ID

VAR-201801-1712

CVE

CVE-2017-5753

TITLE

CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks

DESCRIPTION

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". Has speculative execution function and out-of-order execution function CPU Several researchers have reported methods of performing side-channel attacks against Has speculative execution function and out-of-order execution function CPU side-channel attack method against (Spectre and Meltdown) has been reported. For more information, Google Project Zero blog post in ("Reading privileged memory with a side-channel") or Graz University of Technology (TU Graz) information from researchers in ("Meltdown and Spectre") Please refer to. "Reading privileged memory with a side-channel"https://googleprojectzero.blogspot.jp/2018/01/reading-privileged-memory-with-side.html"Meltdown and Spectre"https://meltdownattack.com/Sensitive information can be obtained from processes running with user privileges. Spectre As for the attack, crafted Javascript by the code Javascript cannot be obtained from web It has been reported that data can be obtained during the browser process. CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Meltdown vulnerability exists in the CPU processor core, which \"melts\" the security boundary implemented by hardware, allowing low-privileged user-level applications to \"cross-border\" access to system-level memory, causing data leakage. The following products and versions are affected: ARM Cortex-R7; Cortex-R8; Cortex-A8; Cortex-A9; Cortex-A12; Xeon CPU E5-1650 v3, v2, v4; Xeon E3-1265l v2, v3, v4 ; Xeon E3-1245 v2, v3, v5, v6 versions; Xeon X7542, etc. Relevant releases/architectures: Image Updates for RHV-H - noarch 3. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4187-1 security@debian.org https://www.debian.org/security/ Ben Hutchings May 01, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753 CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017 CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332 CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004 CVE-2018-1000199 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-9016 Ming Lei reported a race condition in the multiqueue block layer (blk-mq). On a system with a driver using blk-mq (mtip32xx, null_blk, or virtio_blk), a local user might be able to use this for denial of service or possibly for privilege escalation. CVE-2017-0861 Robb Glasser reported a potential use-after-free in the ALSA (sound) PCM core. We believe this was not possible in practice. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the "retpoline" compiler feature which allows indirect branches to be isolated from speculative execution. CVE-2017-5753 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 1 (bounds-check bypass) and is mitigated by identifying vulnerable code sections (array bounds checking followed by array access) and replacing the array access with the speculation-safe array_index_nospec() function. More use sites will be added over time. CVE-2017-13166 A bug in the 32-bit compatibility layer of the v4l2 ioctl handling code has been found. Memory protections ensuring user-provided buffers always point to userland memory were disabled, allowing destination addresses to be in kernel space. On a 64-bit kernel a local user with access to a suitable video device can exploit this to overwrite kernel memory, leading to privilege escalation. CVE-2017-13220 Al Viro reported that the Bluetooth HIDP implementation could dereference a pointer before performing the necessary type check. A local user could use this to cause a denial of service. CVE-2017-16526 Andrey Konovalov reported that the UWB subsystem may dereference an invalid pointer in an error case. A local user might be able to use this for denial of service. CVE-2017-16911 Secunia Research reported that the USB/IP vhci_hcd driver exposed kernel heap addresses to local users. This information could aid the exploitation of other vulnerabilities. CVE-2017-16912 Secunia Research reported that the USB/IP stub driver failed to perform a range check on a received packet header field, leading to an out-of-bounds read. A remote user able to connect to the USB/IP server could use this for denial of service. CVE-2017-16913 Secunia Research reported that the USB/IP stub driver failed to perform a range check on a received packet header field, leading to excessive memory allocation. A remote user able to connect to the USB/IP server could use this for denial of service. CVE-2017-16914 Secunia Research reported that the USB/IP stub driver failed to check for an invalid combination of fields in a received packet, leading to a null pointer dereference. A remote user able to connect