ID

VAR-201801-1711

CVE

CVE-2017-5754

TITLE

CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks

DESCRIPTION

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Spectre vulnerability exists in the CPU processor core. Because Intel does not separate low-privileged applications from accessing kernel memory, an attacker can use a malicious application to obtain private data that should be quarantined. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78135902, A-66913713, A-67712316, A-79419833, A-109678200, A-78283451, A-78285196, A-78284194, A-78284753, A-78284517, A-78240177, A-78239686, A-78284545, A-109660689, A-78240324, A-68141338, A-78286046, A-73539037, A-73539235, A-71501115, A-33757308, A-74236942, A-77485184, A-77484529, A-33385206, A-79419639, A-79420511, A-109678338, and A-112279564. Intel and ARM CPU chips have an information disclosure vulnerability, which originates from a flaw in the processor data boundary mechanism. The following products and versions are affected: ARM Cortex-A75; Intel Xeon E5-1650 v3, v2, v4; Xeon E3-1265l v2, v3, v4; Xeon E3-1245 v2, v3, v5, v6; Xeon X7542 wait. 6.6) - noarch, x86_64 3. Security Fix(es): * hw: cpu: speculative execution permission faults handling (CVE-2017-5754) * Kernel: error in exception handling leads to DoS (CVE-2018-8897) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * If an NFSv3 client mounted a subdirectory of an exported file system, a directory entry to the mount hosting the export was incorrectly held even after clearing the cache. Consequently, attempts to unmount the subdirectory with the umount command failed with the EBUSY error. With this update, the underlying source code has been fixed, and the unmount operation now succeeds as expected in the described situation. (BZ#1538588) * The kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Retpolines. The Retpolines mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. (BZ#1554254) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03140487 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03140487 Version: 1 MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2018-04-12 Last Updated: 2018-04-12 Potential Security Impact: Local: Disclosure of Information Source: Micro Focus, Product Security Response Team VULNERABILITY SUMMARY A potential vulnerability has been identified in Micro Focus Virtualization Performance Viewer (vPV) / Cloud Optimizer. The vulnerability could be exploited to Local Disclosure of Information. References: - PSRT110609 - CVE-2017-5753 - CVE-2017-5715 - CVE-2017-5754 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP Virtualization Performance Viewer Software 2.20, 3.0, 3.01, 3.02, 3.03 - HPE Cloud Optimizer 2.20, 3.0, 3.01, 3.02, 3.03 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector RESOLUTION Micro Focus is actively working with its vendors to address any systems-level Spectre and Meltdown impacts.However, if you have immediate concerns or questions regarding CentOS and its approach to Spectre or Meltdown, please contact them directly. HISTORY Version:1 (rev.1) - 12 April 2018 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Micro Focus products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. For other issues about the content of this Security Bulletin, send e-mail to cyber-psrt@microfocus.com. Report: To report a potential security vulnerability for any supported product: Web form: https://www.microfocus.com/support-and-services/report-security Email: security@microfocus.com Subscribe: To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification Once you are logged in to the portal, please choose security bulletins under product and document types. Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://softwaresupport.hpe.com/security-vulnerability Software Product Category: The Software Product Category is represented in the title by the two characters following Micro Focus Security Bulletin. 3P = 3rd Party Software GN = Micro Focus General Software MU = Multi-Platform Software System management and security procedures must be reviewed frequently to maintain system integrity. Micro Focus is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Micro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Micro Focus will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2017 EntIT Software LLC Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Micro Focus and the names of Micro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 04 Jan 2018 01:01:01 +0000 (UTC) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2018:0008-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0008 Issue date: 2018-01-03 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update mitigations for x86-64 architecture are provided. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important) Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important) Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. Red Hat would like to thank Google Project Zero for reporting these issues. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-696.18.7.el6.src.rpm i386: kernel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-devel-2.6.32-696.18.7.el6.i686.rpm kernel-headers-2.6.32-696.18.7.el6.i686.rpm perf-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-696.18.7.