ID

VAR-201806-1505

CVE

CVE-2018-3665

TITLE

Intel Core Microprocessors Information Disclosure Vulnerability

DESCRIPTION

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. Intel Core-based microprocessors are Intel's Core series of central processing units (CPUs). An information disclosure vulnerability exists in Intel Core-based microprocessors. An attacker could exploit this vulnerability to obtain values about other processes stored in a number register. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Enhancement(s): * The kernel-rt packages have been upgraded to version 3.10.0-693.35.1.rt56.623, which provides a number of bug fixes over the previous version. (BZ#1579972) Users of kernel-rt are advised to upgrade to these updated packages, which add this enhancement. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1579972 - Update the kernel-rt sources with the latest 3.10 sources. ========================================================================== Ubuntu Security Notice USN-3698-2 July 02, 2018 linux-lts-trusty vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash). (CVE-2017-12154) Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12193) It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15265) It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130) Julian Stecklina and Thomas Prescher discovered that FPU register states (such as MMX, SSE, and AVX registers) which are lazily restored are potentially vulnerable to a side channel attack. A local attacker could use this to expose sensitive information. (CVE-2018-3665) Wang Qize discovered that an information disclosure vulnerability existed in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A local attacker could use this to expose sensitive information (kernel pointer addresses). (CVE-2018-5750) It was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803) It was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927) It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-7755) It was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: linux-image-3.13.0-153-generic 3.13.0-153.203~precise1 linux-image-3.13.0-153-generic-lpae 3.13.0-153.203~precise1 linux-image-generic-lpae-lts-trusty 3.13.0.153.143 linux-image-generic-lts-trusty 3.13.0.153.143 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:07.lazyfpu Security Advisory The FreeBSD Project Topic: Lazy FPU State Restore Information Disclosure Category: core Module: kernel Announced: 2018-06-21 Credits: Julian Stecklina from Amazon Germany Thomas Prescher from Cyberus Technology GmbH Zdenek Sojka from SYSGO AG Colin Percival Affects: All supported version of FreeBSD. Corrected: 2018-06-14 18:50:49 UTC (stable/11, 11.2-PRERELEASE) 2018-06-15 13:21:37 UTC (releng/11.2, 11.2-RC3) 2018-06-21 05:17:13 UTC (releng/11.1, 11.1-RELEASE-p11) CVE Name: CVE-2018-3665 Special Note: This advisory only addresses this issue for FreeBSD 11.x on i386 and amd64. We expect to update this advisory to include 10.x in the near future. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. Background Modern CPUs have a floating point unit (FPU) which needs to maintain state per thread. One technique is to only save and to only restore the FPU state for a thread when a thread attempts to utilize the FPU. II. III. Impact Any local thread can potentially read FPU state information from other threads running on the host. This could include cryptographic keys when the AES-NI CPU feature is present. IV. Workaround No workaround is available, but non-Intel branded CPUs are not believed to be vulnerable. V. This new technique is the recommended practice from Intel and in some cases can actually increase performance, depending on workload. Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Afterward, reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Afterward, reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.1] # fetch https://security.FreeBSD.org/patches/SA-18:07/lazyfpu-11.patch # fetch https://security.FreeBSD.org/patches/SA-18:07/lazyfpu-11.patch.asc # gpg --verify lazyfpu-11.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r335169 releng/11.2/ r335196 releng/11.1/ r335465 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security update Advisory ID: RHSA-2018:1852-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1852 Issue date: 2018-06-14 CVE Names: CVE-2018-3665 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch, ppc64le 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1585011 - CVE-2018-3665 Kernel: FPU state information leakage via lazy FPU restore 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-862.3.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.3.3.el7.noarch.rpm kernel-doc-3.10.0-862.3.3.el7.noarch.rpm x86_64: kernel-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.3.3.el7.x86_64.rpm kernel-devel-3.10.0-862.3.3.el7.x86_64.rpm kernel-headers-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.3.3.el7.x86_64.rpm perf-3.10.0-862.3.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm python-perf-3.10.0-862.3.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.3.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-862.3.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.3.3.el7.noarch.rpm kernel-doc-3.10.0-862.3.3.el7.noarch.rpm x86_64: kernel-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.3.3.el7.x86_64.rpm kernel-devel-3.10.0-862.3.3.el7.x86_64.rpm kernel-headers-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.3.3.el7.x86_64.rpm perf-3.10.0-862.3.