Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
197
security advisorydebianinformation disclosureDebian LTS DLA-2743-1 Moderate: Amd64 Microcode Spectre Disclosure
It was discovered that systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (Spectre v2). . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2743-1
Aug 16, 2021
Debian LTS
100
security advisorymoderateupdateSUSE: 2019:3340-1 Moderate: Spectre-Meltdown-Checker Security Update
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for spectre-meltdown-checker ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:3340-1 Rating: moderate References: #1117665 #1139073 Cross-References: CVE-2018-12207 CVE-2019-11135 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for spectre-meltdown-checker fixes the following issues: - version 0.43 - feat: implement TAA detection (CVE-2019-11135 bsc#1139073) - feat: implement MCEPSC / iTLB Multihit detection (CVE-2018-12207 bsc#1117665) - feat: taa: add TSX_CTRL MSR detection in hardware info - feat: fwdb: use both Intel GitHub repo and MCEdb to build our firmware version database - feat: use --live with --kernel/--config/--map to override file detection in live mode - enh: rework the vuln logic of MDS with --paranoid (fixes #307) - enh: explain that Enhanced IBRS is better for performance than classic IBRS - enh: kernel: autodetect customized arch kernels from cmdline - enh: kernel decompression: better tolerance against missing tools - enh: mock: implement reading from /proc/cmdline - fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a - fix: lockdown: detect Red Hat locked down kernels (impacts MSR writes) - fix: lockdown: detect locked down mode in vanilla 5.4+ kernels - fix: sgx: on locked down kernels, fallback to CPUID bit for detection - fix: fwdb: builtin version takes precedence if the local cached version is older - fix: pteinv: don't check kernel image if not available - fix: silence useless error from grep (fixes #322) - fix: msr: fix msr module detection under Ubuntu 19.10(fixes #316) - fix: mocking value for read_msr - chore: rename mcedb cmdline parameters to fwdb, and change db version scheme - chore: fwdb: update to v130.20191104+i20191027 - chore: add GitHub check workflow Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-3340=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): spectre-meltdown-checker-0.43-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-12207.html https://www.suse.com/security/cve/CVE-2019-11135.html https://bugzilla.suse.com/1117665 https://bugzilla.suse.com/1139073 _______________________________________________ sle-security-updates mailing list
Dec 19, 2019
SuSE
100
security advisorymoderateupdateSUSE: 2018:2631-1 Moderate: libvirt Spectre Threat Update
An update that solves one vulnerability and has 5 fixes is now available. . SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2631-1 Rating: moderate References: #1079869 #1091427 #1094325 #1094725 #1100112 #959329 Cross-References: CVE-2017-5715 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for libvirt fixes the following issues: This new feature was added: - bsc#1094325, bsc#1094725: libxl: Enable virsh blockresize for XEN guests This security issue was fixed: - CVE-2017-5715: Additional fixes for the Spectre patches (bsc#1079869) These non-security issues were fixed: - bsc#1100112: schema: allow any strings in smbios entry qemu: escape smbios entry strings - bsc#1091427: libxl: fix segfault in libxlReconnectDomain - bsc#959329: libxl: don't set hasManagedSave when performing save Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1843=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1843=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1843=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1843=1 Package List: - SUSE OpenStack Cloud 7 (s390xx86_64): libvirt-2.0.0-27.45.1 libvirt-client-2.0.0-27.45.1 libvirt-client-debuginfo-2.0.0-27.45.1 libvirt-daemon-2.0.0-27.45.1 libvirt-daemon-config-network-2.0.0-27.45.1 libvirt-daemon-config-nwfilter-2.0.0-27.45.1 libvirt-daemon-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-interface-2.0.0-27.45.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-lxc-2.0.0-27.45.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-network-2.0.0-27.45.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-qemu-2.0.0-27.45.