Search...

AIX 7.2 TL 2 : spectre_meltdown (IJ03036) (Meltdown) (Spectre)

2018-01-25T00:00:00

ID AIX_IJ03036.NASL
Type nessus
Reporter Tenable
Modified 2018-03-01T00:00:00

Description

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The text in the description was extracted from AIX Security
# Advisory spectre_meltdown_advisory.asc.
#

include("compat.inc");

if (description)
{
  script_id(106316);
  script_version("$Revision: 1.4 $");
  script_cvs_date("$Date: 2018/03/01 16:42:47 $");

  script_cve_id("CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754");
  script_xref(name:"IAVA", value:"2018-A-0019");
  script_xref(name:"IAVA", value:"2018-A-0020");

  script_name(english:"AIX 7.2 TL 2 : spectre_meltdown (IJ03036) (Meltdown) (Spectre)");
  script_summary(english:"Check for APAR IJ03036");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote AIX host is missing a security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754"
  );
  # http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?0ecfba9a"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Install the appropriate interim fix."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.2");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/01/25");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/25");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018 Tenable Network Security, Inc.");
  script_family(english:"AIX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");

  exit(0);
}



include("audit.inc");
include("global_settings.inc");
include("aix.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);

if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );

flag = 0;

if (aix_check_ifix(release:"7.2", ml:"02", sp:"00", patch:"IJ03036m1a", package:"bos.mp64", minfilesetver:"7.2.2.0", maxfilesetver:"7.2.2.0") &lt; 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"02", sp:"01", patch:"IJ03036m1a", package:"bos.mp64", minfilesetver:"7.2.2.0", maxfilesetver:"7.2.2.0") &lt; 0) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:aix_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "AIX_IJ03036.NASL", "bulletinFamily": "scanner", "title": "AIX 7.2 TL 2 : spectre_meltdown (IJ03036) (Meltdown) (Spectre)", "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754", "published": "2018-01-25T00:00:00", "modified": "2018-03-01T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=106316", "reporter": "Tenable", "references": ["http://www.nessus.org/u?0ecfba9a"], "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "type": "nessus", "lastseen": "2018-03-03T17:49:43", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:ibm:aix:7.2"], "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754", "edition": 2, "enchantments": {"score": {"modified": "2018-01-30T00:59:06", "value": 4.7}}, "hash": "ecf0b8613d508f0335235ee0d0440432622800293117f8da71e9544a4afd8fcc", "hashmap": [{"hash": "ce38a97033c3cee3b2558886c32eef96", "key": "cpe"}, {"hash": "433460568b1bd3d42c04cb1a050cf20b", "key": "title"}, {"hash": "99d2efca1e0cc98755e3da7663a29f71", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "38e5438ed26ca947bb9d1adf7094882b", "key": "cvelist"}, {"hash": "a0550d8929a8d2440a7ab66382b13e88", "key": "modified"}, {"hash": "9e7b77f18c8b2eb10a28b6ebcf7241cb", "key": "description"}, {"hash": "23742046928b6ac0049be6bc1a8e24de", "key": "cvss"}, {"hash": "b3805d7b78e1e073e2fea1b1dea1a636", "key": "published"}, {"hash": "9aedd4dcccf909d4912a2f8113cffa43", "key": "naslFamily"}, {"hash": "8b9e8525d9de5b38ac2f1eda479c9ff9", "key": "sourceData"}, {"hash": "68cb94b97d00979f4e8127915885b641", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "24d9ec1c1b4164eedf65cb5acdc063a8", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106316", "id": "AIX_IJ03036.NASL", "lastseen": "2018-01-30T00:59:06", "modified": "2018-01-29T00:00:00", "naslFamily": "AIX Local Security Checks", "objectVersion": "1.3", "pluginID": "106316", "published": "2018-01-25T00:00:00", "references": ["http://www.nessus.org/u?0ecfba9a"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory spectre_meltdown_advisory.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106316);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2018/01/29 14:52:24 $\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"AIX 7.2 TL 2 : spectre_meltdown (IJ03036) (Meltdown) (Spectre)\");\n script_summary(english:\"Check for APAR IJ03036\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754\"\n );\n # http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ecfba9a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"02\", sp:\"00\", patch:\"IJ03036m1a\", package:\"bos.mp64\", minfilesetver:\"7.2.2.0\", maxfilesetver:\"7.2.2.0\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"02\", sp:\"01\", patch:\"IJ03036m1a\", package:\"bos.mp64\", minfilesetver:\"7.2.2.0\", maxfilesetver:\"7.2.2.0\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "AIX 7.2 TL 2 : spectre_meltdown (IJ03036) (Meltdown) (Spectre)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2018-01-30T00:59:06"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:ibm:aix:7.2"], "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754", "edition": 1, "enchantments": {"score": {"modified": "2018-01-26T12:59:53", "value": 4.7}}, "hash": "3cbe8f6e4d40c879a36cefdfe79ef1512b20dcbe169b4684256631dfac0ec505", "hashmap": [{"hash": "ce38a97033c3cee3b2558886c32eef96", "key": "cpe"}, {"hash": "433460568b1bd3d42c04cb1a050cf20b", "key": "title"}, {"hash": "99d2efca1e0cc98755e3da7663a29f71", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "38e5438ed26ca947bb9d1adf7094882b", "key": "cvelist"}, {"hash": "b3805d7b78e1e073e2fea1b1dea1a636", "key": "modified"}, {"hash": "9e7b77f18c8b2eb10a28b6ebcf7241cb", "key": "description"}, {"hash": "23742046928b6ac0049be6bc1a8e24de", "key": "cvss"}, {"hash": "b3805d7b78e1e073e2fea1b1dea1a636", "key": "published"}, {"hash": "9aedd4dcccf909d4912a2f8113cffa43", "key": "naslFamily"}, {"hash": "68cb94b97d00979f4e8127915885b641", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bd00310613b3cca8cd2934c8b66df79", "key": "sourceData"}, {"hash": "24d9ec1c1b4164eedf65cb5acdc063a8", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106316", "id": "AIX_IJ03036.NASL", "lastseen": "2018-01-26T12:59:53", "modified": "2018-01-25T00:00:00", "naslFamily": "AIX Local Security Checks", "objectVersion": "1.3", "pluginID": "106316", "published": "2018-01-25T00:00:00", "references": ["http://www.nessus.org/u?0ecfba9a"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory spectre_meltdown_advisory.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106316);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2018/01/25 20:27:17 $\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n\n script_name(english:\"AIX 7.2 TL 2 : spectre_meltdown (IJ03036) (Meltdown) (Spectre)\");\n script_summary(english:\"Check for APAR IJ03036\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754\"\n );\n # http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ecfba9a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"02\", sp:\"00\", patch:\"IJ03036m1a\", package:\"bos.mp64\", minfilesetver:\"7.2.2.0\", maxfilesetver:\"7.2.2.0\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"02\", sp:\"01\", patch:\"IJ03036m1a\", package:\"bos.mp64\", minfilesetver:\"7.2.2.0\", maxfilesetver:\"7.2.2.0\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "AIX 7.2 TL 2 : spectre_meltdown (IJ03036) (Meltdown) (Spectre)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2018-01-26T12:59:53"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:ibm:aix:7.2"], "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754", "edition": 3, "enchantments": {"score": {"modified": "2018-02-02T07:07:47", "value": 4.7}}, "hash": "ffdbc2e0ec33f1fd19c8a28471496120361317936eeb6a53842c4d1aee4469c8", "hashmap": [{"hash": "ce38a97033c3cee3b2558886c32eef96", "key": "cpe"}, {"hash": "2b1bd837a600b9b2f3708824141f1829", "key": "sourceData"}, {"hash": "433460568b1bd3d42c04cb1a050cf20b", "key": "title"}, {"hash": "99d2efca1e0cc98755e3da7663a29f71", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "38e5438ed26ca947bb9d1adf7094882b", "key": "cvelist"}, {"hash": "9e7b77f18c8b2eb10a28b6ebcf7241cb", "key": "description"}, {"hash": "23742046928b6ac0049be6bc1a8e24de", "key": "cvss"}, {"hash": "b3805d7b78e1e073e2fea1b1dea1a636", "key": "published"}, {"hash": "9aedd4dcccf909d4912a2f8113cffa43", "key": "naslFamily"}, {"hash": "68cb94b97d00979f4e8127915885b641", "key": "pluginID"}, {"hash": "140db532f722454444f5ad70cb0fb5d6", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "24d9ec1c1b4164eedf65cb5acdc063a8", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106316", "id": "AIX_IJ03036.NASL", "lastseen": "2018-02-02T07:07:47", "modified": "2018-02-01T00:00:00", "naslFamily": "AIX Local Security Checks", "objectVersion": "1.3", "pluginID": "106316", "published": "2018-01-25T00:00:00", "references": ["http://www.nessus.org/u?0ecfba9a"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory spectre_meltdown_advisory.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106316);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2018/02/01 23:20:21 $\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n script_xref(name:\"IAVA\", value:\"2018-A-0044\");\n\n script_name(english:\"AIX 7.2 TL 2 : spectre_meltdown (IJ03036) (Meltdown) (Spectre)\");\n script_summary(english:\"Check for APAR IJ03036\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754\"\n );\n # http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ecfba9a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"02\", sp:\"00\", patch:\"IJ03036m1a\", package:\"bos.mp64\", minfilesetver:\"7.2.2.0\", maxfilesetver:\"7.2.2.0\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"02\", sp:\"01\", patch:\"IJ03036m1a\", package:\"bos.mp64\", minfilesetver:\"7.2.2.0\", maxfilesetver:\"7.2.2.0\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "AIX 7.2 TL 2 : spectre_meltdown (IJ03036) (Meltdown) (Spectre)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-02-02T07:07:47"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "ce38a97033c3cee3b2558886c32eef96"}, {"key": "cvelist", "hash": "38e5438ed26ca947bb9d1adf7094882b"}, {"key": "cvss", "hash": "23742046928b6ac0049be6bc1a8e24de"}, {"key": "description", "hash": "9e7b77f18c8b2eb10a28b6ebcf7241cb"}, {"key": "href", "hash": "99d2efca1e0cc98755e3da7663a29f71"}, {"key": "modified", "hash": "c45e2b09e034910a464272103dcf6d30"}, {"key": "naslFamily", "hash": "9aedd4dcccf909d4912a2f8113cffa43"}, {"key": "pluginID", "hash": "68cb94b97d00979f4e8127915885b641"}, {"key": "published", "hash": "b3805d7b78e1e073e2fea1b1dea1a636"}, {"key": "references", "hash": "24d9ec1c1b4164eedf65cb5acdc063a8"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "40f0e853834ceb9026dd1405dabf54a3"}, {"key": "title", "hash": "433460568b1bd3d42c04cb1a050cf20b"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "b171c3c1075f8f26b7ee4289aad26b5b8425e70aca9a64cef69ef6ed8ffada3d", "viewCount": 3, "enchantments": {"vulnersScore": 5.4}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory spectre_meltdown_advisory.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106316);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2018/03/01 16:42:47 $\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"AIX 7.2 TL 2 : spectre_meltdown (IJ03036) (Meltdown) (Spectre)\");\n script_summary(english:\"Check for APAR IJ03036\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754\"\n );\n # http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ecfba9a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"02\", sp:\"00\", patch:\"IJ03036m1a\", package:\"bos.mp64\", minfilesetver:\"7.2.2.0\", maxfilesetver:\"7.2.2.0\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"02\", sp:\"01\", patch:\"IJ03036m1a\", package:\"bos.mp64\", minfilesetver:\"7.2.2.0\", maxfilesetver:\"7.2.2.0\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "AIX Local Security Checks", "pluginID": "106316", "cpe": ["cpe:/o:ibm:aix:7.2"]}

