.159.167 linux-image-powerpc-smp 4.4.0.159.167 linux-image-powerpc64-emb 4.4.0.159.167 linux-image-powerpc64-smp 4.4.0.159.167 linux-image-raspi2 4.4.0.1118.118 linux-image-snapdragon 4.4.0.1122.114 linux-image-virtual 4.4.0.159.167
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. CVE-2018-4249: Kevin Backhouse of Semmle Ltd. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2018-9-17-1 iOS 12
iOS 12 is now available and addresses the following:
Accounts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local app may be able to read a persistent account identifier Description: This issue was addressed with improved entitlements. CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.
Bluetooth Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham
Core Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4330: Apple
CoreMedia Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An app may be able to learn information about the current camera view before being granted camera access Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2018-4356: an anonymous researcher
IOMobileFrameBuffer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4335: Brandon Azad
iTunes Store Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime
Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation. CVE-2018-4363: Ian Beer of Google Project Zero
Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted messages Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)
Notes Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted notes Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. CVE-2018-4352: an anonymous researcher
Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)
Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A user may be unable to delete browsing history items Description: Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. CVE-2018-4329: Hugo S. Diaz (coldpointblue)
Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: A logic issue was addressed with improved state management. CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority
SafariViewController Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4362: Jun Kokatsu (@shhnjk)
Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky
Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen Description: A logic issue was addressed with improved restrictions. CVE-2018-4325: Brian Adeloye
Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend Micro's Zero Day Initiative
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "iOS 12".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAluf5GIACgkQeC9tht7T K3G2mg//QBqaVSeHLeqL489OJmSvBtudWIDY1GhHJ5Xc8ox3ILDNLVZeBU+DIpqr Fb/slmBKhNM69CPf2fGC/Af2h3ZbUYVoANoyWfH+A/PYzFV726w5WHaq4QZndauO urHsrE/lH8CvDFS6lzp0OdGV5hVIGQ3hoYiF0lYmIdzCDQYwvFp+pn2I3b37Io8K 5/cjRiYp+uq2NAKLm6hx8yq0NtYAQyQTsk6ZAsGlilmydLJDGnaeJE80wk7EBd8f rkdtqzs5B5ohHVYLcoGgMUrE7qyLpqwXjkfIJO8bkk1IqlbMwjmhOJVRPaHWtj5Y 8Ouc2ebMfpFimk9+ODBUYMCsQJgQw8P6pW3gfSpiheIOPc65KzoaAdg+nOfmPwJK LR9CDMJauwYHf1I2RrMzDBflV1HIPurYciHBZKn6IH4f3KNIu5PGNTnHFgln6MxT D11WXuxNfvc2B1hRIRHXD2OB1+rh5Q+tkb+AEauHzIFWgl7otx6EZhiu7W8Mxa22 k6s/Fo1UZI1GbnNjU9ugEumxH8w0WQNQZOOH3FI07aA7F2FVcTVXL4uaIoHzZR0N ZmC/RvsQNGmw8L+DRWedEHda/rieAgMHkJxrjF0Day9PqY50YL7F+7qaw2J6Tmpo r5jDothh/1TQbkE5G8oOaT3Y3iOtDcMqh0T7jRxIP7awQMKce9M= =1Ld6 -----END PGP SIGNATURE-----
. CVE-2018-4197: Ivan Fratric of Google Project Zero CVE-2018-4306: Ivan Fratric of Google Project Zero CVE-2018-4312: Ivan Fratric of Google Project Zero CVE-2018-4314: Ivan Fratric of Google Project Zero CVE-2018-4315: Ivan Fratric of Google Project Zero CVE-2018-4317: Ivan Fratric of Google Project Zero CVE-2018-4318: Ivan Fratric of Google Project Zero Entry added September 24, 2018
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious website may exfiltrate image data cross-origin Description: A cross-site scripting issue existed in Safari. CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative CVE-2018-4323: Ivan Fratric of Google Project Zero CVE-2018-4328: Ivan Fratric of Google Project Zero CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative CVE-2018-4359: Samuel GroA (@5aelo) Entry added September 24, 2018
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious website may be able to execute scripts in the context of another website Description: A cross-site scripting issue existed in Safari. CVE-2018-4361: found by Google OSS-Fuzz Entry added September 24, 2018
Additional recognition
Assets We would like to acknowledge Brandon Azad for their assistance.
Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.
Sandbox Profiles We would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance.
SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.
WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, and Zach Malone of CA Technologies for their assistance. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: linux-firmware security, bug fix, and enhancement update Advisory ID: RHSA-2019:2169-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2169 Issue date: 2019-08-06 CVE Names: CVE-2018-5383 ==================================================================== 1. Summary:
An update for linux-firmware is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch
- Description:
The linux-firmware packages contain all of the firmware files that are required by various devices to operate.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm
noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm
noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm
noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm
noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-5383 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. CVE-2018-5383: Lior Neumann and Eli Biham
The updates below are available for these Mac models: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013, Mid 2010, and Mid 2012 models with recommended Metal-capable graphics processor, including MSI Gaming Radeon RX 560 and Sapphire Radeon PULSE RX 580)
App Store Impact: A malicious application may be able to determine the Apple ID of the owner of the computer Description: A permissions issue existed in the handling of the Apple ID. CVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc. CVE-2018-4353: Abhinav Bansal of Zscaler, Inc.
