VARIoT IoT vulnerabilities database

SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database. SAP MaxDB (liveCache) Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAP MaxDB is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. SAP MaxDB (liveCache) 7.8 and 7.9 are vulnerable

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery. 3PAR Service Processor (SP) Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass. 3PAR Service Processor (SP) Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. These attacks are known as L1 Terminal Fault: SGX, L1 Terminal Fault: OS/SMM, and L1 Terminal Fault: VMM. Intel Core Systems with microprocessors contain information disclosure vulnerabilities.Information may be obtained and information may be altered. Multiple Intel Processors are prone to a multiple information-disclosure vulnerabilities. Local attackers can exploit these issues to obtain sensitive information. This may aid in further attacks. Intel Xeon Processor E3 v5 Family, etc. are the central processing unit (CPU) products of Intel Corporation of the United States. The following products are affected: Intel Xeon Processor E3 v5 Family; Intel Xeon Processor E3 v6 Family; 6th generation Intel Core processors; 7th generation Intel Core processors; 8th generation Intel Core processors. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2018-240-01) New kernel packages are available for Slackware 14.2 to mitigate security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.153/*: Upgraded. This kernel update enables mitigations for L1 Terminal Fault aka Foreshadow and Foreshadow-NG vulnerabilities. Thanks to Bernhard Kaindl for bisecting the boot issue that was preventing us from upgrading to earlier 4.4.x kernels that contained this fix. To see the status of CPU vulnerability mitigations on your system, look at the files in: /sys/devices/system/cpu/vulnerabilities Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3615 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3546 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-firmware-20180825_fea76a0-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-generic-4.4.153-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-generic-smp-4.4.153_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-headers-4.4.153_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-huge-4.4.153-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-huge-smp-4.4.153_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-modules-4.4.153-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-modules-smp-4.4.153_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-source-4.4.153_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-firmware-20180825_fea76a0-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-generic-4.4.153-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-headers-4.4.153-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-huge-4.4.153-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-modules-4.4.153-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-source-4.4.153-noarch-1.txz MD5 signatures: +-------------+ Slackware 14.2 packages: b0a4ac8050eed122d407069db8704be2 kernel-firmware-20180825_fea76a0-noarch-1.txz cd110706f35e4496017f7270d393fcf9 kernel-generic-4.4.153-i586-1.txz 57b026fb409d15596b91963bfab973b5 kernel-generic-smp-4.4.153_smp-i686-1.txz d1f1a717bcdc85be8382628f0a38ae78 kernel-headers-4.4.153_smp-x86-1.txz 439fc6640ce50c1b061b60b6a7afffe9 kernel-huge-4.4.153-i586-1.txz b1683dd7d0a3f6898f5d8ffecca50c4a kernel-huge-smp-4.4.153_smp-i686-1.txz 5ac4445b7ac81c65e4fe8269fa8f7b23 kernel-modules-4.4.153-i586-1.txz 3f9a394283e7feff520b6bff6219d1de kernel-modules-smp-4.4.153_smp-i686-1.txz 4b8979e2226d66d957b33deacbf5fb26 kernel-source-4.4.153_smp-noarch-1.txz Slackware x86_64 14.2 packages: b0a4ac8050eed122d407069db8704be2 kernel-firmware-20180825_fea76a0-noarch-1.txz 1109c106490e646cf687fbd1ac7211cd kernel-generic-4.4.153-x86_64-1.txz 8668e44ceb919d862e02c7eedfd2cf1d kernel-headers-4.4.153-x86-1.txz fe42dde9fd78ef32c4527e0a6fa60da0 kernel-huge-4.4.153-x86_64-1.txz 7a872f2bff05ebad6ec781f36bf0e392 kernel-modules-4.4.153-x86_64-1.txz 6403fd73910a3f1e1b9eed3ecb6de0e4 kernel-source-4.4.153-noarch-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.153-smp | bash For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.153 | bash Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 4.4.153-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 4.4.153 as the version. If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting. If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader. If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAluFyGYACgkQakRjwEAQIjN99wCbBHlVovtqYBjkObo2PP9WIIr7 eI8An0+88QDu5DNT6mF1CrHvAToR3o8G =SVgT -----END PGP SIGNATURE-----