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-secret-2.0.0-27.45.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-storage-2.0.0-27.45.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.45.1 libvirt-daemon-hooks-2.0.0-27.45.1 libvirt-daemon-lxc-2.0.0-27.45.1 libvirt-daemon-qemu-2.0.0-27.45.1 libvirt-debugsource-2.0.0-27.45.1 libvirt-doc-2.0.0-27.45.1 libvirt-lock-sanlock-2.0.0-27.45.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.45.1 libvirt-nss-2.0.0-27.45.1 libvirt-nss-debuginfo-2.0.0-27.45.1 - SUSE OpenStack Cloud 7 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.45.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.45.1 libvirt-daemon-xen-2.0.0-27.45.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libvirt-2.0.0-27.45.1 libvirt-client-2.0.0-27.45.1 libvirt-client-debuginfo-2.0.0-27.45.1 libvirt-daemon-2.0.0-27.45.1 libvirt-daemon-config-network-2.0.0-27.45.1 libvirt-daemon-config-nwfilter-2.0.0-27.45.1 libvirt-daemon-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-interface-2.0.0-27.45.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-lxc-2.0.0-27.45.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-network-2.0.0-27.45.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-qemu-2.0.0-27.45.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-secret-2.0.0-27.45.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-storage-2.0.0-27.45.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.45.1 libvirt-daemon-hooks-2.0.0-27.45.1 libvirt-daemon-lxc-2.0.0-27.45.1 libvirt-daemon-qemu-2.0.0-27.45.1 libvirt-debugsource-2.0.0-27.45.1 libvirt-doc-2.0.0-27.45.1 libvirt-lock-sanlock-2.0.0-27.45.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.45.1 libvirt-nss-2.0.0-27.45.1 libvirt-nss-debuginfo-2.0.0-27.45.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.45.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.45.1 libvirt-daemon-xen-2.0.0-27.45.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libvirt-2.0.0-27.45.1 libvirt-client-2.0.0-27.45.1 libvirt-client-debuginfo-2.0.0-27.45.1 libvirt-daemon-2.0.0-27.45.1 libvirt-daemon-config-network-2.0.0-27.45.1 libvirt-daemon-config-nwfilter-2.0.0-27.45.1 libvirt-daemon-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-interface-2.0.0-27.45.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-lxc-2.0.0-27.45.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-network-2.0.0-27.45.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-qemu-2.0.0-27.45.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-secret-2.0.0-27.45.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-storage-2.0.0-27.45.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.45.1 libvirt-daemon-hooks-2.0.0-27.45.1 libvirt-daemon-lxc-2.0.0-27.45.1 libvirt-daemon-qemu-2.0.0-27.45.1 libvirt-debugsource-2.0.0-27.45.1 libvirt-doc-2.0.0-27.45.1 libvirt-lock-sanlock-2.0.0-27.45.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.45.1 libvirt-nss-2.0.0-27.45.1 libvirt-nss-debuginfo-2.0.0-27.45.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.45.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.45.1 libvirt-daemon-xen-2.0.0-27.45.1 - SUSE Enterprise Storage 4 (x86_64): libvirt-2.0.0-27.45.1 libvirt-client-2.0.0-27.45.1 libvirt-client-debuginfo-2.0.0-27.45.1 libvirt-daemon-2.0.0-27.45.1 libvirt-daemon-config-network-2.0.0-27.45.1 libvirt-daemon-config-nwfilter-2.0.0-27.45.1 libvirt-daemon-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-interface-2.0.0-27.45.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-libxl-2.0.0-27.45.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-lxc-2.0.0-27.45.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-network-2.0.0-27.45.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-2.0.0-27.45.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-2.0.0-27.45.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-qemu-2.0.0-27.45.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-secret-2.0.0-27.45.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.45.1 libvirt-daemon-driver-storage-2.0.0-27.45.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.45.1 libvirt-daemon-hooks-2.0.0-27.45.1 libvirt-daemon-lxc-2.0.0-27.45.1 libvirt-daemon-qemu-2.0.0-27.45.1 libvirt-daemon-xen-2.0.0-27.45.1 libvirt-debugsource-2.0.0-27.45.1 libvirt-doc-2.0.0-27.45.1 libvirt-lock-sanlock-2.0.0-27.45.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.45.1 libvirt-nss-2.0.0-27.45.1 libvirt-nss-debuginfo-2.0.0-27.45.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1079869 https://bugzilla.suse.com/1091427 https://bugzilla.suse.com/1094325 https://bugzilla.suse.com/1094725 https://bugzilla.suse.com/1100112 https://bugzilla.suse.com/959329 _______________________________________________ sle-security-updates mailing list
