Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-5383 (GCVE-0-2018-5383)
Vulnerability from cvelistv5
Published
2018-08-07 21:00
Modified
2024-09-16 20:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.technion.ac.il/~biham/BT/"
},
{
"name": "1041432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041432"
},
{
"name": "VU#304725",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"name": "104879",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104879"
},
{
"name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"name": "RHSA-2019:2169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"name": "USN-4094-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4095-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"name": "USN-4095-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "USN-4351-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4351-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.13.6",
"status": "affected",
"version": "10.13 High Sierra",
"versionType": "custom"
}
]
},
{
"product": "iOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.4",
"status": "affected",
"version": "11",
"versionType": "custom"
}
]
},
{
"product": "Android",
"vendor": "Android Open Source Project",
"versions": [
{
"lessThan": "2018-06-05 patch level",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lior Neumann and Eli Biham of the Techion Israel Institute of Technology"
}
],
"datePublic": "2018-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "CWE-325",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-11T01:06:04",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.technion.ac.il/~biham/BT/"
},
{
"name": "1041432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041432"
},
{
"name": "VU#304725",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"name": "104879",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104879"
},
{
"name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"name": "RHSA-2019:2169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"name": "USN-4094-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4095-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"name": "USN-4095-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "USN-4351-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4351-1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2018-07-03T04:00:00.000Z",
"ID": "CVE-2018-5383",
"STATE": "PUBLIC",
"TITLE": "Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "10.13 High Sierra",
"version_value": "10.13.6"
}
]
}
},
{
"product_name": "iOS",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "11",
"version_value": "11.4"
}
]
}
}
]
},
"vendor_name": "Apple"
},
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "2018-06-05 patch level"
}
]
}
}
]
},
"vendor_name": "Android Open Source Project"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lior Neumann and Eli Biham of the Techion Israel Institute of Technology"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-325"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.technion.ac.il/~biham/BT/",
"refsource": "MISC",
"url": "http://www.cs.technion.ac.il/~biham/BT/"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
},
{
"name": "VU#304725",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"name": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update",
"refsource": "CONFIRM",
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"name": "104879",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104879"
},
{
"name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"name": "RHSA-2019:2169",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"name": "USN-4094-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4095-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"name": "USN-4095-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"name": "USN-4118-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "USN-4351-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4351-1/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2018-5383",
"datePublished": "2018-08-07T21:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-16T20:36:44.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-5383\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2018-08-07T21:29:00.287\",\"lastModified\":\"2024-11-21T04:08:42.640\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.\"},{\"lang\":\"es\",\"value\":\"El firmware bluetooth o los controladores de software del sistema operativo en versiones de macOS anteriores a la 10.13, versiones High Sierra e iOS anteriores a la 11.4 y versiones de Android anteriores al parche del 05/06/2018, podr\u00edan no validar lo suficiente par\u00e1metros de curva el\u00edptica empleados para generar claves p\u00fablicas durante un intercambio de claves Diffie-Hellman, lo que podr\u00eda permitir que un atacante remoto obtenga la clave de cifrado empleada por el dispositivo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":5.8},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":5.5,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-325\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E70C6D8D-C9C3-4D92-8DFC-71F59E068295\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"691FA41B-C2CE-413F-ABB1-0B22CB322807\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D835D592-2423-44C6-804A-3AD010112E7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"568E2561-A068-46A2-B331-BBA91FC96F0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B578E383-0D77-4AC7-9C81-3F0B8C18E033\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.4\",\"matchCriteriaId\":\"618A2297-91F6-4533-B345-1620635CDA93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.13\",\"matchCriteriaId\":\"089EFF21-6A9B-40E4-9154-44174E26D5B5\"}]}]}],\"references\":[{\"url\":\"http://www.cs.technion.ac.il/~biham/BT/\",\"source\":\"cret@cert.org\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104879\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041432\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2169\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html\",\"source\":\"cret@cert.org\"},{\"url\":\"https://usn.ubuntu.com/4094-1/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://usn.ubuntu.com/4095-1/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://usn.ubuntu.com/4095-2/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://usn.ubuntu.com/4118-1/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://usn.ubuntu.com/4351-1/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/304725\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.cs.technion.ac.il/~biham/BT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104879\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041432\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2169\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4094-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4095-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4095-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4118-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4351-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/304725\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
CERTFR-2019-AVI-188
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-16658",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16658"
},
{
"name": "CVE-2018-10883",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10883"
},
{
"name": "CVE-2018-10902",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
},
{
"name": "CVE-2018-14634",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14634"
},
{
"name": "CVE-2018-10879",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10879"
},
{
"name": "CVE-2018-10880",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10880"
},
{
"name": "CVE-2018-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10878"
},
{
"name": "CVE-2018-6554",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6554"
},
{
"name": "CVE-2018-13093",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13093"
},
{
"name": "CVE-2018-10881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10881"
},
{
"name": "CVE-2018-12896",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12896"
},
{
"name": "CVE-2018-6555",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6555"
},
{
"name": "CVE-2018-14617",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14617"
},
{
"name": "CVE-2018-10877",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10877"
},
{
"name": "CVE-2018-10882",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10882"
},
{
"name": "CVE-2018-10876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10876"
},
{
"name": "CVE-2018-10940",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10940"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2018-10853",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10853"
},
{
"name": "CVE-2018-16276",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16276"
}
],
"initial_release_date": "2019-04-29T00:00:00",
"last_revision_date": "2019-04-29T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-188",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20190427-2 du 27 avril 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190427-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20182908-2 du 27 avril 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20182908-2/"
}
]
}
CERTFR-2019-AVI-391
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 19.04",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12614"
},
{
"name": "CVE-2019-1125",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1125"
},
{
"name": "CVE-2019-2024",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2024"
},
{
"name": "CVE-2018-13100",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13100"
},
{
"name": "CVE-2018-14615",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14615"
},
{
"name": "CVE-2019-9503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
},
{
"name": "CVE-2018-20856",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20856"
},
{
"name": "CVE-2018-13053",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13053"
},
{
"name": "CVE-2018-13093",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13093"
},
{
"name": "CVE-2019-11833",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11833"
},
{
"name": "CVE-2018-14613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14613"
},
{
"name": "CVE-2018-13096",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13096"
},
{
"name": "CVE-2019-3846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3846"
},
{
"name": "CVE-2018-14609",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14609"
},
{
"name": "CVE-2019-13272",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13272"
},
{
"name": "CVE-2018-20511",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20511"
},
{
"name": "CVE-2018-16862",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16862"
},
{
"name": "CVE-2018-20169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
},
{
"name": "CVE-2018-14616",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14616"
},
{
"name": "CVE-2019-12984",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12984"
},
{
"name": "CVE-2018-14617",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14617"
},
{
"name": "CVE-2019-2054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2054"
},
{
"name": "CVE-2019-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12818"
},
{
"name": "CVE-2018-13097",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13097"
},
{
"name": "CVE-2019-13233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
},
{
"name": "CVE-2019-2101",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2101"
},
{
"name": "CVE-2018-13099",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13099"
},
{
"name": "CVE-2019-11599",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11599"
},
{
"name": "CVE-2018-14614",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14614"
},
{
"name": "CVE-2018-14610",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14610"
},
{
"name": "CVE-2018-13098",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13098"
},
{
"name": "CVE-2018-14612",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14612"
},
{
"name": "CVE-2019-10126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10126"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2019-12819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12819"
},
{
"name": "CVE-2018-14611",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14611"
}
],
"initial_release_date": "2019-08-14T00:00:00",
"last_revision_date": "2019-08-14T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-391",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4094-1 du 13 ao\u00fbt 2019",
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4093-1 du 13 ao\u00fbt 2019",
"url": "https://usn.ubuntu.com/4093-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4096-1 du 13 ao\u00fbt 2019",
"url": "https://usn.ubuntu.com/4096-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4095-2 du 13 ao\u00fbt 2019",
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4095-1 du 13 ao\u00fbt 2019",
"url": "https://usn.ubuntu.com/4095-1/"
}
]
}
CERTFR-2018-AVI-372
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Android toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 06 ao\u00fbt 2018",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-18292",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18292"
},
{
"name": "CVE-2018-9446",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9446"
},
{
"name": "CVE-2018-9454",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9454"
},
{
"name": "CVE-2018-5903",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5903"
},
{
"name": "CVE-2018-9437",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9437"
},
{
"name": "CVE-2017-18296",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18296"
},
{
"name": "CVE-2018-1068",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1068"
},
{
"name": "CVE-2017-9711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9711"
},
{
"name": "CVE-2018-9427",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9427"
},
{
"name": "CVE-2018-9444",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9444"
},
{
"name": "CVE-2017-13322",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13322"
},
{
"name": "CVE-2017-18293",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18293"
},
{
"name": "CVE-2018-11305",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11305"
},
{
"name": "CVE-2018-9461",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9461"
},
{
"name": "CVE-2018-9439",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9439"
},
{
"name": "CVE-2018-5908",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5908"
},
{
"name": "CVE-2018-5904",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5904"
},
{
"name": "CVE-2018-9463",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9463"
},
{
"name": "CVE-2017-8261",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8261"
},
{
"name": "CVE-2017-18304",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18304"
},
{
"name": "CVE-2018-9464",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9464"
},
{
"name": "CVE-2018-9436",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9436"
},
{
"name": "CVE-2018-9457",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9457"
},
{
"name": "CVE-2018-3587",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3587"
},
{
"name": "CVE-2018-9445",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9445"
},
{
"name": "CVE-2017-13242",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13242"
},
{
"name": "CVE-2018-9451",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9451"
},
{
"name": "CVE-2018-9453",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9453"
},
{
"name": "CVE-2018-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9458"
},
{
"name": "CVE-2018-9449",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9449"
},
{
"name": "CVE-2018-9447",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9447"
},
{
"name": "CVE-2018-5905",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5905"
},
{
"name": "CVE-2017-18295",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18295"
},
{
"name": "CVE-2017-18283",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18283"
},
{
"name": "CVE-2017-18281",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18281"
},
{
"name": "CVE-2018-9450",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9450"
},
{
"name": "CVE-2017-18249",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18249"
},
{
"name": "CVE-2017-18309",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18309"
},
{
"name": "CVE-2017-18303",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18303"
},
{
"name": "CVE-2018-9459",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9459"
},
{
"name": "CVE-2018-11263",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11263"
},
{
"name": "CVE-2018-9448",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9448"
},
{
"name": "CVE-2018-9438",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9438"
},
{
"name": "CVE-2018-9465",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9465"
},
{
"name": "CVE-2017-18299",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18299"
},
{
"name": "CVE-2018-11258",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11258"
},
{
"name": "CVE-2017-18307",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18307"
},
{
"name": "CVE-2018-9455",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9455"
},
{
"name": "CVE-2017-18301",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18301"
},
{
"name": "CVE-2017-18306",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18306"
},
{
"name": "CVE-2018-9435",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9435"
},
{
"name": "CVE-2017-18297",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18297"
},
{
"name": "CVE-2017-18294",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18294"
},
{
"name": "CVE-2017-18280",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18280"
},
{
"name": "CVE-2017-13295",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13295"
},
{
"name": "CVE-2017-18300",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18300"
},
{
"name": "CVE-2017-18298",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18298"
},
{
"name": "CVE-2017-15817",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15817"
},
{
"name": "CVE-2017-18308",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18308"
},
{
"name": "CVE-2017-18310",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18310"
},
{
"name": "CVE-2017-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18282"
},
{
"name": "CVE-2017-1000100",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000100"
},
{
"name": "CVE-2017-18302",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18302"
},
{
"name": "CVE-2018-9462",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9462"
},
{
"name": "CVE-2018-11260",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11260"
},
{
"name": "CVE-2017-18305",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18305"
},
{
"name": "CVE-2018-9441",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9441"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2018-5909",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5909"
},
{
"name": "CVE-2018-5910",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5910"
},
{
"name": "CVE-2017-13077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
}
],
"initial_release_date": "2018-08-07T00:00:00",
"last_revision_date": "2018-08-07T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-372",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-08-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Pixel/Nexus du 06 ao\u00fbt 2018",
"url": "https://source.android.com/security/bulletin/pixel/2018-08-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 06 ao\u00fbt 2018",
"url": "https://source.android.com/security/bulletin/2018-08-01"
}
]
}
CERTFR-2019-AVI-419
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 19.04",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-20784",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20784"
},
{
"name": "CVE-2019-2024",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2024"
},
{
"name": "CVE-2019-15221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15221"
},
{
"name": "CVE-2018-13100",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13100"
},
{
"name": "CVE-2019-15215",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15215"
},
{
"name": "CVE-2018-14615",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14615"
},
{
"name": "CVE-2018-20856",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20856"
},
{
"name": "CVE-2019-10207",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10207"
},
{
