Download
| Alert*
oval:org.secpod.oval:def:89002298
This update for webkit2gtk3 fixes the following issues: Update to version 2.18.5: + Disable SharedArrayBuffers from Web API. + Reduce the precision of quot;highquot; resolution time to 1ms. + bsc#1075419 - Security fixes: includes improvements to mitigate the effects of Spectre and Meltdown . Update ... oval:org.secpod.oval:def:1100524 The remote host is missing a patch containing a security fix, which affects the following packages: bos.mp64. For more information please visit vendor advisory link. oval:org.secpod.oval:def:53315 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ... oval:org.secpod.oval:def:43520 The host is missing an important security update ADV180002 oval:org.secpod.oval:def:52011 linux-hwe: Linux hardware enablement kernel Details:This update provides the corresponding updates for the Linux Hardware Enablement kernel for Linux Mint 18.x LTS. USNS 3541-2 and 3523-2 provided mitigations for Spectre and Meltdown for the i386, amd64, and ppc64el architectures for Linux Mint 1 ... oval:org.secpod.oval:def:89043855 This update for xen fixes several issues. This feature was added: - Added support for qemu monitor command These security issues were fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass , Variant 4 . - ... oval:org.secpod.oval:def:1800708 CVE-2017-5753 Versions affected: WebKitGTK+ before 2.18.5.Impact: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker via a side-channel analysis. This variant of the Spectre vulnerability triggers the spe ... oval:org.secpod.oval:def:51533 It was discovered that a new class of side channel attacks impact most processors, including processors from Intel, AMD, and ARM. The attack allows malicious userspace processes to read kernel memory and malicious code in guests to read hypervisor memory. To address the issue, updates to the Linux M ... oval:org.secpod.oval:def:89043690 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka Spectre and Meltdown attacks - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS or p ... oval:org.secpod.oval:def:51971 webkit2gtk: Web content engine library for GTK+ WebKitGTK+ could be made to expose sensitive information. oval:org.secpod.oval:def:51976 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-euclid: Linux kernel for Intel Euclid systems Details: Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. T ... oval:org.secpod.oval:def:51977 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors Details: This update provides the corresponding updates for the Linux Hardware Enableme ... oval:org.secpod.oval:def:89043867 This update for xen fixes several issues. This feature was added: - Added support for qemu monitor command These security issues were fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass , Variant 4 . - ... oval:org.secpod.oval:def:51983 linux-kvm: Linux kernel for cloud environments Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704010 linux-hwe: Linux hardware enablement kernel Details: USN-3597-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. USNS 3541-2 and 3523-2 provided mitigations fo ... oval:org.secpod.oval:def:704011 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Details: USNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown for the i386, amd64, and ppc64el architectures in Ubuntu 17.10. This update provides the corresponding mitigations for the arm64 architecture. Original a ... oval:org.secpod.oval:def:113883 WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. oval:org.secpod.oval:def:52911 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: USN-3540-1 addressed vulnerabilities in the Linux kernel for Linux Mint 18.x LTS. This update provides the corresponding updates for the Linux Hardware Enable ... oval:org.secpod.oval:def:52910 linux: Linux kernel Several security issues were addressed in the Linux kernel. oval:org.secpod.oval:def:1502094 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502095 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:113913 WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. oval:org.secpod.oval:def:1504440 [15:3.0.0-1.el7] - net: ignore packet size greater than INT_MAX [Orabug: 28763782] {CVE-2018-17963} - pcnet: fix possible buffer overflow [Orabug: 28763774] {CVE-2018-17962} - rtl8139: fix possible out of bound access [Orabug: 28763765] {CVE-2018-17958} - ne2000: fix possible out of bound access ... oval:org.secpod.oval:def:89043590 This update for xen fixes several issues. This new feature was included: - add script and sysv service to watch for vcpu online/offline events in a HVM domU These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative exec ... oval:org.secpod.oval:def:603383 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-9016 Ming Lei reported a race condition in the