FreeBSD Security Advisory - From time to time Intel releases new CPU microcode to address functional issues and security vulnerabilities. Such a release is also known as a Micro Code Update (MCU), and is a component of a broader Intel Platform Update (IPU). FreeBSD distributes CPU microcode via the devcpu-data port and package.
23eef89d8eeb80cd7f3d30fda491fafe5e3fa0290ff6e657bb63731a35babb3cGentoo Linux Security Advisory 201810-6 - Multiple vulnerabilities have been found in Xen, the worst of which could cause a Denial of Service condition. Versions less than 4.10.1-r2 are affected.
b217f9accfba4a764bd6f85c953f7739d90f11d6b6ba34b105c6fadfa4adafeeUbuntu Security Notice 3777-3 - USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 %LTS. This update provides the corresponding updates for the Linux kernel for Azure Cloud systems. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
769cc3a35204cab453698f34a6b0570d79e3ff0a88450698a2577c0e6fc6a664Ubuntu Security Notice 3690-2 - USN-3690-1 provided updated microcode for AMD processors to address CVE-2017-5715. Unfortunately, the update caused some systems to fail to boot. This update reverts the update for Ubuntu 14.04 LTS. Various other issues were also addressed.
ae7046e9ae2f87f3ebe5bf96a7db5786b8e7fc1d5a97591cd924bd9fccf6c7ccUbuntu Security Notice 3690-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides the microcode updates for AMD 17H family processors required for the corresponding Linux kernel updates.
dbbc8dce79a5282b27fd3fb78d0efddf1ef858502146cec75d8be9335af01447Micro Focus Security Bulletin MFSBGN03802 2 - A potential vulnerability has been identified in 3rd party component used by Micro Focus Virtualization Performance Viewer (vPV) / Cloud Optimizer Virtual Appliance. The vulnerability could be exploited to Local Disclosure of Information. Revision 2 of this advisory.
ab13257cf4686f1b730dfcc425e123bc07c61b332aa3f581a922d355353c9fc9Debian Linux Security Advisory 4188-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
c04940bd4f6e00821a6373ebaafc1e5cd084607d9b3667203e468f8e5190068aDebian Linux Security Advisory 4187-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
e47605adb85ececbd4ae2974c9376652991663a139c1e597e8d245b3700d48a9Red Hat Security Advisory 2018-1252-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed relate to speculative execution.
1648e1038845c34ef925ef9147793bdab70663276d5666f94f6db9a435e7def0Micro Focus Security Bulletin MFSBGN03802 1 - A potential vulnerability has been identified in Micro Focus Virtualization Performance Viewer (vPV) / Cloud Optimizer. The vulnerability could be exploited to Local Disclosure of Information. Revision 1 of this advisory.
75484cd0ba169e3e7588efff40b278aa474a3e4fbb8b51605626a76e3b647236Gentoo Linux Security Advisory 201804-8 - Multiple vulnerabilities have been found in QEMU, the worst of which may allow an attacker to execute arbitrary code. Versions less than 2.11.1-r1 are affected.
c0cac496b3a521f32ee1d0f652fd3355c954a2f4b374b783fe8e570dad67297aUbuntu Security Notice 3620-2 - USN-3620-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.
d798485e3bbd4692b62e40f7dd3bc4665b87003190226b4bceb08a4ce5ba5f99Ubuntu Security Notice 3531-3 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides the corrected microcode updates required for the corresponding Linux kernel updates.
176da23c752851e728246932d93ad98d0f8eb9e7c5887c75f512dd9e04e44127Ubuntu Security Notice 3597-2 - USN-3597-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. USNS 3541-2 and 3523-2 provided mitigations for Spectre and Meltdown for the i386, amd64, and ppc64el architectures for Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the arm64 architecture. Various other issues were also addressed.
23bc8db95216b5246352497682682f4334b47b5deb970a8e3701b66d7f9c1884Ubuntu Security Notice 3597-1 - USNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown for the i386, amd64, and ppc64el architectures in Ubuntu 17.10. This update provides the corresponding mitigations for the arm64 architecture. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.
c1fff708893a2dfbc7b008429e3f314327f8a64ad5bdb9422d8f18fe0aeeb3c5FreeBSD Security Advisory - A number of issues relating to speculative execution were found last year and publicly announced January 3rd. Two of these, known as Meltdown and Spectre V2, are addressed here.
64e40208fb8f828b69a524f8d55fae8ef0a49e50ff59ebe4b5a0f73e1dd0d4dbUbuntu Security Notice 3594-1 - USN-3542-1 mitigatedCVE-2017-5715 for the amd64 architecture in Ubuntu 14.04 LTS. This update provides the compiler-based retpoline kernel mitigation for the amd64 and i386 architectures. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.
43cddf0795b7c1b14477faeff7e0c55503aef00d0202cf3f51d006838df98cbbOn February 22, fixes for CVE-2017-5715 were released into the Ubuntu Xenial kernel version 4.4.0-116.140. This CVE, also known as "Spectre," is caused by flaws in the design of speculative execution hardware in the computer's CPU, and could be used to access sensitive information in kernel memory.
72d363acb6dc156e006e909ac1b2d43d8475b46890268147bf31b5fba6a2cc9eDebian Linux Security Advisory 4120-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
a3ad2e617997e88d89ce295b5ac578ee9ff2374ed457833cbc29838bab220a36Ubuntu Security Notice 3582-2 - USN-3582-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
daa9be69cc0ac61cf74de6fe2e6ae8532732593d73b9cc8f758d6d65ec8f7b0fUbuntu Security Notice 3582-1 - Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Laurent Guerby discovered that the mbcache feature in the ext2 and ext4 filesystems in the Linux kernel improperly handled xattr block caching. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
c5c51d5b650dde114c7cbd8f0482d085b4d9cee329060fb6a96e4903ef4497abUbuntu Security Notice 3581-2 - USN-3581-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
09b282ea0a79f98a93d584876e7479d8f059a39e4d821c376c122b737b1ab335Ubuntu Security Notice 3581-1 - Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. ChunYu Wang discovered that a use-after-free vulnerability existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code, Various other issues were also addressed.
72190ac8eaccc600ec27952b41a18832d109cc859d108ebfc84e36135c4a891fUbuntu Security Notice 3580-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory.
5d5bf13f4bcbf073969de1f6ab2375fb2aa4970f1b1bea71c6df9d31307cca91Red Hat Security Advisory 2018-0292-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty.
3ba7536b16c6918a15061bf1675150269a2b2ead9b1aae5bff49d61efc0bf261
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed