Find a vulnerability

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Full-Text Search

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

96 vulnerabilities by phoenixcontact

VAR-201801-1712

Vulnerability from variot - Updated: 2024-07-23 21:03

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Meltdown vulnerability exists in the CPU processor core, which \"melts\" the security boundary implemented by hardware, allowing low-privileged user-level applications to \"cross-border\" access to system-level memory, causing data leakage. Multiple CPU Hardware are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The following products and versions are affected: ARM Cortex-R7; Cortex-R8; Cortex-A8; Cortex-A9; Cortex-A12; Xeon CPU E5-1650 v3, v2, v4; Xeon E3-1265l v2, v3, v4 ; Xeon E3-1245 v2, v3, v5, v6 versions; Xeon X7542, etc. Relevant releases/architectures:

Image Updates for RHV-H - noarch

These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. ========================================================================== Ubuntu Security Notice USN-3540-2 January 23, 2018

linux-lts-xenial, linux-aws vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 14.04 LTS

Summary:

Several security issues were addressed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. This flaw is known as Spectre. (CVE-2017-5715, CVE-2017-5753)

USN-3522-2 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. This flaw is known as Meltdown. (CVE-2017-5754)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: linux-image-4.4.0-1011-aws 4.4.0-1011.11 linux-image-4.4.0-111-generic 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-lowlatency 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc-e500mc 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc-smp 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc64-emb 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc64-smp 4.4.0-111.134~14.04.1 linux-image-aws 4.4.0.1011.11 linux-image-generic-lts-xenial 4.4.0.111.95 linux-image-lowlatency-lts-xenial 4.4.0.111.95 linux-image-powerpc-e500mc-lts-xenial 4.4.0.111.95 linux-image-powerpc-smp-lts-xenial 4.4.0.111.95 linux-image-powerpc64-emb-lts-xenial 4.4.0.111.95 linux-image-powerpc64-smp-lts-xenial 4.4.0.111.95

Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2) requires corresponding processor microcode/firmware updates or, in virtual environments, hypervisor updates. Ubuntu is working with Intel and AMD to provide future microcode updates that implement IBRS and IBPB as they are made available. Ubuntu users with a processor from a different vendor should contact the vendor to identify necessary firmware updates. Ubuntu will provide corresponding QEMU updates in the future for users of self-hosted virtual environments in coordination with upstream QEMU. Ubuntu users in cloud environments should contact the cloud provider to confirm that the hypervisor has been updated to expose the new CPU features to virtual machines. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-4187-1 security@debian.org https://www.debian.org/security/ Ben Hutchings May 01, 2018 https://www.debian.org/security/faq

Package : linux CVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753 CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017 CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332 CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004 CVE-2018-1000199

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

CVE-2015-9016

Ming Lei reported a race condition in the multiqueue block layer
(blk-mq).  On a system with a driver using blk-mq (mtip32xx,
null_blk, or virtio_blk), a local user might be able to use this
for denial of service or possibly for privilege escalation.

CVE-2017-0861

Robb Glasser reported a potential use-after-free in the ALSA (sound)
PCM core.  We believe this was not possible in practice.

CVE-2017-5715

Multiple researchers have discovered a vulnerability in various
processors supporting speculative execution, enabling an attacker
controlling an unprivileged process to read memory from arbitrary
addresses, including from the kernel and all other processes
running on the system.

This specific attack has been named Spectre variant 2 (branch
target injection) and is mitigated for the x86 architecture (amd64
and i386) by using the "retpoline" compiler feature which allows
indirect branches to be isolated from speculative execution.

CVE-2017-5753

Multiple researchers have discovered a vulnerability in various
processors supporting speculative execution, enabling an attacker
controlling an unprivileged process to read memory from arbitrary
addresses, including from the kernel and all other processes
running on the system.

This specific attack has been named Spectre variant 1
(bounds-check bypass) and is mitigated by identifying vulnerable
code sections (array bounds checking followed by array access) and
replacing the array access with the speculation-safe
array_index_nospec() function.