Mail We would like to acknowledge Alessandro Avagliano of Rocket Internet SE, John Whitehead of The New York Times, Kelvin Delbarre of Omicron Software Systems, and Zbyszek A>>A3Akiewski for their assistance.
Security We would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, and an anonymous researcher for their assistance. CVE-2018-4285: Mohamed Ghannam (@_simo36)
Bluetooth Available for: MacBook Pro (15-inch, 2018), and MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports) Other Mac models were addressed with macOS High Sierra 10.13.5. CVE-2018-4283: @panicaII working with Trend Micro's Zero Day Initiative
Kernel Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: Systems using IntelA(r) Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel Description: Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value. CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com)
Perl Available for: macOS High Sierra 10.13.5 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling.
Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-1004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "7.1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "8.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "6.0.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "6.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "8.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "7.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "7.1.1"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.13"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "android open source",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cypress semiconductor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qualcomm incorporated",
"version": null
},
{
"model": "wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "95600"
},
{
"model": "wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "94620"
},
{
"model": "wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "94610"
},
{
"model": "wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "92600"
},
{
"model": "tri-band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "182650"
},
{
"model": "tri-band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "182600"
},
{
"model": "tri-band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "172650"
},
{
"model": "dual band wireless-n",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "72650"
},
{
"model": "dual band wireless-n",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "72600"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "926020.0.2.3"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "926020.0.2.2"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "926020.0.0.0"
},
{
"model": "dual band wireless-ac desktop kit",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "82650"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "82650"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "826020.0.2.3"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "826020.0.2.2"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "826020.0.0.0"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "82600"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "726519.10"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "726519.51.7.20"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "726519.51.7.1"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "726519.51.0.0"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "726519.10.9.2"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "726519.10.9.1"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "72650"
},
{
"model": "dual band wireless-ac for desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "72600"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "726018.33.9.3"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "726018.33.9.2"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "726018.0.0.0"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "72600"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316819.10"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316819.51.7.20"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316819.51.7.1"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316819.51.0.0"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316819.10.9.2"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316819.10.9.1"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "31680"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316519.10"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316519.51.7.20"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316519.51.7.1"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316519.51.0.0"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316519.10.9.2"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316519.10.9.1"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "31650"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316018.33.9.3"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316018.33.9.2"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316018.0.0.0"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "31600"
},
{
"model": "erratum",
"scope": "eq",
"trust": 0.3,
"vendor": "bluetooth",
"version": "107340"
},
{
"model": "erratum",
"scope": "eq",
"trust": 0.3,
"vendor": "bluetooth",
"version": "103950"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.6"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.1"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.5"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.4"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.3"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.2"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13"
},
{
"model": "macbook pro",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "macbook",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "wireless-n",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "726520.60"
},
{
"model": "wireless-n",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "726020.60"
},
{
"model": "wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "956020.60"
},
{
"model": "wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "946220.60"
},
{
"model": "wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "946120.60"
},
{
"model": "wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "926020.60"
},
{
