ID

VAR-201801-1712

CVE

CVE-2017-5753

TITLE

CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks

DESCRIPTION

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Meltdown vulnerability exists in the CPU processor core, which \"melts\" the security boundary implemented by hardware, allowing low-privileged user-level applications to \"cross-border\" access to system-level memory, causing data leakage. The following products and versions are affected: ARM Cortex-R7; Cortex-R8; Cortex-A8; Cortex-A9; Cortex-A12; Xeon CPU E5-1650 v3, v2, v4; Xeon E3-1265l v2, v3, v4 ; Xeon E3-1245 v2, v3, v5, v6 versions; Xeon X7542, etc. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. Relevant releases/architectures: RHEL 7-based RHEV-H ELS - noarch RHEV Hypervisor for RHEL-6 ELS - noarch 3. Relevant releases/architectures: Image Updates for RHV-H - noarch 3. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. By now, we're sure most everyone have heard of the Meltdown and Spectre attacks. If not, head over to https://meltdownattack.com/ and get an overview. https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html The FreeBSD Security Team was notified of the issue in late December and received a briefing under NDA with the original embargo date of January 9th. Since we received relatively late notice of the issue, our ability to provide fixes is delayed. Meltdown (CVE-2017-5754) ~~~~~~~~~~~~~~~~~~~~~~~~ In terms of priority, the first step is to mitigate against the Meltdown attack (CVE-2017-5754, cited as variant 3 by Project Zero). Work for this is ongoing, but due to the relatively large changes needed, this is going to take a little while. We are currently targeting patches for amd64 being dev complete this week with testing probably running into next week. From there, we hope to give it a short bake time before pushing it into the 11.1-RELEASE branch. Additional work will be required to bring the mitigation to 10.3-RELEASE and 10.4-RELEASE. The code will be selectable via a tunable which will automatically turn on for modern Intel processors and off for AMD processors (since they are reportedly not vulnerable). Since the fix for Meltdown does incur a performance hit for any transition between user space and kernel space, this could be rather impactful depending on the workload. As such, the tunable can also be overridden by the end-user if they are willing to accept the risk. Initial work can be tracked at https://reviews.freebsd.org/D13797. Please note this is a work in progress and some stuff is likely to be broken. Spectre (CVE-2017-5753 and CVE-2017-5715) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ When it comes to the Spectre vulnerabilities, it is much harder to sort these out. Variant 1 (CVE-2017-5753) is going to require some static analysis to determine vulnerable use cases that will require barriers to stop speculation from disclosing information it shouldn't. While we haven't done the analysis to determine where we are vulnerable, the number of cases here are supposed to be pretty small. Apparently there have been some Coverity rules developed to help look for these, but we are still evaluating what can be done here. The other half of Spectre, variant 2 (CVE-2017-5715) is a bit trickier as it affects both normal processes and bhyve. There is a proposed patch for LLVM (https://reviews.llvm.org/D41723) that introduces a concept called 'retpoline' which mitigates this issue. We are likely to pull this into HEAD and 11-STABLE once it hits the LLVM tree. Unfortunately, the currently supported FreeBSD releases are using older versions of LLVM for which we are not sure the LLVM project will produce patches. We will be looking at the feasibility to backport these patches to these earlier versions. There are CPU microcode fixes coming out when in concert with OS changes would also help, but that's a bit down the road at the moment. Best regards, Gordon Tetlow with security-officer hat on . ========================================================================== Ubuntu Security Notice USN-3540-2 January 23, 2018 linux-lts-xenial, linux-aws vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were addressed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715, CVE-2017-5753) USN-3522-2 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: linux-image-4.4.0-1011-aws 4.4.0-1011.11 linux-image-4.4.0-111-generic 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-lowlatency 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc-e500mc 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc-smp 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc64-emb 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc64-smp 4.4.0-111.134~14.04.1 linux-image-aws 4.4.0.1011.11 linux-image-generic-lts-xenial 