Lucene search

K
ibmIBMF14A52FB736037E01486249E61D237CDD65B31B91BE931E3C7DE0760AAFD7ED4
HistoryOct 18, 2019 - 3:36 a.m.

Security Bulletin: L1TF - L1 Terminal Fault Attack affect IBM Netezza Host Management

2019-10-1803:36:34
www.ibm.com
25

0.002 Low

EPSS

Percentile

64.5%

Summary

Open Source Linux Kernel is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2018-3646
**DESCRIPTION:*Multiple Intel CPUs could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks and via a terminal page fault, an attacker with guest OS privilege could exploit this vulnerability to leak information residing in the L1 data cache and read data belonging to different security contexts.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148319&gt; for the current score
CVSS Environmental Score
: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)

CVEID:CVE-2018-3620
**DESCRIPTION:*Multiple Intel CPUs could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks and via a terminal page fault, an attacker could exploit this vulnerability to leak information residing in the L1 data cache and read data belonging to different security contexts. Note: This vulnerability is also known as the “L1 Terminal Fault (L1TF)” or “Foreshadow” attack.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148318&gt; for the current score
CVSS Environmental Score
: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

IBM Netezza Host Management 5.4.9 - 5.4.21

Remediation/Fixes

To resolve the reported CVEs for Red Hat Enterprise Linux (RHEL) on following platforms :

PureData System for Analytics N3001
PureData System for Analytics N200x
PureData System for Analytics N1001
IBM Netezza High Capacity Appliance C1000
IBM Netezza 1000
IBM Netezza 100

Update to the following IBM Netezza Host Management release :

Product VRMF Remediation / First Fix
IBM Netezza Host Management 5.4.22 Link to Fix Central

The Netezza Host Management software contains the latest RHEL updates for the operating systems certified for use on IBM Netezza/PureData System for Analytics appliances. IBM recommends upgrading to the latest Netezza Host Management version to ensure that your hosts have the latest fixes, security changes, and operating system updates. IBM Support can assist you with planning for the Netezza Host Management and operating system upgrades to your appliances.

For more details on IBM Netezza Host Management security patching:

CPENameOperatorVersion
ibm puredata systemeqany