ID

VAR-201801-0826

CVE

CVE-2017-5715

TITLE

CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks

DESCRIPTION

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Meltdown vulnerability exists in the CPU processor core, which \"melts\" the security boundary implemented by hardware, allowing low-privileged user-level applications to \"cross-border\" access to system-level memory, causing data leakage. The following products and versions are affected: ARM Cortex-R7; Cortex-R8; Cortex-A8; Cortex-A9; Cortex-A12; Intel Xeon CPU E5-1650 v3, v2, v4 versions; Xeon E3-1265l v2, v3, v4 Version; Xeon E3-1245 v2, v3, v5, v6 versions; Xeon X7542, etc. Description: The microcode_ctl packages provide microcode updates for Intel and AMD processors. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. (CVE-2017-5715) Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation. Once all virtual machines have shut down, start them again for this update to take effect. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================ FreeBSD-SA-19:26.mcu Security Advisory The FreeBSD Project Topic: Intel CPU Microcode Update Category: 3rd party Module: Intel CPU microcode Announced: 2019-11-12 Credits: Intel Affects: All supported versions of FreeBSD running on certain Intel CPUs. CVE Name: CVE-2019-11135, CVE-2019-11139, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2018-11091, CVE-2017-5715 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background - From time to time Intel releases new CPU microcode to address functional issues and security vulnerabilities. Such a release is also known as a Micro Code Update (MCU), and is a component of a broader Intel Platform Update (IPU). FreeBSD distributes CPU microcode via the devcpu-data port and package. II. Problem Description Starting with version 1.26, the devcpu-data port/package includes updates and mitigations for the following technical and security advisories (depending on CPU model). Intel TSX Updates (TAA) CVE-2019-11135 Voltage Modulation Vulnerability CVE-2019-11139 MD_CLEAR Operations CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-11091 TA Indirect Sharing CVE-2017-5715 EGETKEY CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-11091 JCC SKX102 Erratum Updated microcode includes mitigations for CPU issues, but may also cause a performance regression due to the JCC erratum mitigation. Please visit http://www.intel.com/benchmarks for further information. Please visit http://www.intel.com/security for detailed information on these advisories as well as a list of CPUs that are affected. III. Impact Operating a CPU without the latest microcode may result in erratic or unpredictable behavior, including system crashes and lock ups. Certain issues listed in this advisory may result in the leakage of privileged system information to unprivileged users. Please refer to the security advisories listed above for detailed information. IV. Workaround To determine if TSX is present in your system, run the following: 1. kldload cpuctl 2. cpucontrol -i 7 /dev/cpuctl0 If bits 4 (0x10) and 11 (0x800) are set in the second response word (EBX), TSX is present. In the absence of updated microcode, TAA can be mitigated by enabling the MDS mitigation: 3. sysctl hw.mds_disable=1 Systems must be running FreeBSD 11.3, FreeBSD 12.1, or later for this to work. *IMPORTANT* If your use case can tolerate leaving the CPU issues unmitigated and cannot tolerate a performance regression, ensure that the devcpu-data package is not installed or is locked at 