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. These attacks are known as L1 Terminal Fault: SGX, L1 Terminal Fault: OS/SMM, and L1 Terminal Fault: VMM. Intel Core Systems with microprocessors contain information disclosure vulnerabilities.Information may be obtained. Intel Core i3 processor, etc. are all CPU (central processing unit) products of Intel Corporation of the United States. Security vulnerabilities exist in several Intel products that use speculative execution and address translation. The following products are affected: Intel Core i3 processor; Intel Core i5 processor; Intel Core i7 processor; Intel Core M processor family; 2nd generation Intel Core processors; 3rd generation Intel Core processors; 4th generation Intel Core processors; 5th generation Intel Core processors, etc. ========================================================================= Ubuntu Security Notice USN-3742-1 August 14, 2018 linux vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in the Linux kernel. A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. (CVE-2018-3620) Andrey Konovalov discovered an out-of-bounds read in the POSIX timers subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. A remote attacker could use this to cause a denial of service. (CVE-2018-5390) Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. A remote attacker could use this to cause a denial of service. (CVE-2018-5391) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: linux-image-3.13.0-155-generic 3.13.0-155.205 linux-image-3.13.0-155-generic-lpae 3.13.0-155.205 linux-image-3.13.0-155-lowlatency 3.13.0-155.205 linux-image-3.13.0-155-powerpc-e500 3.13.0-155.205 linux-image-3.13.0-155-powerpc-e500mc 3.13.0-155.205 linux-image-3.13.0-155-powerpc-smp 3.13.0-155.205 linux-image-3.13.0-155-powerpc64-emb 3.13.0-155.205 linux-image-3.13.0-155-powerpc64-smp 3.13.0-155.205 linux-image-generic 3.13.0.155.165 linux-image-generic-lpae 3.13.0.155.165 linux-image-lowlatency 3.13.0.155.165 linux-image-powerpc-e500 3.13.0.155.165 linux-image-powerpc-e500mc 3.13.0.155.165 linux-image-powerpc-smp 3.13.0.155.165 linux-image-powerpc64-emb 3.13.0.155.165 linux-image-powerpc64-smp 3.13.0.155.165 Please note that the recommended mitigation for CVE-2018-3646 involves updating processor microcode in addition to updating the kernel; however, the kernel includes a fallback for processors that have not received microcode updates. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. (BZ#1594915) 4. 7.3) - ppc64, ppc64le, x86_64 3. Bug Fix(es): * Due to a bug in a CPU's speculative execution engine, the CPU could previously leak data from other processes on the system, including passwords, encryption keys, or other sensitive information. With this update, the kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Expoline for IBM z Systems. As a result, data leak no longer occurs under the described circumstances. (BZ#1577761) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2384-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2384 Issue date: 2018-08-14 CVE Names: CVE-2017-13215 CVE-2018-3620 CVE-2018-3646 CVE-2018-3693 CVE-2018-5390 CVE-2018-7566 CVE-2018-10675 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch, ppc64le 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: race condition in snd_seq_write() may lead to UAF or OOB access (CVE-2018-7566) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; and Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3527791 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1535173 - CVE-2017-13215 kernel: crypto: privilege escalation in skcipher_recvmsg function 1550142 - CVE-2018-7566 kernel: race condition in snd_seq_write() may lead to UAF or OOB-access 1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact 1581650 - CVE-2018-3693 Kernel: speculative bounds check bypass store 1585005 - CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF) 1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-862.11.6.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm x86_64: kernel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-headers-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm perf-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-862.11.6.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm x86_64: kernel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-headers-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm perf-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-862.11.6.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm ppc64: kernel-3.10.0-862.11.6.el7.ppc64.rpm kernel-bootwrapper-3.10.0-862.11.6.el7.ppc64.rpm kernel-debug-3.10.0-862.11.6.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.11.6.el7.ppc64.rpm kernel-devel-3.10.0-862.11.6.el7.ppc64.rpm kernel-headers-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.ppc64.rpm perf-3.10.0-862.11.6.el7.ppc64.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm python-perf-3.10.0-862.11.6.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm ppc64le: kernel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm kernel-devel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-headers-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.11.6.el7.ppc64le.rpm perf-3.10.0-862.11.6.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm s390x: kernel-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-devel-3.10.0-862.11.6.el7.s390x.rpm kernel-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.11.6.el7.s390x.rpm kernel-devel-3.10.0-862.11.6.el7.s390x.rpm kernel-headers-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.11.6.el7.s390x.rpm perf-3.10.0-862.11.6.el7.s390x.rpm perf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm python-perf-3.10.0-862.11.6.