4.4.0.111.95 linux-image-lowlatency-lts-xenial 4.4.0.111.95 linux-image-powerpc-e500mc-lts-xenial 4.4.0.111.95 linux-image-powerpc-smp-lts-xenial 4.4.0.111.95 linux-image-powerpc64-emb-lts-xenial 4.4.0.111.95 linux-image-powerpc64-smp-lts-xenial 4.4.0.111.95 Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2) requires corresponding processor microcode/firmware updates or, in virtual environments, hypervisor updates. On i386 and amd64 architectures, the IBRS and IBPB features are required to enable the kernel mitigations. Ubuntu is working with Intel and AMD to provide future microcode updates that implement IBRS and IBPB as they are made available. Ubuntu users with a processor from a different vendor should contact the vendor to identify necessary firmware updates. Ubuntu will provide corresponding QEMU updates in the future for users of self-hosted virtual environments in coordination with upstream QEMU. Ubuntu users in cloud environments should contact the cloud provider to confirm that the hypervisor has been updated to expose the new CPU features to virtual machines. 7.3) - ppc64, ppc64le, x86_64 3. Bug Fix(es): * When attempting to reread parent blocks in btree traversal, the xfs code which deletes extended attributes from an inode assumed that the parent blocks were still on the cache. Under memory pressure and memory reclaim, such parent blocks were sometimes removed from the cache. Consequently, attempts to reread previously cached parent blocks caused the file system to read invalid memory. This update fixes xfs to reinitialize the pointer to the parent block buffers after the block has been reread. As a result, pointers to btree blocks now point to valid memory, and the kernel no longer crashes due to an invalid memory access. (BZ#1512811) * The write access check for huge pages did not function correctly on IBM z Systems. Consequently, if asynchronous I/O reads were used, buffers sometimes contained zeroes rather than data from a file, even when the io_getevents() system call reported that the associated read had finished successfully. This update fixes the write access check in the gup_huge_pmd() function in memory management, and read data is stored in asynchronous I/O buffers properly. (BZ#1513315) * With this update, the rule for iptables reloading has been optimized to complete faster. (BZ#1514040) 4. 6.6) - noarch, x86_64 3. In this update mitigations for x86-64 architecture are provided. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:0151-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0151 Issue date: 2018-01-25 CVE Names: CVE-2015-8539 CVE-2017-7472 CVE-2017-12192 CVE-2017-12193 CVE-2017-15649 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update initial mitigations for IBM Power (PowerPC) and IBM zSeries (S390) architectures are provided. * Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 processors. (CVE-2017-5715, Important) * Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 and PowerPC processors. (CVE-2017-5753, Important) * Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. This fix specifically addresses PowerPC processors. (CVE-2017-5754, Important) Red Hat would like to thank Google Project Zero for reporting CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. This update also fixes the following security issues and bugs: Space precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article: https://access.redhat.com/articles/3327131. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1284450 - CVE-2015-8539 kernel: local privesc in key management 1442086 - CVE-2017-7472 kernel: keyctl_set_reqkey_keyring() leaks thread keyrings 1493435 - CVE-2017-12192 kernel: NULL pointer dereference due to KEYCTL_READ on negative key 1501215 - CVE-2017-12193 kernel: Null pointer dereference due to incorrect node-splitting in assoc_array implementation 1504574 - CVE-2017-15649 kernel: Use-after-free in the af_packet.c 1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-693.17.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.17.1.el7.noarch.rpm kernel-doc-3.10.0-693.17.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.17.1.el7.x86_64.rpm kernel-devel-3.10.0-693.17.1.el7.x86_64.rpm kernel-headers-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.17.1.el7.x86_64.rpm perf-3.10.0-693.17.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm python-perf-3.10.0-693.17.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.17.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-693.17.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.17.1.el7.noarch.rpm kernel-doc-3.10.0-693.17.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.17.1.el7.x86_64.rpm kernel-devel-3.10.0-693.17.1.el7.x86_64.rpm kernel-headers-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.17.1.el7.x86_64.rpm perf-3.10.0-693.17.