to the USB/IP server could use this for denial of service. CVE-2017-18017 Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module failed to validate TCP header lengths, potentially leading to a use-after-free. If this module is loaded, it could be used by a remote attacker for denial of service or possibly for code execution. CVE-2017-18203 Hou Tao reported that there was a race condition in creation and deletion of device-mapper (DM) devices. A local user could potentially use this for denial of service. CVE-2017-18216 Alex Chen reported that the OCFS2 filesystem failed to hold a necessary lock during nodemanager sysfs file operations, potentially leading to a null pointer dereference. A local user could use this for denial of service. CVE-2017-18232 Jason Yan reported a race condition in the SAS (Serial-Attached SCSI) subsystem, between probing and destroying a port. This could lead to a deadlock. A physically present attacker could use this to cause a denial of service. CVE-2017-18241 Yunlei He reported that the f2fs implementation does not properly initialise its state if the "noflush_merge" mount option is used. A local user with access to a filesystem mounted with this option could use this to cause a denial of service. CVE-2018-1066 Dan Aloni reported to Red Hat that the CIFS client implementation would dereference a null pointer if the server sent an invalid response during NTLMSSP setup negotiation. This could be used by a malicious server for denial of service. CVE-2018-1068 The syzkaller tool found that the 32-bit compatibility layer of ebtables did not sufficiently validate offset values. On a 64-bit kernel, a local user with the CAP_NET_ADMIN capability (in any user namespace) could use this to overwrite kernel memory, possibly leading to privilege escalation. Debian disables unprivileged user namespaces by default. CVE-2018-1092 Wen Xu reported that a crafted ext4 filesystem image would trigger a null dereference when mounted. A local user able to mount arbitrary filesystems could use this for denial of service. CVE-2018-5332 Mohamed Ghannam reported that the RDS protocol did not sufficiently validate RDMA requests, leading to an out-of-bounds write. A local attacker on a system with the rds module loaded could use this for denial of service or possibly for privilege escalation. CVE-2018-5333 Mohamed Ghannam reported that the RDS protocol did not properly handle an error case, leading to a null pointer dereference. A local attacker on a system with the rds module loaded could possibly use this for denial of service. CVE-2018-5750 Wang Qize reported that the ACPI sbshc driver logged a kernel heap address. This information could aid the exploitation of other vulnerabilities. CVE-2018-5803 Alexey Kodanev reported that the SCTP protocol did not range-check the length of chunks to be created. A local or remote user could use this to cause a denial of service. CVE-2018-6927 Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did not check for negative parameter values, which might lead to a denial of service or other security impact. CVE-2018-7492 The syzkaller tool found that the RDS protocol was lacking a null pointer check. A local attacker on a system with the rds module loaded could use this for denial of service. CVE-2018-7566 Fan LongFei reported a race condition in the ALSA (sound) sequencer core, between write and ioctl operations. This could lead to an out-of-bounds access or use-after-free. A local user with access to a sequencer device could use this for denial of service or possibly for privilege escalation. CVE-2018-7740 Nic Losby reported that the hugetlbfs filesystem's mmap operation did not properly range-check the file offset. A local user with access to files on a hugetlbfs filesystem could use this to cause a denial of service. CVE-2018-7757 Jason Yan reported a memory leak in the SAS (Serial-Attached SCSI) subsystem. A local user on a system with SAS devices could use this to cause a denial of service. CVE-2018-7995 Seunghun Han reported a race condition in the x86 MCE (Machine Check Exception) driver. This is unlikely to have any security impact. CVE-2018-8781 Eyal Itkin reported that the udl (DisplayLink) driver's mmap operation did not properly range-check the file offset. A local user with access to a udl framebuffer device could exploit this to overwrite kernel memory, leading to privilege escalation. CVE-2018-8822 Dr Silvio Cesare of InfoSect reported that the ncpfs client implementation did not validate reply lengths from the server. An ncpfs server could use this to cause a denial of service or remote code execution in the client. CVE-2018-1000004 Luo Quan reported a race condition in the ALSA (sound) sequencer core, between