"name": "CVE-2019-14763",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14763"
},
{
"name": "CVE-2018-19985",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
},
{
"name": "CVE-2019-10638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10638"
},
{
"name": "CVE-2019-11810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11810"
},
{
"name": "CVE-2019-13648",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13648"
},
{
"name": "CVE-2019-15292",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15292"
},
{
"name": "CVE-2019-15214",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15214"
},
{
"name": "CVE-2018-13053",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13053"
},
{
"name": "CVE-2018-13093",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13093"
},
{
"name": "CVE-2019-11833",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11833"
},
{
"name": "CVE-2018-14613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14613"
},
{
"name": "CVE-2019-15212",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15212"
},
{
"name": "CVE-2018-13096",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13096"
},
{
"name": "CVE-2019-11085",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11085"
},
{
"name": "CVE-2019-3846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3846"
},
{
"name": "CVE-2018-14609",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14609"
},
{
"name": "CVE-2019-13272",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13272"
},
{
"name": "CVE-2018-20511",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20511"
},
{
"name": "CVE-2019-14284",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14284"
},
{
"name": "CVE-2018-16862",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16862"
},
{
"name": "CVE-2019-10639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10639"
},
{
"name": "CVE-2018-20169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
},
{
"name": "CVE-2018-14616",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14616"
},
{
"name": "CVE-2019-12984",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12984"
},
{
"name": "CVE-2019-15220",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15220"
},
{
"name": "CVE-2019-11884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11884"
},
{
"name": "CVE-2019-3819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3819"
},
{
"name": "CVE-2018-14617",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14617"
},
{
"name": "CVE-2019-3701",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3701"
},
{
"name": "CVE-2019-3900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3900"
},
{
"name": "CVE-2019-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12818"
},
{
"name": "CVE-2019-15211",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15211"
},
{
"name": "CVE-2019-11815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11815"
},
{
"name": "CVE-2018-13097",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13097"
},
{
"name": "CVE-2019-13233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
},
{
"name": "CVE-2019-2101",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2101"
},
{
"name": "CVE-2018-13099",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13099"
},
{
"name": "CVE-2019-11599",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11599"
},
{
"name": "CVE-2018-14614",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14614"
},
{
"name": "CVE-2019-15218",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15218"
},
{
"name": "CVE-2018-14610",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14610"
},
{
"name": "CVE-2018-13098",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13098"
},
{
"name": "CVE-2018-14612",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14612"
},
{
"name": "CVE-2019-10126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10126"
},
{
"name": "CVE-2019-11487",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11487"
},
{
"name": "CVE-2019-15090",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15090"
},
{
"name": "CVE-2019-0136",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0136"
},
{
"name": "CVE-2019-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13631"
},
{
"name": "CVE-2019-9506",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9506"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2019-12819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12819"
},
{
"name": "CVE-2018-14611",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14611"
},
{
"name": "CVE-2019-15216",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15216"
},
{
"name": "CVE-2019-14283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14283"
}
],
"initial_release_date": "2019-09-03T00:00:00",
"last_revision_date": "2019-09-03T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-419",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-09-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu du 02 septembre 2019",
"url": "https://usn.ubuntu.com/4118-1/"
}
]
}
CERTFR-2019-AVI-077
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE . Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP2-LTSS | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP3 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP3 | ||
| SUSE | N/A | SUSE CaaS Platform 3.0 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP2-BCL | ||
| SUSE | N/A | SUSE CaaS Platform ALL | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3 | ||
| SUSE | N/A | SUSE OpenStack Cloud 7 | ||
| SUSE | N/A | SUSE Enterprise Storage 4 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 12-SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE CaaS Platform 3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE CaaS Platform ALL",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-18249",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18249"
},
{
"name": "CVE-2019-3460",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3460"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2019-3459",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3459"
}
],
"initial_release_date": "2019-02-25T00:00:00",
"last_revision_date": "2019-02-25T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-077",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-02-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE . Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0466-1 du 22 f\u00e9vrier 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190466-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0470-1 du 22 f\u00e9vrier 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190470-1/"
}
]
}
CERTFR-2018-AVI-455
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Apple macOS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS versions 10.13 et ant\u00e9rieurs",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-4353",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4353"
},
{
"name": "CVE-2018-4336",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4336"
},
{
"name": "CVE-2018-4321",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4321"
},
{
"name": "CVE-2018-4324",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4324"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2018-4344",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4344"
},
{
"name": "CVE-2018-4333",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4333"
}
],
"initial_release_date": "2018-09-25T00:00:00",
"last_revision_date": "2018-09-25T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-455",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple macOS. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun contournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple macOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209139 du 24 septembre 2018",
"url": "https://support.apple.com/en-us/HT209139"
}
]
}
CERTFR-2018-AVI-443
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "watchOS versions ant\u00e9rieures \u00e0 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Support pour iOS versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-4322",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4322"
},
{
"name": "CVE-2018-4363",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4363"
},
{
"name": "CVE-2018-4325",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4325"
},
{
"name": "CVE-2018-4329",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4329"
},
{
"name": "CVE-2018-4352",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4352"
},
{
"name": "CVE-2018-4195",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4195"
},
{
"name": "CVE-2018-4307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4307"
},
{
"name": "CVE-2018-4313",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4313"
},
{
"name": "CVE-2018-4397",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4397"
},
{
"name": "CVE-2018-4357",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4357"
},
{
"name": "CVE-2018-4305",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4305"
},
{
"name": "CVE-2018-4335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4335"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2018-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4330"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2018-4338",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4338"
},
{
"name": "CVE-2018-4362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4362"
},
{
"name": "CVE-2018-4356",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4356"
}
],
"initial_release_date": "2018-09-18T00:00:00",
"last_revision_date": "2018-09-19T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-443",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-18T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 Apple HT209135 du 17 septembre 2018",
"revision_date": "2018-09-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209117 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209117"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209108 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209108"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209135 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209135"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209106 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209106"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209109 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209109"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209107 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209107"
}
]
}
suse-su-2019:0422-1
Vulnerability from csaf_suse
Published
2019-02-18 15:26
Modified
2019-02-18 15:26
Summary
Security update for kernel-firmware
Notes
Title of the patch
Security update for kernel-firmware
Description of the patch
This update for kernel-firmware fixes the following issues:
Security issue fixed:
- CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters
were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301).
Patchnames
SUSE-2019-422,SUSE-SLE-SERVER-12-2019-422
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-firmware",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-firmware fixes the following issues:\n\nSecurity issue fixed: \n\n- CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters\n were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-422,SUSE-SLE-SERVER-12-2019-422",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0422-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0422-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190422-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0422-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-February/005129.html"
},
{
"category": "self",
"summary": "SUSE Bug 1104301",
"url": "https://bugzilla.suse.com/1104301"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5383 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5383/"
}
],
"title": "Security update for kernel-firmware",
"tracking": {
"current_release_date": "2019-02-18T15:26:13Z",
"generator": {
"date": "2019-02-18T15:26:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0422-1",
"initial_release_date": "2019-02-18T15:26:13Z",
"revision_history": [
{
"date": "2019-02-18T15:26:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-firmware-20140807git-5.11.1.noarch",
"product": {
"name": "kernel-firmware-20140807git-5.11.1.noarch",
"product_id": "kernel-firmware-20140807git-5.11.1.noarch"
}
},
{
"category": "product_version",
"name": "ucode-amd-20140807git-5.11.1.noarch",
"product": {
"name": "ucode-amd-20140807git-5.11.1.noarch",
"product_id": "ucode-amd-20140807git-5.11.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20140807git-5.11.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-firmware-20140807git-5.11.1.noarch"
},
"product_reference": "kernel-firmware-20140807git-5.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20140807git-5.11.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:ucode-amd-20140807git-5.11.1.noarch"
},
"product_reference": "ucode-amd-20140807git-5.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-5383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5383"
}
],
"notes": [
{
"category": "general",
"text": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:kernel-firmware-20140807git-5.11.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:ucode-amd-20140807git-5.11.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5383",
"url": "https://www.suse.com/security/cve/CVE-2018-5383"
},
{
"category": "external",
"summary": "SUSE Bug 1104301 for CVE-2018-5383",
"url": "https://bugzilla.suse.com/1104301"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5383",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:kernel-firmware-20140807git-5.11.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:ucode-amd-20140807git-5.11.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:kernel-firmware-20140807git-5.11.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:ucode-amd-20140807git-5.11.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-18T15:26:13Z",
"details": "important"
}
],
"title": "CVE-2018-5383"
}
]
}
suse-su-2019:0466-1
Vulnerability from csaf_suse
Published
2019-02-22 09:52
Modified
2019-02-22 09:52
Summary
Security update for kernel-firmware
Notes
Title of the patch
Security update for kernel-firmware
Description of the patch
This update for kernel-firmware fixes the following issues:
Security issue fixed:
- CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters
were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301).
Patchnames
SUSE-2019-466,SUSE-OpenStack-Cloud-7-2019-466,SUSE-SLE-DESKTOP-12-SP3-2019-466,SUSE-SLE-SAP-12-SP2-2019-466,SUSE-SLE-SERVER-12-SP2-2019-466,SUSE-SLE-SERVER-12-SP2-BCL-2019-466,SUSE-SLE-SERVER-12-SP3-2019-466,SUSE-Storage-4-2019-466
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-firmware",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-firmware fixes the following issues:\n \nSecurity issue fixed:\n\n- CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters \n were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-466,SUSE-OpenStack-Cloud-7-2019-466,SUSE-SLE-DESKTOP-12-SP3-2019-466,SUSE-SLE-SAP-12-SP2-2019-466,SUSE-SLE-SERVER-12-SP2-2019-466,SUSE-SLE-SERVER-12-SP2-BCL-2019-466,SUSE-SLE-SERVER-12-SP3-2019-466,SUSE-Storage-4-2019-466",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0466-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0466-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190466-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0466-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-February/005145.html"
},
{
"category": "self",
"summary": "SUSE Bug 1104301",
"url": "https://bugzilla.suse.com/1104301"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5383 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5383/"
}
],
"title": "Security update for kernel-firmware",
"tracking": {
"current_release_date": "2019-02-22T09:52:49Z",
"generator": {
"date": "2019-02-22T09:52:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0466-1",
"initial_release_date": "2019-02-22T09:52:49Z",
"revision_history": [
{
"date": "2019-02-22T09:52:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-firmware-20170530-21.28.1.noarch",
"product": {
"name": "kernel-firmware-20170530-21.28.1.noarch",
"product_id": "kernel-firmware-20170530-21.28.1.noarch"
}
},
{
"category": "product_version",
"name": "ucode-amd-20170530-21.28.1.noarch",
"product": {
"name": "ucode-amd-20170530-21.28.1.noarch",
"product_id": "ucode-amd-20170530-21.28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20170530-21.28.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:kernel-firmware-20170530-21.28.1.noarch"
},
"product_reference": "kernel-firmware-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20170530-21.28.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ucode-amd-20170530-21.28.1.noarch"
},
"product_reference": "ucode-amd-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:kernel-firmware-20170530-21.28.1.noarch"
},
"product_reference": "kernel-firmware-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:ucode-amd-20170530-21.28.1.noarch"
},
"product_reference": "ucode-amd-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:kernel-firmware-20170530-21.28.1.noarch"
},
"product_reference": "kernel-firmware-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-amd-20170530-21.28.1.noarch"
},
"product_reference": "ucode-amd-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:kernel-firmware-20170530-21.28.1.noarch"
},
"product_reference": "kernel-firmware-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-amd-20170530-21.28.1.noarch"
},
"product_reference": "ucode-amd-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:kernel-firmware-20170530-21.28.1.noarch"
},
"product_reference": "kernel-firmware-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-amd-20170530-21.28.1.noarch"
},
"product_reference": "ucode-amd-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:kernel-firmware-20170530-21.28.1.noarch"
},
"product_reference": "kernel-firmware-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:ucode-amd-20170530-21.28.1.noarch"
},
"product_reference": "ucode-amd-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-firmware-20170530-21.28.1.noarch"
},
"product_reference": "kernel-firmware-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20170530-21.28.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-amd-20170530-21.28.1.noarch"
},
"product_reference": "ucode-amd-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20170530-21.28.1.noarch as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:kernel-firmware-20170530-21.28.1.noarch"
},
"product_reference": "kernel-firmware-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20170530-21.28.1.noarch as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ucode-amd-20170530-21.28.1.noarch"
},
"product_reference": "ucode-amd-20170530-21.28.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-5383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5383"
}
],
"notes": [
{
"category": "general",
"text": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Enterprise Storage 4:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-amd-20170530-21.28.1.noarch",
"SUSE OpenStack Cloud 7:kernel-firmware-20170530-21.28.1.noarch",
"SUSE OpenStack Cloud 7:ucode-amd-20170530-21.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5383",
"url": "https://www.suse.com/security/cve/CVE-2018-5383"
},
{
"category": "external",
"summary": "SUSE Bug 1104301 for CVE-2018-5383",
"url": "https://bugzilla.suse.com/1104301"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5383",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Enterprise Storage 4:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-amd-20170530-21.28.1.noarch",
"SUSE OpenStack Cloud 7:kernel-firmware-20170530-21.28.1.noarch",
"SUSE OpenStack Cloud 7:ucode-amd-20170530-21.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Enterprise Storage 4:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server 12 SP3:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-amd-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kernel-firmware-20170530-21.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-amd-20170530-21.28.1.noarch",
"SUSE OpenStack Cloud 7:kernel-firmware-20170530-21.28.1.noarch",
"SUSE OpenStack Cloud 7:ucode-amd-20170530-21.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-22T09:52:49Z",
"details": "important"
}
],
"title": "CVE-2018-5383"
}
]
}
suse-su-2019:0427-2
Vulnerability from csaf_suse
Published
2019-04-27 13:57
Modified
2019-04-27 13:57
Summary
Security update for kernel-firmware
Notes
Title of the patch
Security update for kernel-firmware
Description of the patch
This update for kernel-firmware fixes the following issues:
Security issue fixed:
- CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters
were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301).