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-696.18.7.el6.src.rpm i386: kernel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-devel-2.6.32-696.18.7.el6.i686.rpm kernel-headers-2.6.32-696.18.7.el6.i686.rpm perf-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm ppc64: kernel-2.6.32-696.18.7.el6.ppc64.rpm kernel-bootwrapper-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm kernel-devel-2.6.32-696.18.7.el6.ppc64.rpm kernel-headers-2.6.32-696.18.7.el6.ppc64.rpm perf-2.6.32-696.18.7.el6.ppc64.rpm perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm s390x: kernel-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-devel-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm kernel-devel-2.6.32-696.18.7.el6.s390x.rpm kernel-headers-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-devel-2.6.32-696.18.7.el6.s390x.rpm perf-2.6.32-696.18.7.el6.s390x.rpm perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm python-perf-2.6.32-696.18.7.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm python-perf-2.6.32-696.18.7.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-696.18.7.el6.src.rpm i386: kernel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-devel-2.6.32-696.18.7.el6.i686.rpm kernel-headers-2.6.32-696.18.7.el6.i686.rpm perf-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5753 https://access.redhat.com/security/cve/CVE-2017-5715 https://access.redhat.com/security/cve/CVE-2017-5754 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFaTXwuXlSAg2UNWIIRAp3LAKCNdSqjVu7zsXcUTnpGuuQAuUlTpwCfTE/O OR+iGnoY+cALbsBWKwbmzQM= =V4ow -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3597-1 March 15, 2018 linux, linux-raspi2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 Summary: Several security issues were fixed in the Linux kernel. This flaw is known as Spectre. (CVE-2017-5715, CVE-2017-5753) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: linux-image-4.13.0-1015-raspi2 4.13.0-1015.16 linux-image-4.13.0-37-generic 4.13.0-37.42 linux-image-4.13.0-37-generic-lpae 4.13.0-37.42 linux-image-4.13.0-37-lowlatency 4.13.0-37.42 linux-image-generic 4.13.0.37.40 linux-image-generic-lpae 4.13.0.37.40 linux-image-lowlatency 4.13.0.37.40 linux-image-raspi2 4.13.0.1015.13 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. This specific attack has been named Meltdown and is addressed in the Linux kernel for the Intel x86-64 architecture by a patch set named Kernel Page Table Isolation, enforcing a near complete separation of the kernel and userspace address maps and preventing the attack. This solution might have a performance impact, and can be disabled at boot time by passing `pti=off' to the kernel command line. We also identified a regression for ancient userspaces using the vsyscall interface, for example chroot and containers using (e)glibc 2.13 and older, including those based on Debian 7 or RHEL/CentOS 6. This regression will be fixed in a later update. The other vulnerabilities (named Spectre) published at the same time are not addressed in this update and will be fixed in a later update. For the oldstable distribution (jessie), this problem will be fixed in a separate update. For the stable distribution (stretch), this problem has been fixed in version 4.9.65-3+deb9u2. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlpOqZMACgkQ3rYcyPpX RFuTTQf/btBqg9/I3XlnJFyGAmd4eQolTcU5cfDJqNhD4TZoyMocghvw1kYtu7z9 bYVhwCRukJym8O8AXJOxvlcsP7g0ANXqVDHpzCN8byKYgzigVP9brfOu/zDa4uYY EYf8V3pc2QzNo5OV4G+sK5ZklkDnNIde+OxUfU0Otl9fUG2rS5JTFvaRgvGazlbb cN5wltoHD6DBeSRnfadwYPHQR5U+KAJNImh34Y6T73i7n5dGTnNhs6E7n0wlJL9O SQLwoqQeiDpcE7C4TZ1pb4AbFCZXaic+1ONbWy8D7erKNA7kV1U2LQDmPDw9kmua Lc5heEX026Xfdy83v6NAPwR+NU8stg== =GGyG -----END PGP SIGNATURE----- . This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Summary VMware Virtual Appliance updates address side-channel analysis due to speculative execution Note: This document will focus on VMware Virtual Appliances which are affected by the known variants of CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754. For more information please see Knowledge Base article 52264. These mitigations are part of the Operating System-Specific Mitigations category described in VMware Knowledge Base article 52245. Relevant Products vCloud Usage Meter (UM) Identity Manager (vIDM) vCenter Server (vCSA) vSphere Data Protection (VDP) vSphere Integrated Containers (VIC) vRealize Automation (vRA) 3. Problem Description VMware Virtual Appliance Mitigations for Bounds-Check bypass, Branch Target Injection, and Rogue data cache load issues CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass), CVE-2017-5715 (Branch Target Injection), CVE-2017-5754 (Rogue data cache load) to these issues. Column 5 of the following table lists the action required to mitigate the observed vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ========= ============= ========== UM 3.x VA Important Patch Pending KB52467 vIDM 3.x, 2.x VA Important Patch Pending KB52284 vCSA 6.5 VA Important Patch Pending KB52312 vCSA 6.0 VA Important Patch Pending KB52312 vCSA 5.5 VA N/A Unaffected None VDP 6.x VA Important Patch Pending None VIC 1.x VA Important 1.3.1 None vRA 7.x VA Important Patch Pending KB52377 vRA 6.x VA Important Patch Pending KB52497 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. vSphere Integrated Containers 1.3.1 Downloads and Documentation: https://my.vmware.com/group/vmware/get-download?downloadGroup=VIC131 5. Change log 2018-02-08: VMSA-2018-0007 Initial security advisory in conjunction with the release of vSphere Integrated Containers 1.3.1 on 2018-02-08. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security at vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2018 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:03.speculative_execution Security Advisory The FreeBSD Project Topic: Speculative Execution Vulnerabilities Category: core Module: kernel Announced: 2018-03-14 Credits: Jann Horn (Google Project Zero); Werner Haas, Thomas Prescher (Cyberus Technology); Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz (Graz University of Technology); Paul Kocher; Daniel Genkin (University of Pennsylvania and University of Maryland), Mike Hamburg (Rambus); Yuval Yarom (University of Adelaide and Data6) Affects: All supported versions of FreeBSD. Corrected: 2018-02-17 18:00:01 UTC (stable/11, 11.1-STABLE) 2018-03-14 04:00:00 UTC (releng/11.1, 11.1-RELEASE-p8) CVE Name: CVE-2017-5715, CVE-2017-5754 Special Note: Speculative execution vulnerability mitigation is a work in progress. This advisory addresses the most significant issues for FreeBSD 11.1 on amd64 CPUs. We expect to update this advisory to include 10.x for amd64 CPUs. Future FreeBSD releases will address this issue on i386 and other CPUs. freebsd-update will include changes on i386 as part of this update due to common code changes shared between amd64 and i386, however it contains no functional changes for i386 (in particular, it does not mitigate the issue on i386). For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. II. Problem Description A number of issues relating to speculative execution were found last year and publicly announced January 3rd. Two of these, known as Meltdown and Spectre V2, are addressed here. CVE-2017-5754 (Meltdown) - ------------------------ This issue relies on an affected CPU speculatively executing instructions beyond a faulting instruction. When this happens, changes to architectural state are not committed, but observable changes may be left in micro- architectural state (for example, cache). This may be used to infer privileged data. CVE-2017-5715 (Spectre V2) - -------------------------- Spectre V2 uses branch target injection to speculatively execute kernel code at an address under the control of an attacker. III. Impact An attacker may be able to read secret data from the kernel or from a process when executing untrusted code (for example, in a web browser). IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility, followed by a reboot into the new kernel: # freebsd-update fetch # freebsd-update install # shutdown -r now 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.1] # fetch https://security.FreeBSD.org/patches/SA-18:03/speculative_execution-amd64-11.patch # fetch https://security.FreeBSD.org/patches/SA-18:03/speculative_execution-amd64-11.patch.asc # gpg --verify speculative_execution-amd64-11.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details CVE-2017-5754 (Meltdown) - ------------------------ The mitigation is known as Page Table Isolation (PTI). PTI largely separates kernel and user mode page tables, so that even during speculative execution most of the kernel's data is unmapped and not accessible. A demonstration of the Meltdown vulnerability is available at https://github.com/dag-erling/meltdown. A positive result is definitive (that is, the vulnerability exists with certainty). A negative result indicates either that the CPU is not affected, or that the test is not capable of demonstrating the issue on the CPU (and may need to be modified). A patched kernel will automatically enable PTI on Intel CPUs. The status can be checked via the vm.pmap.pti sysctl: # sysctl vm.pmap.pti vm.pmap.pti: 1 The default setting can be overridden by setting the loader tunable vm.pmap.pti to 1 or 0 in /boot/loader.conf. This setting takes effect only at boot. PTI introduces a performance regression. The observed performance loss is significant in microbenchmarks of system call overhead, but is much smaller for many real workloads. CVE-2017-5715 (Spectre V2) - -------------------------- There are two common mitigations for Spectre V2. This patch includes a mitigation using Indirect Branch Restricted Speculation, a feature available via a microcode update from processor manufacturers. The alternate mitigation, Retpoline, is a feature available in newer compilers. The feasibility of applying Retpoline to stable branches and/or releases is under investigation. The patch includes the IBRS mitigation for Spectre V2. To use the mitigation the system must have an updated microcode; with older microcode a patched kernel will function without the mitigation. IBRS can be disabled via the hw.ibrs_disable sysctl (and tunable), and the status can be checked via the hw.ibrs_active sysctl. IBRS may be enabled or disabled at runtime. Additional detail on microcode updates will follow. The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r329462 releng/11.1/ r330908 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII

IOT TAXONOMY

AFFECTED PRODUCTS