Linux Advisory Watch: January 7th, 2018

Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed.

Multiple researchers have discovered a vulnerability in Intel processors, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system.

Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service (application crash) or potentially the execution of arbitrary code if malformed files are opened.

Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service, information disclosure and potentially the execution of arbitrary code.

- Update to 57.0.4 - Security fixes to address the Meltdown and Spectre timing attacks - https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ - Require new nss 3.34 (fixed rhbz#1531031) - Disabled ARM on all Fedoras due to rhbz#1523912

Updated to version 3.1.1 Fixes https://bitcointalk.org/index.php?topic=2702103.0 ---- Updated to version 3.1

Adds support for early microcode for **AMD CPUs family >= 0x17**. Note: Intel CPU support is fine. To add the microcode to all your initramfs images: ``` # dracut --regenerate-all --force ``` To only add it to the current kernel version: ``` # dracut --force ```

Adds support for early microcode for **AMD CPUs family >= 0x17**. Note: Intel CPU support is fine. To add the microcode to all your initramfs images: ``` # dracut --regenerate-all --force ``` To only add it to the current kernel version: ``` # dracut --force ```

The 4.14.11 stable kernel update contains a number of important fixes across the tree. This also includes the KPTI patches to mitigate the Meltdown vulnerability for x86 architectures

The 4.14.11 stable kernel update contains a number of important fixes across the tree. This also includes the KPTI patches to mitigate the Meltdown vulnerability for x86 architectures.

* CVE-2017-1000256: libvirt: TLS certificate verification disabled for clients (bz #1503687)

Fix for CVE-2017-1000158

This update addresses RHBZ#1468837, which caused bash to lack job control in mock chroots. (Note that glibc inside the chroot needs to be upgraded for the fix to be effective.) In additon, two dynamic linker issues where fixed which are not security bugs, but received CVE IDs nevertheless (RHBZ#1524867, CVE-2017-1000408, CVE-2017-1000409).

Upstream announcement: Welcome to **phpMyAdmin 4.7.7**, a regular maintenance release containing bug fixes and a security fix. The security vulnerability is a XSRF/CSRF flaw; you can read more at https://www.phpmyadmin.net/security/PMASA-2017-9/ As a result of this, we recommend all users upgrade immediately. A CVE-ID has been requested but not yet

Fix for CVE-2017-1000158

Upstream announcement: Welcome to **phpMyAdmin 4.7.7**, a regular maintenance release containing bug fixes and a security fix. The security vulnerability is a XSRF/CSRF flaw; you can read more at https://www.phpmyadmin.net/security/PMASA-2017-9/ As a result of this, we recommend all users upgrade immediately. A CVE-ID has been requested but not yet

another patch related to the [XSA-240, CVE-2017-15595] issue xen: various flaws (#1525018) x86 PV guests may gain access to internally used page [XSA-248] broken x86 shadow mode refcount overflow check [XSA-249] improper x86 shadow mode refcount error handling [XSA-250] improper bug check in x86 log-dirty handling [XSA-251] ---- xen: various flaws (#1518214) x86: infinite loop due

Security fix for CVE-2017-15412 CVE-2017-15422 CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 CVE-2017-15429 ---- Security fix for CVE-2017-15398, CVE-2017-15399 ----

Security fix for CVE-2017-15412 CVE-2017-15422 CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 CVE-2017-15429

Update to 1.9.9. This release addresses security vulnerabilities discovered by Cure53. Details can be found in the Security Audit Report: https://enigmail.net/index.php/en/ download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf

Multiple vulnerabilities have been found in WebkitGTK+, the worst of which may lead to arbitrary code execution.

A vulnerability in MiniUPnPc might allow remote attackers to execute arbitrary code.

A vulnerability has been found in Emacs which may allow for arbitrary command execution.

A command injection vulnerability in 'Back in Time' may allow for the execution of arbitrary shell commands.

A flaw has been discovered in OpenSSH which could allow a remote attacker to create zero-length files.

A vulnerability in LibXcursor might allow remote attackers to execute arbitrary code.

Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code.

Multiple vulnerabilities have been found in OptiPNG, the worst of which may allow execution of arbitrary code.

Multiple vulnerabilities have been found in Binutils, the worst of which may allow remote attackers to cause a Denial of Service condition. [More...]

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 12.0 (Pike). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 9.0 (Mitaka). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 11.0 (Ocata). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 8.0 (Liberty). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for linux-firmware is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.

An update for rhevm-setup-plugins is now available for RHEV Engine version 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for rhevm-setup-plugins is now available for RHEV Manager version 3.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for ovirt-guest-agent-docker is now available for RHEV 4.X, RHEV-H, and Agents for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for rhvm-appliance is now available for RHEV 4.X, RHEV-H, and Agents for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for redhat-virtualization-host is now available for RHEV 3.X Hypervisor and Agents for RHEL-7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for vdsm is now available for RHEV 4.X, RHEV-H, and Agents for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for redhat-virtualization-host is now available for RHEV 4.X, RHEV-H, and Agents for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 6 and RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 7 ELS. Red Hat Product Security has rated this update as having a security impact

An update for vdsm is now available for RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 7 ELS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for microcode_ctl is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.