multiple ioctl operations. This could lead to a deadlock or use-after-free. A local user with access to a sequencer device could use this for denial of service or possibly for privilege escalation. CVE-2018-1000199 Andy Lutomirski discovered that the ptrace subsystem did not sufficiently validate hardware breakpoint settings. Local users can use this to cause a denial of service, or possibly for privilege escalation, on x86 (amd64 and i386) and possibly other architectures. For the oldstable distribution (jessie), these problems have been fixed in version 3.16.56-1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron61fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rtqw//Xf/L4bP65wU9M59Ef6xBt+Eph+yxeMsioGhu80ODdMemlmHzASMtfZjY AXxyt9l8lbHn8MmwDA4aLhhwHYXwvKATdpHSy1SILrRfb4s9P9uV1vsHaIeZ649E hDyNon9hP2tPso6BwqiYHZZy9Xxtd+T8vTBeBZwUKOLBkBRvV/gyNSUdJWp6L8WH aF4D1hHl9ZotDkyIvkubbx77aqbJ88I4R0n69x7L9udFbuXa+U7hV6dJdnpzyl/7 OukJfEtnkaUgWu0MdOfFss6iH5OQISn/y/ricRi29oKQiEp3YwnT5J9pFwSQeJJS H8ABVt251UoS0J+of3QWw0muOT/6UAF8SNpPKMJXC7Euq8pTmYVPSIeUYf4eqn65 UHZSCKXaszItq+uzVNYdkj504BJ4cG1lFxZtlrFWwKE8p7QOETN0GKvTRdu/SvDd Hl2nb4HouLpBYS518Th2/MGgzhXXAuO12MH3smenptZbqxKn9Z0XSTJYzFupgJk/ kKF2xkDFBE4toTLVE+6XdUKwYk4vkeDZyOGOwRYThSkKAzrUh5zThgal4HnknD2A 5ye4XLhjgSIT47/nmor6lhxd7WGXGkV33GF0azYlHr/sclfzxcU2Ev3NUBWQ8M3s CxfIO0FNCzO0WIUf40md7MlIAnDBIRGyYgNIIe7AnSRKKPykEx8= =wNQS -----END PGP SIGNATURE----- . Software Description: - webkit2gtk: Web content engine library for GTK+ Details: It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Security Fix(es): An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update initial mitigations for IBM Power (PowerPC) and IBM zSeries (S390) architectures are provided. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 processors. (CVE-2017-5715, Important) * Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 and PowerPC processors. (CVE-2017-5753, Important) * Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. This fix specifically addresses PowerPC processors. (CVE-2017-5754, Important) Red Hat would like to thank Google Project Zero for reporting CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. This update also fixes the following security issues and bugs: Space precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article: https://access.redhat.com/articles/3327131. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1284450 - CVE-2015-8539 kernel: local privesc in key management 1442086 - CVE-2017-7472 kernel: keyctl_set_reqkey_keyring() leaks thread keyrings 1493435 - CVE-2017-12192 kernel: NULL pointer dereference due to KEYCTL_READ on negative key 1501215 - CVE-2017-12193 kernel: Null pointer dereference due to incorrect node-splitting in assoc_array implementation 1504574 - CVE-2017-15649 kernel: Use-after-free in the af_packet.c 1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-693.17.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.17.1.el7.noarch.rpm kernel-doc-3.10.0-693.17.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.17.1.el7.x86_64.rpm kernel-devel-3.10.0-693.17.1.el7.x86_64.rpm kernel-headers-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.17.1.el7.x86_64.rpm perf-3.10.0-693.17.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm python-perf-3.10.0-693.17.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.17.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-693.17.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.17.1.el7.noarch.rpm kernel-doc-3.10.0-693.17.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.17.1.el7.x86_64.rpm kernel-devel-3.10.0-693.17.1.el7.x86_64.rpm kernel-headers-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.17.1.el7.x86_64.rpm perf-3.10.0-693.17.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm python-perf-3.10.0-693.17.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.17.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-693.17.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.17.1.el7.noarch.rpm kernel-doc-3.10.0-693.17.1.el7.noarch.rpm ppc64: kernel-3.10.0-693.17.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-693.17.1.el7.ppc64.rpm kernel-debug-3.10.0-693.17.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-693.17.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-693.17.1.el7.ppc64.rpm kernel-devel-3.10.0-693.17.1.el7.ppc64.rpm kernel-headers-3.10.0-693.17.1.el7.ppc64.rpm kernel-tools-3.10.0-693.17.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-693.17.1.el7.ppc64.rpm perf-3.10.0-693.17.1.el7.ppc64.rpm perf-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm python-perf-3.10.0-693.17.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm ppc64le: kernel-3.10.0-693.17.