"model": "tri-band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "1826520.60"
},
{
"model": "tri-band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "1826020.60"
},
{
"model": "tri-band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "1726520.60"
},
{
"model": "dual band wireless-n",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "726520.60"
},
{
"model": "dual band wireless-n",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "726020.60"
},
{
"model": "dual band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "826520.60"
},
{
"model": "dual band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "826020.60"
},
{
"model": "dual band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "726520.60"
},
{
"model": "dual band wireless-ac for desktop",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "726020.60"
},
{
"model": "dual band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "726020.60"
},
{
"model": "dual band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "316820.60"
},
{
"model": "dual band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "316520.60"
},
{
"model": "dual band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "316020.60"
},
{
"model": "macos security update",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.62018"
},
{
"model": "macos security update",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.52018"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#304725"
},
{
"db": "BID",
"id": "104879"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "148645"
},
{
"db": "PACKETSTORM",
"id": "149400"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "149510"
},
{
"db": "PACKETSTORM",
"id": "148641"
},
{
"db": "PACKETSTORM",
"id": "150118"
}
],
"trust": 0.6
},
"cve": "CVE-2018-5383",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2018-5383",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 7.3,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 5.7,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 5.5,
"id": "CVE-2018-5383",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:A/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-135414",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2018-5383",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "cret@cert.org",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2018-5383",
"impactScore": 5.8,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-5383",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cret@cert.org",
"id": "CVE-2018-5383",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-5383",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1882",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-135414",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-5383",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#304725"
},
{
"db": "VULHUB",
"id": "VHN-135414"
},
{
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Multiple Bluetooth drivers are prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and certain unauthorized actions, which will aid in further attacks. Bluetooth is a wireless technology standard that enables short-range data exchange between fixed and mobile devices and personal area networks in buildings. The following systems are affected: macOS prior to 10.13; macOS High Sierra prior to 11.4; iOS prior to 11.4; Android prior to Patch 2018-06-05. =========================================================================\nUbuntu Security Notice USN-4095-1\nAugust 13, 2019\n\nlinux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux: Linux kernel\n- linux-aws: Linux kernel for Amazon Web Services (AWS) systems\n- linux-kvm: Linux kernel for cloud environments\n- linux-raspi2: Linux kernel for Raspberry Pi 2\n- linux-snapdragon: Linux kernel for Snapdragon processors\n\nDetails:\n\nEli Biham and Lior Neumann discovered that the Bluetooth implementation in\nthe Linux kernel did not properly validate elliptic curve parameters during\nDiffie-Hellman key exchange in some situations. An attacker could use this\nto expose sensitive information. (CVE-2018-5383)\n\nIt was discovered that a heap buffer overflow existed in the Marvell\nWireless LAN device driver for the Linux kernel. An attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2019-10126)\n\nAndrei Vlad Lutas and Dan Lutas discovered that some x86 processors\nincorrectly handle SWAPGS instructions during speculative execution. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2019-1125)\n\nJann Horn discovered that a race condition existed in the Linux kernel when\nperforming core dumps. A local attacker could use this to cause a denial of\nservice (system crash) or expose sensitive information. (CVE-2019-11599)\n\nIt was discovered that the PowerPC dlpar implementation in the Linux kernel\ndid not properly check for allocation errors in some situations. A local\nattacker could possibly use this to cause a denial of service (system\ncrash). (CVE-2019-12614)\n\nJann Horn discovered that the ptrace implementation in the Linux kernel did\nnot properly record credentials in some situations. A local attacker could\nuse this to cause a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2019-13272)\n\nIt was discovered that the Marvell Wireless LAN device driver in the Linux\nkernel did not properly validate the BSS descriptor. A local attacker could\npossibly use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2019-3846)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n linux-image-4.4.0-1054-kvm 4.4.0-1054.61\n linux-image-4.4.0-1090-aws 4.4.0-1090.101\n linux-image-4.4.0-1118-raspi2 4.4.0-1118.127\n linux-image-4.4.0-1122-snapdragon 4.4.0-1122.128\n linux-image-4.4.0-159-generic 4.4.0-159.187\n linux-image-4.4.0-159-generic-lpae 4.4.0-159.187\n linux-image-4.4.0-159-lowlatency 4.4.0-159.187\n linux-image-4.4.0-159-powerpc-e500mc 4.4.0-159.187\n linux-image-4.4.0-159-powerpc-smp 4.4.0-159.187\n linux-image-4.4.0-159-powerpc64-emb 4.4.0-159.187\n linux-image-4.4.0-159-powerpc64-smp 4.4.0-159.187\n linux-image-aws 4.4.0.1090.94\n linux-image-generic 4.4.0.159.167\n linux-image-generic-lpae 4.4.0.159.167\n linux-image-kvm 4.4.0.1054.54\n linux-image-lowlatency 4.4.0.159.167\n linux-image-powerpc-e500mc 4.4.0.159.167\n linux-image-powerpc-smp 4.4.0.159.167\n linux-image-powerpc64-emb 4.4.0.159.167\n linux-image-powerpc64-smp 4.4.0.159.167\n linux-image-raspi2 