Sep 06, 2018
SuSE
100
security advisorypatchimportantSUSE: 2018:2338-1 Important: ucode-intel CPU Mitigation Update
An update that solves three vulnerabilities and has one errata is now available. . SUSE Security Update: Security update to ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2338-1 Rating: important References: #1087082 #1087083 #1089343 #1104134 Cross-References: CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old-> New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019-> 0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007-> 0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e-> 00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004-> 00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/120000002d-> 0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037-> 0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f-> 00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024-> 00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a-> 0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023-> 00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019-> 0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d-> 0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2-> 000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015-> 00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012-> 07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011-> 0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c-> 00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2-> 000000c6 Core Gen6; Xeon E3 v5 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1580=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): ucode-intel-20180807-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-3640.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087083 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1104134 . SUSE has issued a security patch for ucode-intel addressing multiplevulnerabilities while implementing essential CPU safeguards, notably against Spectre.. SUSE Linux, ucode-intel update, security patches, Spectre vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Aug 16, 2018
•Important
SuSE
100
security advisoryimportantsuse linux enterpriseSUSE: 2018:1935-1 Important: Intel Microcode Update Mitigating Spectre
An update that solves two vulnerabilities and has two fixes is now available. . SUSE Security Update: Recommended update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1935-1 Rating: important References: #1087082 #1087083 #1096141 #1100147 Cross-References: CVE-2018-3639 CVE-2018-3640 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: The Intel CPU microcode bundle was updated to the 20180703 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083). More information on: ata-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old-> New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c-> 0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713-> 00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c-> 0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713-> 00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c-> 0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011-> 00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043-> 0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xxPlatinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009-> 0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c-> 0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx - Add a new style supplements for the recent kernels. (bsc#1096141) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1308=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1308=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1308=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1308=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1308=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1308=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1308=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1308=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1308=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 - SUSE Enterprise Storage 4 (x86_64): ucode-intel-20180703-13.25.1 ucode-intel-debuginfo-20180703-13.25.1 ucode-intel-debugsource-20180703-13.25.