Patchnames
SUSE-2019-427,SUSE-SLE-SAP-12-SP1-2019-427
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-firmware",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-firmware fixes the following issues:\n\t \nSecurity issue fixed:\n\n- CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters \n were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-427,SUSE-SLE-SAP-12-SP1-2019-427",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0427-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0427-2",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190427-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0427-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-April/005381.html"
},
{
"category": "self",
"summary": "SUSE Bug 1104301",
"url": "https://bugzilla.suse.com/1104301"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5383 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5383/"
}
],
"title": "Security update for kernel-firmware",
"tracking": {
"current_release_date": "2019-04-27T13:57:15Z",
"generator": {
"date": "2019-04-27T13:57:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0427-2",
"initial_release_date": "2019-04-27T13:57:15Z",
"revision_history": [
{
"date": "2019-04-27T13:57:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-firmware-20160516git-10.16.1.noarch",
"product": {
"name": "kernel-firmware-20160516git-10.16.1.noarch",
"product_id": "kernel-firmware-20160516git-10.16.1.noarch"
}
},
{
"category": "product_version",
"name": "ucode-amd-20160516git-10.16.1.noarch",
"product": {
"name": "ucode-amd-20160516git-10.16.1.noarch",
"product_id": "ucode-amd-20160516git-10.16.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20160516git-10.16.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kernel-firmware-20160516git-10.16.1.noarch"
},
"product_reference": "kernel-firmware-20160516git-10.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20160516git-10.16.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-amd-20160516git-10.16.1.noarch"
},
"product_reference": "ucode-amd-20160516git-10.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-5383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5383"
}
],
"notes": [
{
"category": "general",
"text": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kernel-firmware-20160516git-10.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-amd-20160516git-10.16.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5383",
"url": "https://www.suse.com/security/cve/CVE-2018-5383"
},
{
"category": "external",
"summary": "SUSE Bug 1104301 for CVE-2018-5383",
"url": "https://bugzilla.suse.com/1104301"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5383",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kernel-firmware-20160516git-10.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-amd-20160516git-10.16.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kernel-firmware-20160516git-10.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-amd-20160516git-10.16.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T13:57:15Z",
"details": "important"
}
],
"title": "CVE-2018-5383"
}
]
}
suse-su-2019:0427-1
Vulnerability from csaf_suse
Published
2019-02-19 08:26
Modified
2019-02-19 08:26
Summary
Security update for kernel-firmware
Notes
Title of the patch
Security update for kernel-firmware
Description of the patch
This update for kernel-firmware fixes the following issues:
Security issue fixed:
- CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters
were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301).
Patchnames
SUSE-2019-427,SUSE-SLE-SERVER-12-SP1-2019-427
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-firmware",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-firmware fixes the following issues:\n\t \nSecurity issue fixed:\n\n- CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters \n were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-427,SUSE-SLE-SERVER-12-SP1-2019-427",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0427-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0427-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190427-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0427-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-February/005134.html"
},
{
"category": "self",
"summary": "SUSE Bug 1104301",
"url": "https://bugzilla.suse.com/1104301"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5383 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5383/"
}
],
"title": "Security update for kernel-firmware",
"tracking": {
"current_release_date": "2019-02-19T08:26:52Z",
"generator": {
"date": "2019-02-19T08:26:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0427-1",
"initial_release_date": "2019-02-19T08:26:52Z",
"revision_history": [
{
"date": "2019-02-19T08:26:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-firmware-20160516git-10.16.1.noarch",
"product": {
"name": "kernel-firmware-20160516git-10.16.1.noarch",
"product_id": "kernel-firmware-20160516git-10.16.1.noarch"
}
},
{
"category": "product_version",
"name": "ucode-amd-20160516git-10.16.1.noarch",
"product": {
"name": "ucode-amd-20160516git-10.16.1.noarch",
"product_id": "ucode-amd-20160516git-10.16.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-firmware-20160516git-10.16.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kernel-firmware-20160516git-10.16.1.noarch"
},
"product_reference": "kernel-firmware-20160516git-10.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-amd-20160516git-10.16.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-amd-20160516git-10.16.1.noarch"
},
"product_reference": "ucode-amd-20160516git-10.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-5383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5383"
}
],
"notes": [
{
"category": "general",
"text": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kernel-firmware-20160516git-10.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-amd-20160516git-10.16.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5383",
"url": "https://www.suse.com/security/cve/CVE-2018-5383"
},
{
"category": "external",
"summary": "SUSE Bug 1104301 for CVE-2018-5383",
"url": "https://bugzilla.suse.com/1104301"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-5383",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kernel-firmware-20160516git-10.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-amd-20160516git-10.16.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kernel-firmware-20160516git-10.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-amd-20160516git-10.16.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-19T08:26:52Z",
"details": "important"
}
],
"title": "CVE-2018-5383"
}
]
}
rhsa-2019_2169
Vulnerability from csaf_redhat
Published
2019-08-06 12:41
Modified
2024-11-22 12:44
Summary
Red Hat Security Advisory: linux-firmware security, bug fix, and enhancement update
Notes
Topic
An update for linux-firmware is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The linux-firmware packages contain all of the firmware files that are required by various devices to operate.
Security Fix(es):
* kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange (CVE-2018-5383)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for linux-firmware is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The linux-firmware packages contain all of the firmware files that are required by various devices to operate.\n\nSecurity Fix(es):\n\n* kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange (CVE-2018-5383)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2169",
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
},
{
"category": "external",
"summary": "1614159",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614159"
},
{
"category": "external",
"summary": "1654809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1654809"
},
{
"category": "external",
"summary": "1671610",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671610"
},
{
"category": "external",
"summary": "1698960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1698960"
},
{
"category": "external",
"summary": "1702330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1702330"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2169.json"
}
],
"title": "Red Hat Security Advisory: linux-firmware security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T12:44:14+00:00",
"generator": {
"date": "2024-11-22T12:44:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:2169",
"initial_release_date": "2019-08-06T12:41:22+00:00",
"revision_history": [
{
"date": "2019-08-06T12:41:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-08-06T12:41:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T12:44:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"product": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"product_id": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl5150-firmware@8.24.2.2-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"product": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"product_id": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl6000g2a-firmware@17.168.5.3-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"product": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"product_id": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl6000g2b-firmware@17.168.5.2-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"product": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"product_id": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl7265-firmware@22.0.7.0-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"product": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"product_id": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl100-firmware@39.31.5.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"product": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"product_id": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl2000-firmware@18.168.6.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"product": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"product_id": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl105-firmware@18.168.6.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"product": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"product_id": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl6000-firmware@9.221.4.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"product": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"product_id": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl1000-firmware@39.31.5.1-72.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"product": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"product_id": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl3160-firmware@22.0.7.0-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"product": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"product_id": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/linux-firmware@20190429-72.gitddde598.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"product": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"product_id": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl7260-firmware@22.0.7.0-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"product": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"product_id": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl135-firmware@18.168.6.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"product": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"product_id": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl3945-firmware@15.32.2.9-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"product": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"product_id": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl4965-firmware@228.61.2.24-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"product": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"product_id": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl5000-firmware@8.83.5.1_1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"product": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"product_id": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl6050-firmware@41.28.5.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"product": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"product_id": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl2030-firmware@18.168.6.1-72.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"product": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"product_id": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/linux-firmware@20190429-72.gitddde598.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch"
},
"product_reference": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch"
},
"product_reference": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch"
},
"product_reference": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch"
},
"product_reference": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch"
},
"product_reference": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch"
},
"product_reference": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch"
},
"product_reference": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch"
},
"product_reference": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch"
},
"product_reference": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch"
},
"product_reference": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch"
},
"product_reference": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch"
},
"product_reference": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch"
},
"product_reference": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch"
},
"product_reference": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch"
},
"product_reference": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch"
},
"product_reference": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch"
},
"product_reference": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch"
},
"product_reference": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch"
},
"product_reference": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch"
},
"product_reference": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch"
},
"product_reference": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch"
},
"product_reference": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch"
},
"product_reference": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch"
},
"product_reference": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch"
},
"product_reference": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch"
},
"product_reference": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch"
},
"product_reference": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch"
},
"product_reference": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch"
},
"product_reference": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch"
},
"product_reference": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch"
},
"product_reference": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch"
},
"product_reference": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"relates_to_product_reference": "7Workstation-7.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-5383",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2018-07-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1614159"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Client-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Client-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Client-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Client-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Client-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Client-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Client-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Client-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7ComputeNode-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7ComputeNode-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7ComputeNode-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7ComputeNode-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Server-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Server-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Server-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Server-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Server-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Server-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Server-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Server-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Server-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Workstation-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Workstation-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Workstation-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Workstation-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Workstation-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Workstation-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Workstation-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Workstation-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Workstation-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5383"
},
{
"category": "external",
"summary": "RHBZ#1614159",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614159"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5383",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5383"
},
{
"category": "external",
"summary": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update",
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"category": "external",
"summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/304725",
"url": "https://www.kb.cert.org/vuls/id/304725"
}
],
"release_date": "2018-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-06T12:41:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Client-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Client-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Client-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Client-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Client-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Client-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Client-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Client-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7ComputeNode-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7ComputeNode-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7ComputeNode-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7ComputeNode-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Server-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Server-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Server-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Server-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Server-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Server-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Server-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Server-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Server-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Workstation-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Workstation-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Workstation-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Workstation-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Workstation-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Workstation-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Workstation-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Workstation-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Workstation-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Client-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Client-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Client-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Client-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Client-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Client-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Client-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Client-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7ComputeNode-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7ComputeNode-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7ComputeNode-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7ComputeNode-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Server-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Server-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Server-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Server-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Server-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Server-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Server-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Server-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Server-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Workstation-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Workstation-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Workstation-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Workstation-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Workstation-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Workstation-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Workstation-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Workstation-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Workstation-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange"
}
]
}
RHSA-2019:2169
Vulnerability from csaf_redhat
Published
2019-08-06 12:41
Modified
2025-10-09 18:33
Summary
Red Hat Security Advisory: linux-firmware security, bug fix, and enhancement update
Notes
Topic
An update for linux-firmware is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The linux-firmware packages contain all of the firmware files that are required by various devices to operate.