1.25 or earlier. # pkg delete devcpu-data or # pkg lock devcpu-data Later versions of the LLVM and GCC compilers will include changes that partially relieve the peformance impact. V. Solution Install the latest Intel Microcode Update via the devcpu-data port/package, version 1.26 or later. Updated microcode adds the ability to disable TSX. With updated microcode the issue can still be mitigated by enabling the MDS mitigation as described in the workaround section, or by disabling TSX instead: 1. kldload cpuctl 2. cpucontrol -i 7 /dev/cpuctl0 If bit 29 (0x20000000) is set in the fourth response word (EDX), then the 0x10a MSR is present. 3. cpucontrol -m 0x10a /dev/cpuctl0 If bit 8 (0x100) of the response word is set, your CPU is not vulnerable to TAA and no further action is required. If bit 7 (0x80) is cleared, then your CPU does not have updated microcode that facilitates TSX to be disabled. The only remedy available is to enable the MDS mitigation, as documented above. 4. cpucontrol -m 0x122=3 /dev/cpuctl0 Repeat step 4 for each numbered CPU that is present. A future kernel change to FreeBSD will provide automatic detection and mitigation for TAA. LLVM 9.0 will be updated in FreeBSD 13-current to address the JCC peformance impact. Updates to prior versions of LLVM are currently being evaluated. VI. Correction details There are currently no changes in FreeBSD to address this issue. VII. References <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11139> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11091> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715> <URL:https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/> <URL:https://software.intel.com/security-software-guidance/software-guidance/intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort> <URL:https://www.intel.com/content/www/us/en/support/articles/000055650.html> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc> -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl3LArVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cJGQQ//ad41YWDAdgBMTWiF56qeySqElIOHt/mLt06s2WW9ceUoJpKW8rKwA4hi sjuDlj4vg8ohdiFaZhTxX/smQi3BS+M0xi40fFFgMRR7HuVh11l6bPr+DoUH/Zi+ E5aiAilOlv/WUAxIrdx0ZlHPkjZ9vfSIPbiqmIkdlFEl4QCuusMRqXKNxaIzzk/K rzabCN4NsQPk0SYIZ9l+tZ6JxOOeRaYn+aCjzlbkiYR+wttIaH9nTECx2Rj7XvSw 9Ng/Mq0M6QsTV/jKfQDRMxRnNfnzF7865uBQYxZNFY9VP5Z21CcqMT54ia5NgcG8 8Bn2fnM3HcK5LUW3DRnsLhAi6XX0EuX5VMdYvx20aQUj/k8f6a0cPmtSqUVkpU/K ZcmLd4X+YS/o3UZnRY9OZOEb+kmZE/Yr8f/hR8tmle6FCPS1YLtkwDn3qg/oQA03 B5rLmzc+x32XZC0dn/HRZTLc4TXQLij0kZpuxiDmbEJmdARDWsl+e0VdBuQdD3Hr Q2QvhSVvQgwue8vclfIQVElSZpW93HuyyR8O8ugofwcOt7XwI7k+8ZfrjkjHMPGZ QW/i0FQJx4Kup70bzOubb3VEQ7cwAJtE1dvY55oaulDexq3RVMW7oEsvd84X2K8O G3+YOZLMrvM1kFskRt067rttbJfMXvstMSHCCfGSqA7fdth6VNQ=KAsu -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03805en_us Version: 4 HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. Release Date: 2018-01-10 Last Updated: 2018-01-09 Potential Security Impact: Local: Disclosure of Information, Elevation of Privilege Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. **Note:** * This issue takes advantage of techniques commonly used in many modern processor architectures. * For further information, microprocessor vendors have provided security advisories: - Intel: <https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088&langu geid=en-fr> - AMD: <http://www.amd.com/en/corporate/speculative-execution> - ARM: <https://developer.arm.com/support/security-update> References: - PSRT110634 - PSRT110633 - PSRT110632 - CVE-2017-5715 - aka