{"result": {"cve": [{"id": "CVE-2017-5753", "type": "cve", "title": "CVE-2017-5753", "description": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.", "published": "2018-01-04T08:29:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5753", "cvelist": ["CVE-2017-5753"], "lastseen": "2018-04-20T10:42:49"}, {"id": "CVE-2017-5754", "type": "cve", "title": "CVE-2017-5754", "description": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.", "published": "2018-01-04T08:29:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5754", "cvelist": ["CVE-2017-5754"], "lastseen": "2018-04-04T10:54:35"}, {"id": "CVE-2017-5715", "type": "cve", "title": "CVE-2017-5715", "description": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.", "published": "2018-01-04T08:29:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5715", "cvelist": ["CVE-2017-5715"], "lastseen": "2018-04-06T10:53:03"}], "symantec": [{"id": "SMNTC-102371", "type": "symantec", "title": "Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability", "description": "### Description\n\nMultiple CPU Hardware are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.\n\n### Technologies Affected\n\n * AMD FX(tm)-8320 Eight-Core Processor \n * AMD PRO A8-9600 R7, 10 COMPUTE CORES 4C+6G \n * ARM Cortex A57 \n * Apple Mac Os X 10.11.6 \n * Apple Safari 1.0.0 \n * Apple Safari 1.0.0 \n * Apple Safari 1.0.3 \n * Apple Safari 1.1.0 \n * Apple Safari 1.1.1 \n * Apple Safari 1.2.0 \n * Apple Safari 1.2.1 \n * Apple Safari 1.2.2 \n * Apple Safari 1.2.3 \n * Apple Safari 1.2.4 \n * Apple Safari 1.2.5 \n * Apple Safari 1.3.0 \n * Apple Safari 1.3.0 \n * Apple Safari 1.3.1 \n * Apple Safari 1.3.2 312.5 \n * Apple Safari 1.3.2 312.6 \n * Apple Safari 1.3.2 \n * Apple Safari 10 \n * Apple Safari 10.0.1 \n * Apple Safari 10.0.2 \n * Apple Safari 10.0.3 \n * Apple Safari 10.1 \n * Apple Safari 10.1.1 \n * Apple Safari 10.1.2 \n * Apple Safari 11 \n * Apple Safari 2 \n * Apple Safari 2.0.1 \n * Apple Safari 2.0.2 \n * Apple Safari 2.0.3 417.8 \n * Apple Safari 2.0.3 417.9 \n * Apple Safari 2.0.3 417.9.2 \n * Apple Safari 2.0.3 417.9.3 \n * Apple Safari 2.0.3 \n * Apple Safari 2.0.4 419.3 \n * Apple Safari 2.0.4 \n * Apple Safari 3 \n * Apple Safari 3 \n * Apple Safari 3.0.0 \n * Apple Safari 3.1 \n * Apple Safari 3.1.0B \n * Apple Safari 3.1.1 \n * Apple Safari 3.1.2 \n * Apple Safari 3.2 \n * Apple Safari 3.2.1 \n * Apple Safari 3.2.2 \n * Apple Safari 3.2.3 \n * Apple Safari 3.52 \n * Apple Safari 4 \n * Apple Safari 4.0 \n * Apple Safari 4.0.1 \n * Apple Safari 4.0.2 \n * Apple Safari 4.0.3 \n * Apple Safari 4.0.4 \n * Apple Safari 4.0.5 \n * Apple Safari 4.1 \n * Apple Safari 4.1.1 \n * Apple Safari 4.1.2 \n * Apple Safari 4.1.3 \n * Apple Safari 4.28 \n * Apple Safari 4.30 \n * Apple Safari 4.31 \n * Apple Safari 5.0 \n * Apple Safari 5.0.1 \n * Apple Safari 5.0.2 \n * Apple Safari 5.0.3 \n * Apple Safari 5.0.4 \n * Apple Safari 5.0.5 \n * Apple Safari 5.0.6 \n * Apple Safari 5.1 \n * Apple Safari 5.1.1 \n * Apple Safari 5.1.10 \n * Apple Safari 5.1.2 \n * Apple Safari 5.1.3 \n * Apple Safari 5.1.4 \n * Apple Safari 5.1.5 \n * Apple Safari 5.1.6 \n * Apple Safari 5.1.7 \n * Apple Safari 5.31 \n * Apple Safari 5.33 \n * Apple Safari 5.34 \n * Apple Safari 6.0 \n * Apple Safari 6.0.1 \n * Apple Safari 6.0.2 \n * Apple Safari 6.0.3 \n * Apple Safari 6.0.4 \n * Apple Safari 6.0.5 \n * Apple Safari 6.1 \n * Apple Safari 6.1.1 \n * Apple Safari 6.1.2 \n * Apple Safari 6.1.3 \n * Apple Safari 6.1.4 \n * Apple Safari 6.1.5 \n * Apple Safari 6.1.6 \n * Apple Safari 6.2 \n * Apple Safari 6.2.1 \n * Apple Safari 6.2.2 \n * Apple Safari 6.2.3 \n * Apple Safari 6.2.4 \n * Apple Safari 6.2.5 \n * Apple Safari 6.2.6 \n * Apple Safari 6.2.7 \n * Apple Safari 6.2.8 \n * Apple Safari 7.0.1 \n * Apple Safari 7.0.2 \n * Apple Safari 7.0.3 \n * Apple Safari 7.0.4 \n * Apple Safari 7.0.5 \n * Apple Safari 7.0.6 \n * Apple Safari 7.1 \n * Apple Safari 7.1.0 \n * Apple Safari 7.1.1 \n * Apple Safari 7.1.2 \n * Apple Safari 7.1.3 \n * Apple Safari 7.1.4 \n * Apple Safari 7.1.5 \n * Apple Safari 7.1.6 \n * Apple Safari 7.1.7 \n * Apple Safari 7.1.8 \n * Apple Safari 8.0 \n * Apple Safari 8.0.1 \n * Apple Safari 8.0.2 \n * Apple Safari 8.0.3 \n * Apple Safari 8.0.4 \n * Apple Safari 8.0.5 \n * Apple Safari 8.0.6 \n * Apple Safari 8.0.7 \n * Apple Safari 8.0.8 \n * Apple Safari 9 \n * Apple Safari 9.0.1 \n * Apple Safari 9.0.2 \n * Apple Safari 9.0.3 \n * Apple Safari 9.1 \n * Apple Safari 9.1.1 \n * Apple Safari 9.1.2 \n * Apple Safari 9.1.3 \n * Apple Safari \n * Apple iOS 10 \n * Apple iOS 10.0.1 \n * Apple iOS 10.1 \n * Apple iOS 10.2 \n * Apple iOS 10.2.1 \n * Apple iOS 10.3 \n * Apple iOS 10.3.1 \n * Apple iOS 10.3.2 \n * Apple iOS 10.3.3 \n * Apple iOS 11 \n * Apple iOS 11.1 \n * Apple iOS 11.2 \n * Apple iOS 11.2.1 \n * Apple iOS 2.0 \n * Apple iOS 2.1 \n * Apple iOS 3 \n * Apple iOS 3.0 \n * Apple iOS 3.1 \n * Apple iOS 3.2 \n * Apple iOS 3.2.1 \n * Apple iOS 3.2.2 \n * Apple iOS 4 \n * Apple iOS 4 \n * Apple iOS 4.0.1 \n * Apple iOS 4.0.2 \n * Apple iOS 4.1 \n * Apple iOS 4.2 \n * Apple iOS 4.2.1 \n * Apple iOS 4.2.10 \n * Apple iOS 4.2.5 \n * Apple iOS 4.2.6 \n * Apple iOS 4.2.7 \n * Apple iOS 4.2.8 \n * Apple iOS 4.2.9 \n * Apple iOS 4.3 \n * Apple iOS 4.3.1 \n * Apple iOS 4.3.2 \n * Apple iOS 4.3.3 \n * Apple iOS 4.3.4 \n * Apple iOS 4.3.5 \n * Apple iOS 5 \n * Apple iOS 5 \n * Apple iOS 5.0.1 \n * Apple iOS 5.1 \n * Apple iOS 5.1.1 \n * Apple iOS 6 \n * Apple iOS 6.0.1 \n * Apple iOS 6.0.2 \n * Apple iOS 6.1 \n * Apple iOS 6.1.3 \n * Apple iOS 6.1.4 \n * Apple iOS 6.1.6 \n * Apple iOS 6.3.1 \n * Apple iOS 7 \n * Apple iOS 7.0.1 \n * Apple iOS 7.0.2 \n * Apple iOS 7.0.3 \n * Apple iOS 7.0.4 \n * Apple iOS 7.0.5 \n * Apple iOS 7.0.6 \n * Apple iOS 7.1 \n * Apple iOS 7.1.1 \n * Apple iOS 7.1.2 \n * Apple iOS 7.2.0 \n * Apple iOS 8 \n * Apple iOS 8.1 \n * Apple iOS 8.1.1 \n * Apple iOS 8.1.2 \n * Apple iOS 8.1.3 \n * Apple iOS 8.2 \n * Apple iOS 8.3 \n * Apple iOS 8.4 \n * Apple iOS 8.4.1 \n * Apple iOS 9 \n * Apple iOS 9.0.1 \n * Apple iOS 9.0.2 \n * Apple iOS 9.1 \n * Apple iOS 9.2 \n * Apple iOS 9.2.1 \n * Apple iOS 9.3 \n * Apple iOS 9.3.1 \n * Apple iOS 9.3.2 \n * Apple iOS 9.3.3 \n * Apple iOS 9.3.4 \n * Apple iOS 9.3.5 \n * Apple iPad Air \n * Apple iPhone \n * Apple iPod Touch \n * Apple macOS 10.12.6 \n * Apple macOS \n * Apple tvOS \n * Apple watchOS \n * BD Accuri C6 Plus \n * BD Alaris Systems Manager \n * BD Assurity Linc \n * BD BACTEC 9050 \n * BD BACTEC 9120/9240 \n * BD BACTEC FX \n * BD BACTEC FX40 \n * BD Data Innovations \n * BD FACSAria Fusion \n * BD FACSAria I/II/III \n * BD FACSCalibur \n * BD FACSCanto 10-color \n * BD FACSCanto 10-color clinical \n * BD FACSCanto II \n * BD FACSCanto II clinical \n * BD FACSCelesta \n * BD FACSCount \n * BD FACSDuet Sample Prep (ASaP) \n * BD FACSJazz \n * BD FACSLink Interface \n * BD FACSLyric \n * BD FACSMelody \n * BD FACSPresto \n * BD FACSSample Prep Assistant (SPA) III \n * BD FACSVerse \n * BD FACSVia \n * BD Focal Point - Linux \n * BD Focal Point - Solaris \n * BD GenCell CliC \n * BD Influx \n * BD Innova \n * BD Kiestra InoqulA Standalone \n * BD Kiestra TLA/WCA \n * BD LSR II \n * BD LSRFortessa \n * BD LSRFortessa X-20 \n * BD Lyse Wash Assistant \n * BD Panel Designer \n * BD Phoenix \n * BD PrepStain \n * BD Pyxis Anesthesia ES \n * BD Pyxis Anesthesia System 3500 \n * BD Pyxis CIISafe -Workstation \n * BD Pyxis CUBIE Replenishment Station \n * BD Pyxis CathRack v8 \n * BD Pyxis DuoStation \n * BD Pyxis EcoStation System \n * BD Pyxis Infant Care Verification \n * BD Pyxis MedStation 3500 \n * BD Pyxis MedStation 4000 Console \n * BD Pyxis MedStation ES \n * BD Pyxis Medication Administration \n * BD Pyxis Nursing Data Collection \n * BD Pyxis ParAssist System \n * BD Pyxis Parx \n * BD Pyxis Parx handheld \n * BD Pyxis ProcedureStation \n * BD Pyxis ScrubStation System \n * BD Pyxis Specimen Collection Verification \n * BD Pyxis StockStation System \n * BD Pyxis Supply Roller \n * BD Pyxis SupplyStation \n * BD Pyxis Transfusion Verification \n * BD Rowa Dose \n * BD Rowa Smart \n * BD Rowa Vmax System \n * BD Totalys Multiprocessor \n * BD Totalys SlidePrep \n * BD Veritor Plus System \n * BD Viper LT \n * BD Viper XTR \n * Bluecoat Content Analysis 2.1 \n * Bluecoat Content Analysis 2.2 \n * Bluecoat Malware Analysis Appliance 4.2 \n * Bluecoat Security Analytics 7.1 \n * Bluecoat Security Analytics 7.2 \n * Bluecoat Security Analytics 7.3 \n * Bluecoat X-Series XOS 10.0 \n * Bluecoat X-Series XOS 11.0 \n * Bluecoat X-Series XOS 9.7 \n * Cisco Carrier Routing System 6.6.0.BASE \n * Cisco Unified Computing System 2.2 \n * Cisco Unified Computing System 3.1 \n * Cisco Unified Computing System 3.2 \n * Google Android \n * Google Chrome 0.1.38.1 \n * Google Chrome 0.1.38.2 \n * Google Chrome 0.1.38.4 \n * Google Chrome 0.1.40.1 \n * Google Chrome 0.1.42.2 \n * Google Chrome 0.1.42.3 \n * Google Chrome 0.2.149.27 \n * Google Chrome 0.2.149.29 \n * Google Chrome 0.2.149.30 \n * Google Chrome 0.2.152.1 \n * Google Chrome 0.2.153.1 \n * Google Chrome 0.3.154 9 \n * Google Chrome 0.3.154.0 \n * Google Chrome 0.3.154.3 \n * Google Chrome 0.4.154.18 \n * Google Chrome 0.4.154.22 \n * Google Chrome 0.4.154.31 \n * Google Chrome 0.4.154.33 \n * Google Chrome 1.0.154.36 \n * Google Chrome 1.0.154.39 \n * Google Chrome 1.0.154.42 \n * Google Chrome 1.0.154.43 \n * Google Chrome 1.0.154.46 \n * Google Chrome 1.0.154.48 \n * Google Chrome 1.0.154.52 \n * Google Chrome 1.0.154.53 \n * Google Chrome 1.0.154.55 \n * Google Chrome 1.0.154.59 \n * Google Chrome 1.0.154.61 \n * Google Chrome 1.0.154.64 \n * Google Chrome 1.0.154.65 \n * Google Chrome 10 \n * Google Chrome 10.0.601.0 \n * Google Chrome 10.0.602.0 \n * Google Chrome 10.0.603.0 \n * Google Chrome 10.0.603.2 \n * Google Chrome 10.0.603.3 \n * Google Chrome 10.0.604.0 \n * Google Chrome 10.0.605.0 \n * Google Chrome 10.0.606.0 \n * Google Chrome 10.0.607.0 \n * Google Chrome 10.0.608.0 \n * Google Chrome 10.0.609.0 \n * Google Chrome 10.0.610.0 \n * Google Chrome 10.0.611.0 \n * Google Chrome 10.0.611.1 \n * Google Chrome 10.0.612.0 \n * Google Chrome 10.0.612.1 \n * Google Chrome 10.0.612.2 \n * Google Chrome 10.0.612.3 \n * Google Chrome 10.0.613.0 \n * Google Chrome 10.0.614.0 \n * Google Chrome 10.0.615.0 \n * Google Chrome 10.0.616.0 \n * Google Chrome 10.0.617.0 \n * Google Chrome 10.0.618.0 \n * Google Chrome 10.0.619.0 \n * Google Chrome 10.0.620.0 \n * Google Chrome 10.0.621.0 \n * Google Chrome 10.0.622.0 \n * Google Chrome 10.0.622.1 \n * Google Chrome 10.0.623.0 \n * Google Chrome 10.0.624.0 \n * Google Chrome 10.0.625.0 \n * Google Chrome 10.0.626.0 \n * Google Chrome 10.0.627.0 \n * Google Chrome 10.0.628.0 \n * Google Chrome 10.0.629.0 \n * Google Chrome 10.0.630.0 \n * Google Chrome 10.0.631.0 \n * Google Chrome 10.0.632.0 \n * Google Chrome 10.0.633.0 \n * Google Chrome 10.0.634.0 \n * Google Chrome 10.0.634.1 \n * Google Chrome 10.0.635.0 \n * Google Chrome 10.0.636.0 \n * Google Chrome 10.0.638.0 \n * Google Chrome 10.0.638.1 \n * Google Chrome 10.0.639.0 \n * Google Chrome 10.0.640.0 \n * Google Chrome 10.0.642.0 \n * Google Chrome 10.0.642.1 \n * Google Chrome 10.0.642.2 \n * Google Chrome 10.0.643.0 \n * Google Chrome 10.0.644.0 \n * Google Chrome 10.0.645.0 \n * Google Chrome 10.0.646.0 \n * Google Chrome 10.0.647.0 \n * Google Chrome 10.0.648.0 \n * Google Chrome 10.0.648.1 \n * Google Chrome 10.0.648.10 \n * Google Chrome 10.0.648.101 \n * Google Chrome 10.0.648.103 \n * Google Chrome 10.0.648.105 \n * Google Chrome 10.0.648.107 \n * Google Chrome 10.0.648.11 \n * Google Chrome 10.0.648.114 \n * Google Chrome 10.0.648.116 \n * Google Chrome 10.0.648.118 \n * Google Chrome 10.0.648.119 \n * Google Chrome 10.0.648.12 \n * Google Chrome 10.0.648.120 \n * Google Chrome 10.0.648.121 \n * Google Chrome 10.0.648.122 \n * Google Chrome 10.0.648.123 \n * Google Chrome 10.0.648.124 \n * Google Chrome 10.0.648.125 \n * Google Chrome 10.0.648.126 \n * Google Chrome 10.0.648.127 \n * Google Chrome 10.0.648.128 \n * Google Chrome 10.0.648.129 \n * Google Chrome 10.0.648.13 \n * Google Chrome 10.0.648.130 \n * Google Chrome 10.0.648.131 \n * Google Chrome 10.0.648.132 \n * Google Chrome 10.0.648.133 \n * Google Chrome 10.0.648.134 \n * Google Chrome 10.0.648.135 \n * Google Chrome 10.0.648.151 \n * Google Chrome 10.0.648.18 \n * Google Chrome 10.0.648.2 \n * Google Chrome 10.0.648.201 \n * Google Chrome 10.0.648.203 \n * Google Chrome 10.0.648.204 \n * Google Chrome 10.0.648.205 \n * Google Chrome 10.0.648.23 \n * Google Chrome 10.0.648.26 \n * Google Chrome 10.0.648.28 \n * Google Chrome 10.0.648.3 \n * Google Chrome 10.0.648.32 \n * Google Chrome 10.0.648.35 \n * Google Chrome 10.0.648.38 \n * Google Chrome 10.0.648.4 \n * Google Chrome 10.0.648.42 \n * Google Chrome 10.0.648.45 \n * Google Chrome 10.0.648.49 \n * Google Chrome 10.0.648.5 \n * Google Chrome 10.0.648.54 \n * Google Chrome 10.0.648.56 \n * Google Chrome 10.0.648.59 \n * Google Chrome 10.0.648.6 \n * Google Chrome 10.0.648.62 \n * Google Chrome 10.0.648.66 \n * Google Chrome 10.0.648.68 \n * Google Chrome 10.0.648.7 \n * Google Chrome 10.0.648.70 \n * Google Chrome 10.0.648.72 \n * Google Chrome 10.0.648.76 \n * Google Chrome 10.0.648.79 \n * Google Chrome 10.0.648.8 \n * Google Chrome 10.0.648.82 \n * Google Chrome 10.0.648.84 \n * Google Chrome 10.0.648.87 \n * Google Chrome 10.0.648.9 \n * Google Chrome 10.0.648.90 \n * Google Chrome 10.0.649.0 \n * Google Chrome 10.0.650.0 \n * Google Chrome 10.0.651.0 \n * Google Chrome 11 \n * Google Chrome 11.0.652.0 \n * Google Chrome 11.0.653.0 \n * Google Chrome 11.0.654.0 \n * Google Chrome 11.0.655.0 \n * Google Chrome 11.0.656.0 \n * Google Chrome 11.0.657.0 \n * Google Chrome 11.0.658.0 \n * Google Chrome 11.0.658.1 \n * Google Chrome 11.0.659.0 \n * Google Chrome 11.0.660.0 \n * Google Chrome 11.0.661.0 \n * Google Chrome 11.0.662.0 \n * Google Chrome 11.0.663.0 \n * Google Chrome 11.0.664.1 \n * Google Chrome 11.0.665.0 \n * Google Chrome 11.0.666.0 \n * Google Chrome 11.0.667.0 \n * Google Chrome 11.0.667.2 \n * Google Chrome 11.0.667.3 \n * Google Chrome 11.0.667.4 \n * Google Chrome 11.0.668.0 \n * Google Chrome 11.0.669.0 \n * Google Chrome 11.0.670.0 \n * Google Chrome 11.0.671.0 \n * Google Chrome 11.0.672.0 \n * Google Chrome 11.0.672.1 \n * Google Chrome 11.0.672.2 \n * Google Chrome 11.0.673.0 \n * Google Chrome 11.0.674.0 \n * Google Chrome 11.0.675.0 \n * Google Chrome 11.0.676.0 \n * Google Chrome 11.0.677.0 \n * Google Chrome 11.0.678.0 \n * Google Chrome 11.0.679.0 \n * Google Chrome 11.0.680.0 \n * Google Chrome 11.0.681.0 \n * Google Chrome 11.0.682.0 \n * Google Chrome 11.0.683.0 \n * Google Chrome 11.0.684.0 \n * Google Chrome 11.0.685.0 \n * Google Chrome 11.0.686.0 \n * Google Chrome 11.0.686.1 \n * Google Chrome 11.0.686.2 \n * Google Chrome 11.0.686.3 \n * Google Chrome 11.0.687.0 \n * Google Chrome 11.0.687.1 \n * Google Chrome 11.0.688.0 \n * Google Chrome 11.0.689.0 \n * Google Chrome 11.0.690.0 \n * Google Chrome 11.0.690.1 \n * Google Chrome 11.0.691.0 \n * Google Chrome 11.0.692.0 \n * Google Chrome 11.0.693.0 \n * Google Chrome 11.0.694.0 \n * Google Chrome 11.0.695.0 \n * Google Chrome 11.0.696.0 \n * Google Chrome 11.0.696.1 \n * Google Chrome 11.0.696.10 \n * Google Chrome 11.0.696.11 \n * Google Chrome 11.0.696.12 \n * Google Chrome 11.0.696.13 \n * Google Chrome 11.0.696.14 \n * Google Chrome 11.0.696.15 \n * Google Chrome 11.0.696.16 \n * Google Chrome 11.0.696.17 \n * Google Chrome 11.0.696.18 \n * Google Chrome 11.0.696.19 \n * Google Chrome 11.0.696.2 \n * Google Chrome 11.0.696.20 \n * Google Chrome 11.0.696.21 \n * Google Chrome 11.0.696.22 \n * Google Chrome 11.0.696.23 \n * Google Chrome 11.0.696.24 \n * Google Chrome 11.0.696.25 \n * Google Chrome 11.0.696.26 \n * Google Chrome 11.0.696.27 \n * Google Chrome 11.0.696.28 \n * Google Chrome 11.0.696.29 \n * Google Chrome 11.0.696.3 \n * Google Chrome 11.0.696.30 \n * Google Chrome 11.0.696.31 \n * Google Chrome 11.0.696.32 \n * Google Chrome 11.0.696.33 \n * Google Chrome 11.0.696.34 \n * Google Chrome 11.0.696.35 \n * Google Chrome 11.0.696.36 \n * Google Chrome 11.0.696.37 \n * Google Chrome 11.0.696.38 \n * Google Chrome 11.0.696.39 \n * Google Chrome 11.0.696.4 \n * Google Chrome 11.0.696.40 \n * Google Chrome 11.0.696.41 \n * Google Chrome 11.0.696.42 \n * Google Chrome 11.0.696.43 \n * Google Chrome 11.0.696.44 \n * Google Chrome 11.0.696.45 \n * Google Chrome 11.0.696.46 \n * Google Chrome 11.0.696.47 \n * Google Chrome 11.0.696.48 \n * Google Chrome 11.0.696.49 \n * Google Chrome 11.0.696.5 \n * Google Chrome 11.0.696.50 \n * Google Chrome 11.0.696.51 \n * Google Chrome 11.0.696.52 \n * Google Chrome 11.0.696.53 \n * Google Chrome 11.0.696.54 \n * Google Chrome 11.0.696.55 \n * Google Chrome 11.0.696.56 \n * Google Chrome 11.0.696.57 \n * Google Chrome 11.0.696.58 \n * Google Chrome 11.0.696.59 \n * Google Chrome 11.0.696.60 \n * Google Chrome 11.0.696.61 \n * Google Chrome 11.0.696.62 \n * Google Chrome 11.0.696.63 \n * Google Chrome 11.0.696.64 \n * Google Chrome 11.0.696.65 \n * Google Chrome 11.0.696.66 \n * Google Chrome 11.0.696.67 \n * Google Chrome 11.0.696.68 \n * Google Chrome 11.0.696.69 \n * Google Chrome 11.0.696.7 \n * Google Chrome 11.0.696.70 \n * Google Chrome 11.0.696.71 \n * Google Chrome 11.0.696.72 \n * Google Chrome 11.0.696.77 \n * Google Chrome 11.0.696.8 \n * Google Chrome 11.0.696.9 \n * Google Chrome 11.0.697.0 \n * Google Chrome 11.0.698.0 \n * Google Chrome 11.0.699.0 \n * Google Chrome 12 \n * Google Chrome 12.0.700.0 \n * Google Chrome 12.0.701.0 \n * Google Chrome 12.0.702.0 \n * Google Chrome 12.0.702.1 \n * Google Chrome 12.0.702.2 \n * Google Chrome 12.0.703.0 \n * Google Chrome 12.0.704.0 \n * Google Chrome 12.0.705.0 \n * Google Chrome 12.0.706.0 \n * Google Chrome 12.0.707.0 \n * Google Chrome 12.0.708.0 \n * Google Chrome 12.0.709.0 \n * Google Chrome 12.0.710.0 \n * Google Chrome 12.0.711.0 \n * Google Chrome 12.0.712.0 \n * Google Chrome 12.0.713.0 \n * Google Chrome 12.0.714.0 \n * Google Chrome 12.0.715.0 \n * Google Chrome 12.0.716.0 \n * Google Chrome 12.0.717.0 \n * Google Chrome 12.0.718.0 \n * Google Chrome 12.0.719.0 \n * Google Chrome 12.0.719.1 \n * Google Chrome 12.0.720.0 \n * Google Chrome 12.0.721.0 \n * Google Chrome 12.0.721.1 \n * Google Chrome 12.0.722.0 \n * Google Chrome 12.0.723.0 \n * Google Chrome 12.0.723.1 \n * Google Chrome 12.0.724.0 \n * Google Chrome 12.0.725.0 \n * Google Chrome 12.0.726.0 \n * Google Chrome 12.0.727.0 \n * Google Chrome 12.0.728.0 \n * Google Chrome 12.0.729.0 \n * Google Chrome 12.0.730.0 \n * Google Chrome 12.0.731.0 \n * Google Chrome 12.0.732.0 \n * Google Chrome 12.0.733.0 \n * Google Chrome 12.0.734.0 \n * Google Chrome 12.0.735.0 \n * Google Chrome 12.0.736.0 \n * Google Chrome 12.0.737.0 \n * Google Chrome 12.0.738.0 \n * Google Chrome 12.0.739.0 \n * Google Chrome 12.0.740.0 \n * Google Chrome 12.0.741.0 \n * Google Chrome 12.0.742.0 \n * Google Chrome 12.0.742.1 \n * Google Chrome 12.0.742.10 \n * Google Chrome 12.0.742.100 \n * Google Chrome 12.0.742.105 \n * Google Chrome 12.0.742.11 \n * Google Chrome 12.0.742.111 \n * Google Chrome 12.0.742.112 \n * Google Chrome 12.0.742.113 \n * Google Chrome 12.0.742.114 \n * Google Chrome 12.0.742.115 \n * Google Chrome 12.0.742.12 \n * Google Chrome 12.0.742.120 \n * Google Chrome 12.0.742.121 \n * Google Chrome 12.0.742.122 \n * Google Chrome 12.0.742.123 \n * Google Chrome 12.0.742.124 \n * Google Chrome 12.0.742.13 \n * Google Chrome 12.0.742.14 \n * Google Chrome 12.0.742.15 \n * Google Chrome 12.0.742.16 \n * Google Chrome 12.0.742.17 \n * Google Chrome 12.0.742.18 \n * Google Chrome 12.0.742.19 \n * Google Chrome 12.0.742.2 \n * Google Chrome 12.0.742.20 \n * Google Chrome 12.0.742.21 \n * Google Chrome 12.0.742.22 \n * Google Chrome 12.0.742.3 \n * Google Chrome 12.0.742.30 \n * Google Chrome 12.0.742.4 \n * Google Chrome 12.0.742.41 \n * Google Chrome 12.0.742.42 \n * Google Chrome 12.0.742.43 \n * Google Chrome 12.0.742.44 \n * Google Chrome 12.0.742.45 \n * Google Chrome 12.0.742.46 \n * Google Chrome 12.0.742.47 \n * Google Chrome 12.0.742.48 \n * Google Chrome 12.0.742.49 \n * Google Chrome 12.0.742.5 \n * Google Chrome 12.0.742.50 \n * Google Chrome 12.0.742.51 \n * Google Chrome 12.0.742.52 \n * Google Chrome 12.0.742.53 \n * Google Chrome 12.0.742.54 \n * Google Chrome 12.0.742.55 \n * Google Chrome 12.0.742.56 \n * Google Chrome 12.0.742.57 \n * Google Chrome 12.0.742.58 \n * Google Chrome 12.0.742.59 \n * Google Chrome 12.0.742.6 \n * Google Chrome 12.0.742.60 \n * Google Chrome 12.0.742.61 \n * Google