Security Fix(es):
* kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange (CVE-2018-5383)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for linux-firmware is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The linux-firmware packages contain all of the firmware files that are required by various devices to operate.\n\nSecurity Fix(es):\n\n* kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange (CVE-2018-5383)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2169",
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
},
{
"category": "external",
"summary": "1614159",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614159"
},
{
"category": "external",
"summary": "1654809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1654809"
},
{
"category": "external",
"summary": "1671610",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671610"
},
{
"category": "external",
"summary": "1698960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1698960"
},
{
"category": "external",
"summary": "1702330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1702330"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2169.json"
}
],
"title": "Red Hat Security Advisory: linux-firmware security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-10-09T18:33:44+00:00",
"generator": {
"date": "2025-10-09T18:33:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2019:2169",
"initial_release_date": "2019-08-06T12:41:22+00:00",
"revision_history": [
{
"date": "2019-08-06T12:41:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-08-06T12:41:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T18:33:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"product": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"product_id": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl5150-firmware@8.24.2.2-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"product": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"product_id": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl6000g2a-firmware@17.168.5.3-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"product": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"product_id": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl6000g2b-firmware@17.168.5.2-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"product": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"product_id": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl7265-firmware@22.0.7.0-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"product": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"product_id": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl100-firmware@39.31.5.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"product": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"product_id": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl2000-firmware@18.168.6.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"product": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"product_id": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl105-firmware@18.168.6.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"product": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"product_id": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl6000-firmware@9.221.4.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"product": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"product_id": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl1000-firmware@39.31.5.1-72.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"product": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"product_id": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl3160-firmware@22.0.7.0-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"product": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"product_id": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/linux-firmware@20190429-72.gitddde598.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"product": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"product_id": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl7260-firmware@22.0.7.0-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"product": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"product_id": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl135-firmware@18.168.6.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"product": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"product_id": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl3945-firmware@15.32.2.9-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"product": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"product_id": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl4965-firmware@228.61.2.24-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"product": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"product_id": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl5000-firmware@8.83.5.1_1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"product": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"product_id": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl6050-firmware@41.28.5.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"product": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"product_id": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl2030-firmware@18.168.6.1-72.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"product": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"product_id": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/linux-firmware@20190429-72.gitddde598.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch"
},
"product_reference": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch"
},
"product_reference": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch"
},
"product_reference": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch"
},
"product_reference": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch"
},
"product_reference": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch"
},
"product_reference": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch"
},
"product_reference": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch"
},
"product_reference": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch"
},
"product_reference": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch"
},
"product_reference": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch"
},
"product_reference": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch"
},
"product_reference": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch"
},
"product_reference": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch"
},
"product_reference": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch"
},
"product_reference": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch"
},
"product_reference": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch"
},
"product_reference": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch"
},
"product_reference": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch"
},
"product_reference": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch"
},
"product_reference": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch"
},
"product_reference": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch"
},
"product_reference": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch"
},
"product_reference": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch"
},
"product_reference": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch"
},
"product_reference": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch"
},
"product_reference": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch"
},
"product_reference": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch"
},
"product_reference": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch"
},
"product_reference": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch"
},
"product_reference": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch"
},
"product_reference": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch"
},
"product_reference": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"relates_to_product_reference": "7Workstation-7.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-5383",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2018-07-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1614159"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Client-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Client-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Client-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Client-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Client-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Client-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Client-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Client-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7ComputeNode-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7ComputeNode-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7ComputeNode-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7ComputeNode-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Server-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Server-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Server-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Server-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Server-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Server-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Server-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Server-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Server-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Workstation-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Workstation-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Workstation-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Workstation-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Workstation-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Workstation-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Workstation-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Workstation-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Workstation-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5383"
},
{
"category": "external",
"summary": "RHBZ#1614159",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614159"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5383",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5383"
},
{
"category": "external",
"summary": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update",
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"category": "external",
"summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/304725",
"url": "https://www.kb.cert.org/vuls/id/304725"
}
],
"release_date": "2018-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-06T12:41:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Client-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Client-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Client-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Client-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Client-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Client-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Client-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Client-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7ComputeNode-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7ComputeNode-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7ComputeNode-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7ComputeNode-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Server-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Server-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Server-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Server-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Server-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Server-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Server-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Server-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Server-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Workstation-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Workstation-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Workstation-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Workstation-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Workstation-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Workstation-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Workstation-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Workstation-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Workstation-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Client-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Client-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Client-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Client-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Client-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Client-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Client-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Client-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7ComputeNode-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7ComputeNode-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7ComputeNode-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7ComputeNode-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Server-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Server-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Server-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Server-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Server-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Server-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Server-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Server-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Server-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Workstation-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Workstation-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Workstation-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Workstation-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Workstation-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Workstation-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Workstation-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Workstation-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Workstation-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange"
}
]
}
rhsa-2019:2169
Vulnerability from csaf_redhat
Published
2019-08-06 12:41
Modified
2025-10-09 18:33
Summary
Red Hat Security Advisory: linux-firmware security, bug fix, and enhancement update
Notes
Topic
An update for linux-firmware is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The linux-firmware packages contain all of the firmware files that are required by various devices to operate.
Security Fix(es):
* kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange (CVE-2018-5383)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for linux-firmware is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The linux-firmware packages contain all of the firmware files that are required by various devices to operate.\n\nSecurity Fix(es):\n\n* kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange (CVE-2018-5383)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:2169",
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
},
{
"category": "external",
"summary": "1614159",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614159"
},
{
"category": "external",
"summary": "1654809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1654809"
},
{
"category": "external",
"summary": "1671610",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671610"
},
{
"category": "external",
"summary": "1698960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1698960"
},
{
"category": "external",
"summary": "1702330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1702330"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2169.json"
}
],
"title": "Red Hat Security Advisory: linux-firmware security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-10-09T18:33:44+00:00",
"generator": {
"date": "2025-10-09T18:33:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2019:2169",
"initial_release_date": "2019-08-06T12:41:22+00:00",
"revision_history": [
{
"date": "2019-08-06T12:41:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-08-06T12:41:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T18:33:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"product": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"product_id": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl5150-firmware@8.24.2.2-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"product": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"product_id": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl6000g2a-firmware@17.168.5.3-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"product": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"product_id": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl6000g2b-firmware@17.168.5.2-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"product": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"product_id": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl7265-firmware@22.0.7.0-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"product": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"product_id": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl100-firmware@39.31.5.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"product": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"product_id": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl2000-firmware@18.168.6.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"product": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"product_id": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl105-firmware@18.168.6.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"product": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"product_id": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl6000-firmware@9.221.4.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"product": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"product_id": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl1000-firmware@39.31.5.1-72.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"product": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"product_id": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl3160-firmware@22.0.7.0-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"product": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"product_id": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/linux-firmware@20190429-72.gitddde598.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"product": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"product_id": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl7260-firmware@22.0.7.0-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"product": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"product_id": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl135-firmware@18.168.6.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"product": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"product_id": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl3945-firmware@15.32.2.9-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"product": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"product_id": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl4965-firmware@228.61.2.24-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"product": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"product_id": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl5000-firmware@8.83.5.1_1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"product": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"product_id": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl6050-firmware@41.28.5.1-72.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"product": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"product_id": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/iwl2030-firmware@18.168.6.1-72.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"product": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"product_id": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/linux-firmware@20190429-72.gitddde598.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch"
},
"product_reference": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch"
},
"product_reference": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch"
},
"product_reference": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch"
},
"product_reference": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch"
},
"product_reference": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch"
},
"product_reference": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch"
},
"product_reference": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch"
},
"product_reference": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"relates_to_product_reference": "7Client-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch"
},
"product_reference": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch"
},
"product_reference": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch"
},
"product_reference": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch"
},
"product_reference": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch"
},
"product_reference": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch"
},
"product_reference": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch"
},
"product_reference": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch"
},
"product_reference": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"relates_to_product_reference": "7ComputeNode-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch"
},
"product_reference": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch"
},
"product_reference": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch"
},
"product_reference": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch"
},
"product_reference": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch"
},
"product_reference": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch"
},
"product_reference": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch"
},
"product_reference": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch"
},
"product_reference": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"relates_to_product_reference": "7Server-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl100-firmware-0:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch"
},
"product_reference": "iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl105-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl135-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch"
},
"product_reference": "iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch"
},
"product_reference": "iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch"
},
"product_reference": "iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch"
},
"product_reference": "iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch"
},
"product_reference": "iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch"
},
"product_reference": "iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch"
},
"product_reference": "iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch"
},
"product_reference": "iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch"
},
"product_reference": "iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch"
},
"product_reference": "iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"relates_to_product_reference": "7Workstation-7.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-firmware-0:20190429-72.gitddde598.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
},
"product_reference": "linux-firmware-0:20190429-72.gitddde598.el7.src",
"relates_to_product_reference": "7Workstation-7.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-5383",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2018-07-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1614159"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Client-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Client-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Client-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Client-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Client-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Client-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Client-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Client-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7ComputeNode-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7ComputeNode-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7ComputeNode-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7ComputeNode-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Server-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Server-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Server-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Server-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Server-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Server-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Server-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Server-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Server-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Workstation-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Workstation-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Workstation-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Workstation-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Workstation-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Workstation-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Workstation-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Workstation-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Workstation-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5383"
},
{
"category": "external",
"summary": "RHBZ#1614159",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614159"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5383",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5383"
},
{
"category": "external",
"summary": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update",
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"category": "external",
"summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/304725",
"url": "https://www.kb.cert.org/vuls/id/304725"
}
],
"release_date": "2018-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-08-06T12:41:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Client-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Client-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Client-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Client-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Client-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Client-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Client-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Client-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7ComputeNode-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7ComputeNode-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7ComputeNode-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7ComputeNode-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Server-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Server-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Server-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Server-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Server-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Server-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Server-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Server-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Server-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Workstation-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Workstation-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Workstation-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Workstation-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Workstation-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Workstation-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Workstation-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Workstation-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Workstation-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Client-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Client-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Client-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Client-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Client-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Client-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Client-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Client-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Client-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Client-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Client-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7ComputeNode-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7ComputeNode-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7ComputeNode-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7ComputeNode-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7ComputeNode-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7ComputeNode-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7ComputeNode-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7ComputeNode-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7ComputeNode-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Server-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Server-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Server-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Server-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Server-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Server-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Server-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Server-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Server-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Server-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Server-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Server-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src",
"7Workstation-7.7:iwl100-firmware-0:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl1000-firmware-1:39.31.5.1-72.el7.noarch",
"7Workstation-7.7:iwl105-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl135-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2000-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl2030-firmware-0:18.168.6.1-72.el7.noarch",
"7Workstation-7.7:iwl3160-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl3945-firmware-0:15.32.2.9-72.el7.noarch",
"7Workstation-7.7:iwl4965-firmware-0:228.61.2.24-72.el7.noarch",
"7Workstation-7.7:iwl5000-firmware-0:8.83.5.1_1-72.el7.noarch",
"7Workstation-7.7:iwl5150-firmware-0:8.24.2.2-72.el7.noarch",
"7Workstation-7.7:iwl6000-firmware-0:9.221.4.1-72.el7.noarch",
"7Workstation-7.7:iwl6000g2a-firmware-0:17.168.5.3-72.el7.noarch",
"7Workstation-7.7:iwl6000g2b-firmware-0:17.168.5.2-72.el7.noarch",
"7Workstation-7.7:iwl6050-firmware-0:41.28.5.1-72.el7.noarch",
"7Workstation-7.7:iwl7260-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:iwl7265-firmware-0:22.0.7.0-72.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.noarch",
"7Workstation-7.7:linux-firmware-0:20190429-72.gitddde598.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange"
}
]
}
gsd-2018-5383
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-5383",
"description": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.",
"id": "GSD-2018-5383",
"references": [
"https://www.suse.com/security/cve/CVE-2018-5383.html",
"https://access.redhat.com/errata/RHSA-2019:2169",
"https://ubuntu.com/security/CVE-2018-5383"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-5383"
],
"details": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.",
"id": "GSD-2018-5383",
"modified": "2023-12-13T01:22:39.623389Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2018-07-03T04:00:00.000Z",
"ID": "CVE-2018-5383",
"STATE": "PUBLIC",
"TITLE": "Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_name": "10.13 High Sierra",
"version_value": "10.13.6"
}
]
}
},
{
"product_name": "iOS",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_name": "11",
"version_value": "11.4"
}
]
}
}
]
},
"vendor_name": "Apple"
},
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_value": "2018-06-05 patch level"
}
]
}
}
]
},
"vendor_name": "Android Open Source Project"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lior Neumann and Eli Biham of the Techion Israel Institute of Technology"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-325"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.technion.ac.il/~biham/BT/",
"refsource": "MISC",
"url": "http://www.cs.technion.ac.il/~biham/BT/"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
},
{
"name": "VU#304725",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"name": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update",
"refsource": "CONFIRM",
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"name": "104879",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104879"
},
{
"name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"name": "RHSA-2019:2169",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"name": "USN-4094-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4095-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"name": "USN-4095-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"name": "USN-4118-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "USN-4351-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4351-1/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.13",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2018-5383"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#304725",
"refsource": "CERT-VN",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"name": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"name": "http://www.cs.technion.ac.il/~biham/BT/",
"refsource": "MISC",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.cs.technion.ac.il/~biham/BT/"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041432"
},
{
"name": "104879",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104879"
},
{
"name": "[debian-lts-announce] 20190402 [SECURITY] [DLA 1747-1] firmware-nonfree security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"name": "RHSA-2019:2169",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"name": "USN-4094-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4095-2",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"name": "USN-4095-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"name": "USN-4118-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "USN-4351-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4351-1/"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
},
"lastModifiedDate": "2019-10-03T00:03Z",
"publishedDate": "2018-08-07T21:29Z"
}
}
}
cnvd-2018-21103
Vulnerability from cnvd
Title
Bluetooth安全绕过漏洞
Description
Bluetooth是一种无线技术标准,它能够实现固定设备、移动设备和楼宇个人域网之间的短距离数据交换。
Bluetooth的实现存在安全漏洞,该漏洞源于程序未能充分的验证椭圆曲线参数。远程攻击者可利用该漏洞获取加密密钥,进而拦截并解密设备信息,伪造并注入恶意的消息。
Severity
高
VLAI Severity ?