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm python-perf-3.10.0-693.17.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.17.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-693.17.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.17.1.el7.noarch.rpm kernel-doc-3.10.0-693.17.1.el7.noarch.rpm ppc64: kernel-3.10.0-693.17.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-693.17.1.el7.ppc64.rpm kernel-debug-3.10.0-693.17.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-693.17.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-693.17.1.el7.ppc64.rpm kernel-devel-3.10.0-693.17.1.el7.ppc64.rpm kernel-headers-3.10.0-693.17.1.el7.ppc64.rpm kernel-tools-3.10.0-693.17.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-693.17.1.el7.ppc64.rpm perf-3.10.0-693.17.1.el7.ppc64.rpm perf-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm python-perf-3.10.0-693.17.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm ppc64le: kernel-3.10.0-693.17.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-693.17.1.el7.ppc64le.rpm kernel-debug-3.10.0-693.17.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.17.1.el7.ppc64le.rpm kernel-devel-3.10.0-693.17.1.el7.ppc64le.rpm kernel-headers-3.10.0-693.17.1.el7.ppc64le.rpm kernel-tools-3.10.0-693.17.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-693.17.1.el7.ppc64le.rpm perf-3.10.0-693.17.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm python-perf-3.10.0-693.17.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm s390x: kernel-3.10.0-693.17.1.el7.s390x.rpm kernel-debug-3.10.0-693.17.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-693.17.1.el7.s390x.rpm kernel-debug-devel-3.10.0-693.17.1.el7.s390x.rpm kernel-debuginfo-3.10.0-693.17.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-693.17.1.el7.s390x.rpm kernel-devel-3.10.0-693.17.1.el7.s390x.rpm kernel-headers-3.10.0-693.17.1.el7.s390x.rpm kernel-kdump-3.10.0-693.17.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-693.17.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-693.17.1.el7.s390x.rpm perf-3.10.0-693.17.1.el7.s390x.rpm perf-debuginfo-3.10.0-693.17.1.el7.s390x.rpm python-perf-3.10.0-693.17.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.s390x.rpm x86_64: kernel-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.17.1.el7.x86_64.rpm kernel-devel-3.10.0-693.17.1.el7.x86_64.rpm kernel-headers-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.17.1.el7.x86_64.rpm perf-3.10.0-693.17.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm python-perf-3.10.0-693.17.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-693.17.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-693.17.1.el7.ppc64.rpm perf-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-693.17.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.17.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-693.17.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.17.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-693.17.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.17.1.el7.noarch.rpm kernel-doc-3.10.0-693.17.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.17.1.el7.x86_64.rpm kernel-devel-3.10.0-693.17.1.el7.x86_64.rpm kernel-headers-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.17.1.el7.x86_64.rpm perf-3.10.0-693.17.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm python-perf-3.10.0-693.17.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.17.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.17.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8539 https://access.redhat.com/security/cve/CVE-2017-7472 https://access.redhat.com/security/cve/CVE-2017-12192 https://access.redhat.com/security/cve/CVE-2017-12193 https://access.redhat.com/security/cve/CVE-2017-15649 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5753 https://access.redhat.com/security/cve/CVE-2017-5715 https://access.redhat.com/security/cve/CVE-2017-5754 https://access.redhat.com/articles/3327131 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFaab47XlSAg2UNWIIRAgi2AKDDW6z/9di3aoNQMX6PaIOzYTu39gCgncrF n+VQu/CVEmiUW8aXZCnplaM= =Km2i -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The appliance is available to download as an OVA file from the Customer Portal. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03805en_us Version: 7 HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2018-01-23 Last Updated: 2018-01-22 Potential Security Impact: Local: Disclosure of Information, Elevation of Privilege Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. **Note:** * This issue takes advantage of techniques commonly used in many modern processor architectures. * For further information, microprocessor vendors have provided security advisories: - Intel: <https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088&langu geid=en-fr> - AMD: <http://www.amd.com/en/corporate/speculative-execution> - ARM: <https://developer.arm.com/support/security-update> References: - CVE-2017-5715 - aka Spectre, branch target injection - CVE-2017-5753 - aka Spectre, bounds check bypass - CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access permission check performed after kernel memory read SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HPE ProLiant DL380 Gen10 Server - To be delivered - HPE ProLiant DL180 Gen10 Server - To be delivered - HPE ProLiant DL160 Gen10 Server - To be delivered - HPE ProLiant DL360 Gen10 Server - To be delivered - HPE ProLiant ML110 Gen10 Server - To be delivered - HPE ProLiant DL580 Gen10 Server - To be delivered - HPE ProLiant DL560 Gen10 Server - To be delivered - HPE ProLiant DL120 Gen10 Server - To be delivered - HPE ProLiant ML350 Gen10 Server - To be delivered - HPE ProLiant XL450 Gen10 Server - To be delivered - HPE Synergy 660 Gen10 Compute Module - To be delivered - HPE ProLiant DL385 Gen10 Server - prior to v1.04 - HPE ProLiant XL170r Gen10 Server - To be delivered - HPE ProLiant BL460c Gen10 Server Blade - To be delivered - HPE ProLiant XL190r Gen10 Server - To be delivered - HPE ProLiant XL230k Gen10 Server - To be delivered - HPE Synergy 480 Gen10 Compute Module - To be delivered - HPE ProLiant XL730f Gen9 Server - To be delivered - HPE ProLiant XL230a Gen9 Server - To be delivered - HPE ProLiant XL740f Gen9 Server - To be delivered - HPE ProLiant XL750f Gen9 Server - To be delivered - HPE ProLiant XL170r Gen9 Server - To be delivered - HP ProLiant DL60 Gen9 Server - To be delivered - HP ProLiant DL160 Gen9 Server - To be delivered - HPE ProLiant DL360 Gen9 Server - To be delivered - HP ProLiant DL380 Gen9 Server - To be delivered - HPE ProLiant XL450 Gen9 Server - To be delivered - HPE Apollo 4200 Gen9 Server - To be delivered - HP ProLiant BL460c Gen9 Server Blade - To be delivered - HP ProLiant ML110 Gen9 Server - To be delivered - HP ProLiant ML150 Gen9 Server - To be delivered - HPE ProLiant ML350 Gen9 Server - To be delivered - HP ProLiant DL120 Gen9 Server - To be delivered - HPE ProLiant DL560 Gen9 Server - To be delivered - HP ProLiant BL660c Gen9 Server - To be delivered - HPE ProLiant ML30 Gen9 Server - To be delivered - HPE ProLiant XL170r Gen10 Server - To be delivered - HPE ProLiant DL20 Gen9 Server - To be delivered - HPE Synergy 660 Gen9 Compute Module - To be delivered - HPE Synergy 480 Gen9 Compute Module - To be delivered - HPE ProLiant XL250a Gen9 Server - To be delivered - HPE ProLiant XL190r Gen9 Server - To be delivered - HP ProLiant DL80 Gen9 Server - To be delivered - HPE ProLiant DL180 Gen9 Server - To be delivered - HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server - To be delivered - HPE ProLiant WS460c Gen9 Workstation - To be delivered - HPE ProLiant XL260a Gen9 Server - To be delivered - HPE Synergy 620 Gen9 Compute Module - To be delivered - HPE ProLiant DL580 Gen9 Server - To be delivered - HP ProLiant XL220a Gen8 v2 Server - To be delivered - HPE Synergy 680 Gen9 Compute Module - To be delivered - HPE ProLiant m510 Server Cartridge - To be delivered - HPE ProLiant m710p Server Cartridge - To be delivered - HPE ProLiant m710x Server Cartridge - To be delivered - HP ProLiant m710 Server Cartridge - To be delivered - HP ProLiant DL980 G7 Server - To be delivered - HPE Synergy Composer - To be delivered - HPE ProLiant Thin Micro TM200 Server - To be delivered - HPE ProLiant ML10 v2 Server - To be delivered - HPE ProLiant m350 Server Cartridge - To be delivered - HPE ProLiant m300 Server Cartridge - To be delivered - HPE ProLiant MicroServer Gen8 - To be delivered - HPE ProLiant ML310e Gen8 v2 Server - To be delivered - HPE Superdome Flex Server - To be delivered - HP 3PAR StoreServ File Controller - To be delivered - v3 impacted - HPE StoreVirtual 3000 File Controller - To be delivered - HPE StoreEasy 1450 Storage - To be delivered - HPE StoreEasy 1550 Storage - To be delivered - HPE StoreEasy 1650 Storage - To be delivered - HPE StoreEasy 3850 Gateway Storage - To be delivered - HPE StoreEasy 1850 Storage - To be delivered - HP ConvergedSystem 700 - To be delivered - HPE Converged Architecture 700 - To be delivered - HP ProLiant DL580 Gen8 Server - To be delivered - HPE Cloudline CL2100 Gen10 Server - To be delivered - HPE Cloudline CL2200 Gen10 Server - To be delivered - HPE Cloudline CL3150 G4 Server - To be delivered - HPE Cloudline CL5200 G3 Server - To be delivered - HPE Cloudline CL3100 G3 Server - To be delivered - HPE Cloudline CL2100 G3 807S 8 SFF Configure-to-order Server - To be delivered - HPE Cloudline CL2100 