multiqueue block layer . On a system with a driver using blk-mq , a local user might be able to us ... oval:org.secpod.oval:def:603384 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ... oval:org.secpod.oval:def:2100114 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. oval:org.secpod.oval:def:89002259 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory . - CVE-2017-5753 / quot;Spec#197;#167;reAttackquot;: Local attac ... oval:org.secpod.oval:def:89002246 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Information leaks using quot;Memory Disambiguationquot; feature in modern CPUs were mitigated, aka quot;Spectre Variant 4quot; . A new boot commandli ... oval:org.secpod.oval:def:1504291 [1:1.2-5.el7] - Update spec file to remove "modprobe kvm-intel" and remove --enable-kvm arg to ovmf_vars_generator so qemu will not require kvm kernel module. - Update spec file to modprobe kvm_intel module prior to running qemu to enroll default keys. - Enroll Oracle cert/key for OL secureboot su ... oval:org.secpod.oval:def:89002248 This update for xen fixes the following issues: Update to Xen 4.7.5 bug fix only release Security issues fixed: - CVE-2018-7540: Fixed DoS via non-preemptable L3/L4 pagetable freeing - CVE-2018-7541: A grant table v2 -gt; v1 transition may crash Xen - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 F ... oval:org.secpod.oval:def:89002227 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory . - CVE-2017-5753: Local attackers on systems with modern CPUs fe ... oval:org.secpod.oval:def:703963 linux: Linux kernel Details: Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel m ... oval:org.secpod.oval:def:703962 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: USN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablemen ... oval:org.secpod.oval:def:703969 linux-kvm: Linux kernel for cloud environments Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703959 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors Details: USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu 17.10. Thi ... oval:org.secpod.oval:def:703958 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-euclid: Linux kernel for Intel Euclid systems Details: Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. T ... oval:org.secpod.oval:def:703956 linux: Linux kernel Several security issues were addressed in the Linux kernel. oval:org.secpod.oval:def:703947 webkit2gtk: Web content engine library for GTK+ WebKitGTK+ could be made to expose sensitive information. oval:org.secpod.oval:def:43415 It was discovered that a new class of side channel attacks impact most processors, including processors from Intel, AMD, and ARM. The attack allows malicious userspace processes to read kernel memory and malicious code in guests to read hypervisor memory. To address the issue, updates to the Ubuntu ... oval:org.secpod.oval:def:703933 firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information. oval:org.secpod.oval:def:43422 The host is missing a critical security update 4056568 oval:org.secpod.oval:def:43429 The host is missing a critical security update 4056888 oval:org.secpod.oval:def:43428 The host is missing an important security update 4056897 oval:org.secpod.oval:def:43427 The host is missing a critical security update 4056890 oval:org.secpod.oval:def:43426 The host is missing a critical security update 4056891 oval:org.secpod.oval:def:55650 Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API. Additionally ... oval:org.secpod.oval:def:43432 The host is missing an important security update 4056898 oval:org.secpod.oval:def:1800826 CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, XSA-254: Information leak via side effects of speculative execution Reference:¶ oval:org.secpod.oval:def:89043925 The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform. - CVE-2017-5753 / Spectre Attack : IBM Z fixes were included but not enabled in the previous update. This update enables those fixes. - CVE- ... oval:org.secpod.oval:def:1502104 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502105 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502120 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502126 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502127 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89043524 This update for xen fixes several issues. These security issues were fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass , Variant 4 . - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 m ... oval:org.secpod.oval:def:1504737 [15:3.0.0-1.el7] - net: ignore packet size greater than INT_MAX [Orabug: 28763782] {CVE-2018-17963} - pcnet: fix possible buffer overflow [Orabug: 28763774] {CVE-2018-17962} - rtl8139: fix possible out of bound access [Orabug: 28763765] {CVE-2018-17958} - ne2000: fix possible out of bound