4.4.0.1118.118\n linux-image-snapdragon 4.4.0.1122.114\n linux-image-virtual 4.4.0.159.167\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \nCVE-2018-4249: Kevin Backhouse of Semmle Ltd. \nCVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2018-9-17-1 iOS 12\n\niOS 12 is now available and addresses the following:\n\nAccounts\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local app may be able to read a persistent account\nidentifier\nDescription: This issue was addressed with improved entitlements. \nCVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. \n\nBluetooth\nAvailable for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7,\niPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation,\n12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro,\n9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation\nImpact: An attacker in a privileged network position may be able to\nintercept Bluetooth traffic\nDescription: An input validation issue existed in Bluetooth. This\nissue was addressed with improved input validation. \nCVE-2018-5383: Lior Neumann and Eli Biham\n\nCore Bluetooth\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4330: Apple\n\nCoreMedia\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An app may be able to learn information about the current\ncamera view before being granted camera access\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2018-4356: an anonymous researcher\n\nIOMobileFrameBuffer\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2018-4335: Brandon Azad\n\niTunes Store\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An attacker in a privileged network position may be able to\nspoof password prompts in the iTunes Store\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2018-4305: Jerry Decime\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to read restricted memory\nDescription: An input validation issue existed in the kernel. This\nissue was addressed with improved input validation. \nCVE-2018-4363: Ian Beer of Google Project Zero\n\nMessages\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to discover a user\u0027s deleted\nmessages\nDescription: A consistency issue existed in the handling of\napplication snapshots. The issue was addressed with improved handling\nof message deletions. \nCVE-2018-4313: 11 anonymous researchers, David Scott,\nEnes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -\nAnkara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l\nUniversity, Metin Altug Karakaya of Kaliptus Medical Organization,\nVinodh Swami of Western Governor\u0027s University (WGU)\n\nNotes\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to discover a user\u0027s deleted notes\nDescription: A consistency issue existed in the handling of\napplication snapshots. The issue was addressed with improved handling\nof notes deletions. \nCVE-2018-4352: an anonymous researcher\n\nSafari\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to discover websites a user has\nvisited\nDescription: A consistency issue existed in the handling of\napplication snapshots. The issue was addressed with improved handling\nof application snapshots. \nCVE-2018-4313: 11 anonymous researchers, David Scott,\nEnes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -\nAnkara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l\nUniversity, Metin Altug Karakaya of Kaliptus Medical Organization,\nVinodh Swami of Western Governor\u0027s University (WGU)\n\nSafari\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A user may be unable to delete browsing history items\nDescription: Clearing a history item may not clear visits with\nredirect chains. The issue was addressed with improved data deletion. \nCVE-2018-4329: Hugo S. Diaz (coldpointblue)\n\nSafari\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious website may be able to exfiltrate autofilled data\nin Safari\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority\n\nSafariViewController\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2018-4362: Jun Kokatsu (@shhnjk)\n\nSecurity\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An attacker may be able to exploit weaknesses in the RC4\ncryptographic algorithm\nDescription: This issue was addressed by removing RC4. \nCVE-2016-1777: Pepi Zawodsky\n\nStatus Bar\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\ndetermine the last used app from the lock screen\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2018-4325: Brian Adeloye\n\nWi-Fi\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend\nMicro\u0027s Zero Day Initiative\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 12\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAluf5GIACgkQeC9tht7T\nK3G2mg//QBqaVSeHLeqL489OJmSvBtudWIDY1GhHJ5Xc8ox3ILDNLVZeBU+DIpqr\nFb/slmBKhNM69CPf2fGC/Af2h3ZbUYVoANoyWfH+A/PYzFV726w5WHaq4QZndauO\nurHsrE/lH8CvDFS6lzp0OdGV5hVIGQ3hoYiF0lYmIdzCDQYwvFp+pn2I3b37Io8K\n5/cjRiYp+uq2NAKLm6hx8yq0NtYAQyQTsk6ZAsGlilmydLJDGnaeJE80wk7EBd8f\nrkdtqzs5B5ohHVYLcoGgMUrE7qyLpqwXjkfIJO8bkk1IqlbMwjmhOJVRPaHWtj5Y\n8Ouc2ebMfpFimk9+ODBUYMCsQJgQw8P6pW3gfSpiheIOPc65KzoaAdg+nOfmPwJK\nLR9CDMJauwYHf1I2RrMzDBflV1HIPurYciHBZKn6IH4f3KNIu5PGNTnHFgln6MxT\nD11WXuxNfvc2B1hRIRHXD2OB1+rh5Q+tkb+AEauHzIFWgl7otx6EZhiu7W8Mxa22\nk6s/Fo1UZI1GbnNjU9ugEumxH8w0WQNQZOOH3FI07aA7F2FVcTVXL4uaIoHzZR0N\nZmC/RvsQNGmw8L+DRWedEHda/rieAgMHkJxrjF0Day9PqY50YL7F+7qaw2J6Tmpo\nr5jDothh/1TQbkE5G8oOaT3Y3iOtDcMqh0T7jRxIP7awQMKce9M=\n=1Ld6\n-----END PGP SIGNATURE-----\n\n\n\n. \nCVE-2018-4197: Ivan Fratric of Google Project Zero\nCVE-2018-4306: Ivan Fratric of Google Project Zero\nCVE-2018-4312: Ivan Fratric of Google Project Zero\nCVE-2018-4314: Ivan Fratric of Google Project Zero\nCVE-2018-4315: Ivan Fratric of Google Project Zero\nCVE-2018-4317: Ivan Fratric of Google Project Zero\nCVE-2018-4318: Ivan Fratric of Google Project Zero\nEntry added September 24, 2018\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious website may exfiltrate image data cross-origin\nDescription: A cross-site scripting issue existed in Safari. \nCVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro\u0027s Zero\nDay Initiative\nCVE-2018-4323: Ivan Fratric of Google Project Zero\nCVE-2018-4328: Ivan Fratric of Google Project Zero\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with\nTrend Micro\u0027s Zero Day Initiative\nCVE-2018-4359: Samuel GroA (@5aelo)\nEntry added September 24, 2018\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious website may be able to execute scripts in the\ncontext of another website\nDescription: A cross-site scripting issue existed in Safari. \nCVE-2018-4361: found by Google OSS-Fuzz\nEntry added September 24, 2018\n\nAdditional recognition\n\nAssets\nWe would like to acknowledge Brandon Azad for their assistance. \n\nCore Data\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security\nLabs GmbH for their assistance. \n\nSandbox Profiles\nWe would like to acknowledge Tencent Keen Security Lab working with\nTrend Micro\u0027s Zero Day Initiative for their assistance. \n\nSQLite\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security\nLabs GmbH for their assistance. \n\nWebKit\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360\nVuclan team, and Zach Malone of CA Technologies for their assistance. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: linux-firmware security, bug fix, and enhancement update\nAdvisory ID: RHSA-2019:2169-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2169\nIssue date: 2019-08-06\nCVE Names: CVE-2018-5383\n====================================================================\n1. Summary:\n\nAn update for linux-firmware is now available for Red Hat Enterprise Linux\n7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch\nRed Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nThe linux-firmware packages contain all of the firmware files that are\nrequired by various devices to operate. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlinux-firmware-20190429-72.gitddde598.el7.src.rpm\n\nnoarch:\niwl100-firmware-39.31.5.1-72.el7.noarch.rpm\niwl1000-firmware-39.31.5.1-72.el7.noarch.rpm\niwl105-firmware-18.168.6.1-72.el7.noarch.rpm\niwl135-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2000-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2030-firmware-18.168.6.1-72.el7.noarch.rpm\niwl3160-firmware-22.0.7.0-72.el7.noarch.rpm\niwl3945-firmware-15.32.2.9-72.el7.noarch.rpm\niwl4965-firmware-228.61.2.24-72.el7.noarch.rpm\niwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm\niwl5150-firmware-8.24.2.2-72.el7.noarch.rpm\niwl6000-firmware-9.221.4.1-72.el7.noarch.rpm\niwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm\niwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm\niwl6050-firmware-41.28.5.1-72.el7.noarch.rpm\niwl7260-firmware-22.0.7.0-72.el7.noarch.rpm\niwl7265-firmware-22.0.7.0-72.el7.noarch.rpm\nlinux-firmware-20190429-72.gitddde598.el7.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlinux-firmware-20190429-72.gitddde598.el7.src.rpm\n\nnoarch:\niwl100-firmware-39.31.5.1-72.el7.noarch.rpm\niwl1000-firmware-39.31.5.1-72.el7.noarch.rpm\niwl105-firmware-18.168.6.1-72.el7.noarch.rpm\niwl135-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2000-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2030-firmware-18.168.6.1-72.el7.noarch.rpm\niwl3160-firmware-22.0.7.0-72.el7.noarch.rpm\niwl3945-firmware-15.32.2.9-72.el7.noarch.rpm\niwl4965-firmware-228.61.2.24-72.el7.noarch.rpm\niwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm\niwl5150-firmware-8.24.2.2-72.el7.noarch.rpm\niwl6000-firmware-9.221.4.1-72.el7.noarch.rpm\niwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm\niwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm\niwl6050-firmware-41.28.5.1-72.el7.noarch.rpm\niwl7260-firmware-22.0.7.0-72.el7.noarch.rpm\niwl7265-firmware-22.0.7.0-72.el7.noarch.rpm\nlinux-firmware-20190429-72.gitddde598.el7.noarch.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlinux-firmware-20190429-72.gitddde598.el7.src.rpm\n\nnoarch:\niwl100-firmware-39.31.5.1-72.el7.noarch.rpm\niwl1000-firmware-39.31.5.1-72.el7.noarch.rpm\niwl105-firmware-18.168.6.1-72.el7.noarch.rpm\niwl135-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2000-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2030-firmware-18.168.6.1-72.el7.noarch.rpm\niwl3160-firmware-22.0.7.0-72.el7.noarch.rpm\niwl3945-firmware-15.32.2.9-72.el7.noarch.rpm\niwl4965-firmware-228.61.2.24-72.el7.noarch.rpm\niwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm\niwl5150-firmware-8.24.2.2-72.el7.noarch.rpm\niwl6000-firmware-9.221.4.1-72.el7.noarch.rpm\niwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm\niwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm\niwl6050-firmware-41.28.5.1-72.el7.noarch.rpm\niwl7260-firmware-22.0.7.0-72.el7.noarch.rpm\niwl7265-firmware-22.0.7.0-72.el7.noarch.rpm\nlinux-firmware-20190429-72.gitddde598.el7.noarch.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlinux-firmware-20190429-72.gitddde598.el7.src.rpm\n\nnoarch:\niwl100-firmware-39.31.5.1-72.el7.noarch.rpm\niwl1000-firmware-39.31.5.1-72.el7.noarch.rpm\niwl105-firmware-18.168.6.1-72.el7.noarch.rpm\niwl135-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2000-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2030-firmware-18.168.6.1-72.el7.noarch.rpm\niwl3160-firmware-22.0.7.0-72.el7.noarch.rpm\niwl3945-firmware-15.32.2.9-72.el7.noarch.rpm\niwl4965-firmware-228.61.2.24-72.el7.noarch.rpm\niwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm\niwl5150-firmware-8.24.2.2-72.el7.noarch.rpm\niwl6000-firmware-9.221.4.1-72.el7.noarch.rpm\niwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm\niwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm\niwl6050-firmware-41.28.5.1-72.el7.noarch.rpm\niwl7260-firmware-22.0.7.0-72.el7.noarch.rpm\niwl7265-firmware-22.0.7.0-72.el7.noarch.rpm\nlinux-firmware-20190429-72.gitddde598.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-5383\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \nCVE-2018-5383: Lior Neumann and Eli Biham\n\nThe updates below are available for these Mac models:\nMacBook (Early 2015 and later), MacBook Air (Mid 2012 and later),\nMacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later),\niMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013, Mid 2010, and Mid 2012 models with recommended\nMetal-capable graphics processor, including MSI Gaming Radeon RX 560\nand Sapphire Radeon PULSE RX 580)\n\nApp Store\nImpact: A malicious application may be able to determine the Apple ID\nof the owner of the computer\nDescription: A permissions issue existed in the handling of the Apple\nID. \nCVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc. \nCVE-2018-4353: Abhinav Bansal of Zscaler, Inc. \n\nMail\nWe would like to acknowledge Alessandro Avagliano of Rocket Internet\nSE, John Whitehead of The New York Times, Kelvin Delbarre of Omicron\nSoftware Systems, and Zbyszek A\u003e\u003eA3Akiewski for their assistance. \n\nSecurity\nWe would like to acknowledge Christoph Sinai, Daniel Dudek\n(@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak)\nof ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of\nShapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson\nDing, and an anonymous researcher for their assistance. \nCVE-2018-4285: Mohamed Ghannam (@_simo36)\n\nBluetooth\nAvailable for: MacBook Pro (15-inch, 2018), and MacBook Pro\n(13-inch, 2018, Four Thunderbolt 3 Ports)\nOther Mac models were addressed with macOS High Sierra 10.13.5. \nCVE-2018-4283: @panicaII working with Trend Micro\u0027s Zero Day\nInitiative\n\nKernel\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS\nHigh Sierra 10.13.5\nImpact: Systems using IntelA(r) Core-based microprocessors may\npotentially allow a local process to infer data utilizing Lazy FP\nstate restore from another process through a speculative execution\nside channel\nDescription: Lazy FP state restore instead of eager save and restore\nof the state upon a context switch. Lazy restored states are\npotentially vulnerable to exploits where one process may infer\nregister values of other processes through a speculative execution\nside channel that infers their value. \nCVE-2018-4277: xisigr of Tencent\u0027s Xuanwu Lab (tencent.com)\n\nPerl\nAvailable for: macOS High Sierra 10.13.5\nImpact: Multiple buffer overflow issues existed in Perl\nDescription: Multiple issues in Perl were addressed with improved\nmemory handling. \n\nHelp Viewer\nWe would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing\nfor their assistance",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5383"
},
{
"db": "CERT/CC",
"id": "VU#304725"
},
{
"db": "BID",
"id": "104879"
},
{
"db": "VULHUB",
"id": "VHN-135414"
},
{
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"db": "PACKETSTORM",
"id": "154044"
},
{
"db": "PACKETSTORM",
"id": "157598"
},
{
"db": "PACKETSTORM",
"id": "148645"
},
{
"db": "PACKETSTORM",
"id": "149400"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "153946"
},
{
"db": "PACKETSTORM",
"id": "149510"
},
{
"db": "PACKETSTORM",
"id": "148641"
},
{
"db": "PACKETSTORM",
"id": "150118"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/304725",
"trust": 0.8,
"type": "poc"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#304725"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5383",
"trust": 3.0
},
{
"db": "CERT/CC",
"id": "VU#304725",
"trust": 2.9
},
{
"db": "BID",
"id": "104879",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1041432",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "157598",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "153946",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882",
"trust": 0.7
},
{
"db": "LENOVO",
"id": "LEN-22233",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1612",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1111",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2932",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0501.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0559",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "154044",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154049",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-135414",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-5383",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148645",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149400",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149516",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149510",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148641",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150118",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#304725"
},
{
"db": "VULHUB",
"id": "VHN-135414"
},
{
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"db": "BID",
"id": "104879"
},
{
"db": "PACKETSTORM",
"id": "154044"
},
{
"db": "PACKETSTORM",
"id": "157598"
},
{
"db": "PACKETSTORM",
"id": "148645"
},
{
"db": "PACKETSTORM",
"id": "149400"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "153946"
},
{
"db": "PACKETSTORM",
"id": "149510"
},
{
"db": "PACKETSTORM",
"id": "148641"
},
{
"db": "PACKETSTORM",
"id": "150118"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"id": "VAR-201808-1004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-135414"
}
],
"trust": 0.6791666639999999
},
"last_update_date": "2025-12-22T21:50:21.160000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bluetooth Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82629"
},
{
"title": "Red Hat: Important: linux-firmware security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192169 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: linux-firmware vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4351-1"
},
{
"title": "Red Hat: CVE-2018-5383",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-5383"
},
{
"title": "HP: HPSBHF03585 rev. 1 - Bluetooth Pairing Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBHF03585"
},
{
"title": "Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4095-2"
},
{
"title": "Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4095-1"
},
{
"title": "Android Security Bulletins: Android Security Bulletin\u2014August 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=746dc14fcd3f5e139648cfdc9d9039a9"
},
{
"title": "Apple: watchOS 4.3.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=0f4c2f01c97a0857022a69b5486be838"
},
{
"title": "Apple: tvOS 11.4",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=d2d0b1ec71830547fb971d63ee3beadb"
},
{
"title": "Android Security Bulletins: Android Security Bulletin\u2014June 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=cc496c56e2bf669809bfb568f59af8e1"
},
{
"title": "Apple: macOS Mojave 10.14",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b8d65830dc3366732d9f4a144cde5cf4"
},
{
"title": "Apple: tvOS 12",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=cffdc08d95a71866e104f27dafdf5818"
},
{
"title": "Apple: macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f93fc5c87ddc6e336e7b02ff3308dfe6"
},
{
"title": "Apple: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=6271728c896ad06d4d117e77589eea2f"
},
{
"title": "Apple: iOS 11.4",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=0f3db097f895347566033494c2dda90b"
},
{
"title": "Ubuntu Security Notice: linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4094-1"
},
{
"title": "Apple: iOS 12",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9859610dae22b7395b3a00be201bcefb"
},
{
"title": "Ubuntu Security Notice: linux-aws vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4118-1"
},
{
"title": "broadcom-bt-firmware",
"trust": 0.1,
"url": "https://github.com/winterheart/broadcom-bt-firmware "
},
{
"title": "awesome-bluetooth-security",
"trust": 0.1,
"url": "https://github.com/engn33r/awesome-bluetooth-security "
},
{
"title": "SamsungReleaseNotes",
"trust": 0.1,
"url": "https://github.com/samreleasenotes/SamsungReleaseNotes "
},
{
"title": "welivesecurity",
"trust": 0.1,
"url": "https://www.welivesecurity.com/2018/07/24/bluetooth-bug-expose-devices/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2018/07/24/bluetooth_cryptography_bug/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/many-bluetooth-implementations-and-os-drivers-affected-by-crypto-bug/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-347",
"trust": 1.1
},
{
"problemtype": "CWE-325",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135414"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"trust": 2.6,
"url": "https://access.redhat.com/errata/rhsa-2019:2169"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/104879"
},
{
"trust": 2.4,
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"trust": 2.4,
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"trust": 2.4,
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"trust": 2.2,
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"trust": 1.8,
"url": "http://www.cs.technion.ac.il/~biham/bt/"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041432"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"trust": 1.3,
"url": "https://usn.ubuntu.com/4351-1/"
},
{
"trust": 1.1,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5383"
},
{
"trust": 0.8,
"url": "http://www.cs.technion.ac.il/~biham/bt"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/325.html"
},
{
"trust": 0.8,
"url": "https://source.android.com/security/bulletin/2018-06-01"
},
{
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht208848"
},
{
"trust": 0.8,
"url": "https://source.android.com/security/bulletin/pixel/2018-06-01"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.6,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190466-1/"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190422-1/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2932/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75986"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/bluetooth-firmware-information-disclosure-via-weak-elliptic-curve-parameters-28536"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-22233"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157598/ubuntu-security-notice-usn-4351-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75750"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78314"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/153946/red-hat-security-advisory-2019-2169-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1612/"
},
{
"trust": 0.3,
"url": "https://www.bluetooth.com/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-ie/ht208849"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht208937"
},
{
"trust": 0.3,
"url": "https://lists.apple.com/archives/security-announce/2018/jul/msg00008.html"
},
{
"trust": 0.3,
"url": "https://lists.apple.com/archives/security-announce/2018/jul/msg00009.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1777"
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4363"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4305"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4313"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4336"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4344"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4321"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3665"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4248"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4269"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4178"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4293"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4268"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4277"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4283"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4280"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/347.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=58464"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13272"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1054.61"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4095-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-159.187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10126"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1122.128"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1090.101"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1118.127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3846"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4351-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-firmware/1.157.23"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-firmware/1.173.18"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4225"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4233"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4249"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4246"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4243"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4198"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4201"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4240"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4223"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4211"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4241"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4329"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4322"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4356"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4338"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4325"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4323"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4191"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4309"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4315"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4316"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4317"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4306"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4312"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4328"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4314"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4299"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5383"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4353"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14064"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10784"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8777"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17405"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4276"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4291"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6914"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14033"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6913"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4259"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17742"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4287"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#304725"
},
{
"db": "VULHUB",
"id": "VHN-135414"
},
{
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"db": "BID",
"id": "104879"
},
{
"db": "PACKETSTORM",
"id": "154044"
},
{
"db": "PACKETSTORM",
"id": "157598"
},
{
"db": "PACKETSTORM",
"id": "148645"
},
{
"db": "PACKETSTORM",
"id": "149400"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "153946"
},
{
"db": "PACKETSTORM",
"id": "149510"
},
{
"db": "PACKETSTORM",
"id": "148641"
},
{
"db": "PACKETSTORM",
"id": "150118"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#304725"
},
{
"db": "VULHUB",
"id": "VHN-135414"
},
{
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"db": "BID",
"id": "104879"
},
{
"db": "PACKETSTORM",
"id": "154044"
},
{
"db": "PACKETSTORM",
"id": "157598"
},
{
"db": "PACKETSTORM",
"id": "148645"
},
{
"db": "PACKETSTORM",
"id": "149400"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "153946"
},
{
"db": "PACKETSTORM",
"id": "149510"
},
{
"db": "PACKETSTORM",
"id": "148641"
},
{
"db": "PACKETSTORM",
"id": "150118"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-23T00:00:00",
"db": "CERT/CC",
"id": "VU#304725"
},
{
"date": "2018-08-07T00:00:00",
"db": "VULHUB",
"id": "VHN-135414"
},
{
"date": "2018-08-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"date": "2018-07-23T00:00:00",
"db": "BID",
"id": "104879"
},
{
"date": "2019-08-13T17:45:06",
"db": "PACKETSTORM",
"id": "154044"
},
{
"date": "2020-05-07T15:27:24",
"db": "PACKETSTORM",
"id": "157598"
},
{
"date": "2018-07-23T15:22:22",
"db": "PACKETSTORM",
"id": "148645"
},
{
"date": "2018-09-17T22:22:22",
"db": "PACKETSTORM",
"id": "149400"
},
{
"date": "2018-09-25T16:32:23",
"db": "PACKETSTORM",
"id": "149516"
},
{
"date": "2019-08-06T21:12:55",
"db": "PACKETSTORM",
"id": "153946"
},
{
"date": "2018-09-25T16:20:37",
"db": "PACKETSTORM",
"id": "149510"
},
{
"date": "2018-07-23T13:01:11",
"db": "PACKETSTORM",
"id": "148641"
},
{
"date": "2018-10-31T16:14:57",
"db": "PACKETSTORM",
"id": "150118"
},
{
"date": "2018-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"date": "2018-08-07T21:29:00.287000",
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-17T00:00:00",
"db": "CERT/CC",
"id": "VU#304725"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-135414"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"date": "2018-07-23T00:00:00",
"db": "BID",
"id": "104879"
},
{
"date": "2020-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"date": "2024-11-21T04:08:42.640000",
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange",
"sources": [
{
"db": "CERT/CC",
"id": "VU#304725"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
}
],
"trust": 0.6
}
}
FKIE_CVE-2018-5383
Vulnerability from fkie_nvd - Published: 2018-08-07 21:29 - Updated: 2024-11-21 04:08
Severity ?
8.0 (High) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "618A2297-91F6-4533-B345-1620635CDA93",
"versionEndExcluding": "11.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "089EFF21-6A9B-40E4-9154-44174E26D5B5",
"versionEndExcluding": "10.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device."
},
{
"lang": "es",
"value": "El firmware bluetooth o los controladores de software del sistema operativo en versiones de macOS anteriores a la 10.13, versiones High Sierra e iOS anteriores a la 11.4 y versiones de Android anteriores al parche del 05/06/2018, podr\u00edan no validar lo suficiente par\u00e1metros de curva el\u00edptica empleados para generar claves p\u00fablicas durante un intercambio de claves Diffie-Hellman, lo que podr\u00eda permitir que un atacante remoto obtenga la clave de cifrado empleada por el dispositivo."
}
],
"id": "CVE-2018-5383",
"lastModified": "2024-11-21T04:08:42.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.8,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-07T21:29:00.287",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.cs.technion.ac.il/~biham/BT/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104879"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041432"
},
{
"source": "cret@cert.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"source": "cret@cert.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"source": "cret@cert.org",
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"source": "cret@cert.org",
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"source": "cret@cert.org",
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"source": "cret@cert.org",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"source": "cret@cert.org",
"url": "https://usn.ubuntu.com/4351-1/"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.cs.technion.ac.il/~biham/BT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4351-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/304725"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-325"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…