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-3640.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087083 https://bugzilla.suse.com/1096141 https://bugzilla.suse.com/1100147 . The latest Ubuntu patch tackles multiple crucial AMD vulnerabilities, enhancing protection and performance across various devices.. SUSE Security Update, Intel Microcode Fix, Spectre Mitigation. . Severity: Important. LinuxSecurity.com Team
Jul 12, 2018
•Important
SuSE
172
security advisorycriticalUbuntuUbuntu 18.04: USN-3690-1 Critical: Spectre Information Exposure
The system could be made to expose sensitive information.. =========================================================================Ubuntu Security Notice USN-3690-1 June 20, 2018 amd64-microcode update ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: The system could be made to expose sensitive information. Software Description: - amd64-microcode: Processor microcode firmware for AMD CPUs Details: Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides the microcode updates for AMD 17H family processors required for the corresponding Linux kernel updates. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: amd64-microcode 3.20180524.1~ubuntu0.18.04.1 Ubuntu 17.10: amd64-microcode 3.20180524.1~ubuntu0.17.10.1 Ubuntu 16.04 LTS: amd64-microcode 3.20180524.1~ubuntu0.16.04.1 Ubuntu 14.04 LTS: amd64-microcode 3.20180524.1~ubuntu0.14.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3690-1 CVE-2017-5715 Package Information: https://launchpad.net/ubuntu/+source/amd64-microcode/3.20180524.1~ubuntu0.18.04.1 https://launchpad.net/ubuntu/+source/amd64-microcode/3.20180524.1~ubuntu0.17.10.1 https://launchpad.net/ubuntu/+source/amd64-microcode/3.20180524.1~ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/amd64-microcode/3.20180524.1~ubuntu0.14.04.1 . Enhance security on your Ubuntu system by updating the AMD microcode to preventinformation leakage vulnerabilities. Follow this guide for the update process. AMD Microcode Update, Ubuntu Security, Information Exposure. . Severity: Critical. LinuxSecurity.com Team
Jun 20, 2018
•Critical
Ubuntu
202
security advisoryimportantmitigationopenSUSE Leap 15.0 Advisory: 2018:1628-1 Important Spectre Fix
An update that solves one vulnerability and has one errata is now available.. openSUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:1628-1 Rating: important References: #1092885 #1093169 Cross-References: CVE-2018-3639 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for qemu fixes the following issues: This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named "ssbd" to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature. spec-ctrl and ssbd support is also required in the host. This non-security issue was fixed: - Fix qemu-guest-agent uninstall (boo#1093169) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-603=1 Package List: - openSUSE Leap 15.0 (x86_64): qemu-2.11.1-lp150.7.3.1 qemu-arm-2.11.1-lp150.7.3.1 qemu-arm-debuginfo-2.11.1-lp150.7.3.1 qemu-block-curl-2.11.1-lp150.7.3.1 qemu-block-curl-debuginfo-2.11.1-lp150.7.3.1 qemu-block-dmg-2.11.1-lp150.7.3.1 qemu-block-dmg-debuginfo-2.11.1-lp150.7.3.1 qemu-block-gluster-2.11.1-lp150.7.3.1 qemu-block-gluster-debuginfo-2.11.1-lp150.7.3.1 qemu-block-iscsi-2.11.1-lp150.7.3.1 qemu-block-iscsi-debuginfo-2.11.1-lp150.7.3.1 qemu-block-rbd-2.11.1-lp150.7.3.1 qemu-block-rbd-debuginfo-2.11.1-lp150.7.3.1 qemu-block-ssh-2.11.1-lp150.7.3.1 qemu-block-ssh-debuginfo-2.11.1-lp150.7.3.1 qemu-debuginfo-2.11.1-lp150.7.3.1 qemu-debugsource-2.11.1-lp150.7.3.1 qemu-extra-2.11.1-lp150.7.3.1 qemu-extra-debuginfo-2.11.1-lp150.7.3.1 qemu-guest-agent-2.11.1-lp150.7.3.1 qemu-guest-agent-debuginfo-2.11.1-lp150.7.3.1 qemu-ksm-2.11.1-lp150.7.3.1 qemu-kvm-2.11.1-lp150.7.3.1 qemu-lang-2.11.1-lp150.7.3.1 qemu-linux-user-2.11.1-lp150.7.3.1 qemu-linux-user-debuginfo-2.11.1-lp150.7.3.1 qemu-linux-user-debugsource-2.11.1-lp150.7.3.1 qemu-ppc-2.11.1-lp150.7.3.1 qemu-ppc-debuginfo-2.11.1-lp150.7.3.1 qemu-s390-2.11.1-lp150.7.3.1 qemu-s390-debuginfo-2.11.1-lp150.7.3.1 qemu-testsuite-2.11.1-lp150.7.3.1 qemu-tools-2.11.1-lp150.7.3.1 qemu-tools-debuginfo-2.11.1-lp150.7.3.1 qemu-x86-2.11.1-lp150.7.3.1 qemu-x86-debuginfo-2.11.1-lp150.7.3.1 - openSUSE Leap 15.0 (noarch): qemu-ipxe-1.0.0-lp150.7.3.1 qemu-seabios-1.11.0-lp150.7.3.1 qemu-sgabios-8-lp150.7.3.1 qemu-vgabios-1.11.0-lp150.7.3.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1092885 https://bugzilla.suse.com/1093169 -- . An important patch for Fedora addresses a severe Meltdown vulnerability in virtualization software, significantly bolstering system defenses and overall functionality.. openSUSE Security,qemu Update,Spectre Mitigation,Linux Patching,KVM Security. . Severity: Important. LinuxSecurity.com Team