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm x86_64: kernel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-headers-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm perf-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm ppc64le: kernel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm kernel-devel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-headers-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.11.6.el7.ppc64le.rpm perf-3.10.0-862.11.6.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm s390x: kernel-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-devel-3.10.0-862.11.6.el7.s390x.rpm kernel-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.11.6.el7.s390x.rpm kernel-devel-3.10.0-862.11.6.el7.s390x.rpm kernel-headers-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.11.6.el7.s390x.rpm perf-3.10.0-862.11.6.el7.s390x.rpm perf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm python-perf-3.10.0-862.11.6.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.ppc64.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): noarch: kernel-doc-3.10.0-862.11.6.el7.noarch.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-862.11.6.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm x86_64: kernel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-headers-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm perf-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-13215 https://access.redhat.com/security/cve/CVE-2018-3620 https://access.redhat.com/security/cve/CVE-2018-3646 https://access.redhat.com/security/cve/CVE-2018-3693 https://access.redhat.com/security/cve/CVE-2018-5390 https://access.redhat.com/security/cve/CVE-2018-7566 https://access.redhat.com/security/cve/CVE-2018-10675 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/L1TF https://access.redhat.com/articles/3527791 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW3MjONzjgjWX9erEAQioYA/9Ge//K50oCrGaDEMuI2PHYLcztiZt9meh C578LP6sC/HT17VAbV8C+Tvy9QBCU80t4mGU4GOPu8Q5HzZQv45n0NtdRTGCC+yb A1bFcf0vhXIALNsuDEZN9g5SwUBapxkRoh43R+E7ITCQWp0XIPaSjYgGNqpTTuD/ lxRCzc10HhxW+pUY+ERFcK6c0poc14FtSqM3GqZe10FhkykdIlmngFjkthjzefXO dUkYDy53G+iAdTrVFI03h3Wt+UBMmNwKtu8ydqtAxZ0zDZIP5ijASOtM4mlf77ec VsNn7OWythkpTcpa+Sh5+dk6DK+lU2vziVsEocYNpzB+T/aHC9n/+I8ibfp3B4DC k4lYqZJQDFR2jVABjkOVS9dWFlOYKFmU2JBwsqdRvt3rgVFXEH3n5OQydHGFskmP NFwDbRAFlwo3zjd9KuiQzdFTOensc35+eSHykY8nxY2hGMH5gGccShFL4C7N2mtx s8JnzA/Zj00VHMg8qIHGfQ7RSd/xyEJ5vn87WZcTshTNli6x1/0VnzpTKG85Ga+K S2EJDXFP9LqCT98TL1RDJmCTtfDjU3I/gbgu5xFaofQZfV48qAUomUQ2E+MhQAOX eBr/OvlfFP8HEwVEJBDtXKxxs1LgmjTSqOtfP8AvS5zI9/Y6o56i0d7Ng1CcaGKP lZgWJhC3Yik=i4St -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. These attacks are known as L1 Terminal Fault: SGX, L1 Terminal Fault: OS/SMM, and L1 Terminal Fault: VMM. Multiple Intel Processors are prone to a multiple information-disclosure vulnerabilities. Local attackers can exploit these issues to obtain sensitive information. This may aid in further attacks. Intel Core i3 processor, etc. are all CPU (central processing unit) products of Intel Corporation of the United States. Security vulnerabilities exist in several Intel products that use speculative execution and address translation. The following products are affected: Intel Core i3 processor; Intel Core i5 processor; Intel Core i7 processor; Intel Core M processor family; 2nd generation Intel Core processors; 3rd generation Intel Core processors; 4th generation Intel Core processors; 5th generation Intel Core processors, etc. 6.7) - i386, ppc64, s390x, x86_64 3. For the stable distribution (stretch), these problems have been fixed in version 4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10. We recommend that you upgrade your xen packages. For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xen Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlt14mwACgkQEMKTtsN8 Tjb2LhAAokwmlGxyJPC3EGG9aOLKNv23G9OzLLNRm+cy150WAMgBio+bR2CAgkfX qu/ftFPLeKfIRbo9nLBFHQLMKlmDdFzLeicXe7GtnKcAMkt0Wp+rYIj66TMkjrMg 2kJI68ECc5Rqj3fMZ+dgkxSHzhylUGG70mEIBf2D22Y72kkIfc3EzBuu2wxaaOTP t7Q7JkYDv9WV/6gw8Ok2vIrQcq95jtZgDSL1ZHHg6VTukHnXP2SU1rMfRCguTCtc 5JYAgWJ1GWFWt3d6FQnk7SWwJf3pHEVNg0lGpRJdu4qperQ3EhQNeJlGq8adm/Zf QQUT9T6vsU5cefgelIRSLxFZ9bDobxXXNaox3FqB4tslkJLhTRluCvilJpWuNpH5 7S6xti5neGuHORfIkcS1PmOEx2gDkKWTgotiBx04yU3q+/zr0Ob+K2jxZXe4z2uU sqEq8pdjCnkE03cljPbfPeutyucS3xDFpFVoXlRqgRNMdZ7jzVSP6qayt3iQIa/E djVQ2ptHxux5Zapg5Ngr2ASBdyIw+2GLVUKQCeqM+EjMXjRBaJv8DPxWwO4nkC4d eliy9RxErtQpgHIZKHVmTjoRlh/OH4KAdHZT2Y+Gfv1DVA6TL5cPiQ9e0ZunNNaK vtXyOzjNPVPZa+2MEq9FTFIkDsR8Ncl/JCzp0bx5uVaV/ovX0A8=reP+ -----END PGP SIGNATURE----- . Issue date: 2018-08-14 Updated on: 2018-08-14 (Initial Advisory) CVE number: CVE-2018-3646 1. Summary VMware vSphere, Workstation, and Fusion updates enable Hypervisor- Specific Mitigations for L1 Terminal Fault - VMM vulnerability. The mitigations in this advisory are categorized as Hypervisor- Specific Mitigations described by VMware Knowledge Base article 55636. Relevant Products VMware vCenter Server (VC) VMware vSphere ESXi (ESXi) VMware Workstation Pro / Player (WS) VMware Fusion Pro / Fusion (Fusion) 3. Problem Description vCenter Server, ESXi, Workstation, and Fusion updates include Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM. This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisoras or another VMas