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-693.17.1.el7.ppc64le.rpm kernel-debug-3.10.0-693.17.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.17.1.el7.ppc64le.rpm kernel-devel-3.10.0-693.17.1.el7.ppc64le.rpm kernel-headers-3.10.0-693.17.1.el7.ppc64le.rpm kernel-tools-3.10.0-693.17.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-693.17.1.el7.ppc64le.rpm perf-3.10.0-693.17.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm python-perf-3.10.0-693.17.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm s390x: kernel-3.10.0-693.17.1.el7.s390x.rpm kernel-debug-3.10.0-693.17.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-693.17.1.el7.s390x.rpm kernel-debug-devel-3.10.0-693.17.1.el7.s390x.rpm kernel-debuginfo-3.10.0-693.17.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-693.17.1.el7.s390x.rpm kernel-devel-3.10.0-693.17.1.el7.s390x.rpm kernel-headers-3.10.0-693.17.1.el7.s390x.rpm kernel-kdump-3.10.0-693.17.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-693.17.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-693.17.1.el7.s390x.rpm perf-3.10.0-693.17.1.el7.s390x.rpm perf-debuginfo-3.10.0-693.17.1.el7.s390x.rpm python-perf-3.10.0-693.17.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.s390x.rpm x86_64: kernel-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.17.1.el7.x86_64.rpm kernel-devel-3.10.0-693.17.1.el7.x86_64.rpm kernel-headers-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.17.1.el7.x86_64.rpm perf-3.10.0-693.17.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm python-perf-3.10.0-693.17.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-693.17.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-693.17.1.el7.ppc64.rpm perf-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-693.17.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.17.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-693.17.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.17.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-693.17.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.17.1.el7.noarch.rpm kernel-doc-3.10.0-693.17.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.17.1.el7.x86_64.rpm kernel-devel-3.10.0-693.17.1.el7.x86_64.rpm kernel-headers-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.17.1.el7.x86_64.rpm perf-3.10.0-693.17.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm python-perf-3.10.0-693.17.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.17.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8539 https://access.redhat.com/security/cve/CVE-2017-7472 https://access.redhat.com/security/cve/CVE-2017-12192 https://access.redhat.com/security/cve/CVE-2017-12193 https://access.redhat.com/security/cve/CVE-2017-15649 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5753 https://access.redhat.com/security/cve/CVE-2017-5715 https://access.redhat.com/security/cve/CVE-2017-5754 https://access.redhat.com/articles/3327131 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFaab47XlSAg2UNWIIRAgi2AKDDW6z/9di3aoNQMX6PaIOzYTu39gCgncrF n+VQu/CVEmiUW8aXZCnplaM= =Km2i -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03805en_us Version: 4 HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2018-01-10 Last Updated: 2018-01-09 Potential Security Impact: Local: Disclosure of Information, Elevation of Privilege Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. **Note:** * This issue takes advantage of techniques commonly used in many modern processor architectures. * For further information, microprocessor vendors have provided security advisories: - Intel: <https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088&langu geid=en-fr> - AMD: <http://www.amd.com/en/corporate/speculative-execution> - ARM: <https://developer.arm.com/support/security-update> References: - PSRT110634 - PSRT110633 - PSRT110632 - CVE-2017-5715 - aka Spectre, branch target injection - CVE-2017-5753 - aka Spectre, bounds check bypass - CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access permission check performed after kernel memory read SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HPE ProLiant DL380 Gen10 Server prior to v1.28 - HPE ProLiant DL180 Gen10 Server prior to v1.28 - HPE ProLiant DL160 Gen10 Server prior to v1.28 - HPE ProLiant DL360 Gen10 Server prior to v1.28 - HPE ProLiant ML110 Gen10 Server prior to v1.28 - HPE ProLiant DL580 Gen10 Server prior to v1.28 - HPE ProLiant DL560 Gen10 Server prior to v1.28 - HPE ProLiant DL120 Gen10 Server prior to v1.28 - HPE ProLiant ML350 Gen10 Server prior to v1.28 - HPE ProLiant XL450 Gen10 Server prior to v1.28 - HPE ProLiant XL170r Gen10 Server prior to v1.28 - HPE ProLiant BL460c Gen10 Server Blade prior to v1.28 - HPE ProLiant XL230a Gen9 Server prior