G3 407S 4 LFF Configure-to-order Server - To be delivered - HPE Cloudline CL2100 G3 806R 8SFF Configure-to-order Server - To be delivered - HPE Cloudline CL2200 G3 1211R 12 LFF Configure-to-order Server - To be delivered BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-5715 8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N 6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N) CVE-2017-5753 5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L 5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5754 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION On January 11, Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for numerous processors including Broadwell, Haswell, Skylake, Kaby Lake, Ivybridge, and Sandybridge processors. Intel has now identified the root cause of these issues and determined that these microcodes may introduce reboots and other unpredictable system behavior. Due to the severity of the potential issues that may occur when using these microcodes, Intel is now recommending that customers discontinue their use. Additional information is available from Intels Security Exploit Newsroom here: <https://newsroom.intel.com/press-kits/security-exploits-intel-products/> . HPE is in alignment with Intel in our recommendation that customers discontinue use of System ROMs including impacted microcodes and revert to earlier System ROM versions. All System ROMs including impacted microcodes have been removed from the HPE Support Site. This impacts HPE ProLiant and Synergy Gen10, Gen9, and Gen8 v2 servers as well as HPE Superdome servers for which updated System ROMs had previously been made available. Intel is working on updated microcodes to address these issues, and HPE will validate updated System ROMs including these microcodes and make them available to our customers in the coming weeks. Mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities require only OS updates and are not impacted. * HPE has provided a customer bulletin <https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us> with specific instructions to obtain the udpated sytem ROM - Note: + CVE-2017-5715 (Variant 2) requires that the System ROM be updated and a vendor supplied operating system update be applied as well. + For CVE-2017-5753, CVE-2017-5754 (Variants 1 and 3) require only updates of a vendor supplied operating system. + HPE will continue to add additional products to the list. HISTORY Version:1 (rev.1) - 4 January 2018 Initial release Version:2 (rev.2) - 5 January 2018 Added additional impacted products Version:3 (rev.3) - 10 January 2018 Added more impacted products Version:4 (rev.4) - 9 January 2018 Fixed product ID Version:5 (rev.5) - 18 January 2018 Added additional impacted products Version:6 (rev.6) - 19 January 2018 updated impacted product list Version:7 (rev.7) - 23 January 2018 Marked impacted products with TBD for System ROM updates per Intel's guidance on microcode issues Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update macOS High Sierra 10.13.2 Supplemental Update is now available and addresses the following: Available for: macOS High Sierra 10.13.2 Description: macOS High Sierra 10.13.2 Supplemental Update includes security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715). We would like to acknowledge Jann Horn of Google Project Zero; and Paul Kocher in collaboration with Daniel Genkin of University of Pennsylvania and University of Maryland, Daniel Gruss of Graz University of Technology, Werner Haas of Cyberus Technology, Mike Hamburg of Rambus (Cryptography Research Division), Moritz Lipp of Graz University of Technology, Stefan Mangard of Graz University of Technology, Thomas Prescher of Cyberus Technology, Michael Schwarz of Graz University of Technology, and Yuval Yarom of University of Adelaide and Data61 for their assistance. Installation note: macOS High Sierra 10.13.2 Supplemental Update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlpTsDUpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZMSg// WW0oSMlU0KgLL1Fe6z2fCSXF06I/QMdUTFV3tt7Rwb49BfnhLstNb0hE/XRcX/fy IMTurdMlRwOqamrOC7LdSiBvCCeJqyfudEq52uqbFpYDLDK6D/RxUKagTJip+M5P 3KCrTt8qpFA2Ip8KzEmBeS3Of9GnNoGdfI7ir38dFrqCADuWYtd6bVxurcM/Uhs0 yjH38JPGyvRXvxM9Qy5wAezQM9oFN1Jlly79n+RX1d9vDpjfExhUV7n1JS9zTOXw Dy+bjYsXcrlzrmcSlHaRa4E4FTPVYWyLSZmEokoQmTbsIABHiPSc9s92CEEzd2LQ FiOyHgT+QWA3zyySjQ+InhSf17QRpUUIYkgTsZJhbcdLSHXW/2etHq6vh5z5wD92 +HfmKYGozUk6QH7TEApYmS71lKaAFRQscP7D0EGhi81YIlu6shqxZr/HnK2Q1FXJ I7yWXtsZq7BSvYu31uSc/YAr76VBgplETE0hnsPZRdRNiaJyNg6ForfDA7kn7t8W GIdJvjkZzG55fUpW1b/GqPxv8wSb/DDzlrJjb7yAffDyCRr4KGVT0lk2f1aBVYSY NVxrdDtGOEWfd/P+6bU0s5v09mFefCbhIqGTFrqEjrDifYz7nW6BhoBAK+I0cyQf U1316sNsG/gmTuOx7wO6sqyOkYyPGZzDI882U8un+n8= =r0HS -----END PGP SIGNATURE-----

IOT TAXONOMY

AFFECTED PRODUCTS