Chrome 12.0.742.63 \n * Google Chrome 12.0.742.64 \n * Google Chrome 12.0.742.65 \n * Google Chrome 12.0.742.66 \n * Google Chrome 12.0.742.67 \n * Google Chrome 12.0.742.68 \n * Google Chrome 12.0.742.69 \n * Google Chrome 12.0.742.70 \n * Google Chrome 12.0.742.71 \n * Google Chrome 12.0.742.72 \n * Google Chrome 12.0.742.73 \n * Google Chrome 12.0.742.74 \n * Google Chrome 12.0.742.75 \n * Google Chrome 12.0.742.77 \n * Google Chrome 12.0.742.8 \n * Google Chrome 12.0.742.82 \n * Google Chrome 12.0.742.9 \n * Google Chrome 12.0.742.91 \n * Google Chrome 12.0.742.92 \n * Google Chrome 12.0.742.93 \n * Google Chrome 12.0.742.94 \n * Google Chrome 12.0.743.0 \n * Google Chrome 12.0.744.0 \n * Google Chrome 12.0.745.0 \n * Google Chrome 12.0.746.0 \n * Google Chrome 12.0.747.0 \n * Google Chrome 13 \n * Google Chrome 13.0.748.0 \n * Google Chrome 13.0.749.0 \n * Google Chrome 13.0.750.0 \n * Google Chrome 13.0.751.0 \n * Google Chrome 13.0.752.0 \n * Google Chrome 13.0.753.0 \n * Google Chrome 13.0.754.0 \n * Google Chrome 13.0.755.0 \n * Google Chrome 13.0.756.0 \n * Google Chrome 13.0.757.0 \n * Google Chrome 13.0.758.0 \n * Google Chrome 13.0.759.0 \n * Google Chrome 13.0.760.0 \n * Google Chrome 13.0.761.0 \n * Google Chrome 13.0.761.1 \n * Google Chrome 13.0.762.0 \n * Google Chrome 13.0.762.1 \n * Google Chrome 13.0.763.0 \n * Google Chrome 13.0.764.0 \n * Google Chrome 13.0.765.0 \n * Google Chrome 13.0.766.0 \n * Google Chrome 13.0.767.0 \n * Google Chrome 13.0.767.1 \n * Google Chrome 13.0.768.0 \n * Google Chrome 13.0.769.0 \n * Google Chrome 13.0.770.0 \n * Google Chrome 13.0.771.0 \n * Google Chrome 13.0.772.0 \n * Google Chrome 13.0.773.0 \n * Google Chrome 13.0.774.0 \n * Google Chrome 13.0.775.0 \n * Google Chrome 13.0.775.1 \n * Google Chrome 13.0.775.2 \n * Google Chrome 13.0.775.4 \n * Google Chrome 13.0.776.0 \n * Google Chrome 13.0.776.1 \n * Google Chrome 13.0.777.0 \n * Google Chrome 13.0.777.1 \n * Google Chrome 13.0.777.2 \n * Google Chrome 13.0.777.3 \n * Google Chrome 13.0.777.4 \n * Google Chrome 13.0.777.5 \n * Google Chrome 13.0.777.6 \n * Google Chrome 13.0.778.0 \n * Google Chrome 13.0.779.0 \n * Google Chrome 13.0.780.0 \n * Google Chrome 13.0.781.0 \n * Google Chrome 13.0.782.0 \n * Google Chrome 13.0.782.1 \n * Google Chrome 13.0.782.10 \n * Google Chrome 13.0.782.100 \n * Google Chrome 13.0.782.101 \n * Google Chrome 13.0.782.102 \n * Google Chrome 13.0.782.103 \n * Google Chrome 13.0.782.104 \n * Google Chrome 13.0.782.105 \n * Google Chrome 13.0.782.106 \n * Google Chrome 13.0.782.107 \n * Google Chrome 13.0.782.108 \n * Google Chrome 13.0.782.109 \n * Google Chrome 13.0.782.11 \n * Google Chrome 13.0.782.112 \n * Google Chrome 13.0.782.12 \n * Google Chrome 13.0.782.13 \n * Google Chrome 13.0.782.14 \n * Google Chrome 13.0.782.15 \n * Google Chrome 13.0.782.16 \n * Google Chrome 13.0.782.17 \n * Google Chrome 13.0.782.18 \n * Google Chrome 13.0.782.19 \n * Google Chrome 13.0.782.20 \n * Google Chrome 13.0.782.21 \n * Google Chrome 13.0.782.210 \n * Google Chrome 13.0.782.211 \n * Google Chrome 13.0.782.212 \n * Google Chrome 13.0.782.213 \n * Google Chrome 13.0.782.214 \n * Google Chrome 13.0.782.215 \n * Google Chrome 13.0.782.216 \n * Google Chrome 13.0.782.217 \n * Google Chrome 13.0.782.218 \n * Google Chrome 13.0.782.219 \n * Google Chrome 13.0.782.220 \n * Google Chrome 13.0.782.23 \n * Google Chrome 13.0.782.237 \n * Google Chrome 13.0.782.238 \n * Google Chrome 13.0.782.24 \n * Google Chrome 13.0.782.25 \n * Google Chrome 13.0.782.26 \n * Google Chrome 13.0.782.27 \n * Google Chrome 13.0.782.28 \n * Google Chrome 13.0.782.29 \n * Google Chrome 13.0.782.3 \n * Google Chrome 13.0.782.30 \n * Google Chrome 13.0.782.31 \n * Google Chrome 13.0.782.32 \n * Google Chrome 13.0.782.33 \n * Google Chrome 13.0.782.34 \n * Google Chrome 13.0.782.35 \n * Google Chrome 13.0.782.36 \n * Google Chrome 13.0.782.37 \n * Google Chrome 13.0.782.38 \n * Google Chrome 13.0.782.39 \n * Google Chrome 13.0.782.4 \n * Google Chrome 13.0.782.40 \n * Google Chrome 13.0.782.41 \n * Google Chrome 13.0.782.42 \n * Google Chrome 13.0.782.43 \n * Google Chrome 13.0.782.44 \n * Google Chrome 13.0.782.45 \n * Google Chrome 13.0.782.46 \n * Google Chrome 13.0.782.47 \n * Google Chrome 13.0.782.48 \n * Google Chrome 13.0.782.49 \n * Google Chrome 13.0.782.50 \n * Google Chrome 13.0.782.51 \n * Google Chrome 13.0.782.52 \n * Google Chrome 13.0.782.53 \n * Google Chrome 13.0.782.55 \n * Google Chrome 13.0.782.56 \n * Google Chrome 13.0.782.6 \n * Google Chrome 13.0.782.7 \n * Google Chrome 13.0.782.81 \n * Google Chrome 13.0.782.82 \n * Google Chrome 13.0.782.83 \n * Google Chrome 13.0.782.84 \n * Google Chrome 13.0.782.85 \n * Google Chrome 13.0.782.86 \n * Google Chrome 13.0.782.87 \n * Google Chrome 13.0.782.88 \n * Google Chrome 13.0.782.89 \n * Google Chrome 13.0.782.90 \n * Google Chrome 13.0.782.91 \n * Google Chrome 13.0.782.92 \n * Google Chrome 13.0.782.93 \n * Google Chrome 13.0.782.94 \n * Google Chrome 13.0.782.95 \n * Google Chrome 13.0.782.96 \n * Google Chrome 13.0.782.97 \n * Google Chrome 13.0.782.98 \n * Google Chrome 13.0.782.99 \n * Google Chrome 14 \n * Google Chrome 14.0.783.0 \n * Google Chrome 14.0.784.0 \n * Google Chrome 14.0.785.0 \n * Google Chrome 14.0.786.0 \n * Google Chrome 14.0.787.0 \n * Google Chrome 14.0.788.0 \n * Google Chrome 14.0.789.0 \n * Google Chrome 14.0.790.0 \n * Google Chrome 14.0.791.0 \n * Google Chrome 14.0.792.0 \n * Google Chrome 14.0.793.0 \n * Google Chrome 14.0.794.0 \n * Google Chrome 14.0.795.0 \n * Google Chrome 14.0.796.0 \n * Google Chrome 14.0.797.0 \n * Google Chrome 14.0.798.0 \n * Google Chrome 14.0.799.0 \n * Google Chrome 14.0.800.0 \n * Google Chrome 14.0.801.0 \n * Google Chrome 14.0.802.0 \n * Google Chrome 14.0.803.0 \n * Google Chrome 14.0.804.0 \n * Google Chrome 14.0.805.0 \n * Google Chrome 14.0.806.0 \n * Google Chrome 14.0.807.0 \n * Google Chrome 14.0.808.0 \n * Google Chrome 14.0.809.0 \n * Google Chrome 14.0.810.0 \n * Google Chrome 14.0.811.0 \n * Google Chrome 14.0.812.0 \n * Google Chrome 14.0.813.0 \n * Google Chrome 14.0.814.0 \n * Google Chrome 14.0.815.0 \n * Google Chrome 14.0.816.0 \n * Google Chrome 14.0.818.0 \n * Google Chrome 14.0.819.0 \n * Google Chrome 14.0.820.0 \n * Google Chrome 14.0.821.0 \n * Google Chrome 14.0.822.0 \n * Google Chrome 14.0.823.0 \n * Google Chrome 14.0.824.0 \n * Google Chrome 14.0.825.0 \n * Google Chrome 14.0.826.0 \n * Google Chrome 14.0.827.0 \n * Google Chrome 14.0.827.10 \n * Google Chrome 14.0.827.12 \n * Google Chrome 14.0.829.1 \n * Google Chrome 14.0.830.0 \n * Google Chrome 14.0.831.0 \n * Google Chrome 14.0.832.0 \n * Google Chrome 14.0.833.0 \n * Google Chrome 14.0.834.0 \n * Google Chrome 14.0.835.0 \n * Google Chrome 14.0.835.1 \n * Google Chrome 14.0.835.100 \n * Google Chrome 14.0.835.101 \n * Google Chrome 14.0.835.102 \n * Google Chrome 14.0.835.103 \n * Google Chrome 14.0.835.104 \n * Google Chrome 14.0.835.105 \n * Google Chrome 14.0.835.106 \n * Google Chrome 14.0.835.107 \n * Google Chrome 14.0.835.108 \n * Google Chrome 14.0.835.109 \n * Google Chrome 14.0.835.11 \n * Google Chrome 14.0.835.110 \n * Google Chrome 14.0.835.111 \n * Google Chrome 14.0.835.112 \n * Google Chrome 14.0.835.113 \n * Google Chrome 14.0.835.114 \n * Google Chrome 14.0.835.115 \n * Google Chrome 14.0.835.116 \n * Google Chrome 14.0.835.117 \n * Google Chrome 14.0.835.118 \n * Google Chrome 14.0.835.119 \n * Google Chrome 14.0.835.120 \n * Google Chrome 14.0.835.121 \n * Google Chrome 14.0.835.122 \n * Google Chrome 14.0.835.123 \n * Google Chrome 14.0.835.124 \n * Google Chrome 14.0.835.125 \n * Google Chrome 14.0.835.126 \n * Google Chrome 14.0.835.127 \n * Google Chrome 14.0.835.128 \n * Google Chrome 14.0.835.13 \n * Google Chrome 14.0.835.14 \n * Google Chrome 14.0.835.149 \n * Google Chrome 14.0.835.15 \n * Google Chrome 14.0.835.150 \n * Google Chrome 14.0.835.151 \n * Google Chrome 14.0.835.152 \n * Google Chrome 14.0.835.153 \n * Google Chrome 14.0.835.154 \n * Google Chrome 14.0.835.155 \n * Google Chrome 14.0.835.156 \n * Google Chrome 14.0.835.157 \n * Google Chrome 14.0.835.158 \n * Google Chrome 14.0.835.159 \n * Google Chrome 14.0.835.16 \n * Google Chrome 14.0.835.160 \n * Google Chrome 14.0.835.161 \n * Google Chrome 14.0.835.162 \n * Google Chrome 14.0.835.163 \n * Google Chrome 14.0.835.18 \n * Google Chrome 14.0.835.184 \n * Google Chrome 14.0.835.186 \n * Google Chrome 14.0.835.187 \n * Google Chrome 14.0.835.2 \n * Google Chrome 14.0.835.20 \n * Google Chrome 14.0.835.202 \n * Google Chrome 14.0.835.203 \n * Google Chrome 14.0.835.204 \n * Google Chrome 14.0.835.21 \n * Google Chrome 14.0.835.22 \n * Google Chrome 14.0.835.23 \n * Google Chrome 14.0.835.24 \n * Google Chrome 14.0.835.25 \n * Google Chrome 14.0.835.26 \n * Google Chrome 14.0.835.27 \n * Google Chrome 14.0.835.28 \n * Google Chrome 14.0.835.29 \n * Google Chrome 14.0.835.30 \n * Google Chrome 14.0.835.31 \n * Google Chrome 14.0.835.32 \n * Google Chrome 14.0.835.33 \n * Google Chrome 14.0.835.34 \n * Google Chrome 14.0.835.35 \n * Google Chrome 14.0.835.4 \n * Google Chrome 14.0.835.8 \n * Google Chrome 14.0.835.86 \n * Google Chrome 14.0.835.87 \n * Google Chrome 14.0.835.88 \n * Google Chrome 14.0.835.89 \n * Google Chrome 14.0.835.9 \n * Google Chrome 14.0.835.90 \n * Google Chrome 14.0.835.91 \n * Google Chrome 14.0.835.92 \n * Google Chrome 14.0.835.93 \n * Google Chrome 14.0.835.94 \n * Google Chrome 14.0.835.95 \n * Google Chrome 14.0.835.96 \n * Google Chrome 14.0.835.97 \n * Google Chrome 14.0.835.98 \n * Google Chrome 14.0.835.99 \n * Google Chrome 14.0.836.0 \n * Google Chrome 14.0.837.0 \n * Google Chrome 14.0.838.0 \n * Google Chrome 14.0.839.0 \n * Google Chrome 15 \n * Google Chrome 15.0.859.0 \n * Google Chrome 15.0.860.0 \n * Google Chrome 15.0.861.0 \n * Google Chrome 15.0.862.0 \n * Google Chrome 15.0.862.1 \n * Google Chrome 15.0.863.0 \n * Google Chrome 15.0.864.0 \n * Google Chrome 15.0.865.0 \n * Google Chrome 15.0.866.0 \n * Google Chrome 15.0.867.0 \n * Google Chrome 15.0.868.0 \n * Google Chrome 15.0.868.1 \n * Google Chrome 15.0.869.0 \n * Google Chrome 15.0.870.0 \n * Google Chrome 15.0.871.0 \n * Google Chrome 15.0.871.1 \n * Google Chrome 15.0.872.0 \n * Google Chrome 15.0.873.0 \n * Google Chrome 15.0.874 102 \n * Google Chrome 15.0.874.0 \n * Google Chrome 15.0.874.1 \n * Google Chrome 15.0.874.10 \n * Google Chrome 15.0.874.101 \n * Google Chrome 15.0.874.102 \n * Google Chrome 15.0.874.103 \n * Google Chrome 15.0.874.104 \n * Google Chrome 15.0.874.106 \n * Google Chrome 15.0.874.11 \n * Google Chrome 15.0.874.116 \n * Google Chrome 15.0.874.117 \n * Google Chrome 15.0.874.119 \n * Google Chrome 15.0.874.12 \n * Google Chrome 15.0.874.120 \n * Google Chrome 15.0.874.121 \n * Google Chrome 15.0.874.13 \n * Google Chrome 15.0.874.14 \n * Google Chrome 15.0.874.15 \n * Google Chrome 15.0.874.16 \n * Google Chrome 15.0.874.17 \n * Google Chrome 15.0.874.18 \n * Google Chrome 15.0.874.19 \n * Google Chrome 15.0.874.2 \n * Google Chrome 15.0.874.20 \n * Google Chrome 15.0.874.21 \n * Google Chrome 15.0.874.22 \n * Google Chrome 15.0.874.23 \n * Google Chrome 15.0.874.24 \n * Google Chrome 15.0.874.3 \n * Google Chrome 15.0.874.4 \n * Google Chrome 15.0.874.44 \n * Google Chrome 15.0.874.45 \n * Google Chrome 15.0.874.46 \n * Google Chrome 15.0.874.47 \n * Google Chrome 15.0.874.48 \n * Google Chrome 15.0.874.49 \n * Google Chrome 15.0.874.5 \n * Google Chrome 15.0.874.6 \n * Google Chrome 15.0.874.7 \n * Google Chrome 15.0.874.8 \n * Google Chrome 15.0.874.9 \n * Google Chrome 16 \n * Google Chrome 16.0.877.0 \n * Google Chrome 16.0.878.0 \n * Google Chrome 16.0.879.0 \n * Google Chrome 16.0.880.0 \n * Google Chrome 16.0.881.0 \n * Google Chrome 16.0.882.0 \n * Google Chrome 16.0.883.0 \n * Google Chrome 16.0.884.0 \n * Google Chrome 16.0.885.0 \n * Google Chrome 16.0.886.0 \n * Google Chrome 16.0.886.1 \n * Google Chrome 16.0.887.0 \n * Google Chrome 16.0.888.0 \n * Google Chrome 16.0.889.0 \n * Google Chrome 16.0.889.2 \n * Google Chrome 16.0.889.3 \n * Google Chrome 16.0.890.0 \n * Google Chrome 16.0.890.1 \n * Google Chrome 16.0.891.0 \n * Google Chrome 16.0.891.1 \n * Google Chrome 16.0.892.0 \n * Google Chrome 16.0.893.0 \n * Google Chrome 16.0.893.1 \n * Google Chrome 16.0.894.0 \n * Google Chrome 16.0.895.0 \n * Google Chrome 16.0.896.0 \n * Google Chrome 16.0.897.0 \n * Google Chrome 16.0.898.0 \n * Google Chrome 16.0.899.0 \n * Google Chrome 16.0.900.0 \n * Google Chrome 16.0.901.0 \n * Google Chrome 16.0.902.0 \n * Google Chrome 16.0.903.0 \n * Google Chrome 16.0.904.0 \n * Google Chrome 16.0.905.0 \n * Google Chrome 16.0.906.0 \n * Google Chrome 16.0.906.1 \n * Google Chrome 16.0.907.0 \n * Google Chrome 16.0.908.0 \n * Google Chrome 16.0.909.0 \n * Google Chrome 16.0.910.0 \n * Google Chrome 16.0.911.0 \n * Google Chrome 16.0.911.1 \n * Google Chrome 16.0.911.2 \n * Google Chrome 16.0.912.0 \n * Google Chrome 16.0.912.1 \n * Google Chrome 16.0.912.10 \n * Google Chrome 16.0.912.11 \n * Google Chrome 16.0.912.12 \n * Google Chrome 16.0.912.13 \n * Google Chrome 16.0.912.14 \n * Google Chrome 16.0.912.15 \n * Google Chrome 16.0.912.19 \n * Google Chrome 16.0.912.2 \n * Google Chrome 16.0.912.20 \n * Google Chrome 16.0.912.21 \n * Google Chrome 16.0.912.22 \n * Google Chrome 16.0.912.23 \n * Google Chrome 16.0.912.24 \n * Google Chrome 16.0.912.25 \n * Google Chrome 16.0.912.26 \n * Google Chrome 16.0.912.27 \n * Google Chrome 16.0.912.28 \n * Google Chrome 16.0.912.29 \n * Google Chrome 16.0.912.3 \n * Google Chrome 16.0.912.30 \n * Google Chrome 16.0.912.31 \n * Google Chrome 16.0.912.32 \n * Google Chrome 16.0.912.33 \n * Google Chrome 16.0.912.34 \n * Google Chrome 16.0.912.35 \n * Google Chrome 16.0.912.36 \n * Google Chrome 16.0.912.37 \n * Google Chrome 16.0.912.38 \n * Google Chrome 16.0.912.39 \n * Google Chrome 16.0.912.4 \n * Google Chrome 16.0.912.40 \n * Google Chrome 16.0.912.41 \n * Google Chrome 16.0.912.42 \n * Google Chrome 16.0.912.43 \n * Google Chrome 16.0.912.5 \n * Google Chrome 16.0.912.6 \n * Google Chrome 16.0.912.62 \n * Google Chrome 16.0.912.63 \n * Google Chrome 16.0.912.66 \n * Google Chrome 16.0.912.7 \n * Google Chrome 16.0.912.74 \n * Google Chrome 16.0.912.75 \n * Google Chrome 16.0.912.76 \n * Google Chrome 16.0.912.77 \n * Google Chrome 16.0.912.8 \n * Google Chrome 16.0.912.9 \n * Google Chrome 17 \n * Google Chrome 17.0.921.3 \n * Google Chrome 17.0.922.0 \n * Google Chrome 17.0.923.0 \n * Google Chrome 17.0.923.1 \n * Google Chrome 17.0.924.0 \n * Google Chrome 17.0.925.0 \n * Google Chrome 17.0.926.0 \n * Google Chrome 17.0.927.0 \n * Google Chrome 17.0.928.0 \n * Google Chrome 17.0.928.1 \n * Google Chrome 17.0.928.2 \n * Google Chrome 17.0.928.3 \n * Google Chrome 17.0.929.0 \n * Google Chrome 17.0.930.0 \n * Google Chrome 17.0.931.0 \n * Google Chrome 17.0.932.0 \n * Google Chrome 17.0.933.0 \n * Google Chrome 17.0.933.1 \n * Google Chrome 17.0.934.0 \n * Google Chrome 17.0.935.0 \n * Google Chrome 17.0.935.1 \n * Google Chrome 17.0.936.0 \n * Google Chrome 17.0.936.1 \n * Google Chrome 17.0.937.0 \n * Google Chrome 17.0.938.0 \n * Google Chrome 17.0.939.0 \n * Google Chrome 17.0.939.1 \n * Google Chrome 17.0.940.0 \n * Google Chrome 17.0.941.0 \n * Google Chrome 17.0.942.0 \n * Google Chrome 17.0.943.0 \n * Google Chrome 17.0.944.0 \n * Google Chrome 17.0.945.0 \n * Google Chrome 17.0.946.0 \n * Google Chrome 17.0.947.0 \n * Google Chrome 17.0.948.0 \n * Google Chrome 17.0.949.0 \n * Google Chrome 17.0.950.0 \n * Google Chrome 17.0.951.0 \n * Google Chrome 17.0.952.0 \n * Google Chrome 17.0.953.0 \n * Google Chrome 17.0.954.0 \n * Google Chrome 17.0.954.1 \n * Google Chrome 17.0.954.2 \n * Google Chrome 17.0.954.3 \n * Google Chrome 17.0.955.0 \n * Google Chrome 17.0.956.0 \n * Google Chrome 17.0.957.0 \n * Google Chrome 17.0.958.0 \n * Google Chrome 17.0.958.1 \n * Google Chrome 17.0.959.0 \n * Google Chrome 17.0.960.0 \n * Google Chrome 17.0.961.0 \n * Google Chrome 17.0.962.0 \n * Google Chrome 17.0.963.0 \n * Google Chrome 17.0.963.1 \n * Google Chrome 17.0.963.10 \n * Google Chrome 17.0.963.11 \n * Google Chrome 17.0.963.12 \n * Google Chrome 17.0.963.13 \n * Google Chrome 17.0.963.14 \n * Google Chrome 17.0.963.15 \n * Google Chrome 17.0.963.16 \n * Google Chrome 17.0.963.17 \n * Google Chrome 17.0.963.18 \n * Google Chrome 17.0.963.19 \n * Google Chrome 17.0.963.2 \n * Google Chrome 17.0.963.20 \n * Google Chrome 17.0.963.21 \n * Google Chrome 17.0.963.22 \n * Google Chrome 17.0.963.23 \n * Google Chrome 17.0.963.24 \n * Google Chrome 17.0.963.25 \n * Google Chrome 17.0.963.26 \n * Google Chrome 17.0.963.27 \n * Google Chrome 17.0.963.28 \n * Google Chrome 17.0.963.29 \n * Google Chrome 17.0.963.3 \n * Google Chrome 17.0.963.30 \n * Google Chrome 17.0.963.31 \n * Google Chrome 17.0.963.32 \n * Google Chrome 17.0.963.33 \n * Google Chrome 17.0.963.34 \n * Google Chrome 17.0.963.35 \n * Google Chrome 17.0.963.36 \n * Google Chrome 17.0.963.37 \n * Google Chrome 17.0.963.38 \n * Google Chrome 17.0.963.39 \n * Google Chrome 17.0.963.4 \n * Google Chrome 17.0.963.40 \n * Google Chrome 17.0.963.41 \n * Google Chrome 17.0.963.42 \n * Google Chrome 17.0.963.43 \n * Google Chrome 17.0.963.44 \n * Google Chrome 17.0.963.45 \n * Google Chrome 17.0.963.46 \n * Google Chrome 17.0.963.47 \n * Google Chrome 17.0.963.48 \n * Google Chrome 17.0.963.49 \n * Google Chrome 17.0.963.5 \n * Google Chrome 17.0.963.50 \n * Google Chrome 17.0.963.51 \n * Google Chrome 17.0.963.52 \n * Google Chrome 17.0.963.53 \n * Google Chrome 17.0.963.54 \n * Google Chrome 17.0.963.55 \n * Google Chrome 17.0.963.56 \n * Google Chrome 17.0.963.57 \n * Google Chrome 17.0.963.59 \n * Google Chrome 17.0.963.6 \n * Google Chrome 17.0.963.60 \n * Google Chrome 17.0.963.61 \n * Google Chrome 17.0.963.62 \n * Google Chrome 17.0.963.63 \n * Google Chrome 17.0.963.64 \n * Google Chrome 17.0.963.65 \n * Google Chrome 17.0.963.66 \n * Google Chrome 17.0.963.67 \n * Google Chrome 17.0.963.69 \n * Google Chrome 17.0.963.7 \n * Google Chrome 17.0.963.70 \n * Google Chrome 17.0.963.74 \n * Google Chrome 17.0.963.75 \n * Google Chrome 17.0.963.76 \n * Google Chrome 17.0.963.77 \n * Google Chrome 17.0.963.78 \n * Google Chrome 17.0.963.79 \n * Google Chrome 17.0.963.8 \n * Google Chrome 17.0.963.80 \n * Google Chrome 17.0.963.81 \n * Google Chrome 17.0.963.82 \n * Google Chrome 17.0.963.83 \n * Google Chrome 17.0.963.84 \n * Google Chrome 17.0.963.9 \n * Google Chrome 18 \n * Google Chrome 18.0.1000.0 \n * Google Chrome 18.0.1001.0 \n * Google Chrome 18.0.1001.1 \n * Google Chrome 18.0.1002.0 \n * Google Chrome 18.0.1003.0 \n * Google Chrome 18.0.1003.1 \n * Google Chrome 18.0.1004.0 \n * Google Chrome 18.0.1005.0 \n * Google Chrome 18.0.1006.0 \n * Google Chrome 18.0.1007.0 \n * Google Chrome 18.0.1008.0 \n * Google Chrome 18.0.1009.0 \n * Google Chrome 18.0.1010.0 \n * Google Chrome 18.0.1010.1 \n * Google Chrome 18.0.1010.2 \n * Google Chrome 18.0.1011.1 \n * Google Chrome 18.0.1012.0 \n * Google Chrome 18.0.1012.1 \n * Google Chrome 18.0.1012.2 \n * Google Chrome 18.0.1013.0 \n * Google Chrome 18.0.1014.0 \n * Google Chrome 18.0.1015.0 \n * Google Chrome 18.0.1016.0 \n * Google Chrome 18.0.1017.0 \n * Google Chrome 18.0.1017.1 \n * Google Chrome 18.0.1017.2 \n * Google Chrome 18.0.1017.3 \n * Google Chrome 18.0.1018.0 \n * Google Chrome 18.0.1019.0 \n * Google Chrome 18.0.1019.1 \n * Google Chrome 18.0.1020.0 \n * Google Chrome 18.0.1021.0 \n * Google Chrome 18.0.1022.0 \n * Google Chrome 18.0.1023.0 \n * Google Chrome 18.0.1024.0 \n * Google Chrome 18.0.1025.0 \n * Google Chrome 18.0.1025.1 \n * Google Chrome 18.0.1025.10 \n * Google Chrome 18.0.1025.100 \n * Google Chrome 18.0.1025.102 \n * Google Chrome 18.0.1025.107 \n * Google Chrome 18.0.1025.108 \n * Google Chrome 18.0.1025.109 \n * Google Chrome 18.0.1025.110 \n * Google Chrome 18.0.1025.111 \n * Google Chrome 18.0.1025.112 \n * Google Chrome 18.0.1025.113 \n * Google Chrome 18.0.1025.114 \n * Google Chrome 18.0.1025.116 \n * Google Chrome 18.0.1025.117 \n * Google Chrome 18.0.1025.118 \n * Google Chrome 18.0.1025.120 \n * Google Chrome 18.0.1025.129 \n * Google Chrome 18.0.1025.130 \n * Google Chrome 18.0.1025.131 \n * Google Chrome 18.0.1025.132 \n * Google Chrome 18.0.1025.133 \n * Google Chrome 18.0.1025.134 \n * Google Chrome 18.0.1025.135 \n * Google Chrome 18.0.1025.136 \n * Google Chrome 18.0.1025.137 \n * Google Chrome 18.0.1025.139 \n * Google Chrome 18.0.1025.140 \n * Google Chrome 18.0.1025.142 \n * Google Chrome 18.0.1025.145 \n * Google Chrome 18.0.1025.146 \n * Google Chrome 18.0.1025.147 \n * Google Chrome 