Jun 09, 2018
•Important
OpenSUSE
202
security advisoryimportantpatch instructionsopenSUSE Leap 42.3: Security Update for Spectre Variant 2 Mitigation
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for various KMPs ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0745-1 Rating: important References: #1068032 Cross-References: CVE-2017-5715 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The Spectre Variant 2 in the Linux Kernel is mitigated using "retpolines". This update rebuilds all openSUSE Leap 42.3 KMPs to use "retpolines" and so be able to mitigate the Spectre v2 attack. (bsc#1068032 CVE-2017-5715) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-284=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): crash-7.1.8-6.1 crash-debuginfo-7.1.8-6.1 crash-debugsource-7.1.8-6.1 crash-devel-7.1.8-6.1 crash-doc-7.1.8-6.1 crash-eppic-7.1.8-6.1 crash-eppic-debuginfo-7.1.8-6.1 crash-gcore-7.1.8-6.1 crash-gcore-debuginfo-7.1.8-6.1 - openSUSE Leap 42.3 (x86_64): bbswitch-0.8-12.2.1 bbswitch-debugsource-0.8-12.2.1 bbswitch-kmp-default-0.8_k4.4.114_42-12.2.1 bbswitch-kmp-default-debuginfo-0.8_k4.4.114_42-12.2.1 crash-kmp-default-7.1.8_k4.4.114_42-6.1 crash-kmp-default-debuginfo-7.1.8_k4.4.114_42-6.1 dpdk-16.11.1-6.2.1 dpdk-debuginfo-16.11.1-6.2.1 dpdk-debugsource-16.11.1-6.2.1 dpdk-devel-16.11.1-6.2.1 dpdk-devel-debuginfo-16.11.1-6.2.1 dpdk-examples-16.11.1-6.2.1 dpdk-examples-debuginfo-16.11.1-6.2.1 dpdk-kmp-default-16.11.1_k4.4.114_42-6.2.1 dpdk-kmp-default-debuginfo-16.11.1_k4.4.114_42-6.2.1 dpdk-tools-16.11.1-6.2.1 drbd-9.0.8+git.c8bc3670-2.2.1 drbd-debugsource-9.0.8+git.c8bc3670-2.2.1 drbd-kmp-default-9.0.8+git.c8bc3670_k4.4.114_42-2.2.1 drbd-kmp-default-debuginfo-9.0.8+git.c8bc3670_k4.4.114_42-2.2.1 drm-debugsource-4.9.33-7.1 drm-kmp-default-4.9.33_k4.4.114_42-7.1 drm-kmp-default-debuginfo-4.9.33_k4.4.114_42-7.1 ftsteutates-debugsource-20160601-4.2.1 ftsteutates-kmp-default-20160601_k4.4.114_42-4.2.1 ftsteutates-kmp-default-debuginfo-20160601_k4.4.114_42-4.2.1 hdjmod-debugsource-1.28-27.2.1 hdjmod-kmp-default-1.28_k4.4.114_42-27.2.1 hdjmod-kmp-default-debuginfo-1.28_k4.4.114_42-27.2.1 ipset-6.29-4.2.1 ipset-debuginfo-6.29-4.2.1 ipset-debugsource-6.29-4.2.1 ipset-devel-6.29-4.2.1 ipset-kmp-default-6.29_k4.4.114_42-4.2.1 ipset-kmp-default-debuginfo-6.29_k4.4.114_42-4.2.1 libipset3-6.29-4.2.1 libipset3-debuginfo-6.29-4.2.1 ndiswrapper-1.59-3.2.1 ndiswrapper-debuginfo-1.59-3.2.1 ndiswrapper-debugsource-1.59-3.2.1 ndiswrapper-kmp-default-1.59_k4.4.114_42-3.2.1 ndiswrapper-kmp-default-debuginfo-1.59_k4.4.114_42-3.2.1 pcfclock-0.44-272.2.1 pcfclock-debuginfo-0.44-272.2.1 pcfclock-debugsource-0.44-272.2.1 pcfclock-kmp-default-0.44_k4.4.114_42-272.2.1 pcfclock-kmp-default-debuginfo-0.44_k4.4.114_42-272.2.1 sysdig-0.17.0-10.1 sysdig-debuginfo-0.17.0-10.1 sysdig-debugsource-0.17.0-10.1 sysdig-kmp-default-0.17.0_k4.4.114_42-10.1 sysdig-kmp-default-debuginfo-0.17.0_k4.4.114_42-10.1 vhba-kmp-debugsource-20161009-9.2.1 vhba-kmp-default-20161009_k4.4.114_42-9.2.1 vhba-kmp-default-debuginfo-20161009_k4.4.114_42-9.2.1 xtables-addons-2.11-4.2.1 xtables-addons-debuginfo-2.11-4.2.1 xtables-addons-debugsource-2.11-4.2.1 xtables-addons-kmp-default-2.11_k4.4.114_42-4.2.1 xtables-addons-kmp-default-debuginfo-2.11_k4.4.114_42-4.2.1 - openSUSE Leap 42.3 (noarch): dpdk-doc-16.11.1-6.2.1 ftsteutates-sensors-20160601-4.2.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1068032 -- . Mitigating Spectre Variant 2 vulnerabilities in openSUSE Leap 42.3 involves applying vital KMP updates and crucial security patches to strengthen system integrity and resilience. openSUSE Security Update, Spectre Mitigation, Linux Kernel Patch. . Severity: Important. LinuxSecurity.com Team
Mar 20, 2018
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!