access ... oval:org.secpod.oval:def:60360 The remote host is missing a patch containing a security fix, which affects the following packages: bos.mp64. For more information please visit vendor advisory link. oval:org.secpod.oval:def:1502570 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89043778 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka Spectre and Meltdown attacks - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS or p ... oval:org.secpod.oval:def:1502571 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:60359 The remote host is missing a patch containing a security fix, which affects the following packages: bos.mp64 and bos.mp. For more information please visit vendor advisory link. oval:org.secpod.oval:def:51963 firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information. oval:org.secpod.oval:def:1800270 CVE-2017-17566, XSA-248: x86 PV guests may gain access to internally used pages Reference CVE-2017-17563, XSA-249: broken x86 shadow mode refcount overflow check Reference CVE-2017-17564, XSA-250: improper x86 shadow mode refcount error handling Reference CVE-2017-17565, XSA-251: improper bug check ... oval:org.secpod.oval:def:89043499 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform. - CVE-2017-5753 / Spectre Attack : IBM Z fixes were included but not enabled in the previous update. This update enables those fixes. - CVE- ... oval:org.secpod.oval:def:89002312 The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory . - CVE-2017-5753 / quot;SpectreAttackquot;: Local attackers on s ... oval:org.secpod.oval:def:1800236 CVE-2017-17566, XSA-248: x86 PV guests may gain access to internally used pages Reference: CVE-2017-17563, XSA-249: broken x86 shadow mode refcount overflow check Reference: CVE-2017-17564, XSA-250: improper x86 shadow mode refcount error handling Reference: CVE-2017-17565, XSA-251: improper bug che ... oval:org.secpod.oval:def:43434 The host is missing a critical security update accoding to Apple advisory, APPLE-SA-2018-1-8-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle targeted cache side-channel attacks. Successful exploitation could allow at ... oval:org.secpod.oval:def:43433 The host is missing a critical security update accoding to Apple advisory, APPLE-SA-2018-1-8-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle targeted cache side-channel attacks. Successful exploitation could allow at ... oval:org.secpod.oval:def:53259 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ... oval:org.secpod.oval:def:1800444 CVE-2017-17566, XSA-248: x86 PV guests may gain access to internally used pages Reference: CVE-2017-17563, XSA-249: broken x86 shadow mode refcount overflow check Reference: CVE-2017-17564, XSA-250: improper x86 shadow mode refcount error handling Reference: CVE-2017-17565, XSA-251: improper bug che ... oval:org.secpod.oval:def:89049634 The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following new feature was added: - NVDIMM memory error notification The following security bugs were fixed: - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could have result in local ... oval:org.secpod.oval:def:507501 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: memory corruption in AX88179_178A based USB ethernet device. * hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 For more details about the security issue, including the impact, a CV ... oval:org.secpod.oval:def:52001 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Details: Mohamed Ghannam discovered that the IPv4 raw socket impl ... oval:org.secpod.oval:def:52000 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors Details: This update provides the corresponding updates for the Linux Hardware Enableme ... oval:org.secpod.oval:def:89002271 This update for kvm fixes the following issues: Also a mitigation for a security flaw has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. Security f ... oval:org.secpod.oval:def:89043858 This update provides rebuilt kernel modules for SUSE Linux Enterprise 12 SP3 products with retpoline enablement to address Spectre Variant 2 . Following modules have been rebuilt: - drbd - oracleasm - crash - lttng-modules oval:org.secpod.oval:def:53337 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2017-15038 Tuomas Tynkkynen discovered an information leak in 9pfs. CVE-2017-15119 Eric Blake discovered that the NBD server insufficiently restricts large option requests, resulting in denial of service. CVE-2017-15124 ... oval:org.secpod.oval:def:89002077 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode version 20180108 The pre-released microcode fixing some important security issues is now officially published . New firmware updates since last version are avail for these Intel processors: - IVT C0 428-gt;42a ... oval:org.secpod.oval:def:706045 intel-microcode: Processor microcode for Intel CPUs Several security issues were fixed in Intel Microcode. oval:org.secpod.oval:def:114757 QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ... oval:org.secpod.oval:def:204791 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: speculative execution permission faults handling * kernel: Buffer overflow in firewire driver via crafted incoming packets * kernel: Use-after-free vulnerability in DCCP socket * Kernel: ... oval:org.secpod.oval:def:204798 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: speculative execution permission faults handling * Kernel: error in exception handling leads to DoS * kernel: nfsd: Incorrect handling of long RPC replies * kernel: Use-after-free vulner ... oval:org.secpod.oval:def:51972 intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:1700011 Speculative execution branch target injectionAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions . There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Varia ... oval:org.secpod.oval:def:51990 qemu: Machine emulator and virtualizer Spectre mitigations were added to QEMU. oval:org.secpod.oval:def:1700003 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions . There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative exe ... oval:org.secpod.oval:def:1700002 An updated kernel release for Amazon Linux has been made available which prevents speculative execution of indirect branches within the kernel. This release incorporates latest stable open source Linux security improvements to address CVE-2017-5715 within the kernel and builds upon previously incorp ... oval:org.secpod.oval:def:1700000 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions . There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative exe ... oval:org.secpod.oval:def:51991 libvirt: Libvirt virtualization toolkit Spectre mitigations were added to libvirt. oval:org.secpod.oval:def:89043893 The following kernel modules were rebuild with retpoline enablement to allow full mitigation of the Spectre Variant 2 OFED was adjusted to add an entry to control the loading/unloading of cxgb4 to /etc/sysconf/infiniband . oval:org.secpod.oval:def:704007 linux: Linux kernel Details: USN-3542-1 mitigated CVE-2017-5715 for the amd64 architecture in Ubuntu 14.04 LTS. This update provides the compiler-based retpoline kernel mitigation for the amd64 and i386 architectures. Original advisory The system could be made to expose sensitive information. oval:org.secpod.oval:def:704231 intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:1600829 An updated kernel release for Amazon Linux has been made available which prevents speculative execution of indirect branches within the kernel. This release incorporates latest stable open source Linux security improvements to address CVE-2017-5715 within the kernel and builds upon previously incorp ... oval:org.secpod.oval:def:52915 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: USN-3582-1 fixed vulnerabilities in the Linux kernel for Linux Mint 18.x LTS. This update provides the corresponding updates for the Linux Hardware Enablement ... oval:org.secpod.oval:def:52917 linux: Linux kernel Details: USN-3542-1 mitigated CVE-2017-5715 for the amd64 architecture in Linux Mint 17.x LTS. This update provides the compiler-based retpoline kernel mitigation for the amd64 and i386 architectures. Original advisory The system could be made to expose sensitive information. oval:org.secpod.oval:def:1502093 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502091 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502096 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502097 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502098 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502099 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:704457 linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:89002451 This update for qemu fixes the following issues: This update has the next round of Spectre v2 related patches, which now integrate with corresponding changes in libvirt. The January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl featur ... oval:org.secpod.oval:def:89002442 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2017-5715: Fixes for speculative side channel attacks aka quot;SpectreAttackquot; . - CVE-2018-1064: Fixed denial of service when reading from guest agent . - CVE-2018-5748: Fixed possible denial of service when readin ... oval:org.secpod.oval:def:43376 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant ... oval:org.secpod.oval:def:89002437 This update for qemu fixes the following issues: A new feature was added: - Support EPYC vCPU type Also a mitigation for a security problem has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling b ... oval:org.secpod.oval:def:88280 The host is