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm python-perf-3.10.0-862.3.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.3.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-862.3.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.3.3.el7.noarch.rpm kernel-doc-3.10.0-862.3.3.el7.noarch.rpm ppc64: kernel-3.10.0-862.3.3.el7.ppc64.rpm kernel-bootwrapper-3.10.0-862.3.3.el7.ppc64.rpm kernel-debug-3.10.0-862.3.3.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm kernel-debug-devel-3.10.0-862.3.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.3.3.el7.ppc64.rpm kernel-devel-3.10.0-862.3.3.el7.ppc64.rpm kernel-headers-3.10.0-862.3.3.el7.ppc64.rpm kernel-tools-3.10.0-862.3.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm kernel-tools-libs-3.10.0-862.3.3.el7.ppc64.rpm perf-3.10.0-862.3.3.el7.ppc64.rpm perf-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm python-perf-3.10.0-862.3.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm ppc64le: kernel-3.10.0-862.3.3.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debug-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.3.3.el7.ppc64le.rpm kernel-devel-3.10.0-862.3.3.el7.ppc64le.rpm kernel-headers-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.3.3.el7.ppc64le.rpm perf-3.10.0-862.3.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm python-perf-3.10.0-862.3.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm s390x: kernel-3.10.0-862.3.3.el7.s390x.rpm kernel-debug-3.10.0-862.3.3.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.s390x.rpm kernel-debug-devel-3.10.0-862.3.3.el7.s390x.rpm kernel-debuginfo-3.10.0-862.3.3.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.3.3.el7.s390x.rpm kernel-devel-3.10.0-862.3.3.el7.s390x.rpm kernel-headers-3.10.0-862.3.3.el7.s390x.rpm kernel-kdump-3.10.0-862.3.3.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.3.3.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.3.3.el7.s390x.rpm perf-3.10.0-862.3.3.el7.s390x.rpm perf-debuginfo-3.10.0-862.3.3.el7.s390x.rpm python-perf-3.10.0-862.3.3.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.s390x.rpm x86_64: kernel-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.3.3.el7.x86_64.rpm kernel-devel-3.10.0-862.3.3.el7.x86_64.rpm kernel-headers-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.3.3.el7.x86_64.rpm perf-3.10.0-862.3.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm python-perf-3.10.0-862.3.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): noarch: kernel-abi-whitelists-3.10.0-862.3.3.el7.noarch.rpm kernel-doc-3.10.0-862.3.3.el7.noarch.rpm ppc64le: kernel-3.10.0-862.3.3.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debug-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.3.3.el7.ppc64le.rpm kernel-devel-3.10.0-862.3.3.el7.ppc64le.rpm kernel-headers-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.3.3.el7.ppc64le.rpm perf-3.10.0-862.3.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm python-perf-3.10.0-862.3.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm s390x: kernel-3.10.0-862.3.3.el7.s390x.rpm kernel-debug-3.10.0-862.3.3.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.s390x.rpm kernel-debug-devel-3.10.0-862.3.3.el7.s390x.rpm kernel-debuginfo-3.10.0-862.3.3.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.3.3.el7.s390x.rpm kernel-devel-3.10.0-862.3.3.el7.s390x.rpm kernel-headers-3.10.0-862.3.3.el7.s390x.rpm kernel-kdump-3.10.0-862.3.3.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.3.3.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.3.3.el7.s390x.rpm perf-3.10.0-862.3.3.el7.s390x.rpm perf-debuginfo-3.10.0-862.3.3.el7.s390x.rpm python-perf-3.10.0-862.3.3.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.3.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-862.3.3.el7.ppc64.rpm perf-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.3.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.3.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): noarch: kernel-doc-3.10.0-862.3.3.el7.noarch.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.3.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-862.3.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.3.3.el7.noarch.rpm kernel-doc-3.10.0-862.3.3.el7.noarch.rpm x86_64: kernel-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.3.3.el7.x86_64.rpm kernel-devel-3.10.0-862.3.3.el7.x86_64.rpm kernel-headers-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.3.3.el7.x86_64.rpm perf-3.10.0-862.3.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm python-perf-3.10.0-862.3.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.3.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-3665 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/solutions/3485131 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWyLMGNzjgjWX9erEAQgpYA/9Hvz73em4/tW/TzM8kN/cCUwrOo83OQGU t6j7YpDHKYm6u3chj6nlBSXW7UV+aY/63QMRTnzMWsGF1facAikYVqjyVZG4C//9 6DpBILs3bNgOS2XuKo8QfNfA+0FahOKScaeczXnPjIJZMj+v+2ykh2uTYENC4eLd nnUymlRLm7MXcdmi3XSTmfBoBgcx4Beu+cLrZsdhxK0cFjw646KbiKqhbLbfVFK/ R+s49rsRJNWBw9DWaXskgAYOsznZA8EWNr5ncAwQ73ovIXy2k9qPvUJA/RNEOVZd 83LDx4IUs1VQ1xts38E0/tdnNV63bJ+oiv8j4P/tAXF3Ze/E46IvTdFu5U8bVCCD ka1Ix+8YIvDHbvZCB62STZAA9N7vdCYZg/4o8NqsDnVE/7G18SbJsOhmKunMVybE f0VSC19vyY6lVSBOY3Iyi/agO7tH0pY0YgHQDOQV/uGaCfR8lxvSbx37WCdXfDwm OJ0iUeFO12PYewTtpdz5uayRbtRxLvroEADLalyaJAfatCn5hPIhGVUCPkUEqzSu pRQov4JT1WgB2i5w50OAfFsMbnri5+CoaHOeBIZpQP36EqGGkji4Qaf9hyVLxwl4 N9cBzCJlC8Ssx/QVGFq1cqDt6iKgO/cxHskK3fCa8f/S4r7WR2ZLB5KaaJFk6Q9F m88/SMEZ3SU= =W4TZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Available for: macOS High Sierra 10.13.5 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2018-4289: shrek_wzw of Qihoo 360 Nirvan Team APFS Available for: macOS High Sierra 10.13.