Spectre, branch target injection - CVE-2017-5753 - aka Spectre, bounds check bypass - CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access permission check performed after kernel memory read SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HPE ProLiant DL380 Gen10 Server prior to v1.28 - HPE ProLiant DL180 Gen10 Server prior to v1.28 - HPE ProLiant DL160 Gen10 Server prior to v1.28 - HPE ProLiant DL360 Gen10 Server prior to v1.28 - HPE ProLiant ML110 Gen10 Server prior to v1.28 - HPE ProLiant DL580 Gen10 Server prior to v1.28 - HPE ProLiant DL560 Gen10 Server prior to v1.28 - HPE ProLiant DL120 Gen10 Server prior to v1.28 - HPE ProLiant ML350 Gen10 Server prior to v1.28 - HPE ProLiant XL450 Gen10 Server prior to v1.28 - HPE ProLiant XL170r Gen10 Server prior to v1.28 - HPE ProLiant BL460c Gen10 Server Blade prior to v1.28 - HPE ProLiant XL230a Gen9 Server prior to v2.54 - HPE ProLiant XL230k Gen10 Server prior to v1.28 - HPE ProLiant XL730f Gen9 Server prior to v2.54 - HPE ProLiant XL740f Gen9 Server prior to v2.54 - HPE ProLiant XL750f Gen9 Server prior to v2.54 - HPE ProLiant XL170r Gen9 Server prior to v2.54 - HP ProLiant DL60 Gen9 Server prior to v2.54 - HPE ProLiant XL450 Gen9 Server prior to v2.54 - HP ProLiant DL160 Gen9 Server prior to v2.54 - HPE Apollo 4200 Gen9 Server prior to v2.54 - HP ProLiant BL460c Gen9 Server Blade prior to v2.54 - HP ProLiant ML110 Gen9 Server prior to v2.54 - HP ProLiant ML150 Gen9 Server prior to v2.54 - HPE ProLiant ML350 Gen9 Server prior to v2.54 - HP ProLiant DL380 Gen9 Server prior to v2.54 - HP ProLiant DL120 Gen9 Server prior to v2.54 - HPE ProLiant DL560 Gen9 Server prior to v2.54 - HPE ProLiant XL270d Gen9 Special Server prior to v2.54 - HP ProLiant BL660c Gen9 Server prior to v2.54 - HPE ProLiant m710x Server Cartridge prior to v1.60 - HPE ProLiant DL20 Gen9 Server prior to v2.52 - HPE ProLiant DL385 Gen10 Server prior to v1.04 - HPE Synergy 660 Gen9 Compute Module prior to v2.54 - HPE Synergy 480 Gen10 Compute Module prior to v1.28 - HPE Synergy 480 Gen9 Compute Module prior to v2.54 - HPE ProLiant ML30 Gen9 Server prior to v2.52 - HPE ProLiant XL190r Gen10 Server prior to v1.28 - HPE ProLiant XL250a Gen9 Server prior to v2.54 - HPE ProLiant XL190r Gen9 Server prior to v2.54 - HP ProLiant DL80 Gen9 Server prior to v2.54 - HPE ProLiant DL180 Gen9 Server prior to v2.54 - HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server prior to v2.54 - HPE ProLiant WS460c Gen9 Workstation prior to v2.54 - HPE ProLiant DL580 Gen9 Special Server prior to v2.54 - HPE Synergy 680 Gen9 Compute Modules prior to v2.54 - HPE ProLiant XL260a Gen9 Server prior to 1/22/2018 - HPE ProLiant m510 Server Cartridge prior to 1/22/2018 - HPE ProLiant m710p Server Cartridge prior to 12/12/2017 - HP ProLiant m350 Server Cartridge prior to 12/12/2017 - HP ProLiant m300 Server Cartridge prior to 12/12/2017 - HP ProLiant ML350e Gen8 Server prior to 12/12/2017 - HPE ProLiant ML350e Gen8 v2 Server prior to 12/12/2017 - HP ProLiant BL460c Gen8 Server prior to 12/12/2017 - HP ProLiant BL660c Gen8 Server prior to 12/12/2017 - HPE ProLiant SL4540 Gen8 1 Node Server prior to 12/12/2017 - HP ProLiant DL380e Gen8 Server prior to 12/12/2017 - HP ProLiant DL360e Gen8 Server prior to 12/12/2017 - HP ProLiant ML350p Gen8 Server prior to 12/12/2017 - HP ProLiant DL360p Gen8 Server prior to 12/12/2017 - HP ProLiant DL380p Gen8 Server prior to 12/12/2017 - HP ProLiant DL320e Gen8 Server prior to 12/12/2017 - HPE ProLiant DL320e Gen8 v2 Server prior to 12/12/2017 - HP ProLiant