installed with Oracle VM VirtualBox before 5.1.32 or 5.2.6 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Core. Successful exploitation allows attackers to affect Confidentiality. oval:org.secpod.oval:def:52099 intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:89002427 This update for gcc43 fixes the following issues: This update adds support for quot;expolinesquot; on s390x, allowing fixing CVE-2017-5715 in a more lightweight fashion. The option flags are the same as for the x86 retpolines. A compiler crash when building userland packages with x86 retpolines was ... oval:org.secpod.oval:def:89002423 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at ... oval:org.secpod.oval:def:603398 Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-8897 Andy Lutomirski and Nick Peterson discovered that incorrect handling of debug exceptions could result in privilege escalation. CVE-2018-10471 An error was discovered in the mitigations against Meltdown which could res ... oval:org.secpod.oval:def:43397 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant ... oval:org.secpod.oval:def:703994 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: USN-3582-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement k ... oval:org.secpod.oval:def:703993 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Details: Mohamed Ghannam discovered that the IPv4 raw socket impl ... oval:org.secpod.oval:def:703992 linux: Linux kernel Details: Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. ChunYu Wang discove ... oval:org.secpod.oval:def:703991 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors Details: USN-3581-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This up ... oval:org.secpod.oval:def:115017 QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ... oval:org.secpod.oval:def:89002235 This update for libvirt fixes the following issues: This new feature was added: - bsc#1094325, bsc#1094725: libxl: Enable virsh blockresize for XEN guests This security issue was fixed: - CVE-2017-5715: Additional fixes for the Spectre patches These non-security issues were fixed: - bsc#1100112: sc ... oval:org.secpod.oval:def:89002478 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2017-5715: Fixes for speculative side channel attacks aka quot;SpectreAttackquot; . - CVE-2018-6764: Fixed guest executable code injection via libnss_dns.so loaded by libvirt_lxc before init . - CVE-2018-1064: Fixed de ... oval:org.secpod.oval:def:703978 libvirt: Libvirt virtualization toolkit Spectre mitigations were added to libvirt. oval:org.secpod.oval:def:703977 qemu: Machine emulator and virtualizer Spectre mitigations were added to QEMU. oval:org.secpod.oval:def:89002226 This update for qemu fixes the following issues: This update has the next round of Spectre v2 related patches, which now integrate with corresponding changes in libvirt. The January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl featur ... oval:org.secpod.oval:def:89049757 This update for kernel-firmware to version 20180525 fixes the following issues: This security issue was fixed: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction oval:org.secpod.oval:def:89002179 This update for ucode-intel fixes the following issues: The CPU microcode for Haswell-X, Skylake-X and Broadwell-X chipsets was updated to report both branch prediction control via CPUID flag and ability to control branch prediction via an MSR register. This update is part of a mitigation for a bran ... oval:org.secpod.oval:def:89043959 This update for kernel-firmware fixes the following issues: This security issue was fixed: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction oval:org.secpod.oval:def:703948 intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:43417 The host is installed with Apple Safari before 11.0.2 or Mozilla Firefox before 57.0.4 and is prone to a speculative execution branch target injection vulnerability. A flaw is present in the applications, which fails to properly handle targeted cache side-channel attacks. Successful exploitation cou ... oval:org.secpod.oval:def:89002152 This update for kvm fixes the following issues: - This update has the next round of Spectre v2 related patches, which now integrates with corresponding changes in libvirt. A January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl feature ... oval:org.secpod.oval:def:89043922 This update for kernel-firmware fixes the following issues: - Add microcode_amd_fam17h.bin This new firmware disables branch prediction on AMD family 17h processor to mitigate a attack on the branch predictor that could lead to information disclosure from e.g. kernel memory . oval:org.secpod.oval:def:2000634 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. oval:org.secpod.oval:def:73444 intel-microcode: Processor microcode for Intel CPUs Several