to v2.54 - HPE ProLiant XL230k Gen10 Server prior to v1.28 - HPE ProLiant XL730f Gen9 Server prior to v2.54 - HPE ProLiant XL740f Gen9 Server prior to v2.54 - HPE ProLiant XL750f Gen9 Server prior to v2.54 - HPE ProLiant XL170r Gen9 Server prior to v2.54 - HP ProLiant DL60 Gen9 Server prior to v2.54 - HPE ProLiant XL450 Gen9 Server prior to v2.54 - HP ProLiant DL160 Gen9 Server prior to v2.54 - HPE Apollo 4200 Gen9 Server prior to v2.54 - HP ProLiant BL460c Gen9 Server Blade prior to v2.54 - HP ProLiant ML110 Gen9 Server prior to v2.54 - HP ProLiant ML150 Gen9 Server prior to v2.54 - HPE ProLiant ML350 Gen9 Server prior to v2.54 - HP ProLiant DL380 Gen9 Server prior to v2.54 - HP ProLiant DL120 Gen9 Server prior to v2.54 - HPE ProLiant DL560 Gen9 Server prior to v2.54 - HPE ProLiant XL270d Gen9 Special Server prior to v2.54 - HP ProLiant BL660c Gen9 Server prior to v2.54 - HPE ProLiant m710x Server Cartridge prior to v1.60 - HPE ProLiant DL20 Gen9 Server prior to v2.52 - HPE ProLiant DL385 Gen10 Server prior to v1.04 - HPE Synergy 660 Gen9 Compute Module prior to v2.54 - HPE Synergy 480 Gen10 Compute Module prior to v1.28 - HPE Synergy 480 Gen9 Compute Module prior to v2.54 - HPE ProLiant ML30 Gen9 Server prior to v2.52 - HPE ProLiant XL190r Gen10 Server prior to v1.28 - HPE ProLiant XL250a Gen9 Server prior to v2.54 - HPE ProLiant XL190r Gen9 Server prior to v2.54 - HP ProLiant DL80 Gen9 Server prior to v2.54 - HPE ProLiant DL180 Gen9 Server prior to v2.54 - HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server prior to v2.54 - HPE ProLiant WS460c Gen9 Workstation prior to v2.54 - HPE ProLiant DL580 Gen9 Special Server prior to v2.54 - HPE Synergy 680 Gen9 Compute Modules prior to v2.54 - HPE ProLiant XL260a Gen9 Server prior to 1/22/2018 - HPE ProLiant m510 Server Cartridge prior to 1/22/2018 - HPE ProLiant m710p Server Cartridge prior to 12/12/2017 - HP ProLiant m350 Server Cartridge prior to 12/12/2017 - HP ProLiant m300 Server Cartridge prior to 12/12/2017 - HP ProLiant ML350e Gen8 Server prior to 12/12/2017 - HPE ProLiant ML350e Gen8 v2 Server prior to 12/12/2017 - HP ProLiant BL460c Gen8 Server prior to 12/12/2017 - HP ProLiant BL660c Gen8 Server prior to 12/12/2017 - HPE ProLiant SL4540 Gen8 1 Node Server prior to 12/12/2017 - HP ProLiant DL380e Gen8 Server prior to 12/12/2017 - HP ProLiant DL360e Gen8 Server prior to 12/12/2017 - HP ProLiant ML350p Gen8 Server prior to 12/12/2017 - HP ProLiant DL360p Gen8 Server prior to 12/12/2017 - HP ProLiant DL380p Gen8 Server prior to 12/12/2017 - HP ProLiant DL320e Gen8 Server prior to 12/12/2017 - HPE ProLiant DL320e Gen8 v2 Server prior to 12/12/2017 - HP ProLiant ML310e Gen8 Server prior to 12/12/2017 - HPE ProLiant ML310e Gen8 v2 Server prior to 12/12/2017 - HP ProLiant DL160 Gen8 Server prior to 12/12/2017 - HP ProLiant SL270s Gen8 Server prior to 12/12/2017 - HP ProLiant SL250s Gen8 Server prior to 12/12/2017 - HP ProLiant SL230s Gen8 Server prior to 12/12/2017 - HP ProLiant DL560 Gen8 Server prior to 12/12/2017 - HPE ProLiant SL210t Gen8 Server prior to 12/12/2017 - HP ProLiant DL580 Gen8 Server prior to 12/12/2017 (v1.98) - HP ProLiant ML10 Server prior to 12/12/2017 - HP ProLiant m710 Server Cartridge prior to 12/12/2017 (v1.60) - HPE Synergy Composer prior to 12/12/2017 - HPE Integrity Superdome X with BL920s Blades prior to 8.8.6 - HPE Superdome Flex Server prior to 2.3.110 - HP ProLiant DL360 Gen9 Server prior to v2.54 - HPE Synergy 620 Gen9 Compute Module prior to v2.54 - HPE ProLiant Thin Micro TM200 Server prior to 1/16/2017 - HPE ProLiant ML350 Gen10 Server prior to v1.28 - HP ProLiant BL420c Gen8 Server prior to 12/12/2017 - HPE ProLiant ML10 v2 Server prior to 12/12/2017 - HPE ProLiant MicroServer Gen8 prior to 12/12/2017 - HPE Synergy 660 Gen10 Compute Module prior to v1.28 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-5715 8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N 6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N) CVE-2017-5753 5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L 5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5754 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has made the following system ROM updates which include an updated microcode to resolve the vulnerability: * HPE has provided a customer bulletin <https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us> with specific instructions to obtain the udpated sytem ROM - Note: + CVE-2017-5715 requires that the System ROM be updated and a vendor supplied operating system update be applied as well. + For CVE-2017-5753, CVE-2017-5754 require only updates of a vendor supplied operating system. + HPE will continue to add additional products to the list. Not all listed products have