In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic.

\-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:19.mldv2 Security Advisory The FreeBSD Project Topic: ICMPv6 / MLDv2 out-of-bounds memory access Category: core Module: net Announced: 2019-08-06 Credits: CJD of Apple Affects: All supported versions of FreeBSD. Corrected: 2019-08-06 17:13:41 UTC (stable/12, 12.0-STABLE) 2019-08-06 17:11:17 UTC (releng/12.0, 12.0-RELEASE-p9) 2019-08-06 17:15:46 UTC (stable/11, 11.3-STABLE) 2019-08-06 17:11:17 UTC (releng/11.3, 11.3-RELEASE-p2) 2019-08-06 17:11:17 UTC (releng/11.2, 11.2-RELEASE-p13) CVE Name: CVE-2019-5608 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background MLDv2 is the Multicast Listener Discovery protocol, version 2. It is used by IPv6 routers to discover multicast listeners. II. Problem Description The ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. III. Impact A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic. IV. Workaround No workaround is available. Systems not using IPv6 are not affected. V. Solution Perform one of the following: Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot. 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Reboot for security update" 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. \[FreeBSD 11.2, FreeBSD 11.3\] # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.11.patch # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.11.patch.asc # gpg --verify mldv2.11.patch.asc \[FreeBSD 12.0\] # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.12.patch # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.12.patch.asc # gpg --verify mldv2.12.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r350648 releng/12.0/ r350644 stable/11/ r350650 releng/11.3/ r350644 releng/11.2/ r350644 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1Jt1RfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cLzTA/+OyyukXWH7rfwMhOlpD60UH4hxN3purvdNeBe4ZxlYvtf8gSUzS1VbK5r NR9D2HiYRlmaePOil5myan6cVkrKoANoWTrQsCcsFLe6KKbiKlQDx/btbENmCMsR VoS0ZPx3l9iGuVUwDk6k1JXwKCcO3U3dCDYEI941hEKxYadR+twUP3JOceg8Zn0h oODXW7LcPXWQKAyFc0Kun1VrjrUGdRGfqk30joR20GP2IjgQceFHKUbiOyBbbIjW +UVvp2wPBxXvcXNPTpcIpTW5UGJBHCT2OsDulh7hqpiWf78VE8BoksKAvDjtI4i0 15fmwn7tmQ3aGWK3WoaKWUOXZUlKrxRQDzGyAZ3LzOqPWhv12tJjNJhjnRmCVLfo +F4I/MHzPgjitZhv8gfn+MRiPG4E1ueAYnPQWiR3qRCLQGhemVdKZIAVnYg6NGpQ Jgsr1QS8/3GHZ8yrMXUOSNOSuiMmRHbI9915vVzu+hWkfnrCcSr3uVkJeQvx4CZJ gdTL083Knnkdo4IPOdHWnQjGfrv2rGRyvCJ88m/DIC6hw4weR1LyFWMEHeJCEcJl 5LHiVWmOUJE4ltJXrRoXwxuh9Dia0Mq6KfNA0343JFpQF9rdt3JQ/54FPGtK6NUO LyX5a42RIKRxWNTN+ADrSk8czbHFIg8MfTwpjiRGx2rYtxjp1qU= =WaXC -----END PGP SIGNATURE-----

CVE-2019-5608

The cforms2 plugin before 14.6.10 for WordPress has SQL injection.

CVE-2015-9333: cformsII

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Security bulletin for Adobe Acrobat and Reader | APSB19-41

**Bulletin ID**

**Date Published**

**Priority**

APSB19-41

August 13, 2019

2

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.    

These updates will address important vulnerabilities in the software. Adobe will be assigning the following  priority ratings to these updates:

Adobe recommends users update their software installations to the latest versions by following the instructions below.    

The latest product versions are available to end users via one of the following methods:    

*   Users can update their product installations manually by choosing Help > Check for Updates.     
    
*   The products will update automatically, without requiring user intervention, when updates are detected.      
    
*   The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.     
    

For IT administrators (managed environments):     

*   Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/, or refer to the specific release note version for links to installers.     
    
*   Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.     
    

