CVE-2018-4305: An input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.

CVE-2018-4305 [MEDIUM] CVE-2018-4305: tvOS 12 Apple Security Update: About the security content of tvOS 12 Product: tvOS Version: 12 CVE: CVE-2018-4305 Component: IOUserEthernet Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4305 [MEDIUM] CVE-2018-4305: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4305 Component: IOUserEthernet Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4305 [MEDIUM] CVE-2018-4305: watchOS 5 Apple Security Update: About the security content of watchOS 5 Product: watchOS 5 CVE: CVE-2018-4305 Component: IOUserEthernet Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4305 [MEDIUM] CWE-20 GHSA-65hx-hqm8-r3mr: An input validation issue was addressed with improved input validation An input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.

CVE-2018-17540 [HIGH] CVE-2018-17540 strongswan: heap buffer overflow using crafted certificates CVE-2018-17540 strongswan: heap buffer overflow using crafted certificates A flaw was found in Strongswan caused by the patch that fixes CVE-2018-16151 and CVE-2018-16151 (DSA-4305-1). An attacker could trigger it using crafted certificates with RSA keys with very small moduli. Verifying signatures with such keys would cause an integer underflow and subsequent heap buffer overflow resulting in a crash of the daemon. References: https://packetstormsecurity.com/files/149640/dsa-4309-1.txt Discussion: Created strongswan tracking bugs for this issue: Affects: epel-all [bug 1635878] Affects: fedora-all [bug 1635879] --- This is a flaw, which is caused by the patch applied to fix CVE-2018-16151 in the gmp plugin. Strongswan in Red Hat Enterprise Linux 7 does not enable the gmp plugin.