An update for libvirt is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for libvirt is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 7 ELS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for RHEV 4.X, RHEV-H, and Agents for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for linux-firmware is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for linux-firmware is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.

An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 7.

An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update that solves 14 vulnerabilities and has three fixes is now available.

An update that solves one vulnerability and has one errata is now available.

An update that fixes one vulnerability is now available.

An update that fixes 9 vulnerabilities is now available.

An update that solves 5 vulnerabilities and has 19 fixes is now available.

An update that solves 5 vulnerabilities and has 35 fixes is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes 9 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves 5 vulnerabilities and has 13 fixes is now available.

An update that solves 17 vulnerabilities and has 13 fixes is now available.

An update that solves 5 vulnerabilities and has 26 fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has one errata is now available.

An update that fixes 46 vulnerabilities is now available.

An update that fixes 16 vulnerabilities is now available.

Ruby could be made to execute arbitrary commands if opened a speciallycrafted file.

USN-3430-2 introduced regression in Dnsmasq.

USN-3480-2 introduced regressions in Apport.

The package mongodb before version 3.6.0-1 is vulnerable to arbitrary code execution.

The package linux-hardened before version 4.14.11.a-1 is vulnerable to multiple issues including access restriction bypass, denial of service, privilege escalation and information disclosure.

The package linux-zen before version 4.14.11-1 is vulnerable to multiple issues including access restriction bypass, denial of service, privilege escalation and information disclosure.

The package linux-lts before version 4.9.74-1 is vulnerable to multiple issues including denial of service, privilege escalation and information disclosure.

The package linux before version 4.14.11-1 is vulnerable to multiple issues including access restriction bypass, denial of service, privilege escalation and information disclosure.

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715)Note: This is the libvirt side of the CVE-2017-5715 mitigation.

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715)Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation.

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715)Note: This is the libvirt side of the CVE-2017-5715 mitigation.

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715)Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation.

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715)Note: This is the microcode counterpart of the CVE-2017-5715 kernelmitigation.

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Note: This issue is present in hardware and cannot be fully fixed viasoftware update. The updated kernel packages provide software mitigationfor this hardware issue at a cost of potential performance penalty. The performance impact of these patches may vary considerably based on workloadand hardware configuration.In this update mitigations for x86-64 architecture are provided.Variant CVE-2017-5753 triggers the speculative execution by performing abounds-check bypass. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall boundary and read privileged memory by conductingtargeted cache side-channel attacks. (CVE-2017-5753, Important)Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715, Important)Variant CVE-2017-5754 relies on the fact that, on impactedmicroprocessors, during speculative execution of instruction permissionfaults, exception generation triggered by a faulting access is suppresseduntil the retirement of the whole instruction block. In a combination withthe fact that memory accesses may populate the cache even when the blockis being dropped and never committed (executed), an unprivileged localattacker could use this flaw to read privileged (kernel space) memory byconducting targeted cache side-channel attacks. (CVE-2017-5754, Important)Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64microprocessors are not affected by this issue.

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715)Note: This is the microcode counterpart of the CVE-2017-5715 kernelmitigation.

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Note: This issue is present in hardware and cannot be fully fixed viasoftware update. The updated kernel packages provide software mitigationfor this hardware issue at a cost of potential performance penalty. The performance impact of these patches may vary considerably based on workloadand hardware configuration.In this update mitigations for x86-64 architecture are provided.Variant CVE-2017-5753 triggers the speculative execution by performing abounds-check bypass. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall boundary and read privileged memory by conductingtargeted cache side-channel attacks. (CVE-2017-5753, Important)Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715, Important)Variant CVE-2017-5754 relies on the fact that, on impactedmicroprocessors, during speculative execution of instruction permissionfaults, exception generation triggered by a faulting access is suppresseduntil the retirement of the whole instruction block. In a combination withthe fact that memory accesses may populate the cache even when the blockis being dropped and never committed (executed), an unprivileged localattacker could use this flaw to read privileged (kernel space) memory byconducting targeted cache side-channel attacks. (CVE-2017-5754, Important)Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64microprocessors are not affected by this issue.

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715)Note: This is the microcode counterpart of the CVE-2017-5715 kernelmitigation.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, information leaks, privilege escalation or the execution of arbitrary code.

It was discovered that there were two vulnerabilities in the imagemagick image manipulation program: CVE-2017-1000445: A null pointer dereference in the MagickCore

Jason Crain discovered a overflow vulnerability in the poppler PDF rendering library. For Debian 7 "Wheezy", this issue has been fixed in poppler version

Several security vulnerabilities were discovered in ImageMagick, an image manipulation program, that allow remote attackers to cause a denial of service (CPU exhaustion via an infinite loop), heap-based buffer overreads or possibly other unspecified impact via a crafted

It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the

A vulnerability has been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in resource exhaustion and denial of service.

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0023

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0029

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0030

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0008

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0013

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0014

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0012

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0007