SUSE: 2018:1849-1 Important: Fix For FPU Disclosure Issue
suse
June 29, 2018
An update that solves one vulnerability and has 8 fixes is now available
Summary
The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) The following non-security bugs were fixed: - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - Xen counterparts of eager FPU implementation. - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - xen/x86/CPU: Check speculation control CPUID bit (bsc#1068032).
References
#1065600 #1068032 #1075091 #1075994 #1087086
#1087088 #1096140 #1096242 #1096281
Cross- CVE-2018-3665
Affected Products:
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP3
https://www.suse.com/security/cve/CVE-2018-3665.html
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1068032
https://bugzilla.suse.com/1075091
https://bugzilla.suse.com/1075994
https://bugzilla.suse.com/1087086
https://bugzilla.suse.com/1087088
https://bugzilla.suse.com/1096140
https://bugzilla.suse.com/1096242
https://bugzilla.suse.com/1096281
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2018:1849-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!