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:    

**Vulnerability Category**

**Vulnerability Impact**

**Severity**

**CVE Number**

Out-of-Bounds Read   

Information Disclosure   

Important   

CVE-2019-8077

CVE-2019-8094

CVE-2019-8095

CVE-2019-8096

CVE-2019-8102

CVE-2019-8103

CVE-2019-8104

CVE-2019-8105

CVE-2019-8106

CVE-2019-8002

CVE-2019-8004

CVE-2019-8005

CVE-2019-8007

CVE-2019-8010

CVE-2019-8011

CVE-2019-8012

CVE-2019-8018

CVE-2019-8020

CVE-2019-8021

CVE-2019-8032

CVE-2019-8035

CVE-2019-8037

CVE-2019-8040

CVE-2019-8043

CVE-2019-8052

Out-of-Bounds Write   

Arbitrary Code Execution    

Important  

CVE-2019-8098

CVE-2019-8100

CVE-2019-7965

CVE-2019-8008

CVE-2019-8009

CVE-2019-8016

CVE-2019-8022

CVE-2019-8023

CVE-2019-8027

Command Injection 

Arbitrary Code Execution  

Important 

CVE-2019-8060

Use After Free   

Arbitrary Code Execution     

Important 

CVE-2019-8003

CVE-2019-8013

CVE-2019-8024  

CVE-2019-8025  

CVE-2019-8026  

CVE-2019-8028

CVE-2019-8029

CVE-2019-8030

CVE-2019-8031

CVE-2019-8033

CVE-2019-8034

CVE-2019-8036

CVE-2019-8038

CVE-2019-8039

CVE-2019-8047

CVE-2019-8051

CVE-2019-8053

CVE-2019-8054

CVE-2019-8055

CVE-2019-8056

CVE-2019-8057

CVE-2019-8058  

CVE-2019-8059

CVE-2019-8061

CVE-2019-8257

Heap Overflow 

Arbitrary Code Execution     

Important 

CVE-2019-8066

CVE-2019-8014

CVE-2019-8015

CVE-2019-8041

CVE-2019-8042

CVE-2019-8046

CVE-2019-8049

CVE-2019-8050

Buffer Error 

Arbitrary Code Execution     

 Important  

CVE-2019-8048

Double Free 

Arbitrary Code Execution     

Important   

CVE-2019-8044 

Integer Overflow

Information Disclosure

Important 

CVE-2019-8099

CVE-2019-8101

Internal IP Disclosure

Information Disclosure

Important 

CVE-2019-8097

Type Confusion

Arbitrary Code Execution  

Important 

CVE-2019-8019 

CVE-2019-8249

CVE-2019-8250

Untrusted Pointer Dereference

Arbitrary Code Execution 

Important 

CVE-2019-8006

CVE-2019-8017

CVE-2019-8045

Insufficiently Robust Encryption

Security feature bypass

Critical

CVE-2019-8237

Type Confusion

Information Disclosure

Important

CVE-2019-8251

CVE-2019-8252

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:    