More use sites will be added over time.

CVE-2017-13166

A bug in the 32-bit compatibility layer of the v4l2 ioctl handling
code has been found. Memory protections ensuring user-provided
buffers always point to userland memory were disabled, allowing
destination addresses to be in kernel space. On a 64-bit kernel a
local user with access to a suitable video device can exploit this
to overwrite kernel memory, leading to privilege escalation.

CVE-2017-13220

Al Viro reported that the Bluetooth HIDP implementation could
dereference a pointer before performing the necessary type check. 
A local user could use this to cause a denial of service.

CVE-2017-16526

Andrey Konovalov reported that the UWB subsystem may dereference
an invalid pointer in an error case.  A local user might be able
to use this for denial of service.

CVE-2017-16911

Secunia Research reported that the USB/IP vhci_hcd driver exposed
kernel heap addresses to local users.

CVE-2017-16912

Secunia Research reported that the USB/IP stub driver failed to
perform a range check on a received packet header field, leading
to an out-of-bounds read.  A remote user able to connect to the
USB/IP server could use this for denial of service.

CVE-2017-16913

Secunia Research reported that the USB/IP stub driver failed to
perform a range check on a received packet header field, leading
to excessive memory allocation.  A remote user able to connect to
the USB/IP server could use this for denial of service.

CVE-2017-16914

Secunia Research reported that the USB/IP stub driver failed to
check for an invalid combination of fields in a received packet,
leading to a null pointer dereference.  A remote user able to
connect to the USB/IP server could use this for denial of service.

CVE-2017-18017

Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module
failed to validate TCP header lengths, potentially leading to a
use-after-free.  If this module is loaded, it could be used by a
remote attacker for denial of service or possibly for code
execution.

CVE-2017-18203

Hou Tao reported that there was a race condition in creation and
deletion of device-mapper (DM) devices.  A local user could
potentially use this for denial of service.

CVE-2017-18216

Alex Chen reported that the OCFS2 filesystem failed to hold a
necessary lock during nodemanager sysfs file operations,
potentially leading to a null pointer dereference.  A local user
could use this for denial of service.

CVE-2017-18232

Jason Yan reported a race condition in the SAS (Serial-Attached
SCSI) subsystem, between probing and destroying a port.  This
could lead to a deadlock.  A physically present attacker could
use this to cause a denial of service.

CVE-2017-18241

Yunlei He reported that the f2fs implementation does not properly
initialise its state if the "noflush_merge" mount option is used. 
A local user with access to a filesystem mounted with this option
could use this to cause a denial of service.

CVE-2018-1066

Dan Aloni reported to Red Hat that the CIFS client implementation
would dereference a null pointer if the server sent an invalid
response during NTLMSSP setup negotiation.  This could be used
by a malicious server for denial of service.

CVE-2018-1068

The syzkaller tool found that the 32-bit compatibility layer of
ebtables did not sufficiently validate offset values. On a 64-bit
kernel, a local user with the CAP_NET_ADMIN capability (in any user
namespace) could use this to overwrite kernel memory, possibly
leading to privilege escalation. Debian disables unprivileged user
namespaces by default.

CVE-2018-1092

Wen Xu reported that a crafted ext4 filesystem image would
trigger a null dereference when mounted.  A local user able
to mount arbitrary filesystems could use this for denial of
service.

CVE-2018-5332

Mohamed Ghannam reported that the RDS protocol did not
sufficiently validate RDMA requests, leading to an out-of-bounds
write.  A local attacker on a system with the rds module loaded
could use this for denial of service or possibly for privilege
escalation.

CVE-2018-5333

Mohamed Ghannam reported that the RDS protocol did not properly
handle an error case, leading to a null pointer dereference.  A
local attacker on a system with the rds module loaded could
possibly use this for denial of service.

CVE-2018-5750

Wang Qize reported that the ACPI sbshc driver logged a kernel heap
address.