18.0.1025.148 \n * Google Chrome 18.0.1025.149 \n * Google Chrome 18.0.1025.150 \n * Google Chrome 18.0.1025.151 \n * Google Chrome 18.0.1025.162 \n * Google Chrome 18.0.1025.168 \n * Google Chrome 18.0.1025.2 \n * Google Chrome 18.0.1025.29 \n * Google Chrome 18.0.1025.3 \n * Google Chrome 18.0.1025.30 \n * Google Chrome 18.0.1025.31 \n * Google Chrome 18.0.1025.32 \n * Google Chrome 18.0.1025.33 \n * Google Chrome 18.0.1025.35 \n * Google Chrome 18.0.1025.36 \n * Google Chrome 18.0.1025.37 \n * Google Chrome 18.0.1025.38 \n * Google Chrome 18.0.1025.39 \n * Google Chrome 18.0.1025.4 \n * Google Chrome 18.0.1025.40 \n * Google Chrome 18.0.1025.41 \n * Google Chrome 18.0.1025.42 \n * Google Chrome 18.0.1025.43 \n * Google Chrome 18.0.1025.44 \n * Google Chrome 18.0.1025.45 \n * Google Chrome 18.0.1025.46 \n * Google Chrome 18.0.1025.47 \n * Google Chrome 18.0.1025.48 \n * Google Chrome 18.0.1025.49 \n * Google Chrome 18.0.1025.5 \n * Google Chrome 18.0.1025.50 \n * Google Chrome 18.0.1025.51 \n * Google Chrome 18.0.1025.52 \n * Google Chrome 18.0.1025.54 \n * Google Chrome 18.0.1025.55 \n * Google Chrome 18.0.1025.56 \n * Google Chrome 18.0.1025.57 \n * Google Chrome 18.0.1025.58 \n * Google Chrome 18.0.1025.6 \n * Google Chrome 18.0.1025.60 \n * Google Chrome 18.0.1025.7 \n * Google Chrome 18.0.1025.73 \n * Google Chrome 18.0.1025.74 \n * Google Chrome 18.0.1025.8 \n * Google Chrome 18.0.1025.9 \n * Google Chrome 18.0.1025.95 \n * Google Chrome 18.0.1025.96 \n * Google Chrome 18.0.1025.97 \n * Google Chrome 18.0.1025.98 \n * Google Chrome 18.0.1025.99 \n * Google Chrome 19 \n * Google Chrome 19.0.1028.0 \n * Google Chrome 19.0.1029.0 \n * Google Chrome 19.0.1030.0 \n * Google Chrome 19.0.1031.0 \n * Google Chrome 19.0.1032.0 \n * Google Chrome 19.0.1033.0 \n * Google Chrome 19.0.1034.0 \n * Google Chrome 19.0.1035.0 \n * Google Chrome 19.0.1036.0 \n * Google Chrome 19.0.1036.2 \n * Google Chrome 19.0.1036.3 \n * Google Chrome 19.0.1036.4 \n * Google Chrome 19.0.1036.6 \n * Google Chrome 19.0.1036.7 \n * Google Chrome 19.0.1037.0 \n * Google Chrome 19.0.1038.0 \n * Google Chrome 19.0.1039.0 \n * Google Chrome 19.0.1040.0 \n * Google Chrome 19.0.1041.0 \n * Google Chrome 19.0.1042.0 \n * Google Chrome 19.0.1043.0 \n * Google Chrome 19.0.1044.0 \n * Google Chrome 19.0.1045.0 \n * Google Chrome 19.0.1046.0 \n * Google Chrome 19.0.1047.0 \n * Google Chrome 19.0.1048.0 \n * Google Chrome 19.0.1049.0 \n * Google Chrome 19.0.1049.1 \n * Google Chrome 19.0.1049.2 \n * Google Chrome 19.0.1049.3 \n * Google Chrome 19.0.1050.0 \n * Google Chrome 19.0.1051.0 \n * Google Chrome 19.0.1052.0 \n * Google Chrome 19.0.1053.0 \n * Google Chrome 19.0.1054.0 \n * Google Chrome 19.0.1055.0 \n * Google Chrome 19.0.1055.1 \n * Google Chrome 19.0.1055.2 \n * Google Chrome 19.0.1055.3 \n * Google Chrome 19.0.1056.0 \n * Google Chrome 19.0.1056.1 \n * Google Chrome 19.0.1057.0 \n * Google Chrome 19.0.1057.1 \n * Google Chrome 19.0.1057.3 \n * Google Chrome 19.0.1058.0 \n * Google Chrome 19.0.1058.1 \n * Google Chrome 19.0.1059.0 \n * Google Chrome 19.0.1060.0 \n * Google Chrome 19.0.1060.1 \n * Google Chrome 19.0.1061.0 \n * Google Chrome 19.0.1061.1 \n * Google Chrome 19.0.1062.0 \n * Google Chrome 19.0.1062.1 \n * Google Chrome 19.0.1063.0 \n * Google Chrome 19.0.1063.1 \n * Google Chrome 19.0.1064.0 \n * Google Chrome 19.0.1065.0 \n * Google Chrome 19.0.1066.0 \n * Google Chrome 19.0.1067.0 \n * Google Chrome 19.0.1068.0 \n * Google Chrome 19.0.1068.1 \n * Google Chrome 19.0.1069.0 \n * Google Chrome 19.0.1070.0 \n * Google Chrome 19.0.1071.0 \n * Google Chrome 19.0.1072.0 \n * Google Chrome 19.0.1073.0 \n * Google Chrome 19.0.1074.0 \n * Google Chrome 19.0.1075.0 \n * Google Chrome 19.0.1076.0 \n * Google Chrome 19.0.1076.1 \n * Google Chrome 19.0.1077.0 \n * Google Chrome 19.0.1077.1 \n * Google Chrome 19.0.1077.2 \n * Google Chrome 19.0.1077.3 \n * Google Chrome 19.0.1078.0 \n * Google Chrome 19.0.1079.0 \n * Google Chrome 19.0.1080.0 \n * Google Chrome 19.0.1081.0 \n * Google Chrome 19.0.1081.2 \n * Google Chrome 19.0.1082.0 \n * Google Chrome 19.0.1082.1 \n * Google Chrome 19.0.1083.0 \n * Google Chrome 19.0.1084.0 \n * Google Chrome 19.0.1084.1 \n * Google Chrome 19.0.1084.10 \n * Google Chrome 19.0.1084.11 \n * Google Chrome 19.0.1084.12 \n * Google Chrome 19.0.1084.13 \n * Google Chrome 19.0.1084.14 \n * Google Chrome 19.0.1084.15 \n * Google Chrome 19.0.1084.16 \n * Google Chrome 19.0.1084.17 \n * Google Chrome 19.0.1084.18 \n * Google Chrome 19.0.1084.19 \n * Google Chrome 19.0.1084.2 \n * Google Chrome 19.0.1084.20 \n * Google Chrome 19.0.1084.21 \n * Google Chrome 19.0.1084.22 \n * Google Chrome 19.0.1084.23 \n * Google Chrome 19.0.1084.24 \n * Google Chrome 19.0.1084.25 \n * Google Chrome 19.0.1084.26 \n * Google Chrome 19.0.1084.27 \n * Google Chrome 19.0.1084.28 \n * Google Chrome 19.0.1084.29 \n * Google Chrome 19.0.1084.3 \n * Google Chrome 19.0.1084.30 \n * Google Chrome 19.0.1084.31 \n * Google Chrome 19.0.1084.32 \n * Google Chrome 19.0.1084.33 \n * Google Chrome 19.0.1084.35 \n * Google Chrome 19.0.1084.36 \n * Google Chrome 19.0.1084.37 \n * Google Chrome 19.0.1084.38 \n * Google Chrome 19.0.1084.39 \n * Google Chrome 19.0.1084.4 \n * Google Chrome 19.0.1084.40 \n * Google Chrome 19.0.1084.41 \n * Google Chrome 19.0.1084.42 \n * Google Chrome 19.0.1084.43 \n * Google Chrome 19.0.1084.44 \n * Google Chrome 19.0.1084.45 \n * Google Chrome 19.0.1084.46 \n * Google Chrome 19.0.1084.47 \n * Google Chrome 19.0.1084.48 \n * Google Chrome 19.0.1084.5 \n * Google Chrome 19.0.1084.50 \n * Google Chrome 19.0.1084.51 \n * Google Chrome 19.0.1084.52 \n * Google Chrome 19.0.1084.6 \n * Google Chrome 19.0.1084.7 \n * Google Chrome 19.0.1084.8 \n * Google Chrome 19.0.1084.9 \n * Google Chrome 19.0.1085.0 \n * Google Chrome 2.0.156.1 \n * Google Chrome 2.0.157.0 \n * Google Chrome 2.0.157.2 \n * Google Chrome 2.0.158.0 \n * Google Chrome 2.0.159.0 \n * Google Chrome 2.0.169.0 \n * Google Chrome 2.0.169.1 \n * Google Chrome 2.0.170.0 \n * Google Chrome 2.0.172 \n * Google Chrome 2.0.172.2 \n * Google Chrome 2.0.172.27 \n * Google Chrome 2.0.172.28 \n * Google Chrome 2.0.172.30 \n * Google Chrome 2.0.172.31 \n * Google Chrome 2.0.172.33 \n * Google Chrome 2.0.172.37 \n * Google Chrome 2.0.172.38 \n * Google Chrome 2.0.172.43 \n * Google Chrome 2.0.172.8 \n * Google Chrome 20 \n * Google Chrome 20.0.1132.0 \n * Google Chrome 20.0.1132.1 \n * Google Chrome 20.0.1132.10 \n * Google Chrome 20.0.1132.11 \n * Google Chrome 20.0.1132.12 \n * Google Chrome 20.0.1132.13 \n * Google Chrome 20.0.1132.14 \n * Google Chrome 20.0.1132.15 \n * Google Chrome 20.0.1132.16 \n * Google Chrome 20.0.1132.17 \n * Google Chrome 20.0.1132.18 \n * Google Chrome 20.0.1132.19 \n * Google Chrome 20.0.1132.2 \n * Google Chrome 20.0.1132.20 \n * Google Chrome 20.0.1132.21 \n * Google Chrome 20.0.1132.22 \n * Google Chrome 20.0.1132.23 \n * Google Chrome 20.0.1132.24 \n * Google Chrome 20.0.1132.25 \n * Google Chrome 20.0.1132.26 \n * Google Chrome 20.0.1132.27 \n * Google Chrome 20.0.1132.28 \n * Google Chrome 20.0.1132.29 \n * Google Chrome 20.0.1132.3 \n * Google Chrome 20.0.1132.30 \n * Google Chrome 20.0.1132.31 \n * Google Chrome 20.0.1132.32 \n * Google Chrome 20.0.1132.33 \n * Google Chrome 20.0.1132.34 \n * Google Chrome 20.0.1132.35 \n * Google Chrome 20.0.1132.36 \n * Google Chrome 20.0.1132.37 \n * Google Chrome 20.0.1132.38 \n * Google Chrome 20.0.1132.39 \n * Google Chrome 20.0.1132.4 \n * Google Chrome 20.0.1132.40 \n * Google Chrome 20.0.1132.41 \n * Google Chrome 20.0.1132.42 \n * Google Chrome 20.0.1132.43 \n * Google Chrome 20.0.1132.45 \n * Google Chrome 20.0.1132.46 \n * Google Chrome 20.0.1132.47 \n * Google Chrome 20.0.1132.5 \n * Google Chrome 20.0.1132.54 \n * Google Chrome 20.0.1132.55 \n * Google Chrome 20.0.1132.56 \n * Google Chrome 20.0.1132.57 \n * Google Chrome 20.0.1132.6 \n * Google Chrome 20.0.1132.7 \n * Google Chrome 20.0.1132.8 \n * Google Chrome 20.0.1132.9 \n * Google Chrome 21 \n * Google Chrome 21.0.1180.0 \n * Google Chrome 21.0.1180.1 \n * Google Chrome 21.0.1180.2 \n * Google Chrome 21.0.1180.31 \n * Google Chrome 21.0.1180.32 \n * Google Chrome 21.0.1180.33 \n * Google Chrome 21.0.1180.34 \n * Google Chrome 21.0.1180.35 \n * Google Chrome 21.0.1180.36 \n * Google Chrome 21.0.1180.37 \n * Google Chrome 21.0.1180.38 \n * Google Chrome 21.0.1180.39 \n * Google Chrome 21.0.1180.41 \n * Google Chrome 21.0.1180.46 \n * Google Chrome 21.0.1180.47 \n * Google Chrome 21.0.1180.48 \n * Google Chrome 21.0.1180.49 \n * Google Chrome 21.0.1180.50 \n * Google Chrome 21.0.1180.51 \n * Google Chrome 21.0.1180.52 \n * Google Chrome 21.0.1180.53 \n * Google Chrome 21.0.1180.54 \n * Google Chrome 21.0.1180.55 \n * Google Chrome 21.0.1180.56 \n * Google Chrome 21.0.1180.57 \n * Google Chrome 21.0.1180.59 \n * Google Chrome 21.0.1180.60 \n * Google Chrome 21.0.1180.61 \n * Google Chrome 21.0.1180.62 \n * Google Chrome 21.0.1180.63 \n * Google Chrome 21.0.1180.64 \n * Google Chrome 21.0.1180.68 \n * Google Chrome 21.0.1180.69 \n * Google Chrome 21.0.1180.70 \n * Google Chrome 21.0.1180.71 \n * Google Chrome 21.0.1180.72 \n * Google Chrome 21.0.1180.73 \n * Google Chrome 21.0.1180.74 \n * Google Chrome 21.0.1180.75 \n * Google Chrome 21.0.1180.76 \n * Google Chrome 21.0.1180.77 \n * Google Chrome 21.0.1180.78 \n * Google Chrome 21.0.1180.79 \n * Google Chrome 21.0.1180.80 \n * Google Chrome 21.0.1180.81 \n * Google Chrome 21.0.1180.82 \n * Google Chrome 21.0.1180.83 \n * Google Chrome 21.0.1180.84 \n * Google Chrome 21.0.1180.85 \n * Google Chrome 21.0.1180.86 \n * Google Chrome 21.0.1180.87 \n * Google Chrome 21.0.1180.88 \n * Google Chrome 21.0.1180.89 \n * Google Chrome 22 \n * Google Chrome 22.0.1229.0 \n * Google Chrome 22.0.1229.1 \n * Google Chrome 22.0.1229.10 \n * Google Chrome 22.0.1229.11 \n * Google Chrome 22.0.1229.12 \n * Google Chrome 22.0.1229.14 \n * Google Chrome 22.0.1229.16 \n * Google Chrome 22.0.1229.17 \n * Google Chrome 22.0.1229.18 \n * Google Chrome 22.0.1229.2 \n * Google Chrome 22.0.1229.20 \n * Google Chrome 22.0.1229.21 \n * Google Chrome 22.0.1229.22 \n * Google Chrome 22.0.1229.23 \n * Google Chrome 22.0.1229.24 \n * Google Chrome 22.0.1229.25 \n * Google Chrome 22.0.1229.26 \n * Google Chrome 22.0.1229.27 \n * Google Chrome 22.0.1229.28 \n * Google Chrome 22.0.1229.29 \n * Google Chrome 22.0.1229.3 \n * Google Chrome 22.0.1229.31 \n * Google Chrome 22.0.1229.32 \n * Google Chrome 22.0.1229.33 \n * Google Chrome 22.0.1229.35 \n * Google Chrome 22.0.1229.36 \n * Google Chrome 22.0.1229.37 \n * Google Chrome 22.0.1229.39 \n * Google Chrome 22.0.1229.4 \n * Google Chrome 22.0.1229.48 \n * Google Chrome 22.0.1229.49 \n * Google Chrome 22.0.1229.50 \n * Google Chrome 22.0.1229.51 \n * Google Chrome 22.0.1229.52 \n * Google Chrome 22.0.1229.53 \n * Google Chrome 22.0.1229.54 \n * Google Chrome 22.0.1229.55 \n * Google Chrome 22.0.1229.56 \n * Google Chrome 22.0.1229.57 \n * Google Chrome 22.0.1229.58 \n * Google Chrome 22.0.1229.59 \n * Google Chrome 22.0.1229.6 \n * Google Chrome 22.0.1229.60 \n * Google Chrome 22.0.1229.62 \n * Google Chrome 22.0.1229.63 \n * Google Chrome 22.0.1229.64 \n * Google Chrome 22.0.1229.65 \n * Google Chrome 22.0.1229.67 \n * Google Chrome 22.0.1229.7 \n * Google Chrome 22.0.1229.76 \n * Google Chrome 22.0.1229.78 \n * Google Chrome 22.0.1229.79 \n * Google Chrome 22.0.1229.8 \n * Google Chrome 22.0.1229.89 \n * Google Chrome 22.0.1229.9 \n * Google Chrome 22.0.1229.91 \n * Google Chrome 22.0.1229.92 \n * Google Chrome 22.0.1229.94 \n * Google Chrome 22.0.1229.95 \n * Google Chrome 22.0.1229.96 \n * Google Chrome 23.0.1271.0 \n * Google Chrome 23.0.1271.1 \n * Google Chrome 23.0.1271.10 \n * Google Chrome 23.0.1271.11 \n * Google Chrome 23.0.1271.12 \n * Google Chrome 23.0.1271.13 \n * Google Chrome 23.0.1271.14 \n * Google Chrome 23.0.1271.15 \n * Google Chrome 23.0.1271.16 \n * Google Chrome 23.0.1271.17 \n * Google Chrome 23.0.1271.18 \n * Google Chrome 23.0.1271.19 \n * Google Chrome 23.0.1271.2 \n * Google Chrome 23.0.1271.20 \n * Google Chrome 23.0.1271.21 \n * Google Chrome 23.0.1271.22 \n * Google Chrome 23.0.1271.23 \n * Google Chrome 23.0.1271.24 \n * Google Chrome 23.0.1271.26 \n * Google Chrome 23.0.1271.3 \n * Google Chrome 23.0.1271.30 \n * Google Chrome 23.0.1271.31 \n * Google Chrome 23.0.1271.32 \n * Google Chrome 23.0.1271.33 \n * Google Chrome 23.0.1271.35 \n * Google Chrome 23.0.1271.36 \n * Google Chrome 23.0.1271.37 \n * Google Chrome 23.0.1271.38 \n * Google Chrome 23.0.1271.39 \n * Google Chrome 23.0.1271.4 \n * Google Chrome 23.0.1271.40 \n * Google Chrome 23.0.1271.41 \n * Google Chrome 23.0.1271.44 \n * Google Chrome 23.0.1271.45 \n * Google Chrome 23.0.1271.46 \n * Google Chrome 23.0.1271.49 \n * Google Chrome 23.0.1271.5 \n * Google Chrome 23.0.1271.50 \n * Google Chrome 23.0.1271.51 \n * Google Chrome 23.0.1271.52 \n * Google Chrome 23.0.1271.53 \n * Google Chrome 23.0.1271.54 \n * Google Chrome 23.0.1271.55 \n * Google Chrome 23.0.1271.56 \n * Google Chrome 23.0.1271.57 \n * Google Chrome 23.0.1271.58 \n * Google Chrome 23.0.1271.59 \n * Google Chrome 23.0.1271.6 \n * Google Chrome 23.0.1271.60 \n * Google Chrome 23.0.1271.61 \n * Google Chrome 23.0.1271.62 \n * Google Chrome 23.0.1271.64 \n * Google Chrome 23.0.1271.7 \n * Google Chrome 23.0.1271.8 \n * Google Chrome 23.0.1271.83 \n * Google Chrome 23.0.1271.84 \n * Google Chrome 23.0.1271.85 \n * Google Chrome 23.0.1271.86 \n * Google Chrome 23.0.1271.87 \n * Google Chrome 23.0.1271.88 \n * Google Chrome 23.0.1271.89 \n * Google Chrome 23.0.1271.9 \n * Google Chrome 23.0.1271.91 \n * Google Chrome 23.0.1271.95 \n * Google Chrome 23.0.1271.96 \n * Google Chrome 23.0.1271.97 \n * Google Chrome 24.0.1272.0 \n * Google Chrome 24.0.1272.1 \n * Google Chrome 24.0.1273.0 \n * Google Chrome 24.0.1274.0 \n * Google Chrome 24.0.1275.0 \n * Google Chrome 24.0.1276.0 \n * Google Chrome 24.0.1276.1 \n * Google Chrome 24.0.1277.0 \n * Google Chrome 24.0.1278.0 \n * Google Chrome 24.0.1279.0 \n * Google Chrome 24.0.1280.0 \n * Google Chrome 24.0.1281.0 \n * Google Chrome 24.0.1281.1 \n * Google Chrome 24.0.1281.2 \n * Google Chrome 24.0.1281.3 \n * Google Chrome 24.0.1282.0 \n * Google Chrome 24.0.1283.0 \n * Google Chrome 24.0.1284.0 \n * Google Chrome 24.0.1284.1 \n * Google Chrome 24.0.1284.2 \n * Google Chrome 24.0.1285.0 \n * Google Chrome 24.0.1285.1 \n * Google Chrome 24.0.1285.2 \n * Google Chrome 24.0.1286.0 \n * Google Chrome 24.0.1286.1 \n * Google Chrome 24.0.1287.0 \n * Google Chrome 24.0.1287.1 \n * Google Chrome 24.0.1288.0 \n * Google Chrome 24.0.1288.1 \n * Google Chrome 24.0.1289.0 \n * Google Chrome 24.0.1289.1 \n * Google Chrome 24.0.1290.0 \n * Google Chrome 24.0.1291.0 \n * Google Chrome 24.0.1292.0 \n * Google Chrome 24.0.1293.0 \n * Google Chrome 24.0.1294.0 \n * Google Chrome 24.0.1295.0 \n * Google Chrome 24.0.1296.0 \n * Google Chrome 24.0.1297.0 \n * Google Chrome 24.0.1298.0 \n * Google Chrome 24.0.1299.0 \n * Google Chrome 24.0.1300.0 \n * Google Chrome 24.0.1301.0 \n * Google Chrome 24.0.1301.2 \n * Google Chrome 24.0.1302.0 \n * Google Chrome 24.0.1303.0 \n * Google Chrome 24.0.1304.0 \n * Google Chrome 24.0.1304.1 \n * Google Chrome 24.0.1305.0 \n * Google Chrome 24.0.1305.1 \n * Google Chrome 24.0.1305.2 \n * Google Chrome 24.0.1305.3 \n * Google Chrome 24.0.1305.4 \n * Google Chrome 24.0.1306.0 \n * Google Chrome 24.0.1306.1 \n * Google Chrome 24.0.1307.0 \n * Google Chrome 24.0.1307.1 \n * Google Chrome 24.0.1308.0 \n * Google Chrome 24.0.1309.0 \n * Google Chrome 24.0.1310.0 \n * Google Chrome 24.0.1311.0 \n * Google Chrome 24.0.1311.1 \n * Google Chrome 24.0.1312.0 \n * Google Chrome 24.0.1312.1 \n * Google Chrome 24.0.1312.10 \n * Google Chrome 24.0.1312.11 \n * Google Chrome 24.0.1312.12 \n * Google Chrome 24.0.1312.13 \n * Google Chrome 24.0.1312.14 \n * Google Chrome 24.0.1312.15 \n * Google Chrome 24.0.1312.16 \n * Google Chrome 24.0.1312.17 \n * Google Chrome 24.0.1312.18 \n * Google Chrome 24.0.1312.19 \n * Google Chrome 24.0.1312.20 \n * Google Chrome 24.0.1312.21 \n * Google Chrome 24.0.1312.22 \n * Google Chrome 24.0.1312.23 \n * Google Chrome 24.0.1312.24 \n * Google Chrome 24.0.1312.25 \n * Google Chrome 24.0.1312.26 \n * Google Chrome 24.0.1312.27 \n * Google Chrome 24.0.1312.28 \n * Google Chrome 24.0.1312.29 \n * Google Chrome 24.0.1312.30 \n * Google Chrome 24.0.1312.31 \n * Google Chrome 24.0.1312.32 \n * Google Chrome 24.0.1312.33 \n * Google Chrome 24.0.1312.34 \n * Google Chrome 24.0.1312.35 \n * Google Chrome 24.0.1312.36 \n * Google Chrome 24.0.1312.37 \n * Google Chrome 24.0.1312.38 \n * Google Chrome 24.0.1312.39 \n * Google Chrome 24.0.1312.4 \n * Google Chrome 24.0.1312.40 \n * Google Chrome 24.0.1312.41 \n * Google Chrome 24.0.1312.42 \n * Google Chrome 24.0.1312.43 \n * Google Chrome 24.0.1312.44 \n * Google Chrome 24.0.1312.45 \n * Google Chrome 24.0.1312.46 \n * Google Chrome 24.0.1312.47 \n * Google Chrome 24.0.1312.48 \n * Google Chrome 24.0.1312.49 \n * Google Chrome 24.0.1312.5 \n * Google Chrome 24.0.1312.50 \n * Google Chrome 24.0.1312.51 \n * Google Chrome 24.0.1312.52 \n * Google Chrome 24.0.1312.53 \n * Google Chrome 24.0.1312.54 \n * Google Chrome 24.0.1312.55 \n * Google Chrome 24.0.1312.56 \n * Google Chrome 24.0.1312.57 \n * Google Chrome 24.0.1312.6 \n * Google Chrome 24.0.1312.7 \n * Google Chrome 24.0.1312.70 \n * Google Chrome 24.0.1312.8 \n * Google Chrome 24.0.1312.9 \n * Google Chrome 25 \n * Google Chrome 25.0.1364.0 \n * Google Chrome 25.0.1364.1 \n * Google Chrome 25.0.1364.10 \n * Google Chrome 25.0.1364.108 \n * Google Chrome 25.0.1364.11 \n * Google Chrome 25.0.1364.110 \n * Google Chrome 25.0.1364.112 \n * Google Chrome 25.0.1364.113 \n * Google Chrome 25.0.1364.114 \n * Google Chrome 25.0.1364.115 \n * Google Chrome 25.0.1364.116 \n * Google Chrome 25.0.1364.117 \n * Google Chrome 25.0.1364.118 \n * Google Chrome 25.0.1364.119 \n * Google Chrome 25.0.1364.12 \n * Google Chrome 25.0.1364.120 \n * Google Chrome 25.0.1364.121 \n * Google Chrome 25.0.1364.122 \n * Google Chrome 25.0.1364.123 \n * Google Chrome 25.0.1364.124 \n * Google Chrome 25.0.1364.125 \n * Google Chrome 25.0.1364.126 \n * Google Chrome 25.0.1364.13 \n * Google Chrome 25.0.1364.14 \n * Google Chrome 25.0.1364.15 \n * Google Chrome 25.0.1364.152 \n * Google Chrome 25.0.1364.16 \n * Google Chrome 25.0.1364.160 \n * Google Chrome 25.0.1364.17 \n * Google Chrome 25.0.1364.172 \n * Google Chrome 25.0.1364.18 \n * Google Chrome 25.0.1364.19 \n * Google Chrome 25.0.1364.2 \n * Google Chrome 25.0.1364.20 \n * Google Chrome 25.0.1364.21 \n * Google Chrome 25.0.1364.22 \n * Google Chrome 25.0.1364.23 \n * Google Chrome 25.0.1364.24 \n * Google Chrome 25.0.1364.25 \n * Google Chrome 25.0.1364.26 \n * Google Chrome 25.0.1364.27 \n * Google Chrome 25.0.1364.28 \n * Google Chrome 25.0.1364.29 \n * Google Chrome 25.0.1364.3 \n * Google Chrome 25.0.1364.30 \n * Google Chrome 25.0.1364.31 \n * Google Chrome 25.0.1364.32 \n * Google Chrome 25.0.1364.33 \n * Google Chrome 25.0.1364.34 \n * Google Chrome 25.0.1364.35 \n * Google Chrome 25.0.1364.36 \n * Google Chrome 25.0.1364.37 \n * Google Chrome 25.0.1364.38 \n * Google Chrome 25.0.1364.39 \n * Google Chrome 25.0.1364.40 \n * Google Chrome 25.0.1364.41 \n * Google Chrome 25.0.1364.42 \n * Google Chrome 25.0.1364.43 \n * Google Chrome 25.0.1364.44 \n * Google Chrome 25.0.1364.45 \n * Google Chrome 25.0.1364.46 \n * Google Chrome 25.0.1364.47 \n * Google Chrome 25.0.1364.48 \n * Google Chrome 25.0.1364.49 \n * Google Chrome 25.0.1364.5 \n * Google Chrome 25.0.1364.50 \n * Google Chrome 25.0.1364.51 \n * Google Chrome 25.0.1364.52 \n * Google Chrome 25.0.1364.53 \n * Google Chrome 25.0.1364.54 \n * Google Chrome 25.0.1364.55 \n * Google Chrome 25.0.1364.56 \n * Google Chrome 25.0.1364.57 \n * Google Chrome 25.0.1364.58 \n * Google Chrome 25.0.1364.61 \n * Google Chrome 25.0.1364.62 \n * Google Chrome 25.0.1364.63 \n * Google Chrome 25.0.1364.65 \n * Google Chrome 25.0.1364.66 \n * Google Chrome 25.0.1364.67 \n * Google Chrome 25.0.1364.68 \n * Google Chrome 25.0.1364.7 \n * Google Chrome 25.0.1364.70 \n * Google Chrome 25.0.1364.72 \n * Google Chrome 25.0.1364.73 \n * Google Chrome 25.0.1364.74 \n * Google Chrome 25.0.1364.75 \n * Google Chrome 25.0.1364.76 \n * Google Chrome 25.0.1364.77 \n * Google Chrome 25.0.1364.78 \n * Google Chrome 25.0.1364.79 \n * Google Chrome 25.0.1364.8 \n * Google Chrome 25.0.1364.80 \n * Google Chrome 25.0.1364.81 \n * Google Chrome 25.0.1364.82 \n * Google Chrome 25.0.1364.84 \n * Google Chrome 25.0.1364.85 \n * Google Chrome 25.0.1364.86 \n * Google Chrome 25.0.1364.87 \n * Google Chrome 25.0.1364.88 \n * Google