security issues were fixed in Intel Microcode. oval:org.secpod.oval:def:507466 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the C ... oval:org.secpod.oval:def:114874 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:89043548 This update for microcode_ctl fixes the following security issue: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction oval:org.secpod.oval:def:89043554 This update rebuilds missing kernel modules to use retpolines mitigations for Spectre Variant 2 . Rebuilt KMP packages: - cluster-network - drbd - gfs2 - iscsitarget - ocfs2 - ofed - oracleasm oval:org.secpod.oval:def:51202 linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:89043507 This update for kernel-firmware fixes the following issues: This security issue was fixed: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction oval:org.secpod.oval:def:1600823 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions . There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative exe ... oval:org.secpod.oval:def:89043781 Update to Intel microcode version 20180108 - The pre-released microcode fixing some important security issues is now officially published . Among other updates it contains: - IVT C0 428- gt;42a - SKL-U/Y D0 ba- gt;c2 - BDW-U/Y E/F 25- gt;28 - HSW-ULT Cx/Dx 20- gt;21 - Crystalwell Cx 17- gt;18 ... oval:org.secpod.oval:def:60361 The remote host is missing a patch containing a security fix, which affects the following packages: bos.mp64. For more information please visit vendor advisory link. oval:org.secpod.oval:def:704131 amd64-microcode: Processor microcode firmware for AMD CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:603411 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2017-15038 Tuomas Tynkkynen discovered an information leak in 9pfs. CVE-2017-15119 Eric Blake discovered that the NBD server insufficiently restricts large option requests, resulting in denial of service. CVE-2017-15124 ... oval:org.secpod.oval:def:44395 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions . There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative exe ... oval:org.secpod.oval:def:89002330 This update for qemu fixes the following issues: This update for qemu fixes the following issues: A mitigation for a security flaw has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch pred ... oval:org.secpod.oval:def:89002329 This update for libvirt fixes the following issues: This new feature was added: - bsc#1094325, bsc#1094725: libxl: Enable virsh blockresize for XEN guests This security issue was fixed: - CVE-2017-5715: Additional fixes for the Spectre patches These non-security issues were fixed: - bsc#1100112: sc ... oval:org.secpod.oval:def:89002319 This update for crash fixes the following issues: - Exclude openSUSE from RT KMP build This update also rebuilds the crash kernel module packages with retpoline support to mitigate Spectre Variant 2 oval:org.secpod.oval:def:89002313 The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of informati ... oval:org.secpod.oval:def:603280 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ... oval:org.secpod.oval:def:89002130 The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of informati ... oval:org.secpod.oval:def:51063 amd64-microcode: Processor microcode firmware for AMD CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:89002120 This update for libvirt and virt-manager fixes the following issues: Security issues fixed: - CVE-2017-5715: Fixes for speculative side channel attacks aka quot;SpectreAttackquot; . - CVE-2018-6764: Fixed guest executable code injection via libnss_dns.so loaded by libvirt_lxc before init . - CVE-20 ... oval:org.secpod.oval:def:89002129 This update for ucode-intel fixes the following issues: The Intel CPU microcode version was updated to version 20180312. This update enables the IBPB+IBRS based mitigations of the Spectre v2 flaws - New Platforms - BDX-DE EGW A0 6-56-5:10 e000009 - SKX B1 6-55-3:97 1000140 - Updates - SNB D2 6-2a-7 ... oval:org.secpod.oval:def:89002367 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at ... oval:org.secpod.oval:def:89002357 This update for ucode-intel fixes the following issues: The Intel CPU microcode version was updated to version 20180312. This update enables the IBPB+IBRS based mitigations of the Spectre v2 flaws - New Platforms - BDX-DE EGW A0 6-56-5:10 e000009 - SKX B1 6-55-3:97 1000140 - Updates - SNB D2 6-2a-7 ... oval:org.secpod.oval:def:2108167 Oracle Solaris 11 - ( CVE-2017-5715 ) oval:org.secpod.oval:def:89002347 This update for microcode_ctl fixes the following issues: Added microcode_amd_fam17h.bin This new firmware disables branch prediction on AMD family 17h processor. Also the CPU microcode for Intel Haswell-X, Skylake-X and Broadwell-X chipsets was updated to report both branch prediction control via ... |