CVE-2018-5803

Alexey Kodanev reported that the SCTP protocol did not range-check
the length of chunks to be created.  A local or remote user could
use this to cause a denial of service.

CVE-2018-6927

Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did
not check for negative parameter values, which might lead to a
denial of service or other security impact.

CVE-2018-7492

The syzkaller tool found that the RDS protocol was lacking a null
pointer check.  A local attacker on a system with the rds module
loaded could use this for denial of service.

CVE-2018-7566

Fan LongFei reported a race condition in the ALSA (sound)
sequencer core, between write and ioctl operations.  This could
lead to an out-of-bounds access or use-after-free.  A local user
with access to a sequencer device could use this for denial of
service or possibly for privilege escalation.

CVE-2018-7740

Nic Losby reported that the hugetlbfs filesystem's mmap operation
did not properly range-check the file offset.  A local user with
access to files on a hugetlbfs filesystem could use this to cause
a denial of service.

CVE-2018-7757

Jason Yan reported a memory leak in the SAS (Serial-Attached
SCSI) subsystem.  A local user on a system with SAS devices
could use this to cause a denial of service.

CVE-2018-7995

Seunghun Han reported a race condition in the x86 MCE
(Machine Check Exception) driver.  This is unlikely to have
any security impact.

CVE-2018-8781

Eyal Itkin reported that the udl (DisplayLink) driver's mmap
operation did not properly range-check the file offset.  A local
user with access to a udl framebuffer device could exploit this to
overwrite kernel memory, leading to privilege escalation.

CVE-2018-8822

Dr Silvio Cesare of InfoSect reported that the ncpfs client
implementation did not validate reply lengths from the server.  An
ncpfs server could use this to cause a denial of service or
remote code execution in the client.

CVE-2018-1000004

Luo Quan reported a race condition in the ALSA (sound) sequencer
core, between multiple ioctl operations.  This could lead to a
deadlock or use-after-free.  A local user with access to a
sequencer device could use this for denial of service or possibly
for privilege escalation.

CVE-2018-1000199

Andy Lutomirski discovered that the ptrace subsystem did not
sufficiently validate hardware breakpoint settings.  Local users
can use this to cause a denial of service, or possibly for
privilege escalation, on x86 (amd64 and i386) and possibly other
architectures.

For the oldstable distribution (jessie), these problems have been fixed in version 3.16.56-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron61fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rtqw//Xf/L4bP65wU9M59Ef6xBt+Eph+yxeMsioGhu80ODdMemlmHzASMtfZjY AXxyt9l8lbHn8MmwDA4aLhhwHYXwvKATdpHSy1SILrRfb4s9P9uV1vsHaIeZ649E hDyNon9hP2tPso6BwqiYHZZy9Xxtd+T8vTBeBZwUKOLBkBRvV/gyNSUdJWp6L8WH aF4D1hHl9ZotDkyIvkubbx77aqbJ88I4R0n69x7L9udFbuXa+U7hV6dJdnpzyl/7 OukJfEtnkaUgWu0MdOfFss6iH5OQISn/y/ricRi29oKQiEp3YwnT5J9pFwSQeJJS H8ABVt251UoS0J+of3QWw0muOT/6UAF8SNpPKMJXC7Euq8pTmYVPSIeUYf4eqn65 UHZSCKXaszItq+uzVNYdkj504BJ4cG1lFxZtlrFWwKE8p7QOETN0GKvTRdu/SvDd Hl2nb4HouLpBYS518Th2/MGgzhXXAuO12MH3smenptZbqxKn9Z0XSTJYzFupgJk/ kKF2xkDFBE4toTLVE+6XdUKwYk4vkeDZyOGOwRYThSkKAzrUh5zThgal4HnknD2A 5ye4XLhjgSIT47/nmor6lhxd7WGXGkV33GF0azYlHr/sclfzxcU2Ev3NUBWQ8M3s CxfIO0FNCzO0WIUf40md7MlIAnDBIRGyYgNIIe7AnSRKKPykEx8= =wNQS -----END PGP SIGNATURE----- . Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

Security Fix(es):

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.

Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.

In this update mitigations for x86-64 architecture are provided.

Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)

Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)

Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.

Red Hat would like to thank Google Project Zero for reporting these issues.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Bugs fixed (https://bugzilla.redhat.com/):

1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling

Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: kernel-2.6.32-696.18.7.el6.src.rpm

i386: kernel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-devel-2.6.32-696.18.7.el6.i686.rpm kernel-headers-2.6.32-696.18.7.el6.i686.rpm perf-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm

noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm

x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm

x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: kernel-2.6.32-696.18.7.el6.src.rpm

noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Red Hat Enterprise Linux Server (v. 6):

Source: kernel-2.6.32-696.18.7.el6.src.rpm

noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm

ppc64: kernel-2.6.32-696.18.7.el6.ppc64.rpm kernel-bootwrapper-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm kernel-devel-2.6.32-696.18.7.el6.ppc64.rpm kernel-headers-2.6.32-696.18.7.el6.ppc64.rpm perf-2.6.32-696.18.7.el6.ppc64.rpm perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm

s390x: kernel-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-devel-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm kernel-devel-2.6.32-696.18.7.el6.s390x.rpm kernel-headers-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-devel-2.6.32-696.18.7.el6.s390x.rpm perf-2.6.32-696.18.7.el6.s390x.rpm perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

ppc64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm python-perf-2.6.32-696.18.7.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm

s390x: kernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm python-perf-2.6.32-696.18.7.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: kernel-2.6.32-696.18.7.el6.src.rpm

noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5753 https://access.redhat.com/security/cve/CVE-2017-5715 https://access.redhat.com/security/cve/CVE-2017-5754

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFaTXwuXlSAg2UNWIIRAp3LAKCNdSqjVu7zsXcUTnpGuuQAuUlTpwCfTE/O OR+iGnoY+cALbsBWKwbmzQM= =V4ow -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2018-1-8-1 iOS 11.2.2

iOS 11.2.2 is now available and and addresses the following:

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Description: iOS 11.2.2 includes security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715). Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03805en_us Version: 7

HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure.

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2018-01-23 Last Updated: 2018-01-22

Potential Security Impact: Local: Disclosure of Information, Elevation of Privilege

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE.

Note:

This issue takes advantage of techniques commonly used in many modern processor architectures.
For further information, microprocessor vendors have provided security advisories:

References:

CVE-2017-5715 - aka Spectre, branch target injection
CVE-2017-5753 - aka Spectre, bounds check bypass
CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access permission check performed after kernel memory read