*   Dhanesh Kizhakkinan of FireEye Inc. (CVE-2019-8066) 
*   Xu Peng and Su Purui from TCA/SKLCS Institute of Software Chinese Academy of Sciences and Codesafe Team of Legendsec at Qi'anxin Group (CVE-2019-8029, CVE-2019-8030, CVE-2019-8031) 
*   (A.K.) Karim Zidani, Independent Security Researcher ; https://imAK.xyz/ (CVE-2019-8097) 
*   Anonymous working with Trend Micro Zero Day Initiative (CVE-2019-8033, CVE-2019-8037)  
*   BUGFENSE Anonymous Bug Bounties https://bugfense.io (CVE-2019-8015) 
*   Haikuo Xie of Baidu Security Lab working with Trend Micro Zero Day Initiative (CVE-2019-8035, CVE-2019-8257) 
*   Wei Lei of STAR Labs (CVE-2019-8009, CVE-2019-8018, CVE-2019-8010, CVE-2019-8011) 
*   Li Qi(@leeqwind) & Wang Lei(@CubestoneW) & Liao Bangjie(@b1acktrac3) of Qihoo360 CoreSecurity(@360CoreSec) (CVE-2019-8012) 
*   Ke Liu of Tencent Security Xuanwu Lab (CVE-2019-8094, CVE-2019-8095, CVE-2019-8096, CVE-2019-8004, CVE-2019-8005, CVE-2019-8006, CVE-2019-8077, CVE-2019-8003, CVE-2019-8020, CVE-2019-8021, CVE-2019-8022, CVE-2019-8023) 
*   Haikuo Xie of Baidu Security Lab (CVE-2019-8032, CVE-2019-8036) 
*   ktkitty (https://ktkitty.github.io) working with Trend Micro Zero Day Initiative (CVE-2019-8014) 
*   Mat Powell of Trend Micro Zero Day Initiative (CVE-2019-8008, CVE-2019-8051, CVE-2019-8053, CVE-2019-8054, CVE-2019-8056, CVE-2019-8057, CVE-2019-8058, CVE-2019-8059) 
*   Mateusz Jurczyk of Google Project Zero (CVE-2019-8041, CVE-2019-8042, CVE-2019-8043, CVE-2019-8044, CVE-2019-8045, CVE-2019-8046, CVE-2019-8047, CVE-2019-8048, CVE-2019-8049, CVE-2019-8050, CVE-2019-8016, CVE-2019-8017) 
*   Michael Bourque (CVE-2019-8007) 
*   peternguyen working with Trend Micro Zero Day Initiative (CVE-2019-8013, CVE-2019-8034) 
*   Simon Zuckerbraun of Trend Micro Zero Day Initiative (CVE-2019-8027) 
*   Steven Seeley (mr\_me) of Source Incite working with Trend Micro Zero Day Initiative (CVE-2019-8019) 
*   Steven Seeley (mr\_me) of Source Incite working with iDefense Labs(https://vcp.idefense.com/) (CVE-2019-8098, CVE-2019-8099, CVE-2019-8100, CVE-2019-8101, CVE-2019-8102, CVE-2019-8103, CVE-2019-8104, CVE-2019-8106, CVE-2019-7965, CVE-2019-8105) 
*   willJ working with Trend Micro Zero Day Initiative (CVE-2019-8040, CVE-2019-8052) 
*   Esteban Ruiz (mr\_me) of Source Incite working with iDefense Labs(https://vcp.idefense.com/) (CVE-2019-8002) 
*   Bo Qu of Palo Alto Networks and Heige of Knownsec 404 Security Team (CVE-2019-8024, CVE-2019-8061, CVE-2019-8055) 
*   Zhaoyan Xu, Hui Gao of Palo Alto Networks (CVE-2019-8026, CVE-2019-8028) 
*   Lexuan Sun, Hao Cai of Palo Alto Networks (CVE-2019-8025) 
*   Bit of STARLabs working with Trend Micro Zero Day Initiative (CVE-2019-8038, CVE-2019-8039)
*   Zhongcheng Li (CK01) of Topsec Alpha Team (CVE-2019-8060)
*   Jens Müller (CVE-2019-8237)
*   Steven Seeley (mr\_me) of Source Incite (CVE-2019-8249, CVE-2019-8250, CVE-2019-8251, CVE-2019-8252)

August 14, 2019: Added acknowledgement for CVE-2019-8016 & CVE-2019-8017.

August 22, 2019: Updated CVE id from CVE-2019-7832 to CVE-2019-8066.

September 26, 2019: Added acknowledgement for CVE-2019-8060.

October 23, 2019: Inlcuded details about CVE-2019-8237.

November 19, 2019: Included details about CVE-2019-8249, CVE-2019-8250, CVE-2019-8251, CVE-2019-8252

December 10, 2019: Inlcuded details about CVE-2019-8257.

CVE-2019-8038: Adobe Security Bulletin

Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.

CVE-2019-15232

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.

CVE-2019-15218

Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.

CVE-2019-15046: ServiceDesk Plus readme | Service desk release notes | ServiceDesk Plus latest version read me notes | IT service management release notes | Service desk current version

The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages.

CVE-2016-10867: All-In-One Security (AIOS) – Security and Firewall

The events-manager plugin before 5.6 for WordPress has code injection.

CVE-2015-9298: Events Manager

The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.

CVE-2019-14799: FV Flowplayer Video Player

In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables.

Tag

#apple