Red Hat Security Advisory 2018-0017-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.
661da6c121c0dfb05cc14972e82ed6d008064665c4d67ecd598f45575cd1645b
Red Hat Security Advisory 2018-0016-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.
27f24e65e2bf4f824c5f0afc7564328bbf49db0ad4687799fa4bf7d5c178271d
Red Hat Security Advisory 2018-0014-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
c66f2ac8c1c83763c161160534ca8f06aec6e344a736c15eb7def43657e8b148
Red Hat Security Advisory 2018-0015-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
8bb0425ab303d74d0cbe517e7f3ae75a1d0df113b6dd118d7d0c400007ff2c37
Red Hat Security Advisory 2018-0024-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
c8dc4c944f3eb40347b6b5b3087e58c6037c919cb29270949b358c950d540d4d
Ubuntu Security Notice 3515-1 - It was discovered that Ruby allows FTP command injection. An attacker could use this to cause arbitrary command execution.
9c115d37c3fcacbaeb57acb845007fa2c53caa8ca877699c9623ed59a0596301
Red Hat Security Advisory 2018-0027-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
9430f34994d8c71684c95d8ea6adcf311248d0f8173812914c40fc12f1aa7b28
Red Hat Security Advisory 2018-0023-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
97006908f2e3903f3e52f1dcf5f2528a1e128734bfe0e80642f31b538446a744
Red Hat Security Advisory 2018-0026-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
1f35b142bbc1dd39c150e4a67dc6b1f53db900c82c53770b76ed4bdbd0e892c4
Red Hat Security Advisory 2018-0022-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.
be5b7aba86157ebb2f85b6789b3da2b73d8f242ffc77d81261478fefa82f0bed
Red Hat Security Advisory 2018-0028-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
6e839932a8df3a9a70c4d2cc6ba1a76c41260b9e6eccd31d4092690f97de5c18
Red Hat Security Advisory 2018-0025-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
5fe9fb189404fc4d0c1eaf732add43063df78faad8d78df56d3cb8f6b24eb910
Red Hat Security Advisory 2018-0021-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.
7aa7372493e630507818099ab998dc7f461463db2313d1b0c762253157d85b88
Red Hat Security Advisory 2018-0020-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.
fec7becfc549628b99009e1029ad6f0d774b1a84ee833a1fb7e7d60d2282379e
Red Hat Security Advisory 2018-0012-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
d42d9af8da403de886a6064ceb429291abed51129673cd046a9bdf58226b97fe
Ubuntu Security Notice 3430-3 - USN-3430-2 fixed several vulnerabilities. The update introduced a new regression that breaks DNS resolution. This update addresses the problem. Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
ee378bb57645a2d84370aab4dc638233e21bb225bd62f15b9bfc37f646a1ded4
Red Hat Security Advisory 2018-0018-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.
31ee78ef056235836d920c71ca5b7736cba91e30af78a10e9939c9e1906c83dd
Red Hat Security Advisory 2018-0013-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
6295f3e977372ff779759ac1ec67680f86389ea1b056a011c239e7ce735d79dc
This Microsoft bulletin summary holds information regarding Microsoft security updates for January, 2018.
8567e7cf528021541648db140886761e85df37c207bf5a0b226a7d9f546d0e87
HPE Security Bulletin HPESBHF03803 1 - A potential security vulnerability has been identified in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance v1.20 and earlier. The vulnerability could be remotely exploited to allow denial of service and execution of code. Revision 1 of this advisory.
a5d045ac32531d432169f47601b2a0c2b36950f8eefead66eabd002310f327d8
Micro Focus Security Bulletin MFSBGN03793 2 - A potential security vulnerability has been identified in Micro Focus Project and Portfolio Management Center. This vulnerability could be remotely exploited to execute a Man-in-the-Middle (MitM) attack and Cross-site Request Forgery (CSRF). Revision 2 of this advisory.
02e0b2c4d42c6c364811b85948aebd0c507830c4346b2ed61265afeb6b78659a
Whitepaper called Meltdown. It discusses how you can bypass Intel's hardware barrier between applications and the computer's core memory.
593ea59090a096211b06194fb5985d5c2ea2b5bd85b540d01802d5d7da2d36f8
Whitepaper called Spectre Attacks: Exploiting Speculative Execution. It discusses how to trick error-free applications into giving up secret information.
d1a3c8c49faea6321bd01e706e0957012c18a94e1a187f1a5477c0e82270dc51
Spectre information disclosure proof of concept exploit that affects multiple CPUs.
473bf133f40fdcb9c9fa158c19b9d4681907d8e8c18230aea02e37e689ee7f95
Iopsys router suffers from a dhcp related remote code execution vulnerability.
5612e35eb0e13dcbdaa05577808017f5f3a81b7a029936248fa63517e682c199