Patch Name
Bluetooth安全绕过漏洞的补丁
Patch Description
Bluetooth是一种无线技术标准,它能够实现固定设备、移动设备和楼宇个人域网之间的短距离数据交换。
Bluetooth的实现存在安全漏洞,该漏洞源于程序未能充分的验证椭圆曲线参数。远程攻击者可利用该漏洞获取加密密钥,进而拦截并解密设备信息,伪造并注入恶意的消息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update
Reference
https://www.kb.cert.org/vuls/id/304725
Impacted products
| Name | Bluetooth Bluetooth |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-5383"
}
},
"description": "Bluetooth\u662f\u4e00\u79cd\u65e0\u7ebf\u6280\u672f\u6807\u51c6\uff0c\u5b83\u80fd\u591f\u5b9e\u73b0\u56fa\u5b9a\u8bbe\u5907\u3001\u79fb\u52a8\u8bbe\u5907\u548c\u697c\u5b87\u4e2a\u4eba\u57df\u7f51\u4e4b\u95f4\u7684\u77ed\u8ddd\u79bb\u6570\u636e\u4ea4\u6362\u3002\r\n\r\nBluetooth\u7684\u5b9e\u73b0\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u9a8c\u8bc1\u692d\u5706\u66f2\u7ebf\u53c2\u6570\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u52a0\u5bc6\u5bc6\u94a5\uff0c\u8fdb\u800c\u62e6\u622a\u5e76\u89e3\u5bc6\u8bbe\u5907\u4fe1\u606f\uff0c\u4f2a\u9020\u5e76\u6ce8\u5165\u6076\u610f\u7684\u6d88\u606f\u3002",
"discovererName": "Lior Neumann and Eli Biham.",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5:\r\nhttps://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-21103",
"openTime": "2018-10-17",
"patchDescription": "Bluetooth\u662f\u4e00\u79cd\u65e0\u7ebf\u6280\u672f\u6807\u51c6\uff0c\u5b83\u80fd\u591f\u5b9e\u73b0\u56fa\u5b9a\u8bbe\u5907\u3001\u79fb\u52a8\u8bbe\u5907\u548c\u697c\u5b87\u4e2a\u4eba\u57df\u7f51\u4e4b\u95f4\u7684\u77ed\u8ddd\u79bb\u6570\u636e\u4ea4\u6362\u3002\r\n\r\nBluetooth\u7684\u5b9e\u73b0\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u9a8c\u8bc1\u692d\u5706\u66f2\u7ebf\u53c2\u6570\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u52a0\u5bc6\u5bc6\u94a5\uff0c\u8fdb\u800c\u62e6\u622a\u5e76\u89e3\u5bc6\u8bbe\u5907\u4fe1\u606f\uff0c\u4f2a\u9020\u5e76\u6ce8\u5165\u6076\u610f\u7684\u6d88\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Bluetooth\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Bluetooth Bluetooth"
},
"referenceLink": "https://www.kb.cert.org/vuls/id/304725",
"serverity": "\u9ad8",
"submitTime": "2018-07-27",
"title": "Bluetooth\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}
ghsa-3jm5-8qwr-jvwm
Vulnerability from github
Published
2022-05-13 01:52
Modified
2022-05-13 01:52
Severity ?
VLAI Severity ?
Details
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
{
"affected": [],
"aliases": [
"CVE-2018-5383"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-07T21:29:00Z",
"severity": "MODERATE"
},
"details": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.",
"id": "GHSA-3jm5-8qwr-jvwm",
"modified": "2022-05-13T01:52:48Z",
"published": "2022-05-13T01:52:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5383"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4094-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4095-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4095-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4118-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4351-1"
},
{
"type": "WEB",
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"type": "WEB",
"url": "http://www.cs.technion.ac.il/~biham/BT"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104879"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041432"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
fkie_cve-2018-5383
Vulnerability from fkie_nvd
Published
2018-08-07 21:29
Modified
2024-11-21 04:08
Severity ?
8.0 (High) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://www.cs.technion.ac.il/~biham/BT/ | Mitigation, Third Party Advisory | |
| cret@cert.org | http://www.securityfocus.com/bid/104879 | Third Party Advisory, VDB Entry | |
| cret@cert.org | http://www.securitytracker.com/id/1041432 | Third Party Advisory, VDB Entry | |
| cret@cert.org | https://access.redhat.com/errata/RHSA-2019:2169 | ||
| cret@cert.org | https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html | ||
| cret@cert.org | https://usn.ubuntu.com/4094-1/ | ||
| cret@cert.org | https://usn.ubuntu.com/4095-1/ | ||
| cret@cert.org | https://usn.ubuntu.com/4095-2/ | ||
| cret@cert.org | https://usn.ubuntu.com/4118-1/ | ||
| cret@cert.org | https://usn.ubuntu.com/4351-1/ | ||
| cret@cert.org | https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update | Vendor Advisory | |
| cret@cert.org | https://www.kb.cert.org/vuls/id/304725 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cs.technion.ac.il/~biham/BT/ | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104879 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041432 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2169 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4094-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4095-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4095-2/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4118-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4351-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/304725 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "618A2297-91F6-4533-B345-1620635CDA93",
"versionEndExcluding": "11.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "089EFF21-6A9B-40E4-9154-44174E26D5B5",
"versionEndExcluding": "10.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device."
},
{
"lang": "es",
"value": "El firmware bluetooth o los controladores de software del sistema operativo en versiones de macOS anteriores a la 10.13, versiones High Sierra e iOS anteriores a la 11.4 y versiones de Android anteriores al parche del 05/06/2018, podr\u00edan no validar lo suficiente par\u00e1metros de curva el\u00edptica empleados para generar claves p\u00fablicas durante un intercambio de claves Diffie-Hellman, lo que podr\u00eda permitir que un atacante remoto obtenga la clave de cifrado empleada por el dispositivo."
}
],
"id": "CVE-2018-5383",
"lastModified": "2024-11-21T04:08:42.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.8,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-07T21:29:00.287",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.cs.technion.ac.il/~biham/BT/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104879"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041432"
},
{
"source": "cret@cert.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"source": "cret@cert.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"source": "cret@cert.org",
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"source": "cret@cert.org",
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"source": "cret@cert.org",
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"source": "cret@cert.org",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"source": "cret@cert.org",
"url": "https://usn.ubuntu.com/4351-1/"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.cs.technion.ac.il/~biham/BT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4351-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/304725"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-325"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201808-1004
Vulnerability from variot
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Insufficient encryption processing (CWE-325) - CVE-2018-5383 Bluetooth Then, elliptic curve Diffie-Hellman key sharing (ECDH) It defines a device pairing mechanism based on technology. In this method, each pair to be paired prepares a key pair consisting of a private key and a public key. When pairing starts, each other's public key is exchanged, and each private key is generated using the private key of the other party and the public key of the other party. The parameters of the elliptic curve encryption to be used must be agreed in advance. Bluetooth The specification recommends that you verify that the public key you received from the other party is appropriate, but it was not required. "Invalid Curve Attack" Or "Invalid Point Attack" In an attack technique called, it is pointed out that searching for a secret key is much easier if a shared key is generated without confirming that the public key received from the other party is appropriate. It is. Some implementations process without verifying the public key received from the other party, Bluetooth If a public key crafted by a third party that exists within the communication distance of is injected, there is a possibility that the secret key is obtained with a high probability. As a result, there is a possibility that the communication contents will be obtained or altered. Secure Connections Pairing Mode and Simple Secure Paring Both modes are affected. Bluetooth SIG Let's make it necessary to verify the received public key. Bluetooth While updating the specifications of Bluetooth Qualification Program Added a test item in this case. Bluetooth SIG See the announcement. Bluetooth SIG Announcement https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-updateBluetooth Man-in-the-middle attack by third parties within the communication range (man-in-the-middle attack) If this is done, you may be able to obtain the private key used by the device. As a result, communication content between devices may be obtained or falsified. Bluetooth is a wireless technology standard that enables short-range data exchange between fixed and mobile devices and personal area networks in buildings. The following systems are affected: macOS prior to 10.13; macOS High Sierra prior to 11.4; iOS prior to 11.4; Android prior to Patch 2018-06-05. CVE-2018-4249: Kevin Backhouse of Semmle Ltd. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2018-9-24-6 Additional information for APPLE-SA-2018-9-17-3 tvOS 12
tvOS 12 addresses the following:
Auto Unlock Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to access local users AppleIDs Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Entry added September 24, 2018
Bluetooth Available for: Apple TV (4th generation) Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham
iTunes Store Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4336: Brandon Azad CVE-2018-4344: The UK's National Cyber Security Centre (NCSC) Entry added September 24, 2018
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation. CVE-2018-4363: Ian Beer of Google Project Zero
Safari Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)
Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4197: Ivan Fratric of Google Project Zero CVE-2018-4306: Ivan Fratric of Google Project Zero CVE-2018-4312: Ivan Fratric of Google Project Zero CVE-2018-4314: Ivan Fratric of Google Project Zero CVE-2018-4315: Ivan Fratric of Google Project Zero CVE-2018-4317: Ivan Fratric of Google Project Zero CVE-2018-4318: Ivan Fratric of Google Project Zero Entry added September 24, 2018
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious website may exfiltrate image data cross-origin Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. CVE-2018-4345: an anonymous researcher Entry added September 24, 2018
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Unexpected interaction causes an ASSERT failure Description: A memory corruption issue was addressed with improved validation. CVE-2018-4191: found by OSS-Fuzz Entry added September 24, 2018
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team Entry added September 24, 2018
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative CVE-2018-4323: Ivan Fratric of Google Project Zero CVE-2018-4328: Ivan Fratric of Google Project Zero CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative CVE-2018-4359: Samuel GroA (@5aelo) Entry added September 24, 2018
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious website may be able to execute scripts in the context of another website Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative Entry added September 24, 2018
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Unexpected interaction causes an ASSERT failure Description: A memory consumption issue was addressed with improved memory handling. CVE-2018-4361: found by Google OSS-Fuzz Entry added September 24, 2018
Additional recognition
Assets We would like to acknowledge Brandon Azad for their assistance.
Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.
Sandbox Profiles We would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance.
SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.
WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, and Zach Malone of CA Technologies for their assistance.
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."
To check the current version of software, select "Settings -> General -> About."