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HPE ProLiant DL380 Gen10 Server - To be delivered
HPE ProLiant DL180 Gen10 Server - To be delivered
HPE ProLiant DL160 Gen10 Server - To be delivered
HPE ProLiant DL360 Gen10 Server - To be delivered
HPE ProLiant ML110 Gen10 Server - To be delivered
HPE ProLiant DL580 Gen10 Server - To be delivered
HPE ProLiant DL560 Gen10 Server - To be delivered
HPE ProLiant DL120 Gen10 Server - To be delivered
HPE ProLiant ML350 Gen10 Server - To be delivered
HPE ProLiant XL450 Gen10 Server - To be delivered
HPE Synergy 660 Gen10 Compute Module - To be delivered
HPE ProLiant DL385 Gen10 Server - prior to v1.04
HPE ProLiant XL170r Gen10 Server - To be delivered
HPE ProLiant BL460c Gen10 Server Blade - To be delivered
HPE ProLiant XL190r Gen10 Server - To be delivered
HPE ProLiant XL230k Gen10 Server - To be delivered
HPE Synergy 480 Gen10 Compute Module - To be delivered
HPE ProLiant XL730f Gen9 Server - To be delivered
HPE ProLiant XL230a Gen9 Server - To be delivered
HPE ProLiant XL740f Gen9 Server - To be delivered
HPE ProLiant XL750f Gen9 Server - To be delivered
HPE ProLiant XL170r Gen9 Server - To be delivered
HP ProLiant DL60 Gen9 Server - To be delivered
HP ProLiant DL160 Gen9 Server - To be delivered
HPE ProLiant DL360 Gen9 Server - To be delivered
HP ProLiant DL380 Gen9 Server - To be delivered
HPE ProLiant XL450 Gen9 Server - To be delivered
HPE Apollo 4200 Gen9 Server - To be delivered
HP ProLiant BL460c Gen9 Server Blade - To be delivered
HP ProLiant ML110 Gen9 Server - To be delivered
HP ProLiant ML150 Gen9 Server - To be delivered
HPE ProLiant ML350 Gen9 Server - To be delivered
HP ProLiant DL120 Gen9 Server - To be delivered
HPE ProLiant DL560 Gen9 Server - To be delivered
HP ProLiant BL660c Gen9 Server - To be delivered
HPE ProLiant ML30 Gen9 Server - To be delivered
HPE ProLiant XL170r Gen10 Server - To be delivered
HPE ProLiant DL20 Gen9 Server - To be delivered
HPE Synergy 660 Gen9 Compute Module - To be delivered
HPE Synergy 480 Gen9 Compute Module - To be delivered
HPE ProLiant XL250a Gen9 Server - To be delivered
HPE ProLiant XL190r Gen9 Server - To be delivered
HP ProLiant DL80 Gen9 Server - To be delivered
HPE ProLiant DL180 Gen9 Server - To be delivered
HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server - To be delivered
HPE ProLiant WS460c Gen9 Workstation - To be delivered
HPE ProLiant XL260a Gen9 Server - To be delivered
HPE Synergy 620 Gen9 Compute Module - To be delivered
HPE ProLiant DL580 Gen9 Server - To be delivered
HP ProLiant XL220a Gen8 v2 Server - To be delivered
HPE Synergy 680 Gen9 Compute Module - To be delivered
HPE ProLiant m510 Server Cartridge - To be delivered
HPE ProLiant m710p Server Cartridge - To be delivered
HPE ProLiant m710x Server Cartridge - To be delivered
HP ProLiant m710 Server Cartridge - To be delivered
HP ProLiant DL980 G7 Server - To be delivered
HPE Synergy Composer - To be delivered
HPE ProLiant Thin Micro TM200 Server - To be delivered
HPE ProLiant ML10 v2 Server - To be delivered
HPE ProLiant m350 Server Cartridge - To be delivered
HPE ProLiant m300 Server Cartridge - To be delivered
HPE ProLiant MicroServer Gen8 - To be delivered
HPE ProLiant ML310e Gen8 v2 Server - To be delivered
HPE Superdome Flex Server - To be delivered
HP 3PAR StoreServ File Controller - To be delivered - v3 impacted
HPE StoreVirtual 3000 File Controller - To be delivered
HPE StoreEasy 1450 Storage - To be delivered
HPE StoreEasy 1550 Storage - To be delivered
HPE StoreEasy 1650 Storage - To be delivered
HPE StoreEasy 3850 Gateway Storage - To be delivered
HPE StoreEasy 1850 Storage - To be delivered
HP ConvergedSystem 700 - To be delivered
HPE Converged Architecture 700 - To be delivered
HP ProLiant DL580 Gen8 Server - To be delivered
HPE Cloudline CL2100 Gen10 Server - To be delivered
HPE Cloudline CL2200 Gen10 Server - To be delivered
HPE Cloudline CL3150 G4 Server - To be delivered
HPE Cloudline CL5200 G3 Server - To be delivered
HPE Cloudline CL3100 G3 Server - To be delivered
HPE Cloudline CL2100 G3 807S 8 SFF Configure-to-order Server - To be delivered
HPE Cloudline CL2100 G3 407S 4 LFF Configure-to-order Server - To be delivered
HPE Cloudline CL2100 G3 806R 8SFF Configure-to-order Server - To be delivered
HPE Cloudline CL2200 G3 1211R 12 LFF Configure-to-order Server - To be delivered

