Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM267A117C428BEF698E326F0112B2A246CD0BDBB086C1F9B8740A92F31F4370CD
HistoryOct 18, 2019 - 3:36 a.m.

Security Bulletin: IBM Netezza Host Management is affected by the vulnerability known as Variant 4 or SpectreNG.

2019-10-1803:36:34
www.ibm.com
14

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

JSON

Summary

Open Source Kernel is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2018-3639
**DESCRIPTION:*Multiple Intel CPUs could allow a local attacker to obtain sensitive information, caused by utilizing sequences of speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to bypass security restrictions and gain read access to privileged memory. Note: This vulnerability is the Speculative Store Bypass (SSB), also known as Variant 4 or “SpectreNG”.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143569&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)

Affected Products and Versions

IBM Netezza Host Management 5.4.9 - 5.4.21

Remediation/Fixes

To resolve the reported CVEs for Red Hat Enterprise Linux (RHEL) on following platforms :

PureData System for Analytics N3001
PureData System for Analytics N200x
PureData System for Analytics N1001
IBM Netezza High Capacity Appliance C1000
IBM Netezza 1000
IBM Netezza 100

Update to the following IBM Netezza Host Management release :

Product VRMF Remediation / First Fix
IBM Netezza Host Management 5.4.22 Link to Fix Central

Customers who have enrolled for the IBM Netezza PDA OS Security upgrade program can avail the fixes detailed above through following monthly upgrade patch:

Product VRMF Remediation / First Fix
IBM Netezza PDA OS Security 2.0.18.09 Link to Fix Central

The Netezza Host Management software contains the latest RHEL updates for the operating systems certified for use on IBM Netezza/PureData System for Analytics appliances. IBM recommends upgrading to the latest Netezza Host Management version to ensure that your hosts have the latest fixes, security changes, and operating system updates. IBM Support can assist you with planning for the Netezza Host Management and operating system upgrades to your appliances.

For more details on IBM Netezza Host Management security patching:

NOTE:

During Spectre & Meltdown variant #4 performance testing we could observe upto 11% degradation for unload and upto 15% degradation for full backup.

Performance impact depends on the workload as well as hardware platform.

CPENameOperatorVersion
ibm puredata systemeqany

Related

nessus 102
f5 1
suse 3
citrix 1
openvas 21
oraclelinux 9
fedora 5
debian 1
centos 8
mageia 2
virtuozzo 1
redhat 31
debiancve 1
osv 1
ibm 2
zdt 1
photon 1
kaspersky 2
amazon 3
prion 1
xen 1
msrc 1
nessus
nessus
RHEL 6 : qemu-kvm (RHSA-2018:1659) (Spectre)
2018-05-23 00:00:00
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1377-1) (Spectre)
2018-05-23 00:00:00
openSUSE Security Update : libvirt (openSUSE-2019-424) (Spectre)
2019-03-27 00:00:00
f5
f5
K29146534 : SSB Variant 4 vulnerability CVE-2018-3639
2018-07-10 00:00:00
suse
suse
Security update for libvirt (moderate)
2018-08-13 12:07:25
Security update for libvirt (important)
2018-06-09 15:07:56
Security update for the Linux Kernel (important)
2018-05-25 11:32:13
citrix
citrix
CVE-2018-3639 - Citrix XenServer Security Update
2018-05-22 04:00:00
openvas
openvas
Ubuntu Update for qemu USN-3651-1
2018-10-26 00:00:00
CentOS Update for qemu-guest-agent CESA-2018:1660 centos6
2018-05-23 00:00:00
openSUSE: Security Advisory for libvirt (openSUSE-SU-2018:1621-1)
2018-10-26 00:00:00
oraclelinux
oraclelinux
qemu-kvm security update
2018-05-22 00:00:00
libvirt security update
2018-05-22 00:00:00
libvirt security and bug fix update
2018-06-27 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: java-1.8.0-openjdk-1.8.0.201.b09-2.fc29
2019-02-11 01:57:50
[SECURITY] Fedora 29 Update: java-1.8.0-openjdk-1.8.0.212.b04-0.fc29
2019-05-03 03:43:22
[SECURITY] Fedora 28 Update: java-1.8.0-openjdk-1.8.0.201.b09-2.fc28
2019-02-25 01:34:09
debian
debian
[SECURITY] [DSA 4210-1] xen security update
2018-05-25 05:00:47
centos
centos
kernel, perf, python security update
2018-05-22 15:35:50
java security update
2018-05-22 15:32:03
java security update
2018-05-22 15:30:51
mageia
mageia
Updated libvirt packages fix security vulnerability
2018-05-31 23:34:08
Updated java-1.8.0-openjdk packages fix security vulnerability
2018-07-01 20:17:14
virtuozzo
virtuozzo
Important kernel security update: CVE-2018-3639; new kernel 2.6.32-042stab130.1; Virtuozzo 6.0 Update 12 Hotfix 25 (6.0.12-3705)
2018-05-23 00:00:00
redhat
redhat
(RHSA-2018:2171) Important: kernel security update
2018-07-11 15:14:50
(RHSA-2018:2161) Important: kernel security and bug fix update
2018-07-10 15:28:42
(RHSA-2018:2001) Important: qemu-kvm security update
2018-06-26 14:59:53
debiancve
debiancve
CVE-2018-3639
2018-05-22 12:29:00
osv
osv
xen - security update
2018-05-25 00:00:00
ibm
ibm
Security Bulletin: IBM has released the following fixes for AIX and VIOS in response to Speculative Store Bypass (SSB), also known as Variant 4.
2018-08-17 23:06:03
Security Bulletin: IBM Cloud Manager is affected by the vulnerabilities known as SpectreNG (CVE-2018-3639)
2018-08-08 04:13:55
zdt
zdt
AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Exploit
2018-05-23 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0151
2018-06-22 00:00:00
kaspersky
kaspersky
KLA11893 Microsoft Advisory for Microsoft Products (ESU)
2018-05-21 00:00:00
KLA11253 Microsoft Advisory for Microsoft Windows
2018-05-21 00:00:00
amazon
amazon
Important: java-1.7.0-openjdk
2018-06-08 18:32:00
Important: java-1.8.0-openjdk
2018-06-08 18:10:00
Important: java-1.7.0-openjdk
2018-06-08 18:05:00
prion
prion
Design/Logic Flaw
2018-05-22 12:29:00
xen
xen
Speculative Store Bypass
2018-05-21 16:52:00
msrc
msrc
Analysis and mitigation of speculative store bypass (CVE-2018-3639)
2018-05-21 07:00:00

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

JSON
Related for 267A117C428BEF698E326F0112B2A246CD0BDBB086C1F9B8740A92F31F4370CD
nessus102f51suse3citrix1openvas21oraclelinux9fedora5debian1centos8mageia2virtuozzo1redhat31debiancve1osv1ibm2zdt1photon1kaspersky2amazon3prion1xen1msrc1