ML310e Gen8 Server prior to 12/12/2017 - HPE ProLiant ML310e Gen8 v2 Server prior to 12/12/2017 - HP ProLiant DL160 Gen8 Server prior to 12/12/2017 - HP ProLiant SL270s Gen8 Server prior to 12/12/2017 - HP ProLiant SL250s Gen8 Server prior to 12/12/2017 - HP ProLiant SL230s Gen8 Server prior to 12/12/2017 - HP ProLiant DL560 Gen8 Server prior to 12/12/2017 - HPE ProLiant SL210t Gen8 Server prior to 12/12/2017 - HP ProLiant DL580 Gen8 Server prior to 12/12/2017 (v1.98) - HP ProLiant ML10 Server prior to 12/12/2017 - HP ProLiant m710 Server Cartridge prior to 12/12/2017 (v1.60) - HPE Synergy Composer prior to 12/12/2017 - HPE Integrity Superdome X with BL920s Blades prior to 8.8.6 - HPE Superdome Flex Server prior to 2.3.110 - HP ProLiant DL360 Gen9 Server prior to v2.54 - HPE Synergy 620 Gen9 Compute Module prior to v2.54 - HPE ProLiant Thin Micro TM200 Server prior to 1/16/2017 - HPE ProLiant ML350 Gen10 Server prior to v1.28 - HP ProLiant BL420c Gen8 Server prior to 12/12/2017 - HPE ProLiant ML10 v2 Server prior to 12/12/2017 - HPE ProLiant MicroServer Gen8 prior to 12/12/2017 - HPE Synergy 660 Gen10 Compute Module prior to v1.28 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-5715 8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N 6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N) CVE-2017-5753 5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L 5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5754 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has made the following system ROM updates which include an updated microcode to resolve the vulnerability: * HPE has provided a customer bulletin <https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us> with specific instructions to obtain the udpated sytem ROM - Note: + CVE-2017-5715 requires that the System ROM be updated and a vendor supplied operating system update be applied as well. + For CVE-2017-5753, CVE-2017-5754 require only updates of a vendor supplied operating system. + HPE will continue to add additional products to the list. Not all listed products have updated system ROMs yet. Impacted products awaiting system ROM updates are marked TBS (to be supplied). HISTORY Version:1 (rev.1) - 4 January 2018 Initial release Version:2 (rev.2) - 5 January 2018 Added additional impacted products Version:3 (rev.3) - 10 January 2018 Added more impacted products Version:4 (rev.4) - 9 January 2018 Fixed product ID Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. 6.4) - x86_64 3. Security Fix(es): An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. In this update mitigations for x86-64 architecture are provided. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important) Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. Red Hat would like to thank Google Project Zero for reporting these issues. ========================================================================== Ubuntu Security Notice USN-3620-2 April 05, 2018 linux-lts-trusty vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker with the CAP_NET_ADMIN privilege could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11089) It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-12762) It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741) It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805) It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807) It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026) It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xen: Multiple vulnerabilities Date: October 30, 2018 Bugs: #643350, #655188, #655544, #659442 ID: 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, the worst of which could cause a Denial of Service condition. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/xen < 4.10.1-r2 >= 4.10.1-r2 2 app-emulation/xen-tools < 4.10.1-r2 >= 4.10.1-r2 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.10.1-r2" All Xen tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.10.1-r2" References ========== [ 1 ] CVE-2017-5715 https://nvd.nist.gov/vuln/detail/CVE-2017-5715 [ 2 ] CVE-2017-5753 https://nvd.nist.gov/vuln/detail/CVE-2017-5753 [ 3 ] CVE-2017-5754 https://nvd.nist.gov/vuln/detail/CVE-2017-5754 [ 4 ] CVE-2018-10471 https://nvd.nist.gov/vuln/detail/CVE-2018-10471 [ 5 ] CVE-2018-10472 https://nvd.nist.gov/vuln/detail/CVE-2018-10472 [ 6 ] CVE-2018-10981 https://nvd.nist.gov/vuln/detail/CVE-2018-10981 [ 7 ] CVE-2018-10982 https://nvd.nist.gov/vuln/detail/CVE-2018-10982 [ 8 ] CVE-2018-12891 https://nvd.nist.gov/vuln/detail/CVE-2018-12891 [ 9 ] CVE-2018-12892 https://nvd.nist.gov/vuln/detail/CVE-2018-12892 [ 10 ] CVE-2018-12893 https://nvd.nist.gov/vuln/detail/CVE-2018-12893 [ 11 ] CVE-2018-15468 https://nvd.nist.gov/vuln/detail/CVE-2018-15468 [ 12 ] CVE-2018-15469 https://nvd.nist.gov/vuln/detail/CVE-2018-15469 [ 13 ] CVE-2018-15470 https://nvd.nist.gov/vuln/detail/CVE-2018-15470 [ 14 ] CVE-2018-3620 https://nvd.nist.gov/vuln/detail/CVE-2018-3620 [ 15 ] CVE-2018-3646 https://nvd.nist.gov/vuln/detail/CVE-2018-3646 [ 16 ] CVE-2018-5244 https://nvd.nist.gov/vuln/detail/CVE-2018-5244 [ 17 ] CVE-2018-7540 https://nvd.nist.gov/vuln/detail/CVE-2018-7540 [ 18 ] CVE-2018-7541 https://nvd.nist.gov/vuln/detail/CVE-2018-7541 [ 19 ] CVE-2018-7542 https://nvd.nist.gov/vuln/detail/CVE-2018-7542 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201810-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . This update allows QEMU to expose new CPU features added by microcode updates to guests on amd64, i386, and s390x. On amd64 and i386, new CPU models that match the updated microcode features were added with an -IBRS suffix. Certain environments will require guests to be switched manually to the new CPU models after microcode updates have been applied to the host. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: linux-firmware security update Advisory ID: RHSA-2018:0094-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0094 Issue date: 2018-01-16 ===================================================================== 1. Summary: An update for linux-firmware is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode EUS (v. 7.3) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch Red Hat Enterprise Linux Server E4S (v. 7.2) - noarch Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch Red Hat Enterprise Linux Server TUS (v. 7.2) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch 3. Description: The linux-firmware packages contain all of the firmware files that are required by various devices to operate. This update supersedes microcode provided by Red Hat with the CVE-2017-5715 (aSpectrea) CPU branch injection vulnerability mitigation. (Historically, Red Hat has provided updated microcode, developed by our microprocessor partners, as a customer convenience.) Further testing has uncovered problems with the microcode provided along with the aSpectrea mitigation that could lead to system instabilities. As a result, Red Hat is providing an microcode update that reverts to the last known good microcode version dated before 03 January 2018. Red Hat strongly recommends that customers contact their hardware provider for the latest microcode updates. The "Spectre" mitigation requires both an updated kernel from Red Hat and updated microcode from your hardware vendor. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: linux-firmware-20170606-58.gitc990aae.el7_4.src.rpm noarch: iwl100-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl1000-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl105-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl135-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2000-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2030-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl3160-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl3945-firmware-15.32.2.9-58.el7_4.noarch.rpm iwl4965-firmware-228.61.2.24-58.el7_4.noarch.rpm iwl5000-firmware-8.83.5.1_1-58.el7_4.noarch.rpm iwl5150-firmware-8.24.2.2-58.el7_4.noarch.rpm iwl6000-firmware-9.221.4.1-58.el7_4.noarch.rpm iwl6000g2a-firmware-17.168.5.3-58.el7_4.noarch.rpm iwl6000g2b-firmware-17.168.5.2-58.el7_4.noarch.rpm iwl6050-firmware-41.28.5.1-58.el7_4.noarch.rpm iwl7260-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl7265-firmware-22.0.7.0-58.el7_4.noarch.rpm linux-firmware-20170606-58.gitc990aae.el7_4.noarch.rpm Red Hat Enterprise Linux ComputeNode EUS (v. 7.3): Source: linux-firmware-20160830-51.git7534e19.el7_3.src.rpm noarch: iwl100-firmware-39.31.5.1-51.el7_3.noarch.rpm iwl1000-firmware-39.31.5.1-51.el7_3.noarch.rpm iwl105-firmware-18.168.6.1-51.el7_3.noarch.rpm iwl135-firmware-18.168.6.1-51.el7_3.noarch.rpm iwl2000-firmware-18.168.6.1-51.el7_3.noarch.rpm iwl2030-firmware-18.168.6.1-51.el7_3.noarch.rpm iwl3160-firmware-22.0.7.0-51.el7_3.noarch.rpm iwl3945-firmware-15.32.2.9-51.el7_3.noarch.rpm iwl4965-firmware-228.61.2.24-51.el7_3.noarch.rpm iwl5000-firmware-8.83.5.1_1-51.el7_3.noarch.rpm iwl5150-firmware-8.24.2.2-51.el7_3.noarch.rpm iwl6000-firmware-9.221.4.1-51.el7_3.noarch.rpm iwl6000g2a-firmware-17.168.5.3-51.el7_3.noarch.rpm iwl6000g2b-firmware-17.168.5.2-51.el7_3.noarch.rpm iwl6050-firmware-41.28.5.1-51.el7_3.noarch.rpm iwl7260-firmware-22.0.7.0-51.el7_3.noarch.rpm iwl7265-firmware-22.0.7.0-51.el7_3.noarch.rpm linux-firmware-20160830-51.git7534e19.el7_3.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: linux-firmware-20170606-58.gitc990aae.el7_4.src.rpm noarch: iwl100-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl1000-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl105-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl135-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2000-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2030-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl3160-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl3945-firmware-15.32.2.9-58.el7_4.noarch.rpm iwl4965-firmware-228.61.2.24-58.el7_4.noarch.rpm iwl5000-firmware-8.83.5.1_1-58.el7_4.noarch.rpm iwl5150-firmware-8.24.2.2-58.el7_4.noarch.rpm iwl6000-firmware-9.221.4.1-58.el7_4.noarch.rpm iwl6000g2a-firmware-17.168.5.3-58.el7_4.noarch.rpm iwl6000g2b-firmware-17.168.5.2-58.el7_4.noarch.rpm iwl6050-firmware-41.28.5.1-58.el7_4.noarch.rpm iwl7260-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl7265-firmware-22.0.7.0-58.el7_4.noarch.rpm linux-firmware-20170606-58.gitc990aae.el7_4.noarch.rpm Red Hat Enterprise Linux Server AUS (v. 7.2): Source: linux-firmware-20150904-45.git6ebf5d5.el7_2.src.rpm noarch: iwl100-firmware-39.31.5.1-45.el7_2.noarch.rpm iwl1000-firmware-39.31.5.1-45.el7_2.noarch.rpm