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlupFUMACgkQeC9tht7T K3H35Q//UwJyTZpRVx33z/T3GxYfFX9dxg2fwdkVFxCGWR/yGCL/pMwNH/UwerQH qcdzG3VopySXXJy/goEJD+w+f8QNtueysfE7+MrYvogVD1OVALDc0xaZvudKmSoo d0APBDtlkkLn4evwwpIYfl6Ikje/j40ZOfzSZ8+9hsoq6b+tkhSo8UC+hphUBi4L lMshXi5OmekimBWgGdPGN77UQoFAJriMQHLppQ4x46qHuiMSAKHeCz+AdL4Xk1dh fzdbizI4p7CssUzJHOPU61NPB28AoPsVJ8yEQpKDvHcnkPxtgtAzoIBWl0MwUCXg OaT+8poN/HsMVJYtM2vi322IJGfMtcWtU/TJ1TbhAih6Bal2paIEj4zBirEXc9sF dQyWB+EB8h+g4MtXyo6ax7OyO3UmRsISyCQhCNKWhXjTt4/9Q6xMbGxfW6X7EtHN mgM/74rqkM53Tfy3kqywBDi90v4aNMUGdbYcK3YJldayW++K2J6OtxZZmflfYkbU GTnAaEFIa0dLX/e+uqGRtz2F0K8mr9/9VwiwrH3et2FALvU6RyFLX7jqnKFyGpUp LdXH6Mz6xBYS7Rg2vKVjUsHXlutpknmDxyx8Orirgb2gNHN97w8GDCnmOAd2euoL HZdlwhs4SLaLqyNegbG3y3MD7gK8oRTZx3tXeJRmYV6UGp+d9QI= =pj7d -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: linux-firmware security, bug fix, and enhancement update Advisory ID: RHSA-2019:2169-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2169 Issue date: 2019-08-06 CVE Names: CVE-2018-5383 ==================================================================== 1. Summary:
An update for linux-firmware is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch
- Description:
The linux-firmware packages contain all of the firmware files that are required by various devices to operate.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm
noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm
noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm
noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm
noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXUl4n9zjgjWX9erEAQhAkw/+KcXoF0PnrjblvVm7NoR+6+Ap/0Q/ZA76 Q/lTMgCH2fhDPQov/S6l0uzlvrxzjcN2uQW/mM/XvaKgHX316q1Byj/ul74pfLGE ZfsmAfPeFy4YYSMOnzeFiE8lzbzM203JpiGCC0wS8Mm+oz13Bn6gwkZI3P3R4m3l LvPZ8AjMWXSRbdNDsxO+PONz9lsNQEEDspUKvdy3x2omdNCt8QPp1gIsP8lKM8g1 KIkJCwE0OkUrYOm9KEU3kNM1Nifx8LNjC+bdLMEgXMDtQiDdF085BrnXm10HYTAy DuGsE5Htep5balUiMOcR/Y4rb4r/fWfyRQNWG4H0RIduOCBTIDIcj3L/yKo/OU+t 15fe/S8OS14F8v2fsNEdrmmdFK12WiRzNozD/ZBbBklorTMvCrFrhQ9ZDIlD2ue/ RyoF4Zz5sCTP5NFQeYBEphU934UpHEc4VRZcrr4Rh86kS+0tWTrLZRE4Mx25jTjf TO72X8QlaGbOMtoErnZVmTVPUAJJMrZ5WBzrTZFOJrtnPsMAccvbNdfp/Ky30blh FHTMAVsVkZoRw8zayr8mSm3xCIY7B56hM0Ss42RSqO1f9KDeHAtbaVf1f4fuMr4E uZjw2Ma15KdNAGoOLgS941af276a9jRbHPrAmr3JWcTQb9osZFeoMcOOkikZgXtW hT1DU8n0QFA\xf9to -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-4094-1 August 13, 2019
linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux: Linux kernel - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement (HWE) kernel
Details:
It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053)
Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093)
Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616, CVE-2018-13096, CVE-2018-13098, CVE-2018-14615)
Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14609)
Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617)
Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862)
Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169)
It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. An attacker could use this to expose sensitive information. (CVE-2018-5383)
It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126)
Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125)
It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614)
It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818)
It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819)
It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984)
Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233)
Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272)
It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024)
It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101)
It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846)
It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: linux-image-4.15.0-1021-oracle 4.15.0-1021.23 linux-image-4.15.0-1040-gcp 4.15.0-1040.42 linux-image-4.15.0-1040-gke 4.15.0-1040.42 linux-image-4.15.0-1042-kvm 4.15.0-1042.42 linux-image-4.15.0-1043-raspi2 4.15.0-1043.46 linux-image-4.15.0-1050-oem 4.15.0-1050.57 linux-image-4.15.0-1060-snapdragon 4.15.0-1060.66 linux-image-4.15.0-58-generic 4.15.0-58.64 linux-image-4.15.0-58-generic-lpae 4.15.0-58.64 linux-image-4.15.0-58-lowlatency 4.15.0-58.64 linux-image-gcp 4.15.0.1040.42 linux-image-generic 4.15.0.58.60 linux-image-generic-lpae 4.15.0.58.60 linux-image-gke 4.15.0.1040.43 linux-image-gke-4.15 4.15.0.1040.43 linux-image-kvm 4.15.0.1042.42 linux-image-lowlatency 4.15.0.58.60 linux-image-oem 4.15.0.1050.54 linux-image-oracle 4.15.0.1021.24 linux-image-powerpc-e500mc 4.15.0.58.60 linux-image-powerpc-smp 4.15.0.58.60 linux-image-powerpc64-emb 4.15.0.58.60 linux-image-powerpc64-smp 4.15.0.58.60 linux-image-raspi2 4.15.0.1043.41 linux-image-snapdragon 4.15.0.1060.63 linux-image-virtual 4.15.0.58.60
Ubuntu 16.04 LTS: linux-image-4.15.0-1021-oracle 4.15.0-1021.23~16.04.1 linux-image-4.15.0-1040-gcp 4.15.0-1040.42~16.04.1 linux-image-4.15.0-1055-azure 4.15.0-1055.60 linux-image-4.15.0-58-generic 4.15.0-58.64~16.04.1 linux-image-4.15.0-58-generic-lpae 4.15.0-58.64~16.04.1 linux-image-4.15.0-58-lowlatency 4.15.0-58.64~16.04.1 linux-image-azure 4.15.0.1055.58 linux-image-gcp 4.15.0.1040.54 linux-image-generic-hwe-16.04 4.15.0.58.79 linux-image-generic-lpae-hwe-16.04 4.15.0.58.79 linux-image-gke 4.15.0.1040.54 linux-image-lowlatency-hwe-16.04 4.15.0.58.79 linux-image-oem 4.15.0.58.79 linux-image-oracle 4.15.0.1021.15 linux-image-virtual-hwe-16.04 4.15.0.58.79
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://usn.ubuntu.com/4094-1 CVE-2018-13053, CVE-2018-13093, CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616, CVE-2018-14617, CVE-2018-16862, CVE-2018-20169, CVE-2018-20511, CVE-2018-20856, CVE-2018-5383, CVE-2019-10126, CVE-2019-1125, CVE-2019-12614, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13233, CVE-2019-13272, CVE-2019-2024, CVE-2019-2101, CVE-2019-3846
Package Information: https://launchpad.net/ubuntu/+source/linux/4.15.0-58.64 https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42 https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1040.42 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1042.42 https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1050.57 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23 https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1043.46 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1060.66 https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1055.60 https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42~16.04.1 https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-58.64~16.04.1 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23~16.04.1 . CVE-2018-4285: Mohamed Ghannam (@_simo36)
Bluetooth Available for: MacBook Pro (15-inch, 2018), and MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports) Other Mac models were addressed with macOS High Sierra 10.13.5. CVE-2018-5383: Lior Neumann and Eli Biham
CFNetwork Available for: macOS High Sierra 10.13.5 Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks. CVE-2018-4283: @panicaII working with Trend Micro's Zero Day Initiative
Kernel Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: Systems using IntelA(r) Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel Description: Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value. CVE-2018-4248: Brandon Azad
LinkPresentation Available for: macOS High Sierra 10.13.5 Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com)
Perl Available for: macOS High Sierra 10.13.5 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling.
Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-1004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "7.1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "8.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "6.0.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "6.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "8.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "7.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "7.1.1"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.13"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "android open source",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cypress semiconductor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qualcomm incorporated",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#304725"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005730"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:misc:multiple_vendors",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005730"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu,Red Hat",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
}
],
"trust": 0.6
},
"cve": "CVE-2018-5383",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2018-5383",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 7.3,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 5.7,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 5.5,
"id": "CVE-2018-5383",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:A/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "None",
"baseScore": 7.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-005730",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-135414",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2018-5383",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "cret@cert.org",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2018-5383",
"impactScore": 5.8,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "JPCERT/CC",
"availabilityImpact": "None",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-005730",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-5383",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cret@cert.org",
"id": "CVE-2018-5383",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-5383",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-005730",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1882",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-135414",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-5383",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#304725"
},
{
"db": "VULHUB",
"id": "VHN-135414"
},
{
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005730"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Insufficient encryption processing (CWE-325) - CVE-2018-5383 Bluetooth Then, elliptic curve Diffie-Hellman key sharing (ECDH) It defines a device pairing mechanism based on technology. In this method, each pair to be paired prepares a key pair consisting of a private key and a public key. When pairing starts, each other\u0027s public key is exchanged, and each private key is generated using the private key of the other party and the public key of the other party. The parameters of the elliptic curve encryption to be used must be agreed in advance. Bluetooth The specification recommends that you verify that the public key you received from the other party is appropriate, but it was not required. \"Invalid Curve Attack\" Or \"Invalid Point Attack\" In an attack technique called, it is pointed out that searching for a secret key is much easier if a shared key is generated without confirming that the public key received from the other party is appropriate. It is. Some implementations process without verifying the public key received from the other party, Bluetooth If a public key crafted by a third party that exists within the communication distance of is injected, there is a possibility that the secret key is obtained with a high probability. As a result, there is a possibility that the communication contents will be obtained or altered. Secure Connections Pairing Mode and Simple Secure Paring Both modes are affected. Bluetooth SIG Let\u0027s make it necessary to verify the received public key. Bluetooth While updating the specifications of Bluetooth Qualification Program Added a test item in this case. Bluetooth SIG See the announcement. Bluetooth SIG Announcement https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-updateBluetooth Man-in-the-middle attack by third parties within the communication range (man-in-the-middle attack) If this is done, you may be able to obtain the private key used by the device. As a result, communication content between devices may be obtained or falsified. Bluetooth is a wireless technology standard that enables short-range data exchange between fixed and mobile devices and personal area networks in buildings. The following systems are affected: macOS prior to 10.13; macOS High Sierra prior to 11.4; iOS prior to 11.4; Android prior to Patch 2018-06-05. \nCVE-2018-4249: Kevin Backhouse of Semmle Ltd. \nCVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2018-9-24-6 Additional information for\nAPPLE-SA-2018-9-17-3 tvOS 12\n\ntvOS 12 addresses the following:\n\nAuto Unlock\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious application may be able to access local users\nAppleIDs\nDescription: A validation issue existed in the entitlement\nverification. This issue was addressed with improved validation of\nthe process entitlement. \nCVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. \nEntry added September 24, 2018\n\nBluetooth\nAvailable for: Apple TV (4th generation)\nImpact: An attacker in a privileged network position may be able to\nintercept Bluetooth traffic\nDescription: An input validation issue existed in Bluetooth. This\nissue was addressed with improved input validation. \nCVE-2018-5383: Lior Neumann and Eli Biham\n\niTunes Store\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An attacker in a privileged network position may be able to\nspoof password prompts in the iTunes Store\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2018-4305: Jerry Decime\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4336: Brandon Azad\nCVE-2018-4344: The UK\u0027s National Cyber Security Centre (NCSC)\nEntry added September 24, 2018\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An application may be able to read restricted memory\nDescription: An input validation issue existed in the kernel. This\nissue was addressed with improved input validation. \nCVE-2018-4363: Ian Beer of Google Project Zero\n\nSafari\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A local user may be able to discover websites a user has\nvisited\nDescription: A consistency issue existed in the handling of\napplication snapshots. The issue was addressed with improved handling\nof application snapshots. \nCVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu\nof Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye,\nMehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug\nKarakaya of Kaliptus Medical Organization, Vinodh Swami of Western\nGovernor\u0027s University (WGU)\n\nSecurity\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An attacker may be able to exploit weaknesses in the RC4\ncryptographic algorithm\nDescription: This issue was addressed by removing RC4. \nCVE-2016-1777: Pepi Zawodsky\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2018-4197: Ivan Fratric of Google Project Zero\nCVE-2018-4306: Ivan Fratric of Google Project Zero\nCVE-2018-4312: Ivan Fratric of Google Project Zero\nCVE-2018-4314: Ivan Fratric of Google Project Zero\nCVE-2018-4315: Ivan Fratric of Google Project Zero\nCVE-2018-4317: Ivan Fratric of Google Project Zero\nCVE-2018-4318: Ivan Fratric of Google Project Zero\nEntry added September 24, 2018\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious website may exfiltrate image data cross-origin\nDescription: A cross-site scripting issue existed in Safari. This\nissue was addressed with improved URL validation. \nCVE-2018-4345: an anonymous researcher\nEntry added September 24, 2018\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Unexpected interaction causes an ASSERT failure\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2018-4191: found by OSS-Fuzz\nEntry added September 24, 2018\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan\nTeam\nEntry added September 24, 2018\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro\u0027s Zero\nDay Initiative\nCVE-2018-4323: Ivan Fratric of Google Project Zero\nCVE-2018-4328: Ivan Fratric of Google Project Zero\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with\nTrend Micro\u0027s Zero Day Initiative\nCVE-2018-4359: Samuel GroA (@5aelo)\nEntry added September 24, 2018\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A