updated system ROMs yet. Impacted products awaiting system ROM updates are marked TBS (to be supplied). HISTORY Version:1 (rev.1) - 4 January 2018 Initial release Version:2 (rev.2) - 5 January 2018 Added additional impacted products Version:3 (rev.3) - 10 January 2018 Added more impacted products Version:4 (rev.4) - 9 January 2018 Fixed product ID Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Summary VMware Virtual Appliance updates address side-channel analysis due to speculative execution Note: This document will focus on VMware Virtual Appliances which are affected by the known variants of CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754. For more information please see Knowledge Base article 52264. These mitigations are part of the Operating System-Specific Mitigations category described in VMware Knowledge Base article 52245. Relevant Products vCloud Usage Meter (UM) Identity Manager (vIDM) vCenter Server (vCSA) vSphere Data Protection (VDP) vSphere Integrated Containers (VIC) vRealize Automation (vRA) 3. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass), CVE-2017-5715 (Branch Target Injection), CVE-2017-5754 (Rogue data cache load) to these issues. Column 5 of the following table lists the action required to mitigate the observed vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ========= ============= ========== UM 3.x VA Important Patch Pending KB52467 vIDM 3.x, 2.x VA Important Patch Pending KB52284 vCSA 6.5 VA Important Patch Pending KB52312 vCSA 6.0 VA Important Patch Pending KB52312 vCSA 5.5 VA N/A Unaffected None VDP 6.x VA Important Patch Pending None VIC 1.x VA Important 1.3.1 None vRA 7.x VA Important Patch Pending KB52377 vRA 6.x VA Important Patch Pending KB52497 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. vSphere Integrated Containers 1.3.1 Downloads and Documentation: https://my.vmware.com/group/vmware/get-download?downloadGroup=VIC131 5. Change log 2018-02-08: VMSA-2018-0007 Initial security advisory in conjunction with the release of vSphere Integrated Containers 1.3.1 on 2018-02-08. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security at vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2018 VMware Inc. All rights reserved. In this update mitigations for x86-64 architecture are provided. ========================================================================== Ubuntu Security Notice USN-3542-2 January 23, 2018 linux-lts-trusty vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were addressed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. This flaw is known as Spectre. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: linux-image-3.13.0-140-generic 3.13.0-140.189~precise1 linux-image-generic-lts-trusty 3.13.0.140.131 Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2) requires corresponding processor microcode/firmware updates or, in virtual environments, hypervisor updates. On i386 and amd64 architectures, the IBRS and IBPB features are required to enable the kernel mitigations. Ubuntu is working with Intel and AMD to provide future microcode updates that implement IBRS and IBPB as they are made available. Ubuntu users with a processor from a different vendor should contact the vendor to identify necessary firmware updates. Ubuntu will provide corresponding QEMU updates in the future for users of self-hosted virtual environments in coordination with upstream QEMU. Ubuntu users in cloud environments should contact the cloud provider to confirm that the hypervisor has been updated to expose the new CPU features to virtual machines. References: - CVE-2017-5753 - CVE-2017-5715 - CVE-2017-5754 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP Virtualization Performance Viewer Software - v2.20, v3.0, v3.01, v3.02, v3.03 - HPE Cloud Optimizer - v2.20, v3.0, v3.01, v3.02, v3.03 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector RESOLUTION Micro Focus is actively working with its vendors to address any systems-level Spectre and Meltdown impacts.However, if you have immediate concerns or questions regarding CentOS and its approach to Spectre or Meltdown, please contact them directly. Please note that you will need to sign in using a Passport account. 3P = 3rd Party Software GN = Micro Focus General Software MU = Multi-Platform Software System management and security procedures must be reviewed frequently to maintain system integrity. Micro Focus is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Micro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Micro Focus will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2017 EntIT Software LLC Micro Focus shall not be liable for technical or editorial errors or omissions contained herein

IOT TAXONOMY

AFFECTED PRODUCTS