privileged information that resides sequentially or concurrently in the same coreas L1 Data cache. CVE-2018-3646 has two currently known attack vectors which will be referred to as "Sequential-Context" and "Concurrent-Context." Attack Vector Summary Sequential-context attack vector: a malicious VM can potentially infer recently accessed L1 data of a previous context (hypervisor thread or other VM thread) on either logical processor of a processor core. Concurrent-context attack vector: a malicious VM can potentially infer recently accessed L1 data of a concurrently executing context (hypervisor thread or other VM thread) on the other logical processor of the Hyper-Threading-enabled processor core. Mitigation Summary The Sequential-context attack vector is mitigated by a vSphere update to the product versions listed in table below. This mitigation is dependent on Intel microcode updates (provided in separate ESXi patches for most Intel hardware platforms) also listed in the table below. This mitigation is enabled by default and does not impose a significant performance impact. The Concurrent-context attack vector is mitigated through enablement of a new feature known as the ESXi Side-Channel-Aware Scheduler. This feature may impose a non-trivial performance impact and is not enabled by default. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ======= ======= ======= ========= ===================== ========== VC 6.7 Any Important 6.7.0d None VC 6.5 Any Important 6.5u2c None VC 6.0 Any Important 6.0u3h None VC 5.5 Any Important 5.5u3j None ESXi 6.7 Any Important ESXi670-201808401-BG* None ESXi670-201808402-BG** None ESXi670-201808403-BG* None ESXi 6.5 Any Important ESXi650-201808401-BG* None ESXi650-201808402-BG** None ESXi650-201808403-BG* None ESXi 6.0 Any Important ESXi600-201808401-BG* None ESXi600-201808402-BG** None ESXi600-201808403-BG* None ESXi 5.5 Any Important ESXi550-201808401-BG* None ESXi550-201808402-BG** None ESXi550-201808403-BG* None WS 14.x Any Important 14.1.3* None Fusion 10.x Any Important 10.1.3* None *These patches DO NOT mitigate the Concurrent-context attack vector previously described by default. For details on the three-phase vSphere mitigation process please see KB55806 and for the mitigation process for Workstation and Fusion please see KB57138. **These patches include microcode updates required for mitigation of the Sequential-context attack vector. This microcode may also be obtained from your hardware OEM in the form of a BIOS or firmware update. Details on microcode that has been provided by Intel and packaged by VMware is enumerated in the patch KBs found in the Solution section of this document. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. vCenter 6.7.0d Downloads: https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/6_7 Documentation: https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-670d-release-notes.html vCenter 6.5u2c Downloads: https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/6_5 Documentation: https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u2c-release-notes.html vCenter 6.0u3h Downloads: https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/6_0 Documentation: https://docs.vmware.com/en/VMware-vSphere/6.0/rn/vsphere-vcenter-server-60u3h-release-notes.html vCenter 5.5u3j Downloads: https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/5_5 Documentation: https://docs.vmware.com/en/VMware-vSphere/5.5/rn/vsphere-vcenter-server-55u3j-release-notes.html ESXi 6.7 Downloads: https://my.vmware.com/group/vmware/patch Documentation: ESXi670-201808401-BG (esx-base): https://kb.vmware.com/kb/56537 ESXi670-201808402-BG (microcode): https://kb.vmware.com/kb/56538 ESXi670-201808403-BG (esx-ui):(https://kb.vmware.com/kb/56897 ESXi 6.5 Downloads: https://my.vmware.com/group/vmware/patch Documentation: ESXi650-201808401-BG (esx-base): https://kb.vmware.com/kb/56547 ESXi650-201808402-BG (microcode): https://kb.vmware.com/kb/56563 ESXi650-201808403-BG (esx-ui): https://kb.vmware.com/kb/56896 ESXi 6.0 Downloads: https://my.vmware.com/group/vmware/patch Documentation: ESXi600-201808401-BG (esx-base): https://kb.vmware.com/kb/56552 ESXi600-201808402-BG (microcode): https://kb.vmware.com/kb/56553 ESXi600-201808403-BG (esx-ui): https://kb.vmware.com/kb/56895 ESXi 5.5 Downloads: https://my.vmware.com/group/vmware/patch Documentation: ESXi550-201808401-BG (esx-base): https://kb.vmware.com/kb/56557 ESXi550-201808402-BG (microcode): https://kb.vmware.com/kb/56558 ESXi550-201808403-BG (esx-ui): https://kb.vmware.com/kb/56894 VMware Workstation Pro 14.1.3 Downloads: https://www.vmware.com/go/downloadworkstation Documentation: https://docs.vmware.com/en/VMware-Workstation-Pro/index.html VMware Workstation Player 14.1.3 Downloads: https://www.vmware.com/go/downloadplayer Documentation: https://docs.vmware.com/en/VMware-Workstation-Player/index.html VMware Fusion Pro / Fusion 10.1.3 Downloads: https://www.vmware.com/go/downloadfusion Documentation: https://docs.vmware.com/en/VMware-Fusion/index.html 5. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646 https://kb.vmware.com/kb/55636 https://kb.vmware.com/kb/55806 https://kb.vmware.com/kb/57138 - ------------------------------------------------------------------------ 6. Change log 2018-08-14: Initial security advisory in conjunction with vSphere, Workstation, and Fusion updates and patches released on 2018-08-14. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security at vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2018 VMware Inc. All rights reserved. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.6) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646 and Vegard Nossum (Oracle Corporation) for reporting CVE-2018-10901. Bugs fixed (https://bugzilla.redhat.com/): 1585005 - CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF) 1601849 - CVE-2018-10901 kernel: kvm: vmx: host GDT limit corruption 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.6): Source: kernel-2.6.32-504.72.4.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.72.4.el6.noarch.rpm kernel-doc-2.6.32-504.72.4.el6.noarch.rpm kernel-firmware-2.6.32-504.72.4.el6.noarch.rpm x86_64: kernel-2.6.32-504.72.4.el6.x86_64.rpm kernel-debug-2.6.32-504.72.4.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.72.4.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.72.4.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.72.4.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.72.4.el6.x86_64.rpm kernel-devel-2.6.32-504.72.4.el6.x86_64.rpm kernel-headers-2.6.32-504.72.4.el6.x86_64.rpm perf-2.6.32-504.72.4.el6.x86_64.rpm perf-debuginfo-2.6.32-504.72.4.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.72.4.el6.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.6): Source: kernel-2.6.32-504.72.4.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.72.4.el6.noarch.rpm kernel-doc-2.6.32-504.72.4.el6.noarch.rpm kernel-firmware-2.6.32-504.72.4.el6.noarch.rpm x86_64: kernel-2.6.32-504.72.4.el6.x86_64.rpm kernel-debug-2.6.32-504.72.4.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.72.4.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.72.4.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.72.4.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.72.4.el6.x86_64.rpm kernel-devel-2.6.32-504.72.4.el6.x86_64.rpm kernel-headers-2.6.32-504.72.4.el6.x86_64.rpm perf-2.6.32-504.72.4.el6.x86_64.rpm perf-debuginfo-2.6.32-504.72.4.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.72.4.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.6): x86_64: kernel-debug-debuginfo-2.6.32-504.72.4.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.72.4.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.72.4.el6.x86_64.rpm perf-debuginfo-2.6.32-504.72.4.el6.x86_64.rpm python-perf-2.6.32-504.72.4.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.72.4.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.6): x86_64: kernel-debug-debuginfo-2.6.32-504.72.4.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.72.4.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.72.4.el6.x86_64.rpm perf-debuginfo-2.6.32-504.72.4.el6.x86_64.rpm python-perf-2.6.32-504.72.4.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.72.4.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================ FreeBSD-SA-18:09.l1tf Security Advisory The FreeBSD Project Topic: L1 Terminal Fault (L1TF) Kernel Information Disclosure Category: core Module: Kernel Announced: 2018-08-14 Affects: All supported versions of FreeBSD. Corrected: 2018-08-14 17:51:12 UTC (stable/11, 11.1-STABLE) 2018-08-15 02:30:11 UTC (releng/11.2, 11.2-RELEASE-p2) 2018-08-15 02:30:11 UTC (releng/11.1, 11.1-RELEASE-p13) CVE Name: CVE-2018-3620, CVE-2018-3646 Special Note: Speculative execution vulnerability mitigation remains a work in progress. This advisory addresses the issue in FreeBSD 11.1 and later. We expect to update this advisory to include 10.4 at a later time. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background When a program accesses data in memory via a logical address it is translated to a physical address in RAM by the CPU. Accessing an unmapped logical address results in what is known as a terminal fault. II. The CPU may speculatively access the level 1 data cache (L1D). Data which would otherwise be protected may then be determined by using side channel methods. This issue affects bhyve on FreeBSD/amd64 systems. III. Impact An attacker executing user code, or kernel code inside of a virtual machine, may be able to read secret data from the kernel or from another virtual machine. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +30 "Rebooting for security update" 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.2] # fetch https://security.FreeBSD.org/patches/SA-18:09/l1tf-11.2.patch # fetch https://security.FreeBSD.org/patches/SA-18:09/l1tf-11.2.patch.asc # gpg --verify l1tf-11.2.patch.asc [FreeBSD 11.1] # fetch https://security.FreeBSD.org/patches/SA-18:09/l1tf-11.1.patch # fetch https://security.FreeBSD.org/patches/SA-18:09/l1tf-11.1.patch.asc # gpg --verify l1tf-11.1.