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2017-5715
  8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
  6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N)

CVE-2017-5753
  5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
  5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P)

CVE-2017-5754
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

On January 11, Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for numerous processors including Broadwell, Haswell, Skylake, Kaby Lake, Ivybridge, and Sandybridge processors. Intel has now identified the root cause of these issues and determined that these microcodes may introduce reboots and other unpredictable system behavior. Due to the severity of the potential issues that may occur when using these microcodes, Intel is now recommending that customers discontinue their use. Additional information is available from Intels Security Exploit Newsroom here: https://newsroom.intel.com/press-kits/security-exploits-intel-products/ . HPE is in alignment with Intel in our recommendation that customers discontinue use of System ROMs including impacted microcodes and revert to earlier System ROM versions.

All System ROMs including impacted microcodes have been removed from the HPE Support Site. This impacts HPE ProLiant and Synergy Gen10, Gen9, and Gen8 v2 servers as well as HPE Superdome servers for which updated System ROMs had previously been made available. Intel is working on updated microcodes to address these issues, and HPE will validate updated System ROMs including these microcodes and make them available to our customers in the coming weeks.

Mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities require only OS updates and are not impacted.

HPE has provided a customer bulletin https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us with specific instructions to obtain the udpated sytem ROM
Note:
- CVE-2017-5715 (Variant 2) requires that the System ROM be updated and a vendor supplied operating system update be applied as well.
- For CVE-2017-5753, CVE-2017-5754 (Variants 1 and 3) require only updates of a vendor supplied operating system.
- HPE will continue to add additional products to the list.

HISTORY

Version:1 (rev.1) - 4 January 2018 Initial release

Version:2 (rev.2) - 5 January 2018 Added additional impacted products

Version:3 (rev.3) - 10 January 2018 Added more impacted products

Version:4 (rev.4) - 9 January 2018 Fixed product ID

Version:5 (rev.5) - 18 January 2018 Added additional impacted products

Version:6 (rev.6) - 19 January 2018 updated impacted product list

Version:7 (rev.7) - 23 January 2018 Marked impacted products with TBD for System ROM updates per Intel's guidance on microcode issues

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Several vulnerabilities were discovered in WebKitGTK+.

CVE-2017-5753 Versions affected: WebKitGTK+ before 2.18.5. Credit to Jann Horn of Google Project Zero; and Paul Kocher in collaboration with Daniel Genkin of University of Pennsylvania and University of Maryland, Daniel Gruss of Graz University of Technology, Werner Haas of Cyberus Technology, Mike Hamburg of Rambus (Cryptography Research Division), Moritz Lipp of Graz University of Technology, Stefan Mangard of Graz University of Technology, Thomas Prescher of Cyberus Technology, Michael Schwarz of Graz University of Technology, and Yuval Yarom of University of Adelaide and Data61. Description: Security improvements are included to mitigate the effects.

CVE-2017-5715 Versions affected: WebKitGTK+ before 2.18.5. Credit to Jann Horn of Google Project Zero; and Paul Kocher in collaboration with Daniel Genkin of University of Pennsylvania and University of Maryland, Daniel Gruss of Graz University of Technology, Werner Haas of Cyberus Technology, Mike Hamburg of Rambus (Cryptography Research Division), Moritz Lipp of Graz University of Technology, Stefan Mangard of Graz University of Technology, Thomas Prescher of Cyberus Technology, Michael Schwarz of Graz University of Technology, and Yuval Yarom of University of Adelaide and Data61. Description: Security improvements are included to mitigate the effects.

We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases.

Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html

The WebKitGTK+ team, January 10, 2018

. 7.2) - noarch, x86_64

Find a vulnerability

Search criteria ⓘ Use this form to refine search results. Full-text search supports keyword queries with ranking and filtering. You can combine vendor, product, and sources to narrow results. Enable “Apply ordering” to sort by date instead of relevance.

96 vulnerabilities by phoenixcontact

linux-lts-xenial, linux-aws vulnerabilities

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.