Chrome 25.0.1364.89 \n * Google Chrome 25.0.1364.9 \n * Google Chrome 25.0.1364.90 \n * Google Chrome 25.0.1364.91 \n * Google Chrome 25.0.1364.92 \n * Google Chrome 25.0.1364.93 \n * Google Chrome 25.0.1364.95 \n * Google Chrome 25.0.1364.97 \n * Google Chrome 25.0.1364.98 \n * Google Chrome 25.0.1364.99 \n * Google Chrome 26.0.1410.28 \n * Google Chrome 26.0.1410.43 \n * Google Chrome 26.0.1410.46 \n * Google Chrome 26.0.1410.53 \n * Google Chrome 26.0.1410.63 \n * Google Chrome 26.0.1410.64 \n * Google Chrome 27.0.1444.0 \n * Google Chrome 27.0.1444.3 \n * Google Chrome 27.0.1453.0 \n * Google Chrome 27.0.1453.1 \n * Google Chrome 27.0.1453.10 \n * Google Chrome 27.0.1453.102 \n * Google Chrome 27.0.1453.103 \n * Google Chrome 27.0.1453.104 \n * Google Chrome 27.0.1453.105 \n * Google Chrome 27.0.1453.106 \n * Google Chrome 27.0.1453.107 \n * Google Chrome 27.0.1453.108 \n * Google Chrome 27.0.1453.109 \n * Google Chrome 27.0.1453.11 \n * Google Chrome 27.0.1453.110 \n * Google Chrome 27.0.1453.111 \n * Google Chrome 27.0.1453.112 \n * Google Chrome 27.0.1453.113 \n * Google Chrome 27.0.1453.114 \n * Google Chrome 27.0.1453.115 \n * Google Chrome 27.0.1453.116 \n * Google Chrome 27.0.1453.12 \n * Google Chrome 27.0.1453.13 \n * Google Chrome 27.0.1453.15 \n * Google Chrome 27.0.1453.2 \n * Google Chrome 27.0.1453.3 \n * Google Chrome 27.0.1453.34 \n * Google Chrome 27.0.1453.35 \n * Google Chrome 27.0.1453.36 \n * Google Chrome 27.0.1453.37 \n * Google Chrome 27.0.1453.38 \n * Google Chrome 27.0.1453.39 \n * Google Chrome 27.0.1453.4 \n * Google Chrome 27.0.1453.40 \n * Google Chrome 27.0.1453.41 \n * Google Chrome 27.0.1453.42 \n * Google Chrome 27.0.1453.43 \n * Google Chrome 27.0.1453.44 \n * Google Chrome 27.0.1453.45 \n * Google Chrome 27.0.1453.46 \n * Google Chrome 27.0.1453.47 \n * Google Chrome 27.0.1453.49 \n * Google Chrome 27.0.1453.5 \n * Google Chrome 27.0.1453.50 \n * Google Chrome 27.0.1453.51 \n * Google Chrome 27.0.1453.52 \n * Google Chrome 27.0.1453.54 \n * Google Chrome 27.0.1453.55 \n * Google Chrome 27.0.1453.56 \n * Google Chrome 27.0.1453.57 \n * Google Chrome 27.0.1453.58 \n * Google Chrome 27.0.1453.59 \n * Google Chrome 27.0.1453.6 \n * Google Chrome 27.0.1453.60 \n * Google Chrome 27.0.1453.61 \n * Google Chrome 27.0.1453.62 \n * Google Chrome 27.0.1453.63 \n * Google Chrome 27.0.1453.64 \n * Google Chrome 27.0.1453.65 \n * Google Chrome 27.0.1453.66 \n * Google Chrome 27.0.1453.67 \n * Google Chrome 27.0.1453.68 \n * Google Chrome 27.0.1453.69 \n * Google Chrome 27.0.1453.7 \n * Google Chrome 27.0.1453.70 \n * Google Chrome 27.0.1453.71 \n * Google Chrome 27.0.1453.72 \n * Google Chrome 27.0.1453.73 \n * Google Chrome 27.0.1453.74 \n * Google Chrome 27.0.1453.75 \n * Google Chrome 27.0.1453.76 \n * Google Chrome 27.0.1453.77 \n * Google Chrome 27.0.1453.78 \n * Google Chrome 27.0.1453.79 \n * Google Chrome 27.0.1453.8 \n * Google Chrome 27.0.1453.80 \n * Google Chrome 27.0.1453.81 \n * Google Chrome 27.0.1453.82 \n * Google Chrome 27.0.1453.83 \n * Google Chrome 27.0.1453.84 \n * Google Chrome 27.0.1453.85 \n * Google Chrome 27.0.1453.86 \n * Google Chrome 27.0.1453.87 \n * Google Chrome 27.0.1453.88 \n * Google Chrome 27.0.1453.89 \n * Google Chrome 27.0.1453.9 \n * Google Chrome 27.0.1453.90 \n * Google Chrome 27.0.1453.91 \n * Google Chrome 27.0.1453.93 \n * Google Chrome 27.0.1453.94 \n * Google Chrome 28.0.1498.0 \n * Google Chrome 28.0.1500.0 \n * Google Chrome 28.0.1500.10 \n * Google Chrome 28.0.1500.11 \n * Google Chrome 28.0.1500.12 \n * Google Chrome 28.0.1500.13 \n * Google Chrome 28.0.1500.14 \n * Google Chrome 28.0.1500.15 \n * Google Chrome 28.0.1500.16 \n * Google Chrome 28.0.1500.17 \n * Google Chrome 28.0.1500.18 \n * Google Chrome 28.0.1500.19 \n * Google Chrome 28.0.1500.2 \n * Google Chrome 28.0.1500.20 \n * Google Chrome 28.0.1500.21 \n * Google Chrome 28.0.1500.22 \n * Google Chrome 28.0.1500.23 \n * Google Chrome 28.0.1500.24 \n * Google Chrome 28.0.1500.25 \n * Google Chrome 28.0.1500.26 \n * Google Chrome 28.0.1500.27 \n * Google Chrome 28.0.1500.28 \n * Google Chrome 28.0.1500.29 \n * Google Chrome 28.0.1500.3 \n * Google Chrome 28.0.1500.31 \n * Google Chrome 28.0.1500.32 \n * Google Chrome 28.0.1500.33 \n * Google Chrome 28.0.1500.34 \n * Google Chrome 28.0.1500.35 \n * Google Chrome 28.0.1500.36 \n * Google Chrome 28.0.1500.37 \n * Google Chrome 28.0.1500.38 \n * Google Chrome 28.0.1500.39 \n * Google Chrome 28.0.1500.4 \n * Google Chrome 28.0.1500.40 \n * Google Chrome 28.0.1500.41 \n * Google Chrome 28.0.1500.42 \n * Google Chrome 28.0.1500.43 \n * Google Chrome 28.0.1500.44 \n * Google Chrome 28.0.1500.45 \n * Google Chrome 28.0.1500.46 \n * Google Chrome 28.0.1500.47 \n * Google Chrome 28.0.1500.48 \n * Google Chrome 28.0.1500.49 \n * Google Chrome 28.0.1500.5 \n * Google Chrome 28.0.1500.50 \n * Google Chrome 28.0.1500.51 \n * Google Chrome 28.0.1500.52 \n * Google Chrome 28.0.1500.53 \n * Google Chrome 28.0.1500.54 \n * Google Chrome 28.0.1500.56 \n * Google Chrome 28.0.1500.58 \n * Google Chrome 28.0.1500.59 \n * Google Chrome 28.0.1500.6 \n * Google Chrome 28.0.1500.60 \n * Google Chrome 28.0.1500.61 \n * Google Chrome 28.0.1500.62 \n * Google Chrome 28.0.1500.63 \n * Google Chrome 28.0.1500.64 \n * Google Chrome 28.0.1500.66 \n * Google Chrome 28.0.1500.68 \n * Google Chrome 28.0.1500.70 \n * Google Chrome 28.0.1500.71 \n * Google Chrome 28.0.1500.72 \n * Google Chrome 28.0.1500.8 \n * Google Chrome 28.0.1500.89 \n * Google Chrome 28.0.1500.9 \n * Google Chrome 28.0.1500.91 \n * Google Chrome 28.0.1500.93 \n * Google Chrome 28.0.1500.94 \n * Google Chrome 28.0.1500.95 \n * Google Chrome 29.0.1547.0 \n * Google Chrome 29.0.1547.10 \n * Google Chrome 29.0.1547.12 \n * Google Chrome 29.0.1547.14 \n * Google Chrome 29.0.1547.16 \n * Google Chrome 29.0.1547.18 \n * Google Chrome 29.0.1547.2 \n * Google Chrome 29.0.1547.21 \n * Google Chrome 29.0.1547.23 \n * Google Chrome 29.0.1547.28 \n * Google Chrome 29.0.1547.3 \n * Google Chrome 29.0.1547.31 \n * Google Chrome 29.0.1547.33 \n * Google Chrome 29.0.1547.35 \n * Google Chrome 29.0.1547.37 \n * Google Chrome 29.0.1547.39 \n * Google Chrome 29.0.1547.40 \n * Google Chrome 29.0.1547.42 \n * Google Chrome 29.0.1547.46 \n * Google Chrome 29.0.1547.48 \n * Google Chrome 29.0.1547.5 \n * Google Chrome 29.0.1547.51 \n * Google Chrome 29.0.1547.53 \n * Google Chrome 29.0.1547.55 \n * Google Chrome 29.0.1547.57 \n * Google Chrome 29.0.1547.7 \n * Google Chrome 29.0.1547.76 \n * Google Chrome 29.0.1547.9 \n * Google Chrome 3 \n * Google Chrome 3.0 Beta \n * Google Chrome 3.0.182.2 \n * Google Chrome 3.0.190.2 \n * Google Chrome 3.0.193.2 Beta \n * Google Chrome 3.0.195.2 \n * Google Chrome 3.0.195.21 \n * Google Chrome 3.0.195.24 \n * Google Chrome 3.0.195.25 \n * Google Chrome 3.0.195.27 \n * Google Chrome 3.0.195.32 \n * Google Chrome 3.0.195.33 \n * Google Chrome 3.0.195.36 \n * Google Chrome 3.0.195.37 \n * Google Chrome 3.0.195.38 \n * Google Chrome 30.0.1599.0 \n * Google Chrome 30.0.1599.10 \n * Google Chrome 30.0.1599.100 \n * Google Chrome 30.0.1599.101 \n * Google Chrome 30.0.1599.12 \n * Google Chrome 30.0.1599.14 \n * Google Chrome 30.0.1599.16 \n * Google Chrome 30.0.1599.18 \n * Google Chrome 30.0.1599.2 \n * Google Chrome 30.0.1599.21 \n * Google Chrome 30.0.1599.23 \n * Google Chrome 30.0.1599.25 \n * Google Chrome 30.0.1599.27 \n * Google Chrome 30.0.1599.29 \n * Google Chrome 30.0.1599.31 \n * Google Chrome 30.0.1599.33 \n * Google Chrome 30.0.1599.35 \n * Google Chrome 30.0.1599.37 \n * Google Chrome 30.0.1599.39 \n * Google Chrome 30.0.1599.40 \n * Google Chrome 30.0.1599.42 \n * Google Chrome 30.0.1599.44 \n * Google Chrome 30.0.1599.48 \n * Google Chrome 30.0.1599.5 \n * Google Chrome 30.0.1599.51 \n * Google Chrome 30.0.1599.53 \n * Google Chrome 30.0.1599.57 \n * Google Chrome 30.0.1599.59 \n * Google Chrome 30.0.1599.60 \n * Google Chrome 30.0.1599.64 \n * Google Chrome 30.0.1599.66 \n * Google Chrome 30.0.1599.67 \n * Google Chrome 30.0.1599.68 \n * Google Chrome 30.0.1599.69 \n * Google Chrome 30.0.1599.7 \n * Google Chrome 30.0.1599.79 \n * Google Chrome 30.0.1599.80 \n * Google Chrome 30.0.1599.81 \n * Google Chrome 30.0.1599.82 \n * Google Chrome 30.0.1599.84 \n * Google Chrome 30.0.1599.85 \n * Google Chrome 30.0.1599.86 \n * Google Chrome 30.0.1599.87 \n * Google Chrome 30.0.1599.88 \n * Google Chrome 30.0.1599.9 \n * Google Chrome 30.0.1599.90 \n * Google Chrome 31.0.1650.0 \n * Google Chrome 31.0.1650.10 \n * Google Chrome 31.0.1650.11 \n * Google Chrome 31.0.1650.12 \n * Google Chrome 31.0.1650.13 \n * Google Chrome 31.0.1650.14 \n * Google Chrome 31.0.1650.15 \n * Google Chrome 31.0.1650.16 \n * Google Chrome 31.0.1650.17 \n * Google Chrome 31.0.1650.18 \n * Google Chrome 31.0.1650.19 \n * Google Chrome 31.0.1650.2 \n * Google Chrome 31.0.1650.20 \n * Google Chrome 31.0.1650.22 \n * Google Chrome 31.0.1650.23 \n * Google Chrome 31.0.1650.25 \n * Google Chrome 31.0.1650.26 \n * Google Chrome 31.0.1650.27 \n * Google Chrome 31.0.1650.28 \n * Google Chrome 31.0.1650.29 \n * Google Chrome 31.0.1650.3 \n * Google Chrome 31.0.1650.30 \n * Google Chrome 31.0.1650.31 \n * Google Chrome 31.0.1650.32 \n * Google Chrome 31.0.1650.33 \n * Google Chrome 31.0.1650.34 \n * Google Chrome 31.0.1650.35 \n * Google Chrome 31.0.1650.36 \n * Google Chrome 31.0.1650.37 \n * Google Chrome 31.0.1650.38 \n * Google Chrome 31.0.1650.39 \n * Google Chrome 31.0.1650.4 \n * Google Chrome 31.0.1650.41 \n * Google Chrome 31.0.1650.42 \n * Google Chrome 31.0.1650.43 \n * Google Chrome 31.0.1650.44 \n * Google Chrome 31.0.1650.45 \n * Google Chrome 31.0.1650.46 \n * Google Chrome 31.0.1650.47 \n * Google Chrome 31.0.1650.48 \n * Google Chrome 31.0.1650.49 \n * Google Chrome 31.0.1650.5 \n * Google Chrome 31.0.1650.50 \n * Google Chrome 31.0.1650.52 \n * Google Chrome 31.0.1650.54 \n * Google Chrome 31.0.1650.57 \n * Google Chrome 31.0.1650.58 \n * Google Chrome 31.0.1650.6 \n * Google Chrome 31.0.1650.60 \n * Google Chrome 31.0.1650.61 \n * Google Chrome 31.0.1650.62 \n * Google Chrome 31.0.1650.63 \n * Google Chrome 31.0.1650.7 \n * Google Chrome 31.0.1650.8 \n * Google Chrome 31.0.1650.9 \n * Google Chrome 32.0.1651.2 \n * Google Chrome 32.0.1652.1 \n * Google Chrome 32.0.1653.1 \n * Google Chrome 32.0.1654.0 \n * Google Chrome 32.0.1654.3 \n * Google Chrome 32.0.1655.1 \n * Google Chrome 32.0.1656.1 \n * Google Chrome 32.0.1657.0 \n * Google Chrome 32.0.1658.0 \n * Google Chrome 32.0.1658.2 \n * Google Chrome 32.0.1659.1 \n * Google Chrome 32.0.1659.3 \n * Google Chrome 32.0.1660.1 \n * Google Chrome 32.0.1661.0 \n * Google Chrome 32.0.1662.0 \n * Google Chrome 32.0.1662.2 \n * Google Chrome 32.0.1663.1 \n * Google Chrome 32.0.1663.3 \n * Google Chrome 32.0.1664.1 \n * Google Chrome 32.0.1664.3 \n * Google Chrome 32.0.1666.0 \n * Google Chrome 32.0.1667.0 \n * Google Chrome 32.0.1668.0 \n * Google Chrome 32.0.1668.2 \n * Google Chrome 32.0.1668.4 \n * Google Chrome 32.0.1668.6 \n * Google Chrome 32.0.1669.1 \n * Google Chrome 32.0.1669.3 \n * Google Chrome 32.0.1670.1 \n * Google Chrome 32.0.1670.3 \n * Google Chrome 32.0.1670.5 \n * Google Chrome 32.0.1671.2 \n * Google Chrome 32.0.1671.4 \n * Google Chrome 32.0.1671.8 \n * Google Chrome 32.0.1672.2 \n * Google Chrome 32.0.1673.2 \n * Google Chrome 32.0.1673.4 \n * Google Chrome 32.0.1674.1 \n * Google Chrome 32.0.1675.0 \n * Google Chrome 32.0.1675.2 \n * Google Chrome 32.0.1676.0 \n * Google Chrome 32.0.1676.2 \n * Google Chrome 32.0.1677.1 \n * Google Chrome 32.0.1678.1 \n * Google Chrome 32.0.1679.0 \n * Google Chrome 32.0.1680.0 \n * Google Chrome 32.0.1681.0 \n * Google Chrome 32.0.1681.3 \n * Google Chrome 32.0.1682.3 \n * Google Chrome 32.0.1682.5 \n * Google Chrome 32.0.1683.1 \n * Google Chrome 32.0.1684.0 \n * Google Chrome 32.0.1684.2 \n * Google Chrome 32.0.1685.0 \n * Google Chrome 32.0.1685.2 \n * Google Chrome 32.0.1686.0 \n * Google Chrome 32.0.1687.0 \n * Google Chrome 32.0.1688.0 \n * Google Chrome 32.0.1689.0 \n * Google Chrome 32.0.1689.2 \n * Google Chrome 32.0.1690.0 \n * Google Chrome 32.0.1700.0 \n * Google Chrome 32.0.1700.100 \n * Google Chrome 32.0.1700.102 \n * Google Chrome 32.0.1700.103 \n * Google Chrome 32.0.1700.107 \n * Google Chrome 32.0.1700.11 \n * Google Chrome 32.0.1700.13 \n * Google Chrome 32.0.1700.15 \n * Google Chrome 32.0.1700.17 \n * Google Chrome 32.0.1700.19 \n * Google Chrome 32.0.1700.21 \n * Google Chrome 32.0.1700.23 \n * Google Chrome 32.0.1700.26 \n * Google Chrome 32.0.1700.28 \n * Google Chrome 32.0.1700.3 \n * Google Chrome 32.0.1700.31 \n * Google Chrome 32.0.1700.33 \n * Google Chrome 32.0.1700.35 \n * Google Chrome 32.0.1700.39 \n * Google Chrome 32.0.1700.41 \n * Google Chrome 32.0.1700.50 \n * Google Chrome 32.0.1700.52 \n * Google Chrome 32.0.1700.54 \n * Google Chrome 32.0.1700.56 \n * Google Chrome 32.0.1700.58 \n * Google Chrome 32.0.1700.6 \n * Google Chrome 32.0.1700.63 \n * Google Chrome 32.0.1700.65 \n * Google Chrome 32.0.1700.67 \n * Google Chrome 32.0.1700.69 \n * Google Chrome 32.0.1700.70 \n * Google Chrome 32.0.1700.74 \n * Google Chrome 32.0.1700.76 \n * Google Chrome 32.0.1700.77 \n * Google Chrome 32.0.1700.9 \n * Google Chrome 32.0.1700.95 \n * Google Chrome 32.0.1700.97 \n * Google Chrome 32.0.1700.98 \n * Google Chrome 33.0.1750.0 \n * Google Chrome 33.0.1750.10 \n * Google Chrome 33.0.1750.106 \n * Google Chrome 33.0.1750.108 \n * Google Chrome 33.0.1750.11 \n * Google Chrome 33.0.1750.111 \n * Google Chrome 33.0.1750.113 \n * Google Chrome 33.0.1750.116 \n * Google Chrome 33.0.1750.117 \n * Google Chrome 33.0.1750.124 \n * Google Chrome 33.0.1750.125 \n * Google Chrome 33.0.1750.13 \n * Google Chrome 33.0.1750.132 \n * Google Chrome 33.0.1750.135 \n * Google Chrome 33.0.1750.14 \n * Google Chrome 33.0.1750.144 \n * Google Chrome 33.0.1750.146 \n * Google Chrome 33.0.1750.149 \n * Google Chrome 33.0.1750.151 \n * Google Chrome 33.0.1750.152 \n * Google Chrome 33.0.1750.154 \n * Google Chrome 33.0.1750.16 \n * Google Chrome 33.0.1750.166 \n * Google Chrome 33.0.1750.168 \n * Google Chrome 33.0.1750.19 \n * Google Chrome 33.0.1750.20 \n * Google Chrome 33.0.1750.22 \n * Google Chrome 33.0.1750.24 \n * Google Chrome 33.0.1750.26 \n * Google Chrome 33.0.1750.28 \n * Google Chrome 33.0.1750.3 \n * Google Chrome 33.0.1750.31 \n * Google Chrome 33.0.1750.35 \n * Google Chrome 33.0.1750.37 \n * Google Chrome 33.0.1750.39 \n * Google Chrome 33.0.1750.40 \n * Google Chrome 33.0.1750.42 \n * Google Chrome 33.0.1750.44 \n * Google Chrome 33.0.1750.46 \n * Google Chrome 33.0.1750.48 \n * Google Chrome 33.0.1750.5 \n * Google Chrome 33.0.1750.51 \n * Google Chrome 33.0.1750.53 \n * Google Chrome 33.0.1750.55 \n * Google Chrome 33.0.1750.57 \n * Google Chrome 33.0.1750.59 \n * Google Chrome 33.0.1750.60 \n * Google Chrome 33.0.1750.62 \n * Google Chrome 33.0.1750.64 \n * Google Chrome 33.0.1750.66 \n * Google Chrome 33.0.1750.68 \n * Google Chrome 33.0.1750.7 \n * Google Chrome 33.0.1750.71 \n * Google Chrome 33.0.1750.74 \n * Google Chrome 33.0.1750.76 \n * Google Chrome 33.0.1750.79 \n * Google Chrome 33.0.1750.80 \n * Google Chrome 33.0.1750.82 \n * Google Chrome 33.0.1750.85 \n * Google Chrome 33.0.1750.89 \n * Google Chrome 33.0.1750.90 \n * Google Chrome 33.0.1750.92 \n * Google Chrome 34.0.1847.0 \n * Google Chrome 34.0.1847.10 \n * Google Chrome 34.0.1847.101 \n * Google Chrome 34.0.1847.103 \n * Google Chrome 34.0.1847.109 \n * Google Chrome 34.0.1847.112 \n * Google Chrome 34.0.1847.114 \n * Google Chrome 34.0.1847.116 \n * Google Chrome 34.0.1847.118 \n * Google Chrome 34.0.1847.120 \n * Google Chrome 34.0.1847.130 \n * Google Chrome 34.0.1847.131 \n * Google Chrome 34.0.1847.132 \n * Google Chrome 34.0.1847.134 \n * Google Chrome 34.0.1847.136 \n * Google Chrome 34.0.1847.137 \n * Google Chrome 34.0.1847.15 \n * Google Chrome 34.0.1847.23 \n * Google Chrome 34.0.1847.25 \n * Google Chrome 34.0.1847.36 \n * Google Chrome 34.0.1847.38 \n * Google Chrome 34.0.1847.4 \n * Google Chrome 34.0.1847.42 \n * Google Chrome 34.0.1847.44 \n * Google Chrome 34.0.1847.46 \n * Google Chrome 34.0.1847.48 \n * Google Chrome 34.0.1847.5 \n * Google Chrome 34.0.1847.51 \n * Google Chrome 34.0.1847.53 \n * Google Chrome 34.0.1847.55 \n * Google Chrome 34.0.1847.57 \n * Google Chrome 34.0.1847.59 \n * Google Chrome 34.0.1847.60 \n * Google Chrome 34.0.1847.62 \n * Google Chrome 34.0.1847.64 \n * Google Chrome 34.0.1847.66 \n * Google Chrome 34.0.1847.68 \n * Google Chrome 34.0.1847.7 \n * Google Chrome 34.0.1847.72 \n * Google Chrome 34.0.1847.74 \n * Google Chrome 34.0.1847.76 \n * Google Chrome 34.0.1847.78 \n * Google Chrome 34.0.1847.8 \n * Google Chrome 34.0.1847.81 \n * Google Chrome 34.0.1847.83 \n * Google Chrome 34.0.1847.86 \n * Google Chrome 34.0.1847.9 \n * Google Chrome 34.0.1847.92 \n * Google Chrome 34.0.1847.97 \n * Google Chrome 34.0.1847.99 \n * Google Chrome 35.0.1916.0 \n * Google Chrome 35.0.1916.10 \n * Google Chrome 35.0.1916.103 \n * Google Chrome 35.0.1916.105 \n * Google Chrome 35.0.1916.107 \n * Google Chrome 35.0.1916.109 \n * Google Chrome 35.0.1916.110 \n * Google Chrome 35.0.1916.112 \n * Google Chrome 35.0.1916.114 \n * Google Chrome 35.0.1916.13 \n * Google Chrome 35.0.1916.15 \n * Google Chrome 35.0.1916.153 \n * Google Chrome 35.0.1916.18 \n * Google Chrome 35.0.1916.2 \n * Google Chrome 35.0.1916.21 \n * Google Chrome 35.0.1916.23 \n * Google Chrome 35.0.1916.3 \n * Google Chrome 35.0.1916.32 \n * Google Chrome 35.0.1916.34 \n * Google Chrome 35.0.1916.36 \n * Google Chrome 35.0.1916.38 \n * Google Chrome 35.0.1916.4 \n * Google Chrome 35.0.1916.41 \n * Google Chrome 35.0.1916.43 \n * Google Chrome 35.0.1916.45 \n * Google Chrome 35.0.1916.47 \n * Google Chrome 35.0.1916.49 \n * Google Chrome 35.0.1916.51 \n * Google Chrome 35.0.1916.54 \n * Google Chrome 35.0.1916.57 \n * Google Chrome 35.0.1916.6 \n * Google Chrome 35.0.1916.68 \n * Google Chrome 35.0.1916.7 \n * Google Chrome 35.0.1916.72 \n * Google Chrome 35.0.1916.77 \n * Google Chrome 35.0.1916.80 \n * Google Chrome 35.0.1916.84 \n * Google Chrome 35.0.1916.86 \n * Google Chrome 35.0.1916.9 \n * Google Chrome 35.0.1916.92 \n * Google Chrome 35.0.1916.95 \n * Google Chrome 35.0.1916.98 \n * Google Chrome 36.0.1985.122 \n * Google Chrome 36.0.1985.143 \n * Google Chrome 37.0.2062.0 \n * Google Chrome 37.0.2062.10 \n * Google Chrome 37.0.2062.12 \n * Google Chrome 37.0.2062.120 \n * Google Chrome 37.0.2062.124 \n * Google Chrome 37.0.2062.14 \n * Google Chrome 37.0.2062.16 \n * Google Chrome 37.0.2062.18 \n * Google Chrome 37.0.2062.2 \n * Google Chrome 37.0.2062.21 \n * Google Chrome 37.0.2062.23 \n * Google Chrome 37.0.2062.25 \n * Google Chrome 37.0.2062.27 \n * Google Chrome 37.0.2062.29 \n * Google Chrome 37.0.2062.30 \n * Google Chrome 37.0.2062.32 \n * Google Chrome 37.0.2062.34 \n * Google Chrome 37.0.2062.36 \n * Google Chrome 37.0.2062.39 \n * Google Chrome 37.0.2062.43 \n * Google Chrome 37.0.2062.45 \n * Google Chrome 37.0.2062.47 \n * Google Chrome 37.0.2062.49 \n * Google Chrome 37.0.2062.50 \n * Google Chrome 37.0.2062.52 \n * Google Chrome 37.0.2062.54 \n * Google Chrome 37.0.2062.56 \n * Google Chrome 37.0.2062.58 \n * Google Chrome 37.0.2062.6 \n * Google Chrome 37.0.2062.61 \n * Google Chrome 37.0.2062.63 \n * Google Chrome 37.0.2062.65 \n * Google Chrome 37.0.2062.67 \n * Google Chrome 37.0.2062.69 \n * Google Chrome 37.0.2062.70 \n * Google Chrome 37.0.2062.72 \n * Google Chrome 37.0.2062.74 \n * Google Chrome 37.0.2062.76 \n * Google Chrome 37.0.2062.78 \n * Google Chrome 37.0.2062.80 \n * Google Chrome 37.0.2062.89 \n * Google Chrome 37.0.2062.90 \n * Google Chrome 37.0.2062.92 \n * Google Chrome 37.0.2062.94 \n * Google Chrome 37.0.2062.95 \n * Google Chrome 37.0.2062.97 \n * Google Chrome 38.0.2125.101 \n * Google Chrome 38.0.2125.101 ~~~Android~~ \n * Google Chrome 38.0.2125.122 \n * Google Chrome 39.0.2171.63 \n * Google Chrome 39.0.2171.65 \n * Google Chrome 4 \n * Google Chrome 4.0.211.0 \n * Google Chrome 4.0.212.0 \n * Google Chrome 4.0.212.1 \n * Google Chrome 4.0.221.8 \n * Google Chrome 4.0.222.0 \n * Google Chrome 4.0.222.1 \n * Google Chrome 4.0.222.12 \n * Google Chrome 4.0.222.5 \n * Google Chrome 4.0.223.0 \n * Google Chrome 4.0.223.1 \n * Google Chrome 4.0.223.2 \n * Google Chrome 4.0.223.4 \n * Google Chrome 4.0.223.5 \n * Google Chrome 4.0.223.7 \n * Google Chrome 4.0.223.8 \n * Google Chrome 4.0.224.0 \n * Google Chrome 4.0.229.1 \n * Google Chrome 4.0.235.0 \n * Google Chrome 4.0.236.0 \n * Google Chrome 4.0.237.0 \n * Google Chrome 4.0.237.1 \n * Google Chrome 4.0.239.0 \n * Google Chrome 4.0.240.0 \n * Google Chrome 4.0.241.0 \n * Google Chrome 4.0.242.0 \n * Google