malicious website may be able to execute scripts in the\ncontext of another website\nDescription: A cross-site scripting issue existed in Safari. This\nissue was addressed with improved URL validation. \nCVE-2018-4309: an anonymous researcher working with Trend Micro\u0027s\nZero Day Initiative\nEntry added September 24, 2018\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Unexpected interaction causes an ASSERT failure\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2018-4361: found by Google OSS-Fuzz\nEntry added September 24, 2018\n\nAdditional recognition\n\nAssets\nWe would like to acknowledge Brandon Azad for their assistance. \n\nCore Data\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security\nLabs GmbH for their assistance. \n\nSandbox Profiles\nWe would like to acknowledge Tencent Keen Security Lab working with\nTrend Micro\u0027s Zero Day Initiative for their assistance. \n\nSQLite\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security\nLabs GmbH for their assistance. \n\nWebKit\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360\nVuclan team, and Zach Malone of CA Technologies for their assistance. \n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlupFUMACgkQeC9tht7T\nK3H35Q//UwJyTZpRVx33z/T3GxYfFX9dxg2fwdkVFxCGWR/yGCL/pMwNH/UwerQH\nqcdzG3VopySXXJy/goEJD+w+f8QNtueysfE7+MrYvogVD1OVALDc0xaZvudKmSoo\nd0APBDtlkkLn4evwwpIYfl6Ikje/j40ZOfzSZ8+9hsoq6b+tkhSo8UC+hphUBi4L\nlMshXi5OmekimBWgGdPGN77UQoFAJriMQHLppQ4x46qHuiMSAKHeCz+AdL4Xk1dh\nfzdbizI4p7CssUzJHOPU61NPB28AoPsVJ8yEQpKDvHcnkPxtgtAzoIBWl0MwUCXg\nOaT+8poN/HsMVJYtM2vi322IJGfMtcWtU/TJ1TbhAih6Bal2paIEj4zBirEXc9sF\ndQyWB+EB8h+g4MtXyo6ax7OyO3UmRsISyCQhCNKWhXjTt4/9Q6xMbGxfW6X7EtHN\nmgM/74rqkM53Tfy3kqywBDi90v4aNMUGdbYcK3YJldayW++K2J6OtxZZmflfYkbU\nGTnAaEFIa0dLX/e+uqGRtz2F0K8mr9/9VwiwrH3et2FALvU6RyFLX7jqnKFyGpUp\nLdXH6Mz6xBYS7Rg2vKVjUsHXlutpknmDxyx8Orirgb2gNHN97w8GDCnmOAd2euoL\nHZdlwhs4SLaLqyNegbG3y3MD7gK8oRTZx3tXeJRmYV6UGp+d9QI=\n=pj7d\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: linux-firmware security, bug fix, and enhancement update\nAdvisory ID: RHSA-2019:2169-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2169\nIssue date: 2019-08-06\nCVE Names: CVE-2018-5383\n====================================================================\n1. Summary:\n\nAn update for linux-firmware is now available for Red Hat Enterprise Linux\n7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch\nRed Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nThe linux-firmware packages contain all of the firmware files that are\nrequired by various devices to operate. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlinux-firmware-20190429-72.gitddde598.el7.src.rpm\n\nnoarch:\niwl100-firmware-39.31.5.1-72.el7.noarch.rpm\niwl1000-firmware-39.31.5.1-72.el7.noarch.rpm\niwl105-firmware-18.168.6.1-72.el7.noarch.rpm\niwl135-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2000-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2030-firmware-18.168.6.1-72.el7.noarch.rpm\niwl3160-firmware-22.0.7.0-72.el7.noarch.rpm\niwl3945-firmware-15.32.2.9-72.el7.noarch.rpm\niwl4965-firmware-228.61.2.24-72.el7.noarch.rpm\niwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm\niwl5150-firmware-8.24.2.2-72.el7.noarch.rpm\niwl6000-firmware-9.221.4.1-72.el7.noarch.rpm\niwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm\niwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm\niwl6050-firmware-41.28.5.1-72.el7.noarch.rpm\niwl7260-firmware-22.0.7.0-72.el7.noarch.rpm\niwl7265-firmware-22.0.7.0-72.el7.noarch.rpm\nlinux-firmware-20190429-72.gitddde598.el7.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlinux-firmware-20190429-72.gitddde598.el7.src.rpm\n\nnoarch:\niwl100-firmware-39.31.5.1-72.el7.noarch.rpm\niwl1000-firmware-39.31.5.1-72.el7.noarch.rpm\niwl105-firmware-18.168.6.1-72.el7.noarch.rpm\niwl135-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2000-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2030-firmware-18.168.6.1-72.el7.noarch.rpm\niwl3160-firmware-22.0.7.0-72.el7.noarch.rpm\niwl3945-firmware-15.32.2.9-72.el7.noarch.rpm\niwl4965-firmware-228.61.2.24-72.el7.noarch.rpm\niwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm\niwl5150-firmware-8.24.2.2-72.el7.noarch.rpm\niwl6000-firmware-9.221.4.1-72.el7.noarch.rpm\niwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm\niwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm\niwl6050-firmware-41.28.5.1-72.el7.noarch.rpm\niwl7260-firmware-22.0.7.0-72.el7.noarch.rpm\niwl7265-firmware-22.0.7.0-72.el7.noarch.rpm\nlinux-firmware-20190429-72.gitddde598.el7.noarch.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlinux-firmware-20190429-72.gitddde598.el7.src.rpm\n\nnoarch:\niwl100-firmware-39.31.5.1-72.el7.noarch.rpm\niwl1000-firmware-39.31.5.1-72.el7.noarch.rpm\niwl105-firmware-18.168.6.1-72.el7.noarch.rpm\niwl135-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2000-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2030-firmware-18.168.6.1-72.el7.noarch.rpm\niwl3160-firmware-22.0.7.0-72.el7.noarch.rpm\niwl3945-firmware-15.32.2.9-72.el7.noarch.rpm\niwl4965-firmware-228.61.2.24-72.el7.noarch.rpm\niwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm\niwl5150-firmware-8.24.2.2-72.el7.noarch.rpm\niwl6000-firmware-9.221.4.1-72.el7.noarch.rpm\niwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm\niwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm\niwl6050-firmware-41.28.5.1-72.el7.noarch.rpm\niwl7260-firmware-22.0.7.0-72.el7.noarch.rpm\niwl7265-firmware-22.0.7.0-72.el7.noarch.rpm\nlinux-firmware-20190429-72.gitddde598.el7.noarch.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlinux-firmware-20190429-72.gitddde598.el7.src.rpm\n\nnoarch:\niwl100-firmware-39.31.5.1-72.el7.noarch.rpm\niwl1000-firmware-39.31.5.1-72.el7.noarch.rpm\niwl105-firmware-18.168.6.1-72.el7.noarch.rpm\niwl135-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2000-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2030-firmware-18.168.6.1-72.el7.noarch.rpm\niwl3160-firmware-22.0.7.0-72.el7.noarch.rpm\niwl3945-firmware-15.32.2.9-72.el7.noarch.rpm\niwl4965-firmware-228.61.2.24-72.el7.noarch.rpm\niwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm\niwl5150-firmware-8.24.2.2-72.el7.noarch.rpm\niwl6000-firmware-9.221.4.1-72.el7.noarch.rpm\niwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm\niwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm\niwl6050-firmware-41.28.5.1-72.el7.noarch.rpm\niwl7260-firmware-22.0.7.0-72.el7.noarch.rpm\niwl7265-firmware-22.0.7.0-72.el7.noarch.rpm\nlinux-firmware-20190429-72.gitddde598.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXUl4n9zjgjWX9erEAQhAkw/+KcXoF0PnrjblvVm7NoR+6+Ap/0Q/ZA76\nQ/lTMgCH2fhDPQov/S6l0uzlvrxzjcN2uQW/mM/XvaKgHX316q1Byj/ul74pfLGE\nZfsmAfPeFy4YYSMOnzeFiE8lzbzM203JpiGCC0wS8Mm+oz13Bn6gwkZI3P3R4m3l\nLvPZ8AjMWXSRbdNDsxO+PONz9lsNQEEDspUKvdy3x2omdNCt8QPp1gIsP8lKM8g1\nKIkJCwE0OkUrYOm9KEU3kNM1Nifx8LNjC+bdLMEgXMDtQiDdF085BrnXm10HYTAy\nDuGsE5Htep5balUiMOcR/Y4rb4r/fWfyRQNWG4H0RIduOCBTIDIcj3L/yKo/OU+t\n15fe/S8OS14F8v2fsNEdrmmdFK12WiRzNozD/ZBbBklorTMvCrFrhQ9ZDIlD2ue/\nRyoF4Zz5sCTP5NFQeYBEphU934UpHEc4VRZcrr4Rh86kS+0tWTrLZRE4Mx25jTjf\nTO72X8QlaGbOMtoErnZVmTVPUAJJMrZ5WBzrTZFOJrtnPsMAccvbNdfp/Ky30blh\nFHTMAVsVkZoRw8zayr8mSm3xCIY7B56hM0Ss42RSqO1f9KDeHAtbaVf1f4fuMr4E\nuZjw2Ma15KdNAGoOLgS941af276a9jRbHPrAmr3JWcTQb9osZFeoMcOOkikZgXtW\nhT1DU8n0QFA\\xf9to\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. =========================================================================\nUbuntu Security Notice USN-4094-1\nAugust 13, 2019\n\nlinux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm,\nlinux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux: Linux kernel\n- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems\n- linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems\n- linux-kvm: Linux kernel for cloud environments\n- linux-oem: Linux kernel for OEM processors\n- linux-oracle: Linux kernel for Oracle Cloud systems\n- linux-raspi2: Linux kernel for Raspberry Pi 2\n- linux-snapdragon: Linux kernel for Snapdragon processors\n- linux-azure: Linux kernel for Microsoft Azure Cloud systems\n- linux-hwe: Linux hardware enablement (HWE) kernel\n\nDetails:\n\nIt was discovered that the alarmtimer implementation in the Linux kernel\ncontained an integer overflow vulnerability. A local attacker could use\nthis to cause a denial of service. (CVE-2018-13053)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux\nkernel did not properly track inode validations. An attacker could use this\nto construct a malicious XFS image that, when mounted, could cause a denial\nof service (system crash). (CVE-2018-13093)\n\nWen Xu discovered that the f2fs file system implementation in the\nLinux kernel did not properly validate metadata. An attacker could\nuse this to construct a malicious f2fs image that, when mounted,\ncould cause a denial of service (system crash). (CVE-2018-13097,\nCVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616,\nCVE-2018-13096, CVE-2018-13098, CVE-2018-14615)\n\nWen Xu and Po-Ning Tseng discovered that btrfs file system\nimplementation in the Linux kernel did not properly validate\nmetadata. An attacker could use this to construct a malicious\nbtrfs image that, when mounted, could cause a denial of service\n(system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612,\nCVE-2018-14613, CVE-2018-14609)\n\nWen Xu discovered that the HFS+ filesystem implementation in the Linux\nkernel did not properly handle malformed catalog data in some situations. \nAn attacker could use this to construct a malicious HFS+ image that, when\nmounted, could cause a denial of service (system crash). (CVE-2018-14617)\n\nVasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem\nof the Linux kernel did not properly initialize new files in some\nsituations. A local attacker could use this to expose sensitive\ninformation. (CVE-2018-16862)\n\nHui Peng and Mathias Payer discovered that the USB subsystem in the Linux\nkernel did not properly handle size checks when handling an extra USB\ndescriptor. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2018-20169)\n\nIt was discovered that a use-after-free error existed in the block layer\nsubsystem of the Linux kernel when certain failure conditions occurred. A\nlocal attacker could possibly use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. An attacker could use this\nto expose sensitive information. (CVE-2018-5383)\n\nIt was discovered that a heap buffer overflow existed in the Marvell\nWireless LAN device driver for the Linux kernel. An attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2019-10126)\n\nAndrei Vlad Lutas and Dan Lutas discovered that some x86 processors\nincorrectly handle SWAPGS instructions during speculative execution. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2019-1125)\n\nIt was discovered that the PowerPC dlpar implementation in the Linux kernel\ndid not properly check for allocation errors in some situations. A local\nattacker could possibly use this to cause a denial of service (system\ncrash). (CVE-2019-12614)\n\nIt was discovered that a NULL pointer dereference vulnerabilty existed in\nthe Near-field communication (NFC) implementation in the Linux kernel. An\nattacker could use this to cause a denial of service (system crash). \n(CVE-2019-12818)\n\nIt was discovered that the MDIO bus devices subsystem in the Linux kernel\nimproperly dropped a device reference in an error condition, leading to a\nuse-after-free. An attacker could use this to cause a denial of service\n(system crash). (CVE-2019-12819)\n\nIt was discovered that a NULL pointer dereference vulnerability existed in\nthe Near-field communication (NFC) implementation in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2019-12984)\n\nJann Horn discovered a use-after-free vulnerability in the Linux kernel\nwhen accessing LDT entries in some situations. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2019-13233)\n\nJann Horn discovered that the ptrace implementation in the Linux kernel did\nnot properly record credentials in some situations. A local attacker could\nuse this to cause a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2019-13272)\n\nIt was discovered that the Empia EM28xx DVB USB device driver\nimplementation in the Linux kernel contained a use-after-free vulnerability\nwhen disconnecting the device. An attacker could use this to cause a denial\nof service (system crash). (CVE-2019-2024)\n\nIt was discovered that the USB video device class implementation in the\nLinux kernel did not properly validate control bits, resulting in an out of\nbounds buffer read. A local attacker could use this to possibly expose\nsensitive information (kernel memory). (CVE-2019-2101)\n\nIt was discovered that the Marvell Wireless LAN device driver in the Linux\nkernel did not properly validate the BSS descriptor. A local attacker could\npossibly use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2019-3846)\n\nIt was discovered that the Appletalk IP encapsulation driver in the Linux\nkernel did not properly prevent kernel addresses from being copied to user\nspace. A local attacker with the CAP_NET_ADMIN capability could use this to\nexpose sensitive information. (CVE-2018-20511)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n linux-image-4.15.0-1021-oracle 4.15.0-1021.23\n linux-image-4.15.0-1040-gcp 4.15.0-1040.42\n linux-image-4.15.0-1040-gke 4.15.0-1040.42\n linux-image-4.15.0-1042-kvm 4.15.0-1042.42\n linux-image-4.15.0-1043-raspi2 4.15.0-1043.46\n linux-image-4.15.0-1050-oem 4.15.0-1050.57\n linux-image-4.15.0-1060-snapdragon 4.15.0-1060.66\n linux-image-4.15.0-58-generic 4.15.0-58.64\n linux-image-4.15.0-58-generic-lpae 4.15.0-58.64\n linux-image-4.15.0-58-lowlatency 4.15.0-58.64\n linux-image-gcp 4.15.0.1040.42\n linux-image-generic 4.15.0.58.60\n linux-image-generic-lpae 4.15.0.58.60\n linux-image-gke 4.15.0.1040.43\n linux-image-gke-4.15 4.15.0.1040.43\n linux-image-kvm 4.15.0.1042.42\n linux-image-lowlatency 4.15.0.58.60\n linux-image-oem 4.15.0.1050.54\n linux-image-oracle 4.15.0.1021.24\n linux-image-powerpc-e500mc 4.15.0.58.60\n linux-image-powerpc-smp 4.15.0.58.60\n linux-image-powerpc64-emb 4.15.0.58.60\n linux-image-powerpc64-smp 4.15.0.58.60\n linux-image-raspi2 4.15.0.1043.41\n linux-image-snapdragon 4.15.0.1060.63\n linux-image-virtual 4.15.0.58.60\n\nUbuntu 16.04 LTS:\n linux-image-4.15.0-1021-oracle 4.15.0-1021.23~16.04.1\n linux-image-4.15.0-1040-gcp 4.15.0-1040.42~16.04.1\n linux-image-4.15.0-1055-azure 4.15.0-1055.60\n linux-image-4.15.0-58-generic 4.15.0-58.64~16.04.1\n linux-image-4.15.0-58-generic-lpae 4.15.0-58.64~16.04.1\n linux-image-4.15.0-58-lowlatency 4.15.0-58.64~16.04.1\n linux-image-azure 4.15.0.1055.58\n linux-image-gcp 4.15.0.1040.54\n linux-image-generic-hwe-16.04 4.15.0.58.79\n linux-image-generic-lpae-hwe-16.04 4.15.0.58.79\n linux-image-gke 4.15.0.1040.54\n linux-image-lowlatency-hwe-16.04 4.15.0.58.79\n linux-image-oem 4.15.0.58.79\n linux-image-oracle 4.15.0.1021.15\n linux-image-virtual-hwe-16.04 4.15.0.58.79\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n https://usn.ubuntu.com/4094-1\n CVE-2018-13053, CVE-2018-13093, CVE-2018-13096, CVE-2018-13097,\n CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14609,\n CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613,\n CVE-2018-14614, CVE-2018-14615, CVE-2018-14616, CVE-2018-14617,\n CVE-2018-16862, CVE-2018-20169, CVE-2018-20511, CVE-2018-20856,\n CVE-2018-5383, CVE-2019-10126, CVE-2019-1125, CVE-2019-12614,\n CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13233,\n CVE-2019-13272, CVE-2019-2024, CVE-2019-2101, CVE-2019-3846\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux/4.15.0-58.64\n https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42\n https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1040.42\n https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1042.42\n https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1050.57\n https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23\n https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1043.46\n https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1060.66\n https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1055.60\n https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42~16.04.1\n https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-58.64~16.04.1\n https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23~16.04.1\n. \nCVE-2018-4285: Mohamed Ghannam (@_simo36)\n\nBluetooth\nAvailable for: MacBook Pro (15-inch, 2018), and MacBook Pro\n(13-inch, 2018, Four Thunderbolt 3 Ports)\nOther Mac models were addressed with macOS High Sierra 10.13.5. \nCVE-2018-5383: Lior Neumann and Eli Biham\n\nCFNetwork\nAvailable for: macOS High Sierra 10.13.5\nImpact: Cookies may unexpectedly persist in Safari\nDescription: A cookie management issue was addressed with improved\nchecks. \nCVE-2018-4283: @panicaII working with Trend Micro\u0027s Zero Day\nInitiative\n\nKernel\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS\nHigh Sierra 10.13.5\nImpact: Systems using IntelA(r) Core-based microprocessors may\npotentially allow a local process to infer data utilizing Lazy FP\nstate restore from another process through a speculative execution\nside channel\nDescription: Lazy FP state restore instead of eager save and restore\nof the state upon a context switch. Lazy restored states are\npotentially vulnerable to exploits where one process may infer\nregister values of other processes through a speculative execution\nside channel that infers their value. \nCVE-2018-4248: Brandon Azad\n\nLinkPresentation\nAvailable for: macOS High Sierra 10.13.5\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: A spoofing issue existed in the handling of URLs. \nCVE-2018-4277: xisigr of Tencent\u0027s Xuanwu Lab (tencent.com)\n\nPerl\nAvailable for: macOS High Sierra 10.13.5\nImpact: Multiple buffer overflow issues existed in Perl\nDescription: Multiple issues in Perl were addressed with improved\nmemory handling. \n\nHelp Viewer\nWe would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing\nfor their assistance",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5383"