iwl105-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl135-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl2000-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl2030-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl3160-firmware-22.0.7.0-45.el7_2.noarch.rpm iwl3945-firmware-15.32.2.9-45.el7_2.noarch.rpm iwl4965-firmware-228.61.2.24-45.el7_2.noarch.rpm iwl5000-firmware-8.83.5.1_1-45.el7_2.noarch.rpm iwl5150-firmware-8.24.2.2-45.el7_2.noarch.rpm iwl6000-firmware-9.221.4.1-45.el7_2.noarch.rpm iwl6000g2a-firmware-17.168.5.3-45.el7_2.noarch.rpm iwl6000g2b-firmware-17.168.5.2-45.el7_2.noarch.rpm iwl6050-firmware-41.28.5.1-45.el7_2.noarch.rpm iwl7260-firmware-22.0.7.0-45.el7_2.noarch.rpm iwl7265-firmware-22.0.7.0-45.el7_2.noarch.rpm linux-firmware-20150904-45.git6ebf5d5.el7_2.noarch.rpm Red Hat Enterprise Linux Server E4S (v. 7.2): Source: linux-firmware-20150904-45.git6ebf5d5.el7_2.src.rpm noarch: iwl100-firmware-39.31.5.1-45.el7_2.noarch.rpm iwl1000-firmware-39.31.5.1-45.el7_2.noarch.rpm iwl105-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl135-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl2000-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl2030-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl3160-firmware-22.0.7.0-45.el7_2.noarch.rpm iwl3945-firmware-15.32.2.9-45.el7_2.noarch.rpm iwl4965-firmware-228.61.2.24-45.el7_2.noarch.rpm iwl5000-firmware-8.83.5.1_1-45.el7_2.noarch.rpm iwl5150-firmware-8.24.2.2-45.el7_2.noarch.rpm iwl6000-firmware-9.221.4.1-45.el7_2.noarch.rpm iwl6000g2a-firmware-17.168.5.3-45.el7_2.noarch.rpm iwl6000g2b-firmware-17.168.5.2-45.el7_2.noarch.rpm iwl6050-firmware-41.28.5.1-45.el7_2.noarch.rpm iwl7260-firmware-22.0.7.0-45.el7_2.noarch.rpm iwl7265-firmware-22.0.7.0-45.el7_2.noarch.rpm linux-firmware-20150904-45.git6ebf5d5.el7_2.noarch.rpm Red Hat Enterprise Linux Server TUS (v. 7.2): Source: linux-firmware-20150904-45.git6ebf5d5.el7_2.src.rpm noarch: iwl100-firmware-39.31.5.1-45.el7_2.noarch.rpm iwl1000-firmware-39.31.5.1-45.el7_2.noarch.rpm iwl105-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl135-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl2000-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl2030-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl3160-firmware-22.0.7.0-45.el7_2.noarch.rpm iwl3945-firmware-15.32.2.9-45.el7_2.noarch.rpm iwl4965-firmware-228.61.2.24-45.el7_2.noarch.rpm iwl5000-firmware-8.83.5.1_1-45.el7_2.noarch.rpm iwl5150-firmware-8.24.2.2-45.el7_2.noarch.rpm iwl6000-firmware-9.221.4.1-45.el7_2.noarch.rpm iwl6000g2a-firmware-17.168.5.3-45.el7_2.noarch.rpm iwl6000g2b-firmware-17.168.5.2-45.el7_2.noarch.rpm iwl6050-firmware-41.28.5.1-45.el7_2.noarch.rpm iwl7260-firmware-22.0.7.0-45.el7_2.noarch.rpm iwl7265-firmware-22.0.7.0-45.el7_2.noarch.rpm linux-firmware-20150904-45.git6ebf5d5.el7_2.noarch.rpm Red Hat Enterprise Linux Server EUS (v. 7.3): Source: linux-firmware-20160830-51.git7534e19.el7_3.src.rpm noarch: iwl100-firmware-39.31.5.1-51.el7_3.noarch.rpm iwl1000-firmware-39.31.5.1-51.el7_3.noarch.rpm iwl105-firmware-18.168.6.1-51.el7_3.noarch.rpm iwl135-firmware-18.168.6.1-51.el7_3.noarch.rpm iwl2000-firmware-18.168.6.1-51.el7_3.noarch.rpm iwl2030-firmware-18.168.6.1-51.el7_3.noarch.rpm iwl3160-firmware-22.0.7.0-51.el7_3.noarch.rpm iwl3945-firmware-15.32.2.9-51.el7_3.noarch.rpm iwl4965-firmware-228.61.2.24-51.el7_3.noarch.rpm iwl5000-firmware-8.83.5.1_1-51.el7_3.noarch.rpm iwl5150-firmware-8.24.2.2-51.el7_3.noarch.rpm iwl6000-firmware-9.221.4.1-51.el7_3.noarch.rpm iwl6000g2a-firmware-17.168.5.3-51.el7_3.noarch.rpm iwl6000g2b-firmware-17.168.5.2-51.el7_3.noarch.rpm iwl6050-firmware-41.28.5.1-51.el7_3.noarch.rpm iwl7260-firmware-22.0.7.0-51.el7_3.noarch.rpm iwl7265-firmware-22.0.7.0-51.el7_3.noarch.rpm linux-firmware-20160830-51.git7534e19.el7_3.