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details CVE-2018-3620 (L1 Terminal Fault-OS) - ------------------------------------ FreeBSD reserves the the memory page at physical address 0, so it will not contain secret data. FreeBSD zeros the paging data structures for unmapped addresses, so that speculatively executed L1 Terminal Faults will access only the reserved, unused page. The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r337794 releng/11.1/ r337828 releng/11.2/ r337828 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.2.9 (FreeBSD) iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAltztc8ACgkQ05eS9J6n 5cLwEhAAos2Bnilthrbd+uQr1IGASD96aZZ5iXvn1Ibls03Vtd0kG9EcU30gFVG0 HSg47qT7r5qJQUdhuSYxspgS9ZxXpRez1vnAz7cSGHL9FdecyfHWmHvGor5tz84/ CgX4jCCAZfqDBquYD+ioqiLX7p1ZTRKfHBQOHcGgMfMq8UQUsg1YriXabEqnavU6 W0h/eCGBo/Dbvl7004Gx0hKmDO2YQxt9aPWfInXWx1VOMf+wNWpcrvU6rJ4kOnL9 7BXi+c5+vwlVXDvjrTwP9X+9DDa0MJcMoy2JCyCa/0W7lQ9nADLfUiXLsTvLDo6V 6/sooFbqlO+Qz37XHlXOXaoVGZGw+NtJRcnD+w8ueP9ts02SsECoxofN8tPOzGsT T285qAwv8D8uuBLU3dc9y+assEe3j/4Aqb1Eil6Eh1MsHypEvyN5z9+PIpbN2tWK qqCtzgqx037Jvjo6DwjwMUd+DikObGjZyK4pwP8KIeccOIBrUAA1Xel7Xr74xuwq LwqtcHb2MWeFD0Mw+oW9viuJKrxyu6aiQfU6FsuGVmHjtXGxi+aWyGQqed+q8FcU w/J6fq4kmBVVqNNrAMc/bWKU3IXAj4c48H0CSiCoX4dE4waRQ+cEetKkSWVGYnXj 3QdoyPsiqo8Goo34Cn0Ipf9GWDeNVv32iz0fXtr4LtoVZKCx9oc=G5SD -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-3740-2 August 14, 2018 linux-hwe, linux-azure, linux-gcp vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3620) Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. A remote attacker could use this to cause a denial of service. (CVE-2018-5391) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: linux-image-4.15.0-1017-gcp 4.15.0-1017.18~16.04.1 linux-image-4.15.0-1021-azure 4.15.0-1021.21~16.04.1 linux-image-4.15.0-32-generic 4.15.0-32.35~16.04.1 linux-image-4.15.0-32-generic-lpae 4.15.0-32.35~16.04.1 linux-image-4.15.0-32-lowlatency 4.15.0-32.35~16.04.1 linux-image-azure 4.15.0.1021.27 linux-image-gcp 4.15.0.1017.29 linux-image-generic-hwe-16.04 4.15.0.32.54 linux-image-generic-lpae-hwe-16.04 4.15.0.32.54 linux-image-gke 4.15.0.1017.29 linux-image-lowlatency-hwe-16.04 4.15.0.32.54 linux-image-virtual-hwe-16.04 4.15.0.32.54 Please note that the recommended mitigation for CVE-2018-3646 involves updating processor microcode in addition to updating the kernel; however, the kernel includes a fallback for processors that have not received microcode updates. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. Relevant releases/architectures: RHEL 7-based RHEV-H ELS - noarch RHEV Hypervisor for RHEL-6 ELS - noarch 3. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xen: Multiple vulnerabilities Date: October 30, 2018 Bugs: #643350, #655188, #655544, #659442 ID: 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, the worst of which could cause a Denial of Service condition. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/xen < 4.10.1-r2 >= 4.10.1-r2 2 app-emulation/xen-tools < 4.10.1-r2 >= 4.10.1-r2 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Resolution ========== All Xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.10.1-r2" All Xen tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.10.1-r2" References ========== [ 1 ] CVE-2017-5715 https://nvd.nist.gov/vuln/detail/CVE-2017-5715 [ 2 ] CVE-2017-5753 https://nvd.nist.gov/vuln/detail/CVE-2017-5753 [ 3 ] CVE-2017-5754 https://nvd.nist.gov/vuln/detail/CVE-2017-5754 [ 4 ] CVE-2018-10471 https://nvd.nist.gov/vuln/detail/CVE-2018-10471 [ 5 ] CVE-2018-10472 https://nvd.nist.gov/vuln/detail/CVE-2018-10472 [ 6 ] CVE-2018-10981 https://nvd.nist.gov/vuln/detail/CVE-2018-10981 [ 7 ] CVE-2018-10982 https://nvd.nist.gov/vuln/detail/CVE-2018-10982 [ 8 ] CVE-2018-12891 https://nvd.nist.gov/vuln/detail/CVE-2018-12891 [ 9 ] CVE-2018-12892 https://nvd.nist.gov/vuln/detail/CVE-2018-12892 [ 10 ] CVE-2018-12893 https://nvd.nist.gov/vuln/detail/CVE-2018-12893 [ 11 ] CVE-2018-15468 https://nvd.nist.gov/vuln/detail/CVE-2018-15468 [ 12 ] CVE-2018-15469 https://nvd.nist.gov/vuln/detail/CVE-2018-15469 [ 13 ] CVE-2018-15470 https://nvd.nist.gov/vuln/detail/CVE-2018-15470 [ 14 ] CVE-2018-3620 https://nvd.nist.gov/vuln/detail/CVE-2018-3620 [ 15 ] CVE-2018-3646 https://nvd.nist.gov/vuln/detail/CVE-2018-3646 [ 16 ] CVE-2018-5244 https://nvd.nist.gov/vuln/detail/CVE-2018-5244 [ 17 ] CVE-2018-7540 https://nvd.nist.gov/vuln/detail/CVE-2018-7540 [ 18 ] CVE-2018-7541 https://nvd.nist.gov/vuln/detail/CVE-2018-7541 [ 19 ] CVE-2018-7542 https://nvd.nist.gov/vuln/detail/CVE-2018-7542 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201810-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . (CVE-2018-3646) Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. (CVE-2018-3639) Zdenek Sojka, Rudolf Marek, Alex Zuepke, and Innokentiy Sennovskiy discovered that microprocessors that perform speculative reads of system registers may allow unauthorized disclosure of system parameters via a sidechannel attack

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. Linux Kernel is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This is mitigated by reducing the default limits on memory usage for incomplete fragmented packets. The same mitigation can be achieved without the need to reboot, by setting the sysctls: net.ipv4.ipfrag_high_thresh = 262144 net.ipv6.ip6frag_high_thresh = 262144 net.ipv4.ipfrag_low_thresh = 196608 net.ipv6.ip6frag_low_thresh = 196608 The default values may still be increased by local configuration if necessary. For the stable distribution (stretch), this problem has been fixed in version 4.9.110-3+deb9u2. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAltzSylfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RaQQ//ZmbZqbqzS25ZDtEN7fJbInoznmfFiXHYCS9/GNEID3ODvPEn34omQ+Tj HJHroMWFsXROIaViHvJ2mZB3dpgv+ge1huvqXFTh+VrnQxvmdzzNy0UiDUH3B7jU BnbI7IS5x2dBC4cY+5vJ1fn0mWnvh/Bg9D+HEce3mmz9f/bTmXXiwPosyCM0KnzC R8aq73EU61A+IYJd+otICU6jZk+4IdgZRhW6q8F5OgHrnBryr0Xem8hSeL4Nkv3y aLX2Ca20eAgfeGo/SAHmG+FfJLR6dG8frz1k8HsKWNW16O8AC6lDbRC1+teK1e43 6GoIjfU9fBy3Cc35I1JQ85cfzfDLaETQ6IQ23o9SUP6qh8QKtUYDIU2sEDAThmrA IeoJsscGUvRMOx/XzuW8xN6rgbU+uNp8NIYXonZjy+U28dGp11obq3ka02railwj VEhm3YPIddeySofS0tZuBJ1XKL1/a5voLQ9GEBk+wq10DPdfYvSmIXxVR/FOfYy5 mLLTdtHINomfeihEI9AOWqq7w5bVIIidWB2a5FJiBZKWW1OdiNRHlD4hNMCR5xRv vK2PPXYcCxBuO4mdcnYydDcmrDvD22b6AhN1sm8FqUkWSXQbRoHNan95A8KbgZw0 Rk68oRCEFKcScB67ZhK2hUue7hZhkz52MlbS7pJgBPSuKrVsZtw= =WPm5 -----END PGP SIGNATURE----- . (BZ#1625330) 4. 7) - ppc64le 3. (BZ#1629634) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:3590-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3590 Issue date: 2018-11-13 CVE Names: CVE-2017-18344 CVE-2018-5391 CVE-2018-10675 CVE-2018-14634 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.2) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. (CVE-2018-5391) * kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391 and Qualys Research Labs for reporting CVE-2018-14634. Bug Fix(es): * Previously, a kernel panic occurred when the kernel tried to make an out of bound access to the array that describes the L1 Terminal Fault (L1TF) mitigation state on systems without Extended Page Tables (EPT) support. This update extends the array of mitigation states to cover all the states, which effectively prevents out of bound array access. Also, this update enables rejecting invalid, irrelevant values, that might be erroneously provided by the userspace. As a result, the kernel no longer panics in the described scenario. (BZ#1629565) * Previously, a packet was missing the User Datagram Protocol (UDP) payload checksum during a full checksum computation, if the hardware checksum was not applied. As a consequence, a packet with an incorrect checksum was dropped by a peer. With this update, the kernel includes the UDP payload checksum during the full checksum computation. As a result, the checksum is computed correctly and the packet can be received by the peer. (BZ#1635792) * Previously, a transform lookup through the xfrm framework could be performed on an already transformed destination cache entry (dst_entry). When using User Datagram Protocol (UDP) over IPv6 with a connected socket in conjunction with Internet Protocol Security (IPsec) in Encapsulating Security Payload (ESP) transport mode. As a consequence, invalid IPv6 fragments transmitted from the host or the kernel occasionally terminated unexpectedly due to a socket buffer (SKB) underrun. With this update, the xfrm lookup on an already transformed dst_entry is not possible. As a result, using UDP iperf utility over IPv6 ESP no longer causes invalid IPv6 fragment transmissions or a kernel panic. (BZ#1639586) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact 1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) 1610958 - CVE-2017-18344 kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c 1624498 - CVE-2018-14634 kernel: Integer overflow in Linux's create_elf_tables function 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.2): Source: kernel-3.10.0-327.76.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm kernel-doc-3.10.0-327.76.1.el7.noarch.rpm x86_64: kernel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-headers-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm perf-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.2): Source: kernel-3.10.0-327.76.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm kernel-doc-3.10.0-327.76.1.el7.noarch.rpm x86_64: kernel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-headers-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm perf-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.2): Source: kernel-3.10.0-327.76.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm kernel-doc-3.10.0-327.76.1.el7.noarch.rpm x86_64: kernel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-headers-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm perf-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-18344 https://access.redhat.com/security/cve/CVE-2018-5391 https://access.redhat.com/security/cve/CVE-2018-10675 https://access.redhat.com/security/cve/CVE-2018-14634 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3553061 https://access.redhat.com/security/vulnerabilities/mutagen-astronomy 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW+sPDtzjgjWX9erEAQhm3BAAhxwzb8zJTfl0zFY/r9KUzkAdLXY4w39X BgJrVPyl7f6krvQ17HE95Poqz/iUhMOZAweypQXHMRKkmfMTYiLHlKpdIusou2xy y1ZzB1uloI4j2zMdTDRP5yZz06r/NP5A05pLZDA02iR5b07ALLYb5hcL5oBnpQXp 9Xp31qb7TCP+jWtCO1Ot+9GJ3chMNvpYqH0OkGTpq/G7PxGrhIzB6v4p6N5OntD9 5CIebREaGBWn9ViWiUHcthgg+PN2iS2/5ST82g/Jss/WmVVZSiVbayob6/MNQPnb M29VHOmJ6pf5dERNpSqrJrBXeDYCMA6HHD+RT9SmiuQQ8gQ2Rzjy7K97Nn++6x7O nclOTmB7hQZtl0WhgC3xuwtslXGpe9jKSzql03ijTvJRQrczgVWiBS+tpfVAJprV ma2Kchf5ivctaXZ/R62JMyTvNf6HCVdvBNvSNET52ol3PkdpJK7V7mg+H64Mqdrl cBTUDBHHYYWMJted9pHWq7tPs0vy1h9aoFqNdlak5jwr169vldlZMRBbhtvz+OXj V/o+IClbY9UUfibaXDoX7qufeVikW1KQ4L+VhRj3RzXNsu2A8FUAcN7za5Qv5HIe LiC42C+pjvHqS/9gNpBakzKv6nPldWZIfPEuF4zewizBxlTXHPE1ln1hAWKjqVTs 6QJ1Zh7jeUY= =8JOQ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6.5) - x86_64 3. Bug Fix(es): * Previously, invalid headers in the sk_buff struct led to an indefinite loop in the tcp_collapse() function. (BZ#1619630) * After updating the system to prevent the L1 Terminal Fault (L1TF) vulnerability, only one thread was detected on systems that offer processing of two threads on a single processor core. With this update, the "__max_smt_threads()" function has been fixed. (BZ#1629632) 4. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3684891 4. 7.3) - ppc64, ppc64le, x86_64 3. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. Consequently, the node was not available. This update fixes an irq latency source in memory compaction. (BZ#1596281) * Previously, the kernel source code was missing support to report the Speculative Store Bypass Disable (SSBD) vulnerability status on IBM Power Systems and the little-endian variants of IBM Power Systems. As a consequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file incorrectly reported "Not affected" on both CPU architectures. This fix updates the kernel source code to properly report the SSBD status either as "Vulnerable" or "Mitigation: Kernel entry/exit barrier (TYPE)" where TYPE is one of "eieio", "hwsync", "fallback", or "unknown". As a consequence, the VMs sometimes became unresponsive when booting. This update applies an upstream patch to avoid early microcode update when running under a hypervisor. (BZ#1618388) 4. ========================================================================= Ubuntu Security Notice USN-3742-2 August 14, 2018 linux-lts-trusty vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 for Ubuntu 12.04 ESM. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). (CVE-2018-3620) Andrey Konovalov discovered an out-of-bounds read in the POSIX timers subsystem in the Linux kernel. (CVE-2018-5391) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: linux-image-3.13.0-155-generic 3.13.0-155.206~precise1 linux-image-3.13.0-155-generic-lpae 3.13.0-155.206~precise1 linux-image-generic-lpae-lts-trusty 3.13.0.155.145 linux-image-generic-lts-trusty 3.13.0.155.145 Please note that the recommended mitigation for CVE-2018-3646 involves updating processor microcode in addition to updating the kernel; however, the kernel includes a fallback for processors that have not received microcode updates. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well

An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID field. Edimax EW-7438RPn Mini v2 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. EdimaxEW-7438RPnMini is a wireless router product from EdimaxTechnology. A cross-site scripting vulnerability exists in the SSID field in versions prior to EdimaxEW-7438RPnMiniv21.26. A remote attacker can exploit this vulnerability to perform a phishing attack

A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process. plural Hikvision IP Cameras The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HikVision IP Cameras is a network camera product from China Hikvision. Hikvision network camera has a buffer overflow vulnerability, which is caused by insufficient input verification

A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140. Cisco IOS and Cisco IOS XE The software is vulnerable to cryptographic strength. Vendors have confirmed this vulnerability Bug ID CSCve77140 It is released as.Information may be obtained

Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface. A security vulnerability exists in Zipato Zipabox

Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device. Zipato Zipabox Smart Home Controller Contains a cryptographic strength vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Zipato Zipabox is a smart home gateway controller from Zipato, Republic of Croatia. Attackers can exploit this vulnerability to extract plaintext passwords and gain root access to the device

Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home. Zipato Zipabox Smart Home Controller Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Zipato Zipabox is a smart home gateway controller from Zipato, Republic of Croatia. Zipato Zipabox BOARD REV - 1 version (system version 118) has a security hole

The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT). SmartMesh Contains an access control vulnerability.Information may be altered. SmartMesh (SMT) is a blockchain-based IoT underlying protocol that is positioned in areas such as networkless communication and networkless payment. There are security vulnerabilities in the 'transferProxy' and 'approveProxy' functions in SMT's smart contracts. An attacker could use this vulnerability to unauthorized transfer of digital assets

ASUS HG100 devices allow denial of service via an IPv4 packet flood. ASUS HG100 The device contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ASUSHG100 is a home intelligence monitoring device from ASUS. A denial of service vulnerability exists in ASUSHG100. There is a security flaw in the ASUS HG100

A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of sensitive information. HPE OfficeConnect 1810 Switch The series contains an information disclosure vulnerability.Information may be obtained. HPE1810-24GSwitch, 1810-48GSwitch and 1810-8v2Switch are all switch products of Hewlett Packard Enterprise (HPE). An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks