ID

VAR-201808-0957

CVE

CVE-2018-3646

TITLE

Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)

DESCRIPTION

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. These attacks are known as L1 Terminal Fault: SGX, L1 Terminal Fault: OS/SMM, and L1 Terminal Fault: VMM. Multiple Intel Processors are prone to a multiple information-disclosure vulnerabilities. Local attackers can exploit these issues to obtain sensitive information. This may aid in further attacks. Intel Core i3 processor, etc. are all CPU (central processing unit) products of Intel Corporation of the United States. The following products are affected: Intel Core i3 processor; Intel Core i5 processor; Intel Core i7 processor; Intel Core M processor family; 2nd generation Intel Core processors; 3rd generation Intel Core processors; 4th generation Intel Core processors; 5th generation Intel Core processors, etc. Issue date: 2018-08-14 Updated on: 2018-08-14 (Initial Advisory) CVE number: CVE-2018-3646 1. Summary VMware vSphere, Workstation, and Fusion updates enable Hypervisor- Specific Mitigations for L1 Terminal Fault - VMM vulnerability. The mitigations in this advisory are categorized as Hypervisor- Specific Mitigations described by VMware Knowledge Base article 55636. Relevant Products VMware vCenter Server (VC) VMware vSphere ESXi (ESXi) VMware Workstation Pro / Player (WS) VMware Fusion Pro / Fusion (Fusion) 3. Problem Description vCenter Server, ESXi, Workstation, and Fusion updates include Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM. This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisoras or another VMas privileged information that resides sequentially or concurrently in the same coreas L1 Data cache. CVE-2018-3646 has two currently known attack vectors which will be referred to as "Sequential-Context" and "Concurrent-Context." Attack Vector Summary Sequential-context attack vector: a malicious VM can potentially infer recently accessed L1 data of a previous context (hypervisor thread or other VM thread) on either logical processor of a processor core. Concurrent-context attack vector: a malicious VM can potentially infer recently accessed L1 data of a concurrently executing context (hypervisor thread or other VM thread) on the other logical processor of the Hyper-Threading-enabled processor core. Mitigation Summary The Sequential-context attack vector is mitigated by a vSphere update to the product versions listed in table below. This mitigation is dependent on Intel microcode updates (provided in separate ESXi patches for most Intel hardware platforms) also listed in the table below. This mitigation is enabled by default and does not impose a significant performance impact. The Concurrent-context attack vector is mitigated through enablement of a new feature known as the ESXi Side-Channel-Aware Scheduler. This feature may impose a non-trivial performance impact and is not enabled by default. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ======= ======= ======= ========= ===================== ========== VC 6.7 Any Important 6.7.0d None VC 6.5 Any Important 6.5u2c None VC 6.0 Any Important 6.0u3h None VC 5.5 Any Important 5.5u3j None ESXi 6.7 Any Important ESXi670-201808401-BG* None ESXi670-201808402-BG** None ESXi670-201808403-BG* None ESXi 6.5 Any Important ESXi650-201808401-BG* None ESXi650-201808402-BG** None ESXi650-201808403-BG* None ESXi 6.0 Any Important ESXi600-201808401-BG* None ESXi600-201808402-BG** None ESXi600-201808403-BG* None ESXi 5.5 Any Important ESXi550-201808401-BG* None ESXi550-201808402-BG** None ESXi550-201808403-BG* None WS 14.x Any Important 14.1.3* None Fusion 10.x Any Important 10.1.3* None *These patches DO NOT mitigate the Concurrent-context attack vector previously described by default. For details on the three-phase vSphere mitigation process please see KB55806 and for the mitigation process for Workstation and Fusion please see KB57138. **These patches include microcode updates required for mitigation of the Sequential-context attack vector. This microcode may also be obtained from your hardware OEM in the form of a BIOS or firmware update. Details on microcode that has been provided by Intel and packaged by VMware is enumerated in the patch KBs found in the Solution section of this document. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. vCenter 6.7.0d Downloads: https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/6_7 Documentation: https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-670d-release-notes.html vCenter 6.5u2c Downloads: https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/6_5 Documentation: https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u2c-release-notes.html vCenter 6.0u3h Downloads: https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/6_0 Documentation: https://docs.vmware.com/en/VMware-vSphere/6.0/rn/vsphere-vcenter-server-60u3h-release-notes.html vCenter 5.5u3j Downloads: https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/5_5 Documentation: https://docs.vmware.com/en/VMware-vSphere/5.5/rn/vsphere-vcenter-server-55u3j-release-notes.html ESXi 6.7 Downloads: https://my.vmware.com/group/vmware/patch Documentation: ESXi670-201808401-BG (esx-base): https://kb.vmware.com/kb/56537 ESXi670-201808402-BG (microcode): https://kb.vmware.com/kb/56538 ESXi670-201808403-BG (esx-ui):(https://kb.vmware.com/kb/56897 ESXi 6.5 Downloads: https://my.vmware.com/group/vmware/patch Documentation: ESXi650-201808401-BG (esx-base): https://kb.vmware.com/kb/56547 ESXi650-201808402-BG (microcode): https://kb.vmware.com/kb/56563 ESXi650-201808403-BG (esx-ui): https://kb.vmware.com/kb/56896 ESXi 6.0 Downloads: https://my.vmware.com/group/vmware/patch Documentation: ESXi600-201808401-BG (esx-base): https://kb.vmware.com/kb/56552 ESXi600-201808402-BG (microcode): https://kb.vmware.com/kb/56553 ESXi600-201808403-BG (esx-ui): https://kb.vmware.com/kb/56895 ESXi 5.5 Downloads: https://my.vmware.com/group/vmware/patch Documentation: ESXi550-201808401-BG (esx-base): https://kb.vmware.com/kb/56557 ESXi550-201808402-BG (microcode): https://kb.vmware.com/kb/56558 ESXi550-201808403-BG (esx-ui): https://kb.vmware.com/kb/56894 VMware Workstation Pro 14.1.3 Downloads: https://www.vmware.com/go/downloadworkstation Documentation: https://docs.vmware.com/en/VMware-Workstation-Pro/index.html VMware Workstation Player 14.1.3 Downloads: https://www.vmware.com/go/downloadplayer Documentation: https://docs.vmware.com/en/VMware-Workstation-Player/index.html VMware Fusion Pro / Fusion 10.1.3 Downloads: https://www.vmware.com/go/downloadfusion Documentation: https://docs.vmware.com/en/VMware-Fusion/index.html 5. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646 https://kb.vmware.com/kb/55636 https://kb.vmware.com/kb/55806 https://kb.vmware.com/kb/57138 - ------------------------------------------------------------------------ 6. Change log 2018-08-14: Initial security advisory in conjunction with vSphere, Workstation, and Fusion updates and patches released on 2018-08-14. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security at vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2018 VMware Inc. All rights reserved. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. (CVE-2018-3620, CVE-2018-3646) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-693.37.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1599860) 4. To fully resolve these vulnerabilities it is also necessary to install updated CPU microcode (only available in Debian non-free). Common server class CPUs are covered in the update released as DSA 4273-1. For the stable distribution (stretch), these problems have been fixed in version 4.9.110-3+deb9u3. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlt6p8ZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TBJg//VmtxfP6VLm5Q2hHuOlUejrc2W4hOcNRR0Ud7DjJ0B5Gfb9y/u1k+RXBj akX5/Csi6l+kLOWs4/amX3VAxdQRYFL6eEJBNZzlCkBasu1DpkvJdL9F0EP9gru7 Xd/StpSQs8GaBAlklQsckHtKqPzhB5D56gLosLupfmdNovlRKPhX282Ae5JCgjyf BjQv7Oa5K+pUw7F4sZUsdTPZHvl3bZ14u2SDzkIYX6K0KSRi3r4kBNGlRkCnRUTd AW8LpC2uWFX584LhVqJhnKhtd2lveadkwjX9TTRDJkJJOW88Yf2hDSyvWRAKS90D 65SEB2SIrgYiOTqCW4TQXPv5cNSn+LPimrkPus4likNyxJajbck5lB5GVLTTd0dp X0WPp4uhNsISHERZzdJpT8Y3uu5VrPzgSxPay/aPh+n7vy/wFknliZ4IfBSZtOri J5OrlN+Dal0M7eli1ojoByMLsH5Tzzd6/pfmOtWH/wNUFuMPdNwM/KuzcZRn+aMY FZ6jk6Ge0UNgFoQQPb6ddu0YBlPQGK5t+jPS47qR8fEqV7VxBDFVQYKK5Lni9iwi bIarRFTWQNj3nYZ44VOsk95QuyKe2Gw5NkjzlsEhQdQ318urQ6tpAAvjet/xbaHv 6SO/0r3APr5jxH2GGrLUvRRezbXYkBhEVhWOtcOQryXEzPAbcGc= =Cd8P -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================ FreeBSD-SA-18:09.l1tf Security Advisory The FreeBSD Project Topic: L1 Terminal Fault (L1TF) Kernel Information Disclosure Category: core Module: Kernel Announced: 2018-08-14 Affects: All supported versions of FreeBSD. Corrected: 2018-08-14 17:51:12 UTC (stable/11, 11.1-STABLE) 2018-08-15 02:30:11 UTC (releng/11.2, 11.2-RELEASE-p2) 2018-08-15 02:30:11 UTC (releng/11.1, 11.1-RELEASE-p13) CVE Name: CVE-2018-3620, CVE-2018-3646 Special Note: Speculative execution vulnerability mitigation remains a work in progress. This advisory addresses the issue in FreeBSD 11.1 and later. We expect to update this advisory to include 10.4 at a later time. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background When a program accesses data in memory via a logical address it is translated to a physical address in RAM by the CPU. Accessing an unmapped logical address results in what is known as a terminal fault. II. The CPU may speculatively access the level 1 data cache (L1D). Data which would otherwise be protected may then be determined by using side channel methods. This issue affects bhyve on FreeBSD/amd64 systems. III. Impact An attacker executing user code, or kernel code inside of a virtual machine, may be able to read secret data from the kernel or from another virtual machine. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +30 "Rebooting for security update" 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.2] # fetch https://security.FreeBSD.org/patches/SA-18:09/l1tf-11.2.patch # fetch https://security.FreeBSD.org/patches/SA-18:09/l1tf-11.2.patch.asc # gpg --verify l1tf-11.2.patch.asc [FreeBSD 11.1] # fetch https://security.FreeBSD.org/patches/SA-18:09/l1tf-11.1.patch # fetch https://security.FreeBSD.org/patches/SA-18:09/l1tf-11.1.patch.asc # gpg --verify l1tf-11.1.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details CVE-2018-3620 (L1 Terminal Fault-OS) - ------------------------------------ FreeBSD reserves the the memory page at physical address 0, so it will not contain secret data. FreeBSD zeros the paging data structures for unmapped addresses, so that speculatively executed L1 Terminal Faults will access only the reserved, unused page. The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r337794 releng/11.1/ r337828 releng/11.2/ r337828 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.2.9 (FreeBSD) iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAltztc8ACgkQ05eS9J6n 5cLwEhAAos2Bnilthrbd+uQr1IGASD96aZZ5iXvn1Ibls03Vtd0kG9EcU30gFVG0 HSg47qT7r5qJQUdhuSYxspgS9ZxXpRez1vnAz7cSGHL9FdecyfHWmHvGor5tz84/ CgX4jCCAZfqDBquYD+ioqiLX7p1ZTRKfHBQOHcGgMfMq8UQUsg1YriXabEqnavU6 W0h/eCGBo/Dbvl7004Gx0hKmDO2YQxt9aPWfInXWx1VOMf+wNWpcrvU6rJ4kOnL9 7BXi+c5+vwlVXDvjrTwP9X+9DDa0MJcMoy2JCyCa/0W7lQ9nADLfUiXLsTvLDo6V 6/sooFbqlO+Qz37XHlXOXaoVGZGw+NtJRcnD+w8ueP9ts02SsECoxofN8tPOzGsT T285qAwv8D8uuBLU3dc9y+assEe3j/4Aqb1Eil6Eh1MsHypEvyN5z9+PIpbN2tWK qqCtzgqx037Jvjo6DwjwMUd+DikObGjZyK4pwP8KIeccOIBrUAA1Xel7Xr74xuwq LwqtcHb2MWeFD0Mw+oW9viuJKrxyu6aiQfU6FsuGVmHjtXGxi+aWyGQqed+q8FcU w/J6fq4kmBVVqNNrAMc/bWKU3IXAj4c48H0CSiCoX4dE4waRQ+cEetKkSWVGYnXj 3QdoyPsiqo8Goo34Cn0Ipf9GWDeNVv32iz0fXtr4LtoVZKCx9oc=G5SD -----END PGP SIGNATURE----- . ========================================================================== Kernel Live Patch Security Notice 0044-1 October 05, 2018 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu: | Series | Base kernel | Arch | flavors | |------------------+--------------+----------+------------------| | Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | lowlatency | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | lowlatency | Summary: Several security issues were fixed in the kernel. Note that due to a client issue, this livepatch may report that it failed to load. You can verify that the patch has successfully loaded by looking in /sys/kernel/livepatch for a directory starting with the name "lkp_Ubuntu," followed by your kernel version, and ending with the version number, "44." The next client update should correct this problem. (CVE-2018-3620) It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555) It was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2018-14633) It was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. (CVE-2018-15572) Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-17182) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-133.159 | 44.1 | generic, lowlatency | | 4.4.0-133.159~14.04.1 | 44.1 | lowlatency, generic | | 4.4.0-134.160 | 44.1 | generic, lowlatency | | 4.4.0-134.160~14.04.1 | 44.1 | lowlatency, generic | | 4.4.0-135.161~14.04.1 | 44.1 | lowlatency, generic | | 4.15.0-32.35 | 44.1 | lowlatency, generic | | 4.15.0-32.35~16.04.1 | 44.1 | generic, lowlatency | | 4.15.0-33.36 | 44.1 | lowlatency, generic | | 4.15.0-33.36~16.04.1 | 44.1 | lowlatency, generic | | 4.15.0-34.37 | 44.1 | generic, lowlatency | | 4.15.0-34.37~16.04.1 | 44.2 | lowlatency, generic | References: CVE-2018-3620, CVE-2018-15594, CVE-2018-3646, CVE-2018-6555, CVE-2018-14633, CVE-2018-15572, CVE-2018-17182 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . 5 ELS) - i386, noarch, s390x, x86_64 3. These CVEs are security vulnerabilities caused by flaws in the design of speculative execution hardware in the computer's CPU. Details on the vulnerability and our response can be found here: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF Due to the high complexity of the fixes and the need for a corresponding CPU microcode update for a complete fix, we are unable to livepatch these CVEs. Please plan to reboot into an updated kernel as soon as possible. Users running Ubuntu 16.04 LTS or 14.04 LTS should upgrade to kernel version 4.4.0-133.159 or later. References: CVE-2018-3620, and CVE-2018-3646 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646 and Vegard Nossum (Oracle Corporation) for reporting CVE-2018-10901. Bugs fixed (https://bugzilla.redhat.com/): 1585005 - CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF) 1601849 - CVE-2018-10901 kernel: kvm: vmx: host GDT limit corruption 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.5): Source: kernel-2.6.32-431.91.3.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.91.3.el6.noarch.rpm kernel-doc-2.6.32-431.91.3.el6.noarch.rpm kernel-firmware-2.6.32-431.91.3.el6.noarch.rpm x86_64: kernel-2.6.32-431.91.3.el6.x86_64.rpm kernel-debug-2.6.32-431.91.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.91.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.91.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.91.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.91.3.el6.x86_64.rpm kernel-devel-2.6.32-431.91.3.el6.x86_64.rpm kernel-headers-2.6.32-431.91.3.el6.x86_64.rpm perf-2.6.32-431.91.3.el6.x86_64.rpm perf-debuginfo-2.6.32-431.91.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.91.3.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: kernel-2.6.32-431.91.3.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.91.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.91.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.91.3.el6.x86_64.rpm perf-debuginfo-2.6.32-431.91.3.el6.x86_64.rpm python-perf-2.6.32-431.91.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.91.3.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xen: Multiple vulnerabilities Date: October 30, 2018 Bugs: #643350, #655188, #655544, #659442 ID: 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, the worst of which could cause a Denial of Service condition. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/xen < 4.10.1-r2 >= 4.10.1-r2 2 app-emulation/xen-tools < 4.10.1-r2 >= 4.10.1-r2 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Resolution ========== All Xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.10.1-r2" All Xen tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.10.1-r2" References ========== [ 1 ] CVE-2017-5715 https://nvd.nist.gov/vuln/detail/CVE-2017-5715 [ 2 ] CVE-2017-5753 https://nvd.nist.gov/vuln/detail/CVE-2017-5753 [ 3 ] CVE-2017-5754 https://nvd.nist.gov/vuln/detail/CVE-2017-5754 [ 4 ] CVE-2018-10471 https://nvd.nist.gov/vuln/detail/CVE-2018-10471 [ 5 ] CVE-2018-10472 https://nvd.nist.gov/vuln/detail/CVE-2018-10472 [ 6 ] CVE-2018-10981 https://nvd.nist.gov/vuln/detail/CVE-2018-10981 [ 7 ] CVE-2018-10982 https://nvd.nist.gov/vuln/detail/CVE-2018-10982 [ 8 ] CVE-2018-12891 https://nvd.nist.gov/vuln/detail/CVE-2018-12891 [ 9 ] CVE-2018-12892 https://nvd.nist.gov/vuln/detail/CVE-2018-12892 [ 10 ] CVE-2018-12893 https://nvd.nist.gov/vuln/detail/CVE-2018-12893 [ 11 ] CVE-2018-15468 https://nvd.nist.gov/vuln/detail/CVE-2018-15468 [ 12 ] CVE-2018-15469 https://nvd.nist.gov/vuln/detail/CVE-2018-15469 [ 13 ] CVE-2018-15470 https://nvd.nist.gov/vuln/detail/CVE-2018-15470 [ 14 ] CVE-2018-3620 https://nvd.nist.gov/vuln/detail/CVE-2018-3620 [ 15 ] CVE-2018-3646 https://nvd.nist.gov/vuln/detail/CVE-2018-3646 [ 16 ] CVE-2018-5244 https://nvd.nist.gov/vuln/detail/CVE-2018-5244 [ 17 ] CVE-2018-7540 https://nvd.nist.gov/vuln/detail/CVE-2018-7540 [ 18 ] CVE-2018-7541 https://nvd.nist.gov/vuln/detail/CVE-2018-7541 [ 19 ] CVE-2018-7542 https://nvd.nist.gov/vuln/detail/CVE-2018-7542 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201810-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

AFFECTED PRODUCTS