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: linux-firmware-20170606-58.gitc990aae.el7_4.src.rpm noarch: iwl100-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl1000-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl105-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl135-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2000-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2030-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl3160-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl3945-firmware-15.32.2.9-58.el7_4.noarch.rpm iwl4965-firmware-228.61.2.24-58.el7_4.noarch.rpm iwl5000-firmware-8.83.5.1_1-58.el7_4.noarch.rpm iwl5150-firmware-8.24.2.2-58.el7_4.noarch.rpm iwl6000-firmware-9.221.4.1-58.el7_4.noarch.rpm iwl6000g2a-firmware-17.168.5.3-58.el7_4.noarch.rpm iwl6000g2b-firmware-17.168.5.2-58.el7_4.noarch.rpm iwl6050-firmware-41.28.5.1-58.el7_4.noarch.rpm iwl7260-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl7265-firmware-22.0.7.0-58.el7_4.noarch.rpm linux-firmware-20170606-58.gitc990aae.el7_4.noarch.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: linux-firmware-20170606-58.gitc990aae.el7_4.src.rpm noarch: iwl100-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl1000-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl105-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl135-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2000-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2030-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl3160-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl3945-firmware-15.32.2.9-58.el7_4.noarch.rpm iwl4965-firmware-228.61.2.24-58.el7_4.noarch.rpm iwl5000-firmware-8.83.5.1_1-58.el7_4.noarch.rpm iwl5150-firmware-8.24.2.2-58.el7_4.noarch.rpm iwl6000-firmware-9.221.4.1-58.el7_4.noarch.rpm iwl6000g2a-firmware-17.168.5.3-58.el7_4.noarch.rpm iwl6000g2b-firmware-17.168.5.2-58.el7_4.noarch.rpm iwl6050-firmware-41.28.5.1-58.el7_4.noarch.rpm iwl7260-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl7265-firmware-22.0.7.0-58.el7_4.noarch.rpm linux-firmware-20170606-58.gitc990aae.el7_4.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: linux-firmware-20170606-58.gitc990aae.el7_4.src.rpm noarch: iwl100-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl1000-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl105-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl135-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2000-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2030-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl3160-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl3945-firmware-15.32.2.9-58.el7_4.noarch.rpm iwl4965-firmware-228.61.2.24-58.el7_4.noarch.rpm iwl5000-firmware-8.83.5.1_1-58.el7_4.noarch.rpm iwl5150-firmware-8.24.2.2-58.el7_4.noarch.rpm iwl6000-firmware-9.221.4.1-58.el7_4.noarch.rpm iwl6000g2a-firmware-17.168.5.3-58.el7_4.noarch.rpm iwl6000g2b-firmware-17.168.5.2-58.el7_4.noarch.rpm iwl6050-firmware-41.28.5.1-58.el7_4.noarch.rpm iwl7260-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl7265-firmware-22.0.7.0-58.el7_4.noarch.rpm linux-firmware-20170606-58.gitc990aae.el7_4.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5715 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc

IOT TAXONOMY

AFFECTED PRODUCTS