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4268: Mac working with Trend Micro's Zero Day Initiative ATS Available for: macOS High Sierra 10.13.5 Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4285: Mohamed Ghannam (@_simo36) Bluetooth Available for: MacBook Pro (15-inch, 2018), and MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports) Other Mac models were addressed with macOS High Sierra 10.13.5. Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham Entry added July 23, 2018 CFNetwork Available for: macOS High Sierra 10.13.5 Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks. CVE-2018-4293: an anonymous researcher CoreCrypto Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6 Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4269: Abraham Masri (@cheesecakeufo) DesktopServices Available for: macOS Sierra 10.12.6 Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. CVE-2018-4178: Arjen Hendrikse IOGraphics Available for: macOS High Sierra 10.13.5 Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. An information disclosure issue was addressed with FP/SIMD register state sanitization. CVE-2018-3665: Julian Stecklina of Amazon Germany, Thomas Prescher of Cyberus Technology GmbH (cyberus-technology.de), Zdenek Sojka of SYSGO AG (sysgo.com), and Colin Percival libxpc Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4280: Brandon Azad libxpc Available for: macOS High Sierra 10.13.5 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4248: Brandon Azad LinkPresentation Available for: macOS High Sierra 10.13.5 Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com) Additional recognition Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance. Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance. Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance. Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance. Kernel We would like to acknowledge juwei lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative for their assistance. Security We would like to acknowledge Brad Dahlsten of Iowa State University for their assistance. Installation note: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltUscgACgkQ8ecVjteJ iCYeUhAApT+4xU8iuXThUb/3bH207ZNLf8NC6eCtaPLP55Dn27hdNZYoQfGZYmY5 jKsGNXAiel02GWQLpsTeNZaWM+Tzeuus41iSFrvBFtoS4SobMYw9ymV1emxBSlY6 ZDV3L47IJOMHeF9HwE260BgIMFJDF9jMGkm22VhLE3U7uQOdIjHgOAmr/reoof4Z 84yNvBVK5/7DYlY4QxHL6bvsQG47FNs2P0WzpkrtLQwPXyz6y7I3VH4wc7G3J5dE 9YanAw/f9d31GH5lrIJLJt+pFtOsqOonHfzgf+mn7THNBIXsr7HHTiycw+6rRBlj m9X2jL3VF25WNyU1Ir13z1Vt//Yksva8JluBFCUAMxFWi9FJhgF64Rscdmuj756u ItMETXK15GSxc8X6Stoge3iMVfajS6nozVX99Pxf1I0XCBQNVNynQLkTL/ZzwJ7X miBAMXywxgzZmSDo4LSs3Xs3dRk7eIPTQ7iY08wX2c5uJYfXs1deFIRaJPxsA0X3 BH2SAL1kpesU0Qk1YZGnPLtja8c4jzvWKx31EI2v0uASiwBMdswu4FL78/dq19AB sqeW4xjmvCK2Yp9IEBp1oo0oTlfBrrl6dbnrwVFC0yBaJBAdCzlsO/oEm0VP5AKO CqPNW3N1JAQIg0hplXq+2gLMXA7SNzxRLh0rTDRQ19mow47fDmk= =Fo0i -----END PGP SIGNATURE----- . 7.4) - ppc64, ppc64le, x86_64 3. Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2019-11091) * kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633) * kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215) * Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939) * kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068) * kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) * kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913) * kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600) * kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190) * kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558) * Kernel: KVM: DoS via write flood to I/O port 0x80 (CVE-2017-1000407) * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * rwsem in inconsistent state leading system to hung (BZ#1690321) * efi_bgrt_init fails to ioremap error during boot (BZ#1692284) 4. Bugs fixed (https://bugzilla.redhat.com/): 1391490 - CVE-2016-8633 kernel: Buffer overflow in firewire driver via crafted incoming packets 1402885 - CVE-2016-7913 kernel: media: use-after-free in [tuner-xc2028] media driver 1474928 - CVE-2017-11600 kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message 1495089 - CVE-2017-12190 kernel: memory leak when merging buffers in SCSI IO vectors 1517220 - CVE-2017-16939 Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation 1520328 - CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80 1525474 - CVE-2017-17558 kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow 1535173 - CVE-2017-13215 kernel: crypto: privilege escalation in skcipher_recvmsg function 1552048 - CVE-2018-1068 kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c 1585011 - CVE-2018-3665 Kernel: FPU state information leakage via lazy FPU restore 1641878 - CVE-2018-18559 kernel: Use-after-free due to race condition in AF_PACKET implementation 1646781 - CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) 1646784 - CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) 1667782 - CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) 1705312 - CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) 6

IOT TAXONOMY

AFFECTED PRODUCTS