},
{
"db": "CERT/CC",
"id": "VU#304725"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005730"
},
{
"db": "VULHUB",
"id": "VHN-135414"
},
{
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"db": "PACKETSTORM",
"id": "154044"
},
{
"db": "PACKETSTORM",
"id": "148645"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "149410"
},
{
"db": "PACKETSTORM",
"id": "153946"
},
{
"db": "PACKETSTORM",
"id": "154043"
},
{
"db": "PACKETSTORM",
"id": "150118"
}
],
"trust": 3.15
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/304725",
"trust": 0.8,
"type": "poc"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#304725"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#304725",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2018-5383",
"trust": 3.3
},
{
"db": "SECTRACK",
"id": "1041432",
"trust": 1.8
},
{
"db": "BID",
"id": "104879",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "153946",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92767028",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005730",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157598",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882",
"trust": 0.7
},
{
"db": "LENOVO",
"id": "LEN-22233",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1612",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1111",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2932",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0501.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0559",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "154044",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154049",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-135414",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-5383",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148645",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149516",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149410",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154043",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150118",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#304725"
},
{
"db": "VULHUB",
"id": "VHN-135414"
},
{
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005730"
},
{
"db": "PACKETSTORM",
"id": "154044"
},
{
"db": "PACKETSTORM",
"id": "148645"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "149410"
},
{
"db": "PACKETSTORM",
"id": "153946"
},
{
"db": "PACKETSTORM",
"id": "154043"
},
{
"db": "PACKETSTORM",
"id": "150118"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"id": "VAR-201808-1004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-135414"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T20:50:10.141000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bluetooth Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82629"
},
{
"title": "Red Hat: Important: linux-firmware security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192169 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: linux-firmware vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4351-1"
},
{
"title": "Red Hat: CVE-2018-5383",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-5383"
},
{
"title": "HP: HPSBHF03585 rev. 1 - Bluetooth Pairing Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBHF03585"
},
{
"title": "Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4095-2"
},
{
"title": "Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4095-1"
},
{
"title": "Android Security Bulletins: Android Security Bulletin\u2014August 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=746dc14fcd3f5e139648cfdc9d9039a9"
},
{
"title": "Apple: watchOS 4.3.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=0f4c2f01c97a0857022a69b5486be838"
},
{
"title": "Apple: tvOS 11.4",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=d2d0b1ec71830547fb971d63ee3beadb"
},
{
"title": "Android Security Bulletins: Android Security Bulletin\u2014June 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=cc496c56e2bf669809bfb568f59af8e1"
},
{
"title": "Apple: macOS Mojave 10.14",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b8d65830dc3366732d9f4a144cde5cf4"
},
{
"title": "Apple: tvOS 12",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=cffdc08d95a71866e104f27dafdf5818"
},
{
"title": "Apple: macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f93fc5c87ddc6e336e7b02ff3308dfe6"
},
{
"title": "Apple: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=6271728c896ad06d4d117e77589eea2f"
},
{
"title": "Apple: iOS 11.4",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=0f3db097f895347566033494c2dda90b"
},
{
"title": "Ubuntu Security Notice: linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4094-1"
},
{
"title": "Apple: iOS 12",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9859610dae22b7395b3a00be201bcefb"
},
{
"title": "Ubuntu Security Notice: linux-aws vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4118-1"
},
{
"title": "broadcom-bt-firmware",
"trust": 0.1,
"url": "https://github.com/winterheart/broadcom-bt-firmware "
},
{
"title": "awesome-bluetooth-security",
"trust": 0.1,
"url": "https://github.com/engn33r/awesome-bluetooth-security "
},
{
"title": "SamsungReleaseNotes",
"trust": 0.1,
"url": "https://github.com/samreleasenotes/SamsungReleaseNotes "
},
{
"title": "welivesecurity",
"trust": 0.1,
"url": "https://www.welivesecurity.com/2018/07/24/bluetooth-bug-expose-devices/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2018/07/24/bluetooth_cryptography_bug/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/many-bluetooth-implementations-and-os-drivers-affected-by-crypto-bug/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-347",
"trust": 1.1
},
{
"problemtype": "CWE-325",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135414"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"trust": 2.7,
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"trust": 2.6,
"url": "http://www.cs.technion.ac.il/~biham/bt/"
},
{
"trust": 2.6,
"url": "https://access.redhat.com/errata/rhsa-2019:2169"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/104879"
},
{
"trust": 2.4,
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"trust": 2.4,
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"trust": 2.4,
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041432"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5383"
},
{
"trust": 1.3,
"url": "https://usn.ubuntu.com/4351-1/"
},
{
"trust": 0.8,
"url": "http://www.cs.technion.ac.il/~biham/bt"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/325.html"
},
{
"trust": 0.8,
"url": "https://source.android.com/security/bulletin/2018-06-01"
},
{
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht208848"
},
{
"trust": 0.8,
"url": "https://source.android.com/security/bulletin/pixel/2018-06-01"
},
{
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5383"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92767028/index.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190466-1/"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190422-1/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2932/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75986"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/bluetooth-firmware-information-disclosure-via-weak-elliptic-curve-parameters-28536"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-22233"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157598/ubuntu-security-notice-usn-4351-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75750"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78314"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/153946/red-hat-security-advisory-2019-2169-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1612/"
},
{
"trust": 0.4,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.4,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12614"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13272"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10126"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3846"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4305"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4313"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1777"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/347.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=58464"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11599"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1054.61"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4095-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-159.187"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1122.128"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1090.101"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1118.127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4225"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4233"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4249"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4246"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4243"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4198"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4201"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4240"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4223"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4211"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4241"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4323"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4191"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4309"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4315"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4316"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4317"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4306"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4312"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4328"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4314"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4299"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4321"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5383"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2024"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20856"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1050.57"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42~16.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12818"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2101"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13233"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23~16.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13098"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13093"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14614"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1043.46"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1042.42"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13053"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1040.42"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4094-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1055.60"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-58.64"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13099"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-58.64~16.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20511"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1060.66"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13100"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13096"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14064"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10784"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8777"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17405"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4276"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4291"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6914"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4277"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14033"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6913"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4269"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4259"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17742"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4268"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4280"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#304725"
},
{
"db": "VULHUB",
"id": "VHN-135414"
},
{
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005730"
},
{
"db": "PACKETSTORM",
"id": "154044"
},
{
"db": "PACKETSTORM",
"id": "148645"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "149410"
},
{
"db": "PACKETSTORM",
"id": "153946"
},
{
"db": "PACKETSTORM",
"id": "154043"
},
{
"db": "PACKETSTORM",
"id": "150118"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#304725"
},
{
"db": "VULHUB",
"id": "VHN-135414"
},
{
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005730"
},
{
"db": "PACKETSTORM",
"id": "154044"
},
{
"db": "PACKETSTORM",
"id": "148645"
},
{
"db": "PACKETSTORM",
"id": "149516"
},
{
"db": "PACKETSTORM",
"id": "149410"
},
{
"db": "PACKETSTORM",
"id": "153946"
},
{
"db": "PACKETSTORM",
"id": "154043"
},
{
"db": "PACKETSTORM",
"id": "150118"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-23T00:00:00",
"db": "CERT/CC",
"id": "VU#304725"
},
{
"date": "2018-08-07T00:00:00",
"db": "VULHUB",
"id": "VHN-135414"
},
{
"date": "2018-08-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"date": "2018-07-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005730"
},
{
"date": "2019-08-13T17:45:06",
"db": "PACKETSTORM",
"id": "154044"
},
{
"date": "2018-07-23T15:22:22",
"db": "PACKETSTORM",
"id": "148645"
},
{
"date": "2018-09-25T16:32:23",
"db": "PACKETSTORM",
"id": "149516"
},
{
"date": "2018-09-18T02:23:50",
"db": "PACKETSTORM",
"id": "149410"
},
{
"date": "2019-08-06T21:12:55",
"db": "PACKETSTORM",
"id": "153946"
},
{
"date": "2019-08-13T17:45:00",
"db": "PACKETSTORM",
"id": "154043"
},
{
"date": "2018-10-31T16:14:57",
"db": "PACKETSTORM",
"id": "150118"
},
{
"date": "2018-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"date": "2018-08-07T21:29:00.287000",
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-17T00:00:00",
"db": "CERT/CC",
"id": "VU#304725"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-135414"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"date": "2019-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005730"
},
{
"date": "2020-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"date": "2024-11-21T04:08:42.640000",
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange",
"sources": [
{
"db": "CERT/CC",
"id": "VU#304725"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…