Chrome 4.0.243.0 \n * Google Chrome 4.0.244.0 \n * Google Chrome 4.0.245.0 \n * Google Chrome 4.0.246.0 \n * Google Chrome 4.0.247.0 \n * Google Chrome 4.0.248.0 \n * Google Chrome 4.0.249.0 \n * Google Chrome 4.0.249.1 \n * Google Chrome 4.0.249.10 \n * Google Chrome 4.0.249.11 \n * Google Chrome 4.0.249.12 \n * Google Chrome 4.0.249.14 \n * Google Chrome 4.0.249.16 \n * Google Chrome 4.0.249.17 \n * Google Chrome 4.0.249.18 \n * Google Chrome 4.0.249.19 \n * Google Chrome 4.0.249.2 \n * Google Chrome 4.0.249.20 \n * Google Chrome 4.0.249.21 \n * Google Chrome 4.0.249.22 \n * Google Chrome 4.0.249.23 \n * Google Chrome 4.0.249.24 \n * Google Chrome 4.0.249.25 \n * Google Chrome 4.0.249.26 \n * Google Chrome 4.0.249.27 \n * Google Chrome 4.0.249.28 \n * Google Chrome 4.0.249.29 \n * Google Chrome 4.0.249.3 \n * Google Chrome 4.0.249.30 \n * Google Chrome 4.0.249.31 \n * Google Chrome 4.0.249.32 \n * Google Chrome 4.0.249.33 \n * Google Chrome 4.0.249.34 \n * Google Chrome 4.0.249.35 \n * Google Chrome 4.0.249.36 \n * Google Chrome 4.0.249.37 \n * Google Chrome 4.0.249.38 \n * Google Chrome 4.0.249.39 \n * Google Chrome 4.0.249.4 \n * Google Chrome 4.0.249.40 \n * Google Chrome 4.0.249.41 \n * Google Chrome 4.0.249.42 \n * Google Chrome 4.0.249.43 \n * Google Chrome 4.0.249.44 \n * Google Chrome 4.0.249.45 \n * Google Chrome 4.0.249.46 \n * Google Chrome 4.0.249.47 \n * Google Chrome 4.0.249.48 \n * Google Chrome 4.0.249.49 \n * Google Chrome 4.0.249.5 \n * Google Chrome 4.0.249.50 \n * Google Chrome 4.0.249.51 \n * Google Chrome 4.0.249.52 \n * Google Chrome 4.0.249.53 \n * Google Chrome 4.0.249.54 \n * Google Chrome 4.0.249.55 \n * Google Chrome 4.0.249.56 \n * Google Chrome 4.0.249.57 \n * Google Chrome 4.0.249.58 \n * Google Chrome 4.0.249.59 \n * Google Chrome 4.0.249.6 \n * Google Chrome 4.0.249.60 \n * Google Chrome 4.0.249.61 \n * Google Chrome 4.0.249.62 \n * Google Chrome 4.0.249.63 \n * Google Chrome 4.0.249.64 \n * Google Chrome 4.0.249.65 \n * Google Chrome 4.0.249.66 \n * Google Chrome 4.0.249.67 \n * Google Chrome 4.0.249.68 \n * Google Chrome 4.0.249.69 \n * Google Chrome 4.0.249.7 \n * Google Chrome 4.0.249.70 \n * Google Chrome 4.0.249.71 \n * Google Chrome 4.0.249.72 \n * Google Chrome 4.0.249.73 \n * Google Chrome 4.0.249.74 \n * Google Chrome 4.0.249.75 \n * Google Chrome 4.0.249.76 \n * Google Chrome 4.0.249.77 \n * Google Chrome 4.0.249.78 \n * Google Chrome 4.0.249.78 Beta \n * Google Chrome 4.0.249.79 \n * Google Chrome 4.0.249.8 \n * Google Chrome 4.0.249.80 \n * Google Chrome 4.0.249.81 \n * Google Chrome 4.0.249.82 \n * Google Chrome 4.0.249.89 \n * Google Chrome 4.0.249.9 \n * Google Chrome 4.0.250.0 \n * Google Chrome 4.0.250.2 \n * Google Chrome 4.0.251.0 \n * Google Chrome 4.0.252.0 \n * Google Chrome 4.0.254.0 \n * Google Chrome 4.0.255.0 \n * Google Chrome 4.0.256.0 \n * Google Chrome 4.0.257.0 \n * Google Chrome 4.0.258.0 \n * Google Chrome 4.0.259.0 \n * Google Chrome 4.0.260.0 \n * Google Chrome 4.0.261.0 \n * Google Chrome 4.0.262.0 \n * Google Chrome 4.0.263.0 \n * Google Chrome 4.0.264.0 \n * Google Chrome 4.0.265.0 \n * Google Chrome 4.0.266.0 \n * Google Chrome 4.0.267.0 \n * Google Chrome 4.0.268.0 \n * Google Chrome 4.0.269.0 \n * Google Chrome 4.0.271.0 \n * Google Chrome 4.0.272.0 \n * Google Chrome 4.0.275.0 \n * Google Chrome 4.0.275.1 \n * Google Chrome 4.0.276.0 \n * Google Chrome 4.0.277.0 \n * Google Chrome 4.0.278.0 \n * Google Chrome 4.0.286.0 \n * Google Chrome 4.0.287.0 \n * Google Chrome 4.0.288.0 \n * Google Chrome 4.0.288.1 \n * Google Chrome 4.0.289.0 \n * Google Chrome 4.0.290.0 \n * Google Chrome 4.0.292.0 \n * Google Chrome 4.0.294.0 \n * Google Chrome 4.0.295.0 \n * Google Chrome 4.0.296.0 \n * Google Chrome 4.0.299.0 \n * Google Chrome 4.0.300.0 \n * Google Chrome 4.0.301.0 \n * Google Chrome 4.0.302.0 \n * Google Chrome 4.0.302.1 \n * Google Chrome 4.0.302.2 \n * Google Chrome 4.0.302.3 \n * Google Chrome 4.0.303.0 \n * Google Chrome 4.0.304.0 \n * Google Chrome 4.0.305.0 \n * Google Chrome 4.1 Beta \n * Google Chrome 4.1.249.0 \n * Google Chrome 4.1.249.1001 \n * Google Chrome 4.1.249.1004 \n * Google Chrome 4.1.249.1006 \n * Google Chrome 4.1.249.1007 \n * Google Chrome 4.1.249.1008 \n * Google Chrome 4.1.249.1009 \n * Google Chrome 4.1.249.1010 \n * Google Chrome 4.1.249.1011 \n * Google Chrome 4.1.249.1012 \n * Google Chrome 4.1.249.1013 \n * Google Chrome 4.1.249.1014 \n * Google Chrome 4.1.249.1015 \n * Google Chrome 4.1.249.1016 \n * Google Chrome 4.1.249.1017 \n * Google Chrome 4.1.249.1018 \n * Google Chrome 4.1.249.1019 \n * Google Chrome 4.1.249.1020 \n * Google Chrome 4.1.249.1021 \n * Google Chrome 4.1.249.1022 \n * Google Chrome 4.1.249.1023 \n * Google Chrome 4.1.249.1024 \n * Google Chrome 4.1.249.1025 \n * Google Chrome 4.1.249.1026 \n * Google Chrome 4.1.249.1027 \n * Google Chrome 4.1.249.1028 \n * Google Chrome 4.1.249.1029 \n * Google Chrome 4.1.249.1030 \n * Google Chrome 4.1.249.1031 \n * Google Chrome 4.1.249.1032 \n * Google Chrome 4.1.249.1033 \n * Google Chrome 4.1.249.1034 \n * Google Chrome 4.1.249.1035 \n * Google Chrome 4.1.249.1036 \n * Google Chrome 4.1.249.1037 \n * Google Chrome 4.1.249.1038 \n * Google Chrome 4.1.249.1039 \n * Google Chrome 4.1.249.1040 \n * Google Chrome 4.1.249.1041 \n * Google Chrome 4.1.249.1042 \n * Google Chrome 4.1.249.1043 \n * Google Chrome 4.1.249.1044 \n * Google Chrome 4.1.249.1045 \n * Google Chrome 4.1.249.1046 \n * Google Chrome 4.1.249.1047 \n * Google Chrome 4.1.249.1048 \n * Google Chrome 4.1.249.1049 \n * Google Chrome 4.1.249.1050 \n * Google Chrome 4.1.249.1051 \n * Google Chrome 4.1.249.1052 \n * Google Chrome 4.1.249.1053 \n * Google Chrome 4.1.249.1054 \n * Google Chrome 4.1.249.1055 \n * Google Chrome 4.1.249.1056 \n * Google Chrome 4.1.249.1057 \n * Google Chrome 4.1.249.1058 \n * Google Chrome 4.1.249.1059 \n * Google Chrome 4.1.249.1060 \n * Google Chrome 4.1.249.1061 \n * Google Chrome 4.1.249.1062 \n * Google Chrome 4.1.249.1063 \n * Google Chrome 4.1.249.1064 \n * Google Chrome 40.0.2214.111 \n * Google Chrome 40.0.2214.115 \n * Google Chrome 40.0.2214.85 \n * Google Chrome 40.0.2214.91 \n * Google Chrome 41.0.2272 \n * Google Chrome 41.0.2272.118 \n * Google Chrome 41.0.2272.76 \n * Google Chrome 42.0.2311 \n * Google Chrome 42.0.2311.135 \n * Google Chrome 42.0.2311.90 \n * Google Chrome 43.0.2357 \n * Google Chrome 43.0.2357.130 \n * Google Chrome 43.0.2357.65 \n * Google Chrome 44.0.2403 \n * Google Chrome 44.0.2403.157 \n * Google Chrome 44.0.2403.89 \n * Google Chrome 45.0.2454 \n * Google Chrome 45.0.2454.101 \n * Google Chrome 45.0.2454.85 \n * Google Chrome 46.0.2490 \n * Google Chrome 46.0.2490.71 \n * Google Chrome 46.0.2490.76 \n * Google Chrome 46.0.2490.86 \n * Google Chrome 47.0 \n * Google Chrome 47.0.2526.106 \n * Google Chrome 47.0.2526.73 \n * Google Chrome 47.0.2526.80 \n * Google Chrome 48.0.2564.109 \n * Google Chrome 48.0.2564.116 \n * Google Chrome 48.0.2564.82 \n * Google Chrome 49.0.2566.0 \n * Google Chrome 49.0.2623.108 \n * Google Chrome 49.0.2623.75 \n * Google Chrome 49.0.2623.87 \n * Google Chrome 5.0.306.0 \n * Google Chrome 5.0.306.1 \n * Google Chrome 5.0.307.1 \n * Google Chrome 5.0.307.10 \n * Google Chrome 5.0.307.11 \n * Google Chrome 5.0.307.3 \n * Google Chrome 5.0.307.4 \n * Google Chrome 5.0.307.5 \n * Google Chrome 5.0.307.6 \n * Google Chrome 5.0.307.7 \n * Google Chrome 5.0.307.8 \n * Google Chrome 5.0.307.9 \n * Google Chrome 5.0.308.0 \n * Google Chrome 5.0.309.0 \n * Google Chrome 5.0.313.0 \n * Google Chrome 5.0.314.0 \n * Google Chrome 5.0.314.1 \n * Google Chrome 5.0.315.0 \n * Google Chrome 5.0.316.0 \n * Google Chrome 5.0.317.0 \n * Google Chrome 5.0.317.1 \n * Google Chrome 5.0.317.2 \n * Google Chrome 5.0.318.0 \n * Google Chrome 5.0.319.0 \n * Google Chrome 5.0.320.0 \n * Google Chrome 5.0.321.0 \n * Google Chrome 5.0.322.0 \n * Google Chrome 5.0.322.1 \n * Google Chrome 5.0.322.2 \n * Google Chrome 5.0.323.0 \n * Google Chrome 5.0.324.0 \n * Google Chrome 5.0.325.0 \n * Google Chrome 5.0.326.0 \n * Google Chrome 5.0.327.0 \n * Google Chrome 5.0.328.0 \n * Google Chrome 5.0.329.0 \n * Google Chrome 5.0.330.0 \n * Google Chrome 5.0.332.0 \n * Google Chrome 5.0.333.0 \n * Google Chrome 5.0.334.0 \n * Google Chrome 5.0.335.0 \n * Google Chrome 5.0.335.1 \n * Google Chrome 5.0.335.2 \n * Google Chrome 5.0.335.3 \n * Google Chrome 5.0.335.4 \n * Google Chrome 5.0.336.0 \n * Google Chrome 5.0.337.0 \n * Google Chrome 5.0.338.0 \n * Google Chrome 5.0.339.0 \n * Google Chrome 5.0.340.0 \n * Google Chrome 5.0.341.0 \n * Google Chrome 5.0.342.0 \n * Google Chrome 5.0.342.1 \n * Google Chrome 5.0.342.2 \n * Google Chrome 5.0.342.3 \n * Google Chrome 5.0.342.4 \n * Google Chrome 5.0.342.5 \n * Google Chrome 5.0.342.6 \n * Google Chrome 5.0.342.7 \n * Google Chrome 5.0.342.7 Beta Mac \n * Google Chrome 5.0.342.8 \n * Google Chrome 5.0.342.9 \n * Google Chrome 5.0.343.0 \n * Google Chrome 5.0.344.0 \n * Google Chrome 5.0.345.0 \n * Google Chrome 5.0.346.0 \n * Google Chrome 5.0.347.0 \n * Google Chrome 5.0.348.0 \n * Google Chrome 5.0.349.0 \n * Google Chrome 5.0.350.0 \n * Google Chrome 5.0.350.1 \n * Google Chrome 5.0.351.0 \n * Google Chrome 5.0.353.0 \n * Google Chrome 5.0.354.0 \n * Google Chrome 5.0.354.1 \n * Google Chrome 5.0.355.0 \n * Google Chrome 5.0.356.0 \n * Google Chrome 5.0.356.1 \n * Google Chrome 5.0.356.2 \n * Google Chrome 5.0.357.0 \n * Google Chrome 5.0.358.0 \n * Google Chrome 5.0.359.0 \n * Google Chrome 5.0.360.0 \n * Google Chrome 5.0.360.3 \n * Google Chrome 5.0.360.4 \n * Google Chrome 5.0.360.5 \n * Google Chrome 5.0.361.0 \n * Google Chrome 5.0.362.0 \n * Google Chrome 5.0.363.0 \n * Google Chrome 5.0.364.0 \n * Google Chrome 5.0.365.0 \n * Google Chrome 5.0.366.0 \n * Google Chrome 5.0.366.1 \n * Google Chrome 5.0.366.2 \n * Google Chrome 5.0.366.3 \n * Google Chrome 5.0.366.4 \n * Google Chrome 5.0.367.0 \n * Google Chrome 5.0.368.0 \n * Google Chrome 5.0.369.0 \n * Google Chrome 5.0.369.1 \n * Google Chrome 5.0.369.2 \n * Google Chrome 5.0.370.0 \n * Google Chrome 5.0.371.0 \n * Google Chrome 5.0.372.0 \n * Google Chrome 5.0.373.0 \n * Google Chrome 5.0.374.0 \n * Google Chrome 5.0.375.0 \n * Google Chrome 5.0.375.1 \n * Google Chrome 5.0.375.10 \n * Google Chrome 5.0.375.11 \n * Google Chrome 5.0.375.12 \n * Google Chrome 5.0.375.125 \n * Google Chrome 5.0.375.126 \n * Google Chrome 5.0.375.127 \n * Google Chrome 5.0.375.13 \n * Google Chrome 5.0.375.14 \n * Google Chrome 5.0.375.15 \n * Google Chrome 5.0.375.16 \n * Google Chrome 5.0.375.17 \n * Google Chrome 5.0.375.18 \n * Google Chrome 5.0.375.19 \n * Google Chrome 5.0.375.2 \n * Google Chrome 5.0.375.20 \n * Google Chrome 5.0.375.21 \n * Google Chrome 5.0.375.22 \n * Google Chrome 5.0.375.23 \n * Google Chrome 5.0.375.25 \n * Google Chrome 5.0.375.26 \n * Google Chrome 5.0.375.27 \n * Google Chrome 5.0.375.28 \n * Google Chrome 5.0.375.29 \n * Google Chrome 5.0.375.3 \n * Google Chrome 5.0.375.30 \n * Google Chrome 5.0.375.31 \n * Google Chrome 5.0.375.32 \n * Google Chrome 5.0.375.33 \n * Google Chrome 5.0.375.34 \n * Google Chrome 5.0.375.35 \n * Google Chrome 5.0.375.36 \n * Google Chrome 5.0.375.37 \n * Google Chrome 5.0.375.38 \n * Google Chrome 5.0.375.39 \n * Google Chrome 5.0.375.4 \n * Google Chrome 5.0.375.40 \n * Google Chrome 5.0.375.41 \n * Google Chrome 5.0.375.42 \n * Google Chrome 5.0.375.43 \n * Google Chrome 5.0.375.44 \n * Google Chrome 5.0.375.45 \n * Google Chrome 5.0.375.46 \n * Google Chrome 5.0.375.47 \n * Google Chrome 5.0.375.48 \n * Google Chrome 5.0.375.49 \n * Google Chrome 5.0.375.5 \n * Google Chrome 5.0.375.50 \n * Google Chrome 5.0.375.51 \n * Google Chrome 5.0.375.52 \n * Google Chrome 5.0.375.53 \n * Google Chrome 5.0.375.54 \n * Google Chrome 5.0.375.55 \n * Google Chrome 5.0.375.56 \n * Google Chrome 5.0.375.57 \n * Google Chrome 5.0.375.58 \n * Google Chrome 5.0.375.59 \n * Google Chrome 5.0.375.6 \n * Google Chrome 5.0.375.60 \n * Google Chrome 5.0.375.61 \n * Google Chrome 5.0.375.62 \n * Google Chrome 5.0.375.63 \n * Google Chrome 5.0.375.64 \n * Google Chrome 5.0.375.65 \n * Google Chrome 5.0.375.66 \n * Google Chrome 5.0.375.67 \n * Google Chrome 5.0.375.68 \n * Google Chrome 5.0.375.69 \n * Google Chrome 5.0.375.7 \n * Google Chrome 5.0.375.70 \n * Google Chrome 5.0.375.71 \n * Google Chrome 5.0.375.72 \n * Google Chrome 5.0.375.73 \n * Google Chrome 5.0.375.74 \n * Google Chrome 5.0.375.75 \n * Google Chrome 5.0.375.76 \n * Google Chrome 5.0.375.77 \n * Google Chrome 5.0.375.78 \n * Google Chrome 5.0.375.79 \n * Google Chrome 5.0.375.8 \n * Google Chrome 5.0.375.80 \n * Google Chrome 5.0.375.81 \n * Google Chrome 5.0.375.82 \n * Google Chrome 5.0.375.83 \n * Google Chrome 5.0.375.84 \n * Google Chrome 5.0.375.85 \n * Google Chrome 5.0.375.86 \n * Google Chrome 5.0.375.87 \n * Google Chrome 5.0.375.88 \n * Google Chrome 5.0.375.89 \n * Google Chrome 5.0.375.9 \n * Google Chrome 5.0.375.90 \n * Google Chrome 5.0.375.91 \n * Google Chrome 5.0.375.92 \n * Google Chrome 5.0.375.93 \n * Google Chrome 5.0.375.94 \n * Google Chrome 5.0.375.95 \n * Google Chrome 5.0.375.96 \n * Google Chrome 5.0.375.97 \n * Google Chrome 5.0.375.98 \n * Google Chrome 5.0.375.99 \n * Google Chrome 5.0.376.0 \n * Google Chrome 5.0.378.0 \n * Google Chrome 5.0.379.0 \n * Google Chrome 5.0.380.0 \n * Google Chrome 5.0.381.0 \n * Google Chrome 5.0.382.0 \n * Google Chrome 5.0.382.3 \n * Google Chrome 5.0.383.0 \n * Google Chrome 5.0.384.0 \n * Google Chrome 5.0.385.0 \n * Google Chrome 5.0.386.0 \n * Google Chrome 5.0.387.0 \n * Google Chrome 5.0.390.0 \n * Google Chrome 5.0.391.0 \n * Google Chrome 5.0.392.0 \n * Google Chrome 5.0.393.0 \n * Google Chrome 5.0.394.0 \n * Google Chrome 5.0.395.0 \n * Google Chrome 5.0.396.0 \n * Google Chrome 50.0.2661.102 \n * Google Chrome 50.0.2661.75 \n * Google Chrome 50.0.2661.94 \n * Google Chrome 51.0.2704.103 \n * Google Chrome 51.0.2704.63 \n * Google Chrome 51.0.2704.79 \n * Google Chrome 52.0.2743.116 \n * Google Chrome 52.0.2743.82 \n * Google Chrome 53.0.2785.113 \n * Google Chrome 53.0.2785.143 \n * Google Chrome 53.0.2785.89 \n * Google Chrome 54.0.2840.59 \n * Google Chrome 54.0.2840.85 \n * Google Chrome 54.0.2840.87 \n * Google Chrome 54.0.2840.90 \n * Google Chrome 54.0.2840.98 \n * Google Chrome 54.0.2840.99 \n * Google Chrome 55.0.2883.75 \n * Google Chrome 56.0.2924.76 \n * Google Chrome 57.0.2987.133 \n * Google Chrome 57.0.2987.98 \n * Google Chrome 58.0.3029.81 \n * Google Chrome 58.0.3029.96 \n * Google Chrome 59.0.3071.104 \n * Google Chrome 59.0.3071.115 \n * Google Chrome 59.0.3071.86 \n * Google Chrome 6.0.397.0 \n * Google Chrome 6.0.398.0 \n * Google Chrome 6.0.399.0 \n * Google Chrome 6.0.400.0 \n * Google Chrome 6.0.401.0 \n * Google Chrome 6.0.401.1 \n * Google Chrome 6.0.403.0 \n * Google Chrome 6.0.404.0 \n * Google Chrome 6.0.404.1 \n * Google Chrome 6.0.404.2 \n * Google Chrome 6.0.405.0 \n * Google Chrome 6.0.406.0 \n * Google Chrome 6.0.407.0 \n * Google Chrome 6.0.408.0 \n * Google Chrome 6.0.408.1 \n * Google Chrome 6.0.408.10 \n * Google Chrome 6.0.408.2 \n * Google Chrome 6.0.408.3 \n * Google Chrome 6.0.408.4 \n * Google Chrome 6.0.408.5 \n * Google Chrome 6.0.408.6 \n * Google Chrome 6.0.408.7 \n * Google Chrome 6.0.408.8 \n * Google Chrome 6.0.408.9 \n * Google Chrome 6.0.409.0 \n * Google Chrome 6.0.410.0 \n * Google Chrome 6.0.411.0 \n * Google Chrome 6.0.412.0 \n * Google Chrome 6.0.413.0 \n * Google Chrome 6.0.414.0 \n * Google Chrome 6.0.415.0 \n * Google Chrome 6.0.415.1 \n * Google Chrome 6.0.416.0 \n * Google Chrome 6.0.416.1 \n * Google Chrome 6.0.417.0 \n * Google Chrome 6.0.418.0 \n * Google Chrome 6.0.418.1 \n * Google Chrome 6.0.418.2 \n * Google Chrome 6.0.418.3 \n * Google Chrome 6.0.418.4 \n * Google Chrome 6.0.418.5 \n * Google Chrome 6.0.418.6 \n * Google Chrome 6.0.418.7 \n * Google Chrome 6.0.418.8 \n * Google Chrome 6.0.418.9 \n * Google Chrome 6.0.419.0 \n * Google Chrome 6.0.421.0 \n * Google Chrome 6.0.422.0 \n * Google Chrome 6.0.423.0 \n * Google Chrome 6.0.424.0 \n * Google Chrome 6.0.425.0 \n * Google Chrome 6.0.426.0 \n * Google Chrome 6.0.427.0 \n * Google Chrome 6.0.428.0 \n * Google Chrome 6.0.430.0 \n * Google Chrome 6.0.431.0 \n * Google Chrome 6.0.432.0 \n * Google Chrome 6.0.433.0 \n * Google Chrome 6.0.434.0 \n * Google Chrome 6.0.435.0 \n * Google Chrome 6.0.436.0 \n * Google Chrome 6.0.437.0 \n * Google Chrome 6.0.437.1 \n * Google Chrome 6.0.437.2 \n * Google Chrome 6.0.437.3 \n * Google Chrome 6.0.438.0 \n * Google Chrome 6.0.440.0 \n * Google Chrome 6.0.441.0 \n * Google Chrome 6.0.443.0 \n * Google Chrome 6.0.444.0 \n * Google Chrome 6.0.445.0 \n * Google Chrome 6.0.445.1 \n * Google Chrome 6.0.446.0 \n * Google Chrome 6.0.447.0 \n * Google Chrome 6.0.447.1 \n * Google Chrome 6.0.447.2 \n * Google Chrome 6.0.449.0 \n * Google Chrome 6.0.450.0 \n * Google Chrome 6.0.450.1 \n * Google Chrome 6.0.450.2 \n * Google Chrome 6.0.450.3 \n * Google Chrome 6.0.450.4 \n * Google Chrome 6.0.451.0 \n * Google Chrome 6.0.452.0 \n * Google Chrome 6.0.452.1 \n * Google Chrome 6.0.453.0 \n * Google Chrome 6.0.453.1 \n * Google Chrome 6.0.454.0 \n * Google Chrome 6.0.455.0 \n * Google Chrome 6.0.456.0 \n * Google Chrome 6.0.457.0 \n * Google Chrome 6.0.458.0 \n * Google Chrome 6.0.458.1 \n * Google Chrome 6.0.458.2 \n * Google Chrome 6.0.459.0 \n * Google Chrome 6.0.460.0 \n * Google Chrome 6.0.461.0 \n * Google Chrome 6.0.462.0 \n * Google Chrome 6.0.464.1 \n * Google Chrome 6.0.465.1 \n * Google Chrome 6.0.465.2 \n * Google Chrome 6.0.466.0 \n * Google Chrome 6.0.466.1 \n * Google Chrome 6.0.466.2 \n * Google Chrome 6.0.466.3 \n * Google Chrome 6.0.466.4 \n * Google Chrome 6.0.466.5 \n * Google Chrome 6.0.466.6 \n * Google Chrome 6.0.467.0 \n * Google Chrome 6.0.469.0 \n * Google Chrome 6.0.470.0 \n * Google Chrome 6.0.471.0 \n * Google Chrome 6.0.472.0 \n * Google Chrome 6.0.472.1 \n * Google Chrome 6.0.472.10 \n * Google Chrome 6.0.472.11 \n * Google Chrome 6.0.472.12 \n * Google Chrome 6.0.472.13 \n * Google Chrome 6.0.472.14 \n * Google Chrome 6.0.472.15 \n * Google Chrome 6.0.472.16 \n * Google Chrome 6.0.472.17 \n * Google Chrome 6.0.472.18 \n * Google Chrome 6.0.472.19 \n * Google Chrome 6.0.472.2 \n * Google Chrome 6.0.472.20 \n * Google Chrome 6.0.472.21 \n * Google Chrome 6.0.472.22 \n * Google Chrome 6.0.472.23 \n * Google Chrome 6.0.472.24 \n * Google Chrome 6.0.472.25 \n * Google Chrome 6.0.472.26 \n * Google Chrome 6.0.472.27 \n * Google Chrome 6.0.472.28 \n * Google Chrome 6.0.472.29 \n * Google Chrome 6.0.472.3 \n * Google Chrome 6.0.472.30 \n * Google Chrome 6.0.472.31 \n * Google Chrome 6.0.472.32 \n * Google Chrome 6.0.472.33 \n * Google Chrome 6.0.472.34 \n * Google Chrome 6.0.472.35 \n * Google Chrome 6.0.472.36 \n * Google Chrome 6.0.472.37 \n * Google Chrome 6.0.472.38 \n * Google Chrome 6.0.472.39 \n * Google Chrome 6.0.472.4 \n * Google Chrome 6.0.472.40 \n * Google Chrome 6.0.472.41 \n * Google Chrome 6.0.472.42 \n * Google Chrome 6.0.472.43 \n * Google Chrome 6.0.472.44 \n * Google Chrome 6.0.472.45 \n * Google Chrome 6.0.472.46 \n * Google Chrome 6.0.472.47 \n * Google Chrome 6.0.472.48 \n * Google Chrome 6.0.472.49 \n * Google Chrome 6.0.472.5 \n * Google Chrome 6.0.472.50 \n * Google Chrome 6.0.472.51 \n * Google Chrome 6.0.472.52 \n * Google Chrome 6.0.472.53 \n * Google Chrome 6.0.472.54 \n * Google Chrome 6.0.472.55 \n * Google Chrome 6.0.472.56 \n * Google Chrome 6.0.472.57 \n * Google Chrome 6.0.472.58 \n * Google Chrome 6.0.472.59 \n * Google Chrome 6.0.472.6 \n * Google Chrome 6.0.472.60 \n * Google Chrome 6.0.472.61 \n * Google Chrome 6.0.472.62 \n * Google Chrome 6.0.472.63 \n * Google Chrome 6.0.472.7 \n * Google Chrome 6.0.472.8 \n * Google Chrome 6.0.472.9 \n * Google Chrome 6.0.473.0 \n * Google Chrome 6.0.474.0 \n * Google Chrome 6.0.475.0 \n * Google Chrome 6.0.476.0 \n * Google Chrome 6.0.477.0 \n * Google Chrome 6.0.478.0 \n * Google Chrome 6.0.479.0 \n * Google Chrome 6.0.480.0 \n * Google Chrome 6.0.481.0 \n * Google Chrome 6.0.482.0 \n * Google Chrome 6.0.483.0 \n * Google Chrome 6.0.484.0 \n * Google Chrome 6.0.485.0 \n * Google Chrome 6.0.486.0 \n * Google Chrome 6.0.487.0 \n * Google Chrome 6.0.488.0 \n * Google Chrome 6.0.489.0 \n * Google Chrome 6.0.490.0 \n * Google Chrome 6.0.490.1 \n * Google Chrome 6.0.491.0 \n * Google Chrome 6.0.492.0 \n * Google Chrome 6.0.493.0 \n * Google Chrome 6.0.494.0 \n * Google Chrome 6.0.495.0 \n * Google Chrome 6.0.495.1 \n * Google Chrome 6.0.496.0 \n * Google Chrome 60.0.3080.5 \n * Google Chrome 60.0.3112.78 \n * Google Chrome 60.0.3112.80 \n * Google Chrome 61.0.3163.100 \n * Google Chrome 61.0.3163.79 \n * Google Chrome 62.0.3202.62 \n * Google Chrome 62.0.3202.75 \n * Google Chrome 62.0.3202.89 \n * Google Chrome 7.0.497.0 \n * Google Chrome 7.0.498.0 \n * Google Chrome 7.0.499.0 \n * Google Chrome 7.0.499.1 \n * Google Chrome 7.0.500.0 \n * Google Chrome 7.0.500.1 \n * Google Chrome 7.0.503.0 \n * Google Chrome 7.0.503.1 \n * Google Chrome 7.0.504.0 \n * Google Chrome 7.0.505.0 \n * Google Chrome 7.0.506.0 \n * Google Chrome 7.0.507.0 \n * Google Chrome 7.0.507.1 \n * Google Chrome 7.0.507.2 \n * Google Chrome 7.0.507.3 \n * Google Chrome 7.0.509.0 \n * Google Chrome 7.0.510.0 \n * Google Chrome 7.0.511.1 \n * Google Chrome 7.0.511.2 \n * Google Chrome 7.0.511.4 \n * Google Chrome 7.0.512.0 \n * Google Chrome 7.0.513.0 \n * Google Chrome 7.0.514.0 \n * Google Chrome 7.0.514.1 \n * Google Chrome 7.0.515.0 \n * Google Chrome 7.0.516.0 \n * Google Chrome 7.0.517.0 \n * Google Chrome 7.0.517.10 \n * Google Chrome 7.0.517.11 \n * Google Chrome 7.0.517.12 \n * Google Chrome 7.0.517.13 \n * Google Chrome 7.0.517.14 \n * Google Chrome 7.0.517.16 \n * Google Chrome 7.0.517.17 \n * Google Chrome 7.0.517.18 \n * Google Chrome 7.0.517.19 \n * Google Chrome 7.0.517.2 \n * Google Chrome 7.0.517.20 \n * Google Chrome 7.0.517.21 \n * Google Chrome 7.0.517.22 \n * Google Chrome 7.0.517.23 \n * Google Chrome 7.0.517.24 \n * Google Chrome 7.0.517.25 \n * Google Chrome 7.0.517.26 \n * Google Chrome 7.0.517.27 \n * Google Chrome 7.0.517.28 \n * Google Chrome 7.0.517.29 \n * Google Chrome 7.0.517.30 \n * Google Chrome 7.0.517.31 \n * Google Chrome 7.0.517.32 \n * Google Chrome 7.0.517.33 \n * Google Chrome 7.0.517.34 \n * Google Chrome 7.0.517.35 \n * Google Chrome 7.0.517.36 \n * Google Chrome 7.0.517.37 \n * Google Chrome 7.0.517.38 \n * Google Chrome 7.0.517.39 \n * Google Chrome 7.0.517.4 \n * Google Chrome 7.0.517.40 \n * Google Chrome 7.0.517.41 \n * Google Chrome 7.0.517.42 \n * Google Chrome 7.0.517.43 \n * Google Chrome 7.0.517.44 \n * Google Chrome 7.0.517.5 \n * Google Chrome 7.0.517.6 \n * Google Chrome 7.0.517.7 \n * Google Chrome 7.0.517.8 \n * Google Chrome 7.0.517.9 \n * Google Chrome 7.0.518.0 \n * Google Chrome 7.0.519.0 \n * Google Chrome 7.0.520.0 \n * Google Chrome 7.0.521.0 \n * Google Chrome 7.0.522.0 \n * Google Chrome 7.0.524.0 \n * Google Chrome 7.0.525.0 \n * Google Chrome 7.0.526.0 \n * Google Chrome 7.0.528.0 \n * Google Chrome 7.0.529.0 \n * Google Chrome 7.0.529.1 \n * Google Chrome 7.0.529.2 \n * Google Chrome 7.0.530.0 \n * Google Chrome 7.0.531.0 \n * Google Chrome 7.0.531.1 \n * Google Chrome 7.0.531.2 \n * Google Chrome 7.0.535.1 \n * Google Chrome 7.0.535.2 \n * Google Chrome 7.0.536.0 \n * Google Chrome 7.0.536.1 \n * Google Chrome 7.0.536.2 \n * Google Chrome 7.0.536.3 \n * Google Chrome 7.0.536.4 \n * Google Chrome 7.0.537.0 \n * Google Chrome 7.0.538.0 \n * Google Chrome 7.0.539.0 \n * Google Chrome 7.0.540.0 \n * Google Chrome 7.0.541.0 \n * Google Chrome 7.0.542.0 \n * Google Chrome 7.0.544.0 \n * Google Chrome 7.0.547.0 \n * Google Chrome 7.0.547.1 \n * Google Chrome 7.0.548.0 \n * Google Chrome 8.0.549.0 \n * Google Chrome 8.0.550.0 \n * Google Chrome 8.0.551.0 \n * Google Chrome 8.0.551.1 \n * Google Chrome 8.0.552.0 \n * Google Chrome 8.0.552.1 \n * Google Chrome 8.0.552.10 \n * Google Chrome 8.0.552.100 \n * Google Chrome 8.0.552.101 \n * Google Chrome 8.0.552.102 \n * Google Chrome 8.0.552.103 \n * Google Chrome 8.0.552.104 \n * Google Chrome 8.0.552.105 \n * Google Chrome 8.0.552.11 \n * Google Chrome 8.0.552.12 \n * Google Chrome 8.0.552.13 \n * Google Chrome 8.0.552.14 \n * Google Chrome 8.0.552.15 \n * Google Chrome 8.0.552.16 \n * Google Chrome 8.0.552.17 \n * Google Chrome 8.0.552.18 \n * Google Chrome 8.0.552.19 \n * Google Chrome 8.0.552.2 \n * Google Chrome 8.0.552.20 \n * Google Chrome 8.0.552.200 \n * Google Chrome 8.0.552.201 \n * Google Chrome 8.0.552.202 \n * Google Chrome 8.0.552.203 \n * Google Chrome 8.0.552.204 \n * Google Chrome 8.0.552.205 \n * Google Chrome 8.0.552.206 \n * Google Chrome 8.0.552.207 \n * Google Chrome 8.0.552.208 \n * Google Chrome 8.0.552.209 \n * Google Chrome 8.0.552.21 \n * Google Chrome 8.0.552.210 \n * Google Chrome 8.0.552.211 \n * Google Chrome 8.0.552.212 \n * Google Chrome 8.0.552.213 \n * Google Chrome 8.0.552.214 \n * Google Chrome 8.0.552.215 \n * Google Chrome 8.0.552.216 \n * Google Chrome 8.0.552.217 \n * Google Chrome 8.0.552.218 \n * Google Chrome 8.0.552.219 \n * Google Chrome 8.0.552.220 \n * Google Chrome 8.0.552.221 \n * Google Chrome 8.0.552.222 \n * Google Chrome 8.0.552.223 \n * Google Chrome 8.0.552.224 \n * Google Chrome 8.0.552.225 \n * Google Chrome 8.0.552.226 \n * Google Chrome 8.0.552.227 \n * Google Chrome 8.0.552.228 \n * Google Chrome 8.0.552.229 \n * Google Chrome 8.0.552.23 \n * Google Chrome 8.0.552.230 \n * Google Chrome 8.0.552.231 \n * Google Chrome 8.0.552.232 \n * Google Chrome 8.0.552.233 \n * Google Chrome 8.0.552.234 \n * Google Chrome 8.0.552.235 \n * Google Chrome 8.0.552.237 \n * Google Chrome 8.0.552.24 \n * Google Chrome 8.0.552.25 \n * Google Chrome 8.0.552.26 \n * Google Chrome 8.0.552.27 \n * Google Chrome 8.0.552.28 \n * Google Chrome 8.0.552.29 \n * Google Chrome 8.0.552.300 \n * Google Chrome 8.0.552.301 \n * Google Chrome 8.0.552.302 \n * Google Chrome 8.0.552.303 \n * Google Chrome 8.0.552.304 \n * Google Chrome 8.0.552.305 \n * Google Chrome 8.0.552.306 \n * Google Chrome 8.0.552.307 \n * Google Chrome 8.0.552.308 \n * Google Chrome 8.0.552.309 \n * Google Chrome 8.0.552.310 \n * Google Chrome 8.0.552.311 \n * Google Chrome 8.0.552.312 \n * Google Chrome 8.0.552.313 \n * Google Chrome 8.0.552.315 \n * Google Chrome 8.0.552.316 \n * Google Chrome 8.0.552.317 \n * Google Chrome 8.0.552.318 \n * Google Chrome 8.0.552.319 \n * Google Chrome 8.0.552.320 \n * Google Chrome 8.0.552.321 \n * Google Chrome 8.0.552.322 \n * Google Chrome 8.0.552.323 \n * Google Chrome 8.0.552.324 \n * Google Chrome 8.0.552.325 \n * Google Chrome 8.0.552.326 \n * Google Chrome 8.0.552.327 \n * Google Chrome 8.0.552.328 \n * Google Chrome 8.0.552.329 \n * Google Chrome 8.0.552.330 \n * Google Chrome 8.0.552.331 \n * Google Chrome 8.0.552.332 \n * Google Chrome 8.0.552.333 \n * Google Chrome 8.0.552.334 \n * Google Chrome 8.0.552.335 \n * Google Chrome 8.0.552.336 \n * Google Chrome 8.0.552.337 \n * Google Chrome 8.0.552.338 \n * Google Chrome 8.0.552.339 \n * Google Chrome 8.0.552.340 \n * Google Chrome 8.0.552.341 \n * Google Chrome 8.0.552.342 \n * Google Chrome 8.0.552.343 \n * Google Chrome 8.0.552.344 \n * Google Chrome 8.0.552.35 \n * Google Chrome 8.0.552.4 \n * Google Chrome 8.0.552.40 \n * Google Chrome 8.0.552.41 \n * Google Chrome 8.0.552.42 \n * Google Chrome 8.0.552.43 \n * Google Chrome 8.0.552.44 \n * Google Chrome 8.0.552.45 \n * Google Chrome 8.0.552.47 \n * Google Chrome 8.0.552.48 \n * Google Chrome 8.0.552.49 \n * Google Chrome 8.0.552.5 \n * Google Chrome 8.0.552.50 \n * Google Chrome 8.0.552.51 \n * Google Chrome 8.0.552.52 \n * Google Chrome 8.0.552.6 \n * Google Chrome 8.0.552.7 \n * Google Chrome 8.0.552.8 \n * Google Chrome 8.0.552.9 \n * Google Chrome 8.0.553.0 \n * Google Chrome 8.0.554.0 \n * Google Chrome 8.0.556.0 \n * Google Chrome 8.0.557.0 \n * Google Chrome 8.0.558.0 \n * Google Chrome 8.0.559.0 \n * Google Chrome 8.0.560.0 \n * Google Chrome 8.0.561.0 \n * Google Chrome 9 \n * Google Chrome 9.0.562.0 \n * Google Chrome 9.0.563.0 \n * Google Chrome 9.0.564.0 \n * Google Chrome 9.0.565.0 \n * Google Chrome 9.0.566.0 \n * Google Chrome 9.0.567.0 \n * Google Chrome 9.0.568.0 \n * Google Chrome 9.0.569.0 \n * Google Chrome 9.0.570.0 \n * Google Chrome 9.0.570.1 \n * Google Chrome 9.0.571.0 \n * Google Chrome 9.0.572.0 \n * Google Chrome 9.0.572.1 \n * Google Chrome 9.0.573.0 \n * Google Chrome 9.0.574.0 \n * Google Chrome 9.0.575.0 \n * Google Chrome 9.0.576.0 \n * Google Chrome 9.0.577.0 \n * Google Chrome 9.0.578.0 \n * Google Chrome 9.0.579.0 \n * Google Chrome 9.0.580.0 \n * Google Chrome 9.0.581.0 \n * Google Chrome 9.0.582.0 \n * Google Chrome 9.0.583.0 \n * Google Chrome 9.0.584.0 \n * Google Chrome 9.0.585.0 \n * Google Chrome 9.0.586.0 \n * Google Chrome 9.0.587.0 \n * Google Chrome 9.0.587.1 \n * Google Chrome 9.0.588.0 \n * Google Chrome 9.0.589.0 \n * Google Chrome 9.0.590.0 \n * Google Chrome 9.0.591.0 \n * Google Chrome 9.0.592.0 \n * Google Chrome 9.0.593.0 \n * Google Chrome 9.0.594.0 \n * Google Chrome 9.0.595.0 \n * Google Chrome 9.0.596.0 \n * Google Chrome 9.0.597.0 \n * Google Chrome 9.0.597.1 \n * Google Chrome 9.0.597.10 \n * Google Chrome 9.0.597.100 \n * Google Chrome 9.0.597.101 \n * Google Chrome 9.0.597.102 \n * Google Chrome 9.0.597.106 \n * Google Chrome 9.0.597.107 \n * Google Chrome 9.0.597.11 \n * Google Chrome 9.0.597.12 \n * Google Chrome 9.0.597.14 \n * Google Chrome 9.0.597.15 \n * Google Chrome 9.0.597.16 \n * Google Chrome 9.0.597.17 \n * Google Chrome 9.0.597.18 \n * Google Chrome 9.0.597.19 \n * Google Chrome 9.0.597.2 \n * Google Chrome 9.0.597.20 \n * Google Chrome 9.0.597.21 \n * Google Chrome 9.0.597.22 \n * Google Chrome 9.0.597.23 \n * Google Chrome 9.0.597.24 \n * Google Chrome 9.0.597.25 \n * Google Chrome 9.0.597.26 \n * Google Chrome 9.0.597.27 \n * Google Chrome 9.0.597.28 \n * Google Chrome 9.0.597.29 \n * Google Chrome 9.0.597.30 \n * Google Chrome 9.0.597.31 \n * Google Chrome 9.0.597.32 \n * Google Chrome 9.0.597.33 \n * Google Chrome 9.0.597.34 \n * Google Chrome 9.0.597.35 \n * Google Chrome 9.0.597.36 \n * Google Chrome 9.0.597.37 \n * Google Chrome 9.0.597.38 \n * Google Chrome 9.0.597.39 \n * Google Chrome 9.0.597.4 \n * Google Chrome 9.0.597.40 \n * Google Chrome 9.0.597.41 \n * Google Chrome 9.0.597.42 \n * Google Chrome 9.0.597.44 \n * Google Chrome 9.0.597.45 \n * Google Chrome 9.0.597.46 \n * Google Chrome 9.0.597.47 \n * Google Chrome 9.0.597.5 \n * Google Chrome 9.0.597.54 \n * Google Chrome 9.0.597.55 \n * Google Chrome 9.0.597.56 \n * Google Chrome 9.0.597.57 \n * Google Chrome 9.0.597.58 \n * Google Chrome 9.0.597.59 \n * Google Chrome 9.0.597.60 \n * Google Chrome 9.0.597.62 \n * Google Chrome 9.0.597.63 \n * Google Chrome 9.0.597.64 \n * Google Chrome 9.0.597.65 \n * Google Chrome 9.0.597.66 \n * Google Chrome 9.0.597.67 \n * Google Chrome 9.0.597.68 \n * Google Chrome 9.0.597.69 \n * Google Chrome 9.0.597.7 \n * Google Chrome 9.0.597.70 \n * Google Chrome 9.0.597.71 \n * Google Chrome 9.0.597.72 \n * Google Chrome 9.0.597.73 \n * Google Chrome 9.0.597.74 \n * Google Chrome 9.0.597.75 \n * Google Chrome 9.0.597.76 \n * Google Chrome 9.0.597.77 \n * Google Chrome 9.0.597.78 \n * Google Chrome 9.0.597.79 \n * Google Chrome 9.0.597.8 \n * Google Chrome 9.0.597.80 \n * Google Chrome 9.0.597.81 \n * Google Chrome 9.0.597.82 \n * Google Chrome 9.0.597.83 \n * Google Chrome 9.0.597.84 \n * Google Chrome 9.0.597.85 \n * Google Chrome 9.0.597.86 \n * Google Chrome 9.0.597.88 \n * Google Chrome 9.0.597.9 \n * Google Chrome 9.0.597.90 \n * Google Chrome 9.0.597.92 \n * Google Chrome 9.0.597.94 \n * Google Chrome 9.0.597.96 \n * Google Chrome 9.0.597.97 \n * Google Chrome 9.0.597.98 \n * Google Chrome 9.0.597.99 \n * Google Chrome 9.0.598.0 \n * Google Chrome 9.0.599.0 \n * Google Chrome 9.0.600.0 \n * Google Chrome OS 0.10.140.0 \n * Google Chrome OS 0.9.110.6 \n * Google Chrome OS 0.9.126.0 \n * Google Chrome OS 0.9.128.3 \n * Google Chrome OS 0.9.130.14 Beta \n * Google Chrome OS 0.9.131.0 \n * Google Chrome OS 0.9.134.14 \n * Google Chrome OS 20.0.1132.0 \n * Google Chrome OS 20.0.1132.1 \n * Google Chrome OS 20.0.1132.10 \n * Google Chrome OS 20.0.1132.11 \n * Google Chrome OS 20.0.1132.12 \n * Google Chrome OS 20.0.1132.13 \n * Google Chrome OS 20.0.1132.14 \n * Google Chrome OS 20.0.1132.15 \n * Google Chrome OS 20.0.1132.16 \n * Google Chrome OS 20.0.1132.17 \n * Google Chrome OS 20.0.1132.18 \n * Google Chrome OS 20.0.1132.19 \n * Google Chrome OS 20.0.1132.2 \n * Google Chrome OS 20.0.1132.20 \n * Google Chrome OS 20.0.1132.21 \n * Google Chrome OS 20.0.1132.3 \n * Google Chrome OS 20.0.1132.4 \n * Google Chrome OS 20.0.1132.5 \n * Google Chrome OS 20.0.1132.6 \n * Google Chrome OS 20.0.1132.7 \n * Google Chrome OS 20.0.1132.8 \n * Google Chrome OS 20.0.1132.9 \n * Google Chrome OS 21.0.1180.0 \n * Google Chrome OS 21.0.1180.1 \n * Google Chrome OS 21.0.1180.10 \n * Google Chrome OS 21.0.1180.11 \n * Google Chrome OS 21.0.1180.13 \n * Google Chrome OS 21.0.1180.14 \n * Google Chrome OS 21.0.1180.15 \n * Google Chrome OS 21.0.1180.17 \n * Google Chrome OS 21.0.1180.18 \n * Google Chrome OS 21.0.1180.2 \n * Google Chrome OS 21.0.1180.3 \n * Google Chrome OS 21.0.1180.31 \n * Google Chrome OS 21.0.1180.32 \n * Google Chrome OS 21.0.1180.33 \n * Google Chrome OS 21.0.1180.34 \n * Google Chrome OS 21.0.1180.35 \n * Google Chrome OS 21.0.1180.36 \n * Google Chrome OS 21.0.1180.37 \n * Google Chrome OS 21.0.1180.38 \n * Google Chrome OS 21.0.1180.39 \n * Google Chrome OS 21.0.1180.4 \n * Google Chrome OS 21.0.1180.41 \n * Google Chrome OS 21.0.1180.46 \n * Google Chrome OS 21.0.1180.47 \n * Google Chrome OS 21.0.1180.48 \n * Google Chrome OS 21.0.1180.49 \n * Google Chrome OS 21.0.1180.5 \n * Google Chrome OS 21.0.1180.50 \n * Google Chrome OS 21.0.1180.51 \n * Google Chrome OS 21.0.1180.52 \n * Google Chrome OS 21.0.1180.53 \n * Google Chrome OS 21.0.1180.54 \n * Google Chrome OS 21.0.1180.55 \n * Google Chrome OS 21.0.1180.56 \n * Google Chrome OS 21.0.1180.57 \n * Google Chrome OS 21.0.1180.6 \n * Google Chrome OS 21.0.1180.7 \n * Google Chrome OS 21.0.1180.79 \n * Google Chrome OS 21.0.1180.8 \n * Google Chrome OS 21.0.1180.81 \n * Google Chrome OS 21.0.1180.9 \n * Google Chrome OS 21.0.1183.0 \n * Google Chrome OS 23.0.1271.94 \n * Google Chrome OS 25.0.1364.0 \n * Google Chrome OS 25.0.1364.1 \n * Google Chrome OS 25.0.1364.10 \n * Google Chrome OS 25.0.1364.108 \n * Google Chrome OS 25.0.1364.11 \n * Google Chrome OS 25.0.1364.110 \n * Google Chrome OS 25.0.1364.112 \n * Google Chrome OS 25.0.1364.113 \n * Google Chrome OS 25.0.1364.114 \n * Google Chrome OS 25.0.1364.115 \n * Google Chrome OS 25.0.1364.116 \n * Google Chrome OS 25.0.1364.117 \n * Google Chrome OS 25.0.1364.118 \n * Google Chrome OS 25.0.1364.119 \n * Google Chrome OS 25.0.1364.12 \n * Google Chrome OS 25.0.1364.120 \n * Google Chrome OS 25.0.1364.121 \n * Google Chrome OS 25.0.1364.122 \n * Google Chrome OS 25.0.1364.123 \n * Google Chrome OS 25.0.1364.124 \n * Google Chrome OS 25.0.1364.125 \n * Google Chrome OS 25.0.1364.126 \n * Google Chrome OS 25.0.1364.13 \n * Google Chrome OS 25.0.1364.14 \n * Google Chrome OS 25.0.1364.15 \n * Google Chrome OS 25.0.1364.152 \n * Google Chrome OS 25.0.1364.154 \n * Google Chrome OS 25.0.1364.155 \n * Google Chrome OS 25.0.1364.156 \n * Google Chrome OS 25.0.1364.159 \n * Google Chrome OS 25.0.1364.16 \n * Google Chrome OS 25.0.1364.160 \n * Google Chrome OS 25.0.1364.161 \n * Google Chrome OS 25.0.1364.168 \n * Google Chrome OS 25.0.1364.169 \n * Google Chrome OS 25.0.1364.17 \n * Google Chrome OS 25.0.1364.170 \n * Google Chrome OS 25.0.1364.171 \n * Google Chrome OS 25.0.1364.172 \n * Google Chrome OS 25.0.1364.173 \n * Google Chrome OS 25.0.1364.18 \n * Google Chrome OS 25.0.1364.19 \n * Google Chrome OS 25.0.1364.2 \n * Google Chrome OS 25.0.1364.20 \n * Google Chrome OS 25.0.1364.21 \n * Google Chrome OS 25.0.1364.22 \n * Google Chrome OS 25.0.1364.23 \n * Google Chrome OS 25.0.1364.24 \n * Google Chrome OS 25.0.1364.25 \n * Google Chrome OS 25.0.1364.26 \n * Google Chrome OS 25.0.1364.27 \n * Google Chrome OS 25.0.1364.28 \n * Google Chrome OS 25.0.1364.29 \n * Google Chrome OS 25.0.1364.3 \n * Google Chrome OS 25.0.1364.30 \n * Google Chrome OS 25.0.1364.31 \n * Google Chrome OS 25.0.1364.32 \n * Google Chrome OS 25.0.1364.33 \n * Google Chrome OS 25.0.1364.34 \n * Google Chrome OS 25.0.1364.35 \n * Google Chrome OS 25.0.1364.36 \n * Google Chrome OS 25.0.1364.37 \n * Google Chrome OS 25.0.1364.38 \n * Google Chrome OS 25.0.1364.39 \n * Google Chrome OS 25.0.1364.40 \n * Google Chrome OS 25.0.1364.41 \n * Google Chrome OS 25.0.1364.42 \n * Google Chrome OS 25.0.1364.43 \n * Google Chrome OS 25.0.1364.44 \n * Google Chrome OS 25.0.1364.45 \n * Google Chrome OS 25.0.1364.46 \n * Google Chrome OS 25.0.1364.47 \n * Google Chrome OS 25.0.1364.48 \n * Google Chrome OS 25.0.1364.49 \n * Google Chrome OS 25.0.1364.5 \n * Google Chrome OS 25.0.1364.50 \n * Google Chrome OS 25.0.1364.51 \n * Google Chrome OS 25.0.1364.52 \n * Google Chrome OS 25.0.1364.53 \n * Google Chrome OS 25.0.1364.54 \n * Google Chrome OS 25.0.1364.55 \n * Google Chrome OS 25.0.1364.56 \n * Google Chrome OS 25.0.1364.57 \n * Google Chrome OS 25.0.1364.58 \n * Google Chrome OS 25.0.1364.61 \n * Google Chrome OS 25.0.1364.62 \n * Google Chrome OS 25.0.1364.63 \n * Google Chrome OS 25.0.1364.65 \n * Google Chrome OS 25.0.1364.66 \n * Google Chrome OS 25.0.1364.67 \n * Google Chrome OS 25.0.1364.68 \n * Google Chrome OS 25.0.1364.7 \n * Google Chrome OS 25.0.1364.70 \n * Google Chrome OS 25.0.1364.72 \n * Google Chrome OS 25.0.1364.73 \n * Google Chrome OS 25.0.1364.74 \n * Google Chrome OS 25.0.1364.75 \n * Google Chrome OS 25.0.1364.76 \n * Google Chrome OS 25.0.1364.77 \n * Google Chrome OS 25.0.1364.78 \n * Google Chrome OS 25.0.1364.79 \n * Google Chrome OS 25.0.1364.8 \n * Google Chrome OS 25.0.1364.80 \n * Google Chrome OS 25.0.1364.81 \n * Google Chrome OS 25.0.1364.82 \n * Google Chrome OS 25.0.1364.84 \n * Google Chrome OS 25.0.1364.85 \n * Google Chrome OS 25.0.1364.86 \n * Google Chrome OS 25.0.1364.87 \n * Google Chrome OS 25.0.1364.88 \n * Google Chrome OS 25.0.1364.89 \n * Google Chrome OS 25.0.1364.9 \n * Google Chrome OS 25.0.1364.90 \n * Google Chrome OS 25.0.1364.91 \n * Google Chrome OS 25.0.1364.92 \n * Google Chrome OS 25.0.1364.93 \n * Google Chrome OS 25.0.1364.95 \n * Google Chrome OS 25.0.1364.98 \n * Google Chrome OS 25.0.1364.99 \n * Google Chrome OS 26.0.1410.0 \n * Google Chrome OS 26.0.1410.1 \n * Google Chrome OS 26.0.1410.10 \n * Google Chrome OS 26.0.1410.11 \n * Google Chrome OS 26.0.1410.12 \n * Google Chrome OS 26.0.1410.14 \n * Google Chrome OS 26.0.1410.15 \n * Google Chrome OS 26.0.1410.16 \n * Google Chrome OS 26.0.1410.17 \n * Google Chrome OS 26.0.1410.18 \n * Google Chrome OS 26.0.1410.19 \n * Google Chrome OS 26.0.1410.20 \n * Google Chrome OS 26.0.1410.21 \n * Google Chrome OS 26.0.1410.22 \n * Google Chrome OS 26.0.1410.23 \n * Google Chrome OS 26.0.1410.24 \n * Google Chrome OS 26.0.1410.25 \n * Google Chrome OS 26.0.1410.26 \n * Google Chrome OS 26.0.1410.27 \n * Google Chrome OS 26.0.1410.28 \n * Google Chrome OS 26.0.1410.29 \n * Google Chrome OS 26.0.1410.3 \n * Google Chrome OS 26.0.1410.30 \n * Google Chrome OS 26.0.1410.31 \n * Google Chrome OS 26.0.1410.32 \n * Google Chrome OS 26.0.1410.33 \n * Google Chrome OS 26.0.1410.34 \n * Google Chrome OS 26.0.1410.35 \n * Google Chrome OS 26.0.1410.36 \n * Google Chrome OS 26.0.1410.37 \n * Google Chrome OS 26.0.1410.38 \n * Google Chrome OS 26.0.1410.39 \n * Google Chrome OS 26.0.1410.4 \n * Google Chrome OS 26.0.1410.40 \n * Google Chrome OS 26.0.1410.41 \n * Google Chrome OS 26.0.1410.42 \n * Google Chrome OS 26.0.1410.43 \n * Google Chrome OS 26.0.1410.44 \n * Google Chrome OS 26.0.1410.45 \n * Google Chrome OS 26.0.1410.46 \n * Google Chrome OS 26.0.1410.47 \n * Google Chrome OS 26.0.1410.48 \n * Google Chrome OS 26.0.1410.49 \n * Google Chrome OS 26.0.1410.5 \n * Google Chrome OS 26.0.1410.50 \n * Google Chrome OS 26.0.1410.51 \n * Google Chrome OS 26.0.1410.52 \n * Google Chrome OS 26.0.1410.54 \n * Google Chrome OS 26.0.1410.55 \n * Google Chrome OS 26.0.1410.56 \n * Google Chrome OS 26.0.1410.57 \n * Google Chrome OS 26.0.1410.6 \n * Google Chrome OS 26.0.1410.7 \n * Google Chrome OS 26.0.1410.8 \n * Google Chrome OS 26.0.1410.9 \n * Google Chrome OS 28.0.1500.71 \n * Google Chrome OS 28.0.1500.95 \n * Google Chrome OS 32.0.1700.95 \n * Google Chrome OS 33.0.1750.152 \n * Google Chrome OS 35.0.1916.155 \n * Google Chrome OS 37.0.2062.119 \n * Google Chrome OS 40.0.2214.114 \n * Google Chrome OS 48.0.2564.116 \n * Google Chrome OS 48.0.2564.92 \n * Google Chrome OS 52.0.2743.85 \n * Google Chrome OS 53.0.2785.103 \n * Google Chrome OS 53.0.2785.144 \n * Google Chrome OS 54.0.2840.79 \n * Google Chrome OS 57.0.2987.137 \n * Google Chrome OS 58.0.3029.89 \n * Google Chrome OS 59.0.3071.91 \n * Google Chrome OS 59.0.3071.92 \n * Google Chrome OS 60.0.3112.114 \n * Google Chrome OS 61.0.3163.113 \n * Google Chrome OS 62.0.3202.97 \n * Google Chrome OS 8.0.552.342 \n * Google Chrome OS 8.0.552.343 \n * Google Chrome OS 8.0.552.344 \n * Google Nexus 5X \n * Google Nexus 6P \n * Google Pixel 2 XL \n * Google Pixel C \n * Google Pixel XL \n * Google V8 \n * HP ProLiant DL385 Gen10 Server 1.02 \n * IBM AIX 5.3 \n * IBM AIX 6.1 \n * IBM AIX 7.1 \n * IBM Aix 7.2 \n * IBM Vios 2.2.0 \n * Intel Xeon CPU E5-1650 v3 \n * Linux kernel 4.14.11 \n * Linux kernel 4.9.74 \n * Microsoft Edge \n * Microsoft Internet Explorer 11 \n * Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 3 \n * Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 3 \n * Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4 \n * Microsoft SQL Server 2008 for x64-based Systems Service Pack 4 \n * Microsoft SQL Server 2012 for 32-bit Systems Service Pack 3 \n * Microsoft SQL Server 2012 for 32-bit Systems Service Pack 4 \n * Microsoft SQL Server 2012 for x64-based Systems Service Pack 3 \n * Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 \n * Microsoft SQL Server 2014 for 32-bit Systems Service Pack 2 \n * Microsoft SQL Server 2014 for x64-based Systems Service Pack 2 \n * Microsoft SQL Server 2016 for x64-based Systems \n * Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 \n * Microsoft SQL Server 2017 for x64-based Systems \n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n * Mozilla Firefox 0.1 \n * Mozilla Firefox 0.10.0 \n * Mozilla Firefox 0.10.1 \n * Mozilla Firefox 0.2 \n * Mozilla Firefox 0.3 \n * Mozilla Firefox 0.4 \n * Mozilla Firefox 0.5 \n * Mozilla Firefox 0.6 \n * Mozilla Firefox 0.6.1 \n * Mozilla Firefox 0.7 \n * Mozilla Firefox 0.7.1 \n * Mozilla Firefox 0.8.0 \n * Mozilla Firefox 0.9.0 \n * Mozilla Firefox 0.9.1 \n * Mozilla Firefox 0.9.2 \n * Mozilla Firefox 0.9.3 \n * Mozilla Firefox 1.0.0 \n * Mozilla Firefox 1.0.1 \n * Mozilla Firefox 1.0.2 \n * Mozilla Firefox 1.0.3 \n * Mozilla Firefox 1.0.4 \n * Mozilla Firefox 1.0.5 \n * Mozilla Firefox 1.0.6 \n * Mozilla Firefox 1.0.7 \n * Mozilla Firefox 1.0.8 \n * Mozilla Firefox 1.4.1 \n * Mozilla Firefox 1.5.0 12 \n * Mozilla Firefox 1.5.0 \n * Mozilla Firefox 1.5.0.1 \n * Mozilla Firefox 1.5.0.10 \n * Mozilla Firefox 1.5.0.11 \n * Mozilla Firefox 1.5.0.2 \n * Mozilla Firefox 1.5.0.3 \n * Mozilla Firefox 1.5.0.4 \n * Mozilla Firefox 1.5.0.5 \n * Mozilla Firefox 1.5.0.6 \n * Mozilla Firefox 1.5.0.7 \n * Mozilla Firefox 1.5.0.8 \n * Mozilla Firefox 1.5.0.9 \n * Mozilla Firefox 1.5.1 \n * Mozilla Firefox 1.5.2 \n * Mozilla Firefox 1.5.3 \n * Mozilla Firefox 1.5.4 \n * Mozilla Firefox 1.5.5 \n * Mozilla Firefox 1.5.6 \n * Mozilla Firefox 1.5.7 \n * Mozilla Firefox 1.5.8 \n * Mozilla Firefox 1.8 \n * Mozilla Firefox 10 \n * Mozilla Firefox 10.0 \n * Mozilla Firefox 10.0.1 \n * Mozilla Firefox 10.0.10 \n * Mozilla Firefox 10.0.11 \n * Mozilla Firefox 10.0.12 \n * Mozilla Firefox 10.0.2 \n * Mozilla Firefox 10.0.3 \n * Mozilla Firefox 10.0.4 \n * Mozilla Firefox 10.0.5 \n * Mozilla Firefox 10.0.6 \n * Mozilla Firefox 10.0.7 \n * Mozilla Firefox 10.0.8 \n * Mozilla Firefox 10.0.9 \n * Mozilla Firefox 11.0 \n * Mozilla Firefox 12.0 \n * Mozilla Firefox 13.0 \n * Mozilla Firefox 13.0.1 \n * Mozilla Firefox 14 \n * Mozilla Firefox 14.0 \n * Mozilla Firefox 14.0.1 \n * Mozilla Firefox 14.01 \n * Mozilla Firefox 15 \n * Mozilla Firefox 15.0 \n * Mozilla Firefox 15.0.1 \n * Mozilla Firefox 16 \n * Mozilla Firefox 16.0 \n * Mozilla Firefox 16.0.1 \n * Mozilla Firefox 16.0.2 \n * Mozilla Firefox 17.0 \n * Mozilla Firefox 17.0.1 \n * Mozilla Firefox 17.0.10 \n * Mozilla Firefox 17.0.11 \n * Mozilla Firefox 17.0.2 \n * Mozilla Firefox 17.0.3 \n * Mozilla Firefox 17.0.4 \n * Mozilla Firefox 17.0.5 \n * Mozilla Firefox 17.0.6 \n * Mozilla Firefox 17.0.7 \n * Mozilla Firefox 17.0.8 \n * Mozilla Firefox 17.0.9 \n * Mozilla Firefox 18.0 \n * Mozilla Firefox 18.0.1 \n * Mozilla Firefox 18.0.2 \n * Mozilla Firefox 19.0 \n * Mozilla Firefox 19.0.1 \n * Mozilla Firefox 19.0.2 \n * Mozilla Firefox 2.0 .1 \n * Mozilla Firefox 2.0 .10 \n * Mozilla Firefox 2.0 .4 \n * Mozilla Firefox 2.0 .5 \n * Mozilla Firefox 2.0 .6 \n * Mozilla Firefox 2.0 .7 \n * Mozilla Firefox 2.0 .9 \n * Mozilla Firefox 2.0 8 \n * Mozilla Firefox 2.0 \n * Mozilla Firefox 2.0.0 .19 \n * Mozilla Firefox 2.0.0 20 \n * Mozilla Firefox 2.0.0.1 \n * Mozilla Firefox 2.0.0.10 \n * Mozilla Firefox 2.0.0.11 \n * Mozilla Firefox 2.0.0.12 \n * Mozilla Firefox 2.0.0.13 \n * Mozilla Firefox 2.0.0.14 \n * Mozilla Firefox 2.0.0.15 \n * Mozilla Firefox 2.0.0.16 \n * Mozilla Firefox 2.0.0.17 \n * Mozilla Firefox 2.0.0.18 \n * Mozilla Firefox 2.0.0.19 \n * Mozilla Firefox 2.0.0.2 \n * Mozilla Firefox 2.0.0.21 \n * Mozilla Firefox 2.0.0.3 \n * Mozilla Firefox 2.0.0.4 \n * Mozilla Firefox 2.0.0.5 \n * Mozilla Firefox 2.0.0.6 \n * Mozilla Firefox 2.0.0.7 \n * Mozilla Firefox 2.0.0.8 \n * Mozilla Firefox 2.0.0.9 \n * Mozilla Firefox 20.0 \n * Mozilla Firefox 20.0.1 \n * Mozilla Firefox 21.0 \n * Mozilla Firefox 22.0 \n * Mozilla Firefox 22.0.0.4917 \n * Mozilla Firefox 23.0 \n * Mozilla Firefox 23.0.1 \n * Mozilla Firefox 24.0 \n * Mozilla Firefox 24.1 \n * Mozilla Firefox 24.1.1 \n * Mozilla Firefox 25.0 \n * Mozilla Firefox 25.0.1 \n * Mozilla Firefox 26 \n * Mozilla Firefox 26.0 \n * Mozilla Firefox 27 \n * Mozilla Firefox 27.0 \n * Mozilla Firefox 27.0.1 \n * Mozilla Firefox 28 \n * Mozilla Firefox 28.0 \n * Mozilla Firefox 28.0.1 \n * Mozilla Firefox 29 \n * Mozilla Firefox 29.0 \n * Mozilla Firefox 29.0.1 \n * Mozilla Firefox 3.0 \n * Mozilla Firefox 3.0.1 \n * Mozilla Firefox 3.0.10 \n * Mozilla Firefox 3.0.11 \n * Mozilla Firefox 3.0.12 \n * Mozilla Firefox 3.0.13 \n * Mozilla Firefox 3.0.14 \n * Mozilla Firefox 3.0.15 \n * Mozilla Firefox 3.0.16 \n * Mozilla Firefox 3.0.17 \n * Mozilla Firefox 3.0.18 \n * Mozilla Firefox 3.0.19 \n * Mozilla Firefox 3.0.2 \n * Mozilla Firefox 3.0.3 \n * Mozilla Firefox 3.0.4 \n * Mozilla Firefox 3.0.5 \n * Mozilla Firefox 3.0.6 \n * Mozilla Firefox 3.0.7 \n * Mozilla Firefox 3.0.8 \n * Mozilla Firefox 3.0.9 \n * Mozilla Firefox 3.1 \n * Mozilla Firefox 3.5.0 \n * Mozilla Firefox 3.5.1 \n * Mozilla Firefox 3.5.10 \n * Mozilla Firefox 3.5.11 \n * Mozilla Firefox 3.5.12 \n * Mozilla Firefox 3.5.13 \n * Mozilla Firefox 3.5.14 \n * Mozilla Firefox 3.5.15 \n * Mozilla Firefox 3.5.16 \n * Mozilla Firefox 3.5.17 \n * Mozilla Firefox 3.5.18 \n * Mozilla Firefox 3.5.19 \n * Mozilla Firefox 3.5.2 \n * Mozilla Firefox 3.5.3 \n * Mozilla Firefox 3.5.4 \n * Mozilla Firefox 3.5.5 \n * Mozilla Firefox 3.5.6 \n * Mozilla Firefox 3.5.7 \n * Mozilla Firefox 3.5.8 \n * Mozilla Firefox 3.5.9 \n * Mozilla Firefox 3.6 \n * Mozilla Firefox 3.6.1 \n * Mozilla Firefox 3.6.10 \n * Mozilla Firefox 3.6.11 \n * Mozilla Firefox 3.6.12 \n * Mozilla Firefox 3.6.13 \n * Mozilla Firefox 3.6.14 \n * Mozilla Firefox 3.6.15 \n * Mozilla Firefox 3.6.16 \n * Mozilla Firefox 3.6.17 \n * Mozilla Firefox 3.6.18 \n * Mozilla Firefox 3.6.19 \n * Mozilla Firefox 3.6.2 \n * Mozilla Firefox 3.6.20 \n * Mozilla Firefox 3.6.21 \n * Mozilla Firefox 3.6.22 \n * Mozilla Firefox 3.6.23 \n * Mozilla Firefox 3.6.24 \n * Mozilla Firefox 3.6.25 \n * Mozilla Firefox 3.6.26 \n * Mozilla Firefox 3.6.27 \n * Mozilla Firefox 3.6.28 \n * Mozilla Firefox 3.6.3 \n * Mozilla Firefox 3.6.4 \n * Mozilla Firefox 3.6.5 \n * Mozilla Firefox 3.6.6 \n * Mozilla Firefox 3.6.7 \n * Mozilla Firefox 3.6.8 \n * Mozilla Firefox 3.6.9 \n * Mozilla Firefox 30 \n * Mozilla Firefox 30.0 \n * Mozilla Firefox 31 \n * Mozilla Firefox 31.0 \n * Mozilla Firefox 31.1 \n * Mozilla Firefox 31.1.0 \n * Mozilla Firefox 31.6 \n * Mozilla Firefox 31.8 \n * Mozilla Firefox 31.8.0 \n * Mozilla Firefox 32 \n * Mozilla Firefox 32.0 \n * Mozilla Firefox 32.0.3 \n * Mozilla Firefox 33 \n * Mozilla Firefox 33.0 \n * Mozilla Firefox 34 \n * Mozilla Firefox 34.0.5 \n * Mozilla Firefox 35 \n * Mozilla Firefox 35.0.1 \n * Mozilla Firefox 36 \n * Mozilla Firefox 36.0.3 \n * Mozilla Firefox 36.0.4 \n * Mozilla Firefox 37 \n * Mozilla Firefox 37.0.1 \n * Mozilla Firefox 37.0.2 \n * Mozilla Firefox 38 \n * Mozilla Firefox 39 \n * Mozilla Firefox 39.0.3 \n * Mozilla Firefox 4.0 \n * Mozilla Firefox 4.0.1 \n * Mozilla Firefox 40 \n * Mozilla Firefox 40.0.3 \n * Mozilla Firefox 41 \n * Mozilla Firefox 41.0.2 \n * Mozilla Firefox 42 \n * Mozilla Firefox 43 \n * Mozilla Firefox 43.0.1 \n * Mozilla Firefox 43.0.2 \n * Mozilla Firefox 44 \n * Mozilla Firefox 44.0.2 \n * Mozilla Firefox 45 \n * Mozilla Firefox 45.0.2 \n * Mozilla Firefox 46 \n * Mozilla Firefox 46.0.1 \n * Mozilla Firefox 47 \n * Mozilla Firefox 48 \n * Mozilla Firefox 49 \n * Mozilla Firefox 49.0.1 \n * Mozilla Firefox 49.0.2 \n * Mozilla Firefox 5.0 \n * Mozilla Firefox 5.0.1 \n * Mozilla Firefox 50 \n * Mozilla Firefox 50.0.1 \n * Mozilla Firefox 50.0.2 \n * Mozilla Firefox 50.1 \n * Mozilla Firefox 51 \n * Mozilla Firefox 52 \n * Mozilla Firefox 52.0.1 \n * Mozilla Firefox 53 \n * Mozilla Firefox 53.0.2 \n * Mozilla Firefox 54 \n * Mozilla Firefox 55 \n * Mozilla Firefox 56 \n * Mozilla Firefox 57 \n * Mozilla Firefox 57.0.1 \n * Mozilla Firefox 57.0.2 \n * Mozilla Firefox 6 \n * Mozilla Firefox 6.0 \n * Mozilla Firefox 6.0.1 \n * Mozilla Firefox 6.0.2 \n * Mozilla Firefox 7 \n * Mozilla Firefox 7.0 \n * Mozilla Firefox 7.0.1 \n * Mozilla Firefox 8.0 \n * Mozilla Firefox 8.0.1 \n * Mozilla Firefox 9.0 \n * Mozilla Firefox 9.0.1 \n * Redhat Enterprise Linux 5 \n * Redhat Enterprise Linux 6 \n * Redhat Enterprise Linux 7 \n * Redhat Enterprise Linux Desktop 6 \n * Redhat Enterprise Linux Desktop 7 \n * Redhat Enterprise Linux EUS Compute Node 6.7 \n * Redhat Enterprise Linux EUS Compute Node 7.3 \n * Redhat Enterprise Linux EUS Compute Node 7.4 \n * Redhat Enterprise Linux Server (for IBM Power LE) - 4 Year Extended Upd 7.3 \n * Redhat Enterprise Linux Server (for IBM Power LE) - 4 Year Extended Update Support 7.4 \n * Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.2 \n * Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.3 \n * Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.4 \n * Redhat Enterprise Linux Server - AUS 6.6 \n * Redhat Enterprise Linux Server - AUS 7.2 \n * Redhat Enterprise Linux Server - AUS 7.3 \n * Redhat Enterprise Linux Server - AUS 7.4 \n * Redhat Enterprise Linux Server - Extended Update Support 6.7 \n * Redhat Enterprise Linux Server - Extended Update Support 7.3 \n * Redhat Enterprise Linux Server - Extended Update Support 7.4 \n * Redhat Enterprise Linux Server - TUS 6.6 \n * Redhat Enterprise Linux Server - TUS 7.2 \n * Redhat Enterprise Linux Server - TUS 7.3 \n * Redhat Enterprise Linux Server - TUS 7.4 \n * Redhat Enterprise Linux Server 6 \n * Redhat Enterprise Linux Server 7 \n * Redhat Enterprise Linux Workstation 6 \n * Redhat Enterprise Linux Workstation 7 \n * Redhat Enterprise Linux for IBM z Systems - Extended Update Support 6.7 \n * Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.4 \n * Redhat Enterprise Linux for IBM z Systems 6 \n * Redhat Enterprise Linux for IBM z Systems 7 \n * Redhat Enterprise Linux for Power, big endian - Extended Update Support 6.7 \n * Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.3 \n * Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.4 \n * Redhat Enterprise Linux for Power, big endian 6 \n * Redhat Enterprise Linux for Power, big endian 7 \n * Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.3 \n * Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.4 \n * Redhat Enterprise Linux for Power, little endian 7 \n * Redhat Enterprise Linux for Real Time 7 \n * Redhat Enterprise Linux for Real Time for NFV 7 \n * Redhat Enterprise Linux for Scientific Computing 6 \n * Redhat Enterprise Linux for Scientific Computing 7 \n * Redhat Enterprise Mrg 2 \n * Redhat Virtualization Host 4 \n * VMWare ESXi 5.5 \n * VMWare Esxi 6.0 \n * VMWare Esxi 6.5 \n * VMWare Fusion 8.0 \n * VMWare Fusion 8.0.1 \n * VMWare Fusion 8.0.2 \n * VMWare Fusion 8.1.0 \n * VMWare Fusion 8.1.1 \n * VMWare Fusion 8.5 \n * VMWare Fusion 8.5.2 \n * VMWare Fusion 8.5.4 \n * VMWare Fusion 8.5.5 \n * VMWare Fusion 8.5.6 \n * VMWare Fusion 8.5.8 \n * VMWare Identity Manager 2.0 \n * VMWare Identity Manager 2.7 \n * VMWare Identity Manager 2.7.1 \n * VMWare Identity Manager 3.0 \n * VMWare Workstation 12.0 \n * VMWare Workstation 12.5.3 \n * VMWare Workstation 12.5.5 \n * VMWare Workstation 12.5.7 \n * VMWare vCenter Server 6.0 \n * VMWare vCenter Server 6.5 \n * VMWare vCloud Usage Meter 3.0 \n * VMWare vCloud Usage Meter 3.3 \n * VMWare vCloud Usage Meter 3.3.3 \n * VMWare vRealize Automation 6.0 \n * VMWare vRealize Automation 6.1 \n * VMWare vRealize Automation 6.2 \n * VMWare vRealize Automation 6.2.4 \n * VMWare vRealize Automation 6.2.4.1 \n * VMWare vRealize Automation 6.2.5 \n * VMWare vRealize Automation 7.0 \n * VMWare vRealize Automation 7.1 \n * VMWare vRealize Automation 7.2.0 \n * VMWare vRealize Automation 7.3.0 \n * VMWare vSphere Data Protection 6.0 \n * VMWare vSphere Data Protection 6.0.0 \n * VMWare vSphere Data Protection 6.0.5 \n * VMWare vSphere Data Protection 6.0.6 \n * VMWare vSphere Data Protection 6.0.7 \n * VMWare vSphere Data Protection 6.1 \n * VMWare vSphere Data Protection 6.1.0 \n * VMWare vSphere Data Protection 6.1.4 \n * VMWare vSphere Data Protection 6.1.5 \n * VMWare vSphere Data Protection 6.1.6 \n * VMWare vSphere Integrated Containers 1.0 \n * VMWare vSphere Integrated Containers 1.1 \n * VMWare vSphere Integrated Containers 1.2 \n * VMWare vSphere Integrated Containers 1.3 \n * Xen Xen \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nGiven the local nature of this issue, grant only trusted and accountable individuals access to affected computers. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2018-01-03T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102371", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-03-11T18:48:52"}, {"id": "SMNTC-102378", "type": "symantec", "title": "Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability", "description": "### Description\n\nMultiple CPU Hardware are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.\n\n### Technologies Affected\n\n * Apple Mac Os X 10.11.6 \n * Apple iOS 11.2 \n * Apple macOS 10.12.6 \n * Apple macOS 10.13.2 \n * Apple tvOS 11.2 \n * BD Accuri C6 Plus \n * BD Assurity Linc \n * BD BACTEC 9120/9240 \n * BD BACTEC FX \n * BD BACTEC FX40 \n * BD Data Innovations \n * BD EpiCenter \n * BD FACSAria Fusion \n * BD FACSAria I/II/III \n * BD FACSCalibur \n * BD FACSCanto 10-color \n * BD FACSCanto 10-color clinical \n * BD FACSCanto II \n * BD FACSCanto II clinical \n * BD FACSCelesta \n * BD FACSCount \n * BD FACSDuet Sample Prep (ASaP) \n * BD FACSJazz \n * BD FACSLink Interface \n * BD FACSLyric \n * BD FACSMelody \n * BD FACSSample Prep Assistant III \n * BD FACSVerse \n * BD FACSVia \n * BD GenCell CliC \n * BD Influx \n * BD Kiestra TLA/WCA \n * BD LSR II \n * BD LSRFortessa \n * BD LSRFortessa X-20 \n * BD Lyse Wash Assistant \n * BD MAX \n * BD Panel Designer \n * BD Phoenix 100 \n * BD Phoenix M50 \n * BD Pyxis Anesthesia ES \n * BD Pyxis Anesthesia System 3500 \n * BD Pyxis CIISafe -Workstation \n * BD Pyxis CUBIE Replenishment Station \n * BD Pyxis CathRack \n * BD Pyxis DuoStation \n * BD Pyxis EcoStation System \n * BD Pyxis Infant Care Verification \n * BD Pyxis MedStation 3500 \n * BD Pyxis MedStation 4000 \n * BD Pyxis MedStation ES \n * BD Pyxis Medication Administration \n * BD Pyxis Nursing Data Collection \n * BD Pyxis ParAssist System \n * BD Pyxis Parx \n * BD Pyxis Parx handheld \n * BD Pyxis ProcedureStation \n * BD Pyxis ScrubStation System \n * BD Pyxis Specimen Collection Verification \n * BD Pyxis StockStation System \n * BD Pyxis Supply Roller \n * BD Pyxis SupplyStation \n * BD Pyxis Transfusion Verification \n * BD Rowa Dose \n * BD Rowa Smart \n * BD Rowa Vmax System \n * BD Totalys SlidePrep \n * BD Viper LT \n * BD Viper XTR \n * Bluecoat Content Analysis 2.1 \n * Bluecoat Content Analysis 2.2 \n * Bluecoat Malware Analysis Appliance 4.2 \n * Bluecoat Security Analytics 7.1 \n * Bluecoat Security Analytics 7.2 \n * Bluecoat Security Analytics 7.3 \n * Bluecoat X-Series XOS 10.0 \n * Bluecoat X-Series XOS 11.0 \n * Bluecoat X-Series XOS 9.7 \n * Cisco Carrier Routing System 6.6.0.BASE \n * Cisco Unified Computing System 2.2 \n * Cisco Unified Computing System 3.1 \n * Cisco Unified Computing System 3.2 \n * Google Android \n * Google Chrome 0.1.38.1 \n * Google Chrome 0.1.38.2 \n * Google Chrome 0.1.38.4 \n * Google Chrome 0.1.40.1 \n * Google Chrome 0.1.42.2 \n * Google Chrome 0.1.42.3 \n * Google Chrome 0.2.149.27 \n * Google Chrome 0.2.149.29 \n * Google Chrome 0.2.149.30 \n * Google Chrome 0.2.152.1 \n * Google Chrome 0.2.153.1 \n * Google Chrome 0.3.154 9 \n * Google Chrome 0.3.154.0 \n * Google Chrome 0.3.154.3 \n * Google Chrome 0.4.154.18 \n * Google Chrome 0.4.154.22 \n * Google Chrome 0.4.154.31 \n * Google Chrome 0.4.154.33 \n * Google Chrome 1.0.154.36 \n * Google Chrome 1.0.154.39 \n * Google Chrome 1.0.154.42 \n * Google Chrome 1.0.154.43 \n * Google Chrome 1.0.154.46 \n * Google Chrome 1.0.154.48 \n * Google Chrome 1.0.154.52 \n * Google Chrome 1.0.154.53 \n * Google Chrome 1.0.154.55 \n * Google Chrome 1.0.154.59 \n * Google Chrome 1.0.154.61 \n * Google Chrome 1.0.154.64 \n * Google Chrome 1.0.154.65 \n * Google Chrome 10 \n * Google Chrome 10.0.601.0 \n * Google Chrome 10.0.602.0 \n * Google Chrome 10.0.603.0 \n * Google Chrome 10.0.603.2 \n * Google Chrome 10.0.603.3 \n * Google Chrome 10.0.604.0 \n * Google Chrome 10.0.605.0 \n * Google Chrome 10.0.606.0 \n * Google Chrome 10.0.607.0 \n * Google Chrome 10.0.608.0 \n * Google Chrome 10.0.609.0 \n * Google Chrome 10.0.610.0 \n * Google Chrome 10.0.611.0 \n * Google Chrome 10.0.611.1 \n * Google Chrome 10.0.612.0 \n * Google Chrome 10.0.612.1 \n * Google Chrome 10.0.612.2 \n * Google Chrome 10.0.612.3 \n * Google Chrome 10.0.613.0 \n * Google Chrome 10.0.614.0 \n * Google Chrome 10.0.615.0 \n * Google Chrome 10.0.616.0 \n * Google Chrome 10.0.617.0 \n * Google Chrome 10.0.618.0 \n * Google Chrome 10.0.619.0 \n * Google Chrome 10.0.620.0 \n * Google Chrome 10.0.621.0 \n * Google Chrome 10.0.622.0 \n * Google Chrome 10.0.622.1 \n * Google Chrome 10.0.623.0 \n * Google Chrome 10.0.624.0 \n * Google Chrome 10.0.625.0 \n * Google Chrome 10.0.626.0 \n * Google Chrome 10.0.627.0 \n * Google Chrome 10.0.628.0 \n * Google Chrome 10.0.629.0 \n * Google Chrome 10.0.630.0 \n * Google Chrome 10.0.631.0 \n * Google Chrome 10.0.632.0 \n * Google Chrome 10.0.633.0 \n * Google Chrome 10.0.634.0 \n * Google Chrome 10.0.634.1 \n * Google Chrome 10.0.635.0 \n * Google Chrome 10.0.636.0 \n * Google Chrome 10.0.638.0 \n * Google Chrome 10.0.638.1 \n * Google Chrome 10.0.639.0 \n * Google Chrome 10.0.640.0 \n * Google Chrome 10.0.642.0 \n * Google Chrome 10.0.642.1 \n * Google Chrome 10.0.642.2 \n * Google Chrome 10.0.643.0 \n * Google Chrome 10.0.644.0 \n * Google Chrome 10.0.645.0 \n * Google Chrome 10.0.646.0 \n * Google Chrome 10.0.647.0 \n * Google Chrome 10.0.648.0 \n * Google Chrome 10.0.648.1 \n * Google Chrome 10.0.648.10 \n * Google Chrome 10.0.648.101 \n * Google Chrome 10.0.648.103 \n * Google Chrome 10.0.648.105 \n * Google Chrome 10.0.648.107 \n * Google Chrome 10.0.648.11 \n * Google Chrome 10.0.648.114 \n * Google Chrome 10.0.648.116 \n * Google Chrome 10.0.648.118 \n * Google Chrome 10.0.648.119 \n * Google Chrome 10.0.648.12 \n * Google Chrome 10.0.648.120 \n * Google Chrome 10.0.648.121 \n * Google Chrome 10.0.648.122 \n * Google Chrome 10.0.648.123 \n * Google Chrome 10.0.648.124 \n * Google Chrome 10.0.648.125 \n * Google Chrome 10.0.648.126 \n * Google Chrome 10.0.648.127 \n * Google Chrome 10.0.648.128 \n * Google Chrome 10.0.648.129 \n * Google Chrome 10.0.648.13 \n * Google Chrome 10.0.648.130 \n * Google Chrome 10.0.648.131 \n * Google Chrome 10.0.648.132 \n * Google Chrome 10.0.648.133 \n * Google Chrome 10.0.648.134 \n * Google Chrome 10.0.648.135 \n * Google Chrome 10.0.648.151 \n * Google Chrome 10.0.648.18 \n * Google Chrome 10.0.648.2 \n * Google Chrome 10.0.648.201 \n * Google Chrome 10.0.648.203 \n * Google Chrome 10.0.648.204 \n * Google Chrome 10.0.648.205 \n * Google Chrome 10.0.648.23 \n * Google Chrome 10.0.648.26 \n * Google Chrome 10.0.648.28 \n * Google Chrome 10.0.648.3 \n * Google Chrome 10.0.648.32 \n * Google Chrome 10.0.648.35 \n * Google Chrome 10.0.648.38 \n * Google Chrome 10.0.648.4 \n * Google Chrome 10.0.648.42 \n * Google Chrome 10.0.648.45 \n * Google Chrome 10.0.648.49 \n * Google Chrome 10.0.648.5 \n * Google Chrome 10.0.648.54 \n * Google Chrome 10.0.648.56 \n * Google Chrome 10.0.648.59 \n * Google Chrome 10.0.648.6 \n * Google Chrome 10.0.648.62 \n * Google Chrome 10.0.648.66 \n * Google Chrome 10.0.648.68 \n * Google Chrome 10.0.648.7 \n * Google Chrome 10.0.648.70 \n * Google Chrome 10.0.648.72 \n * Google Chrome 10.0.648.76 \n * Google Chrome 10.0.648.79 \n * Google Chrome 10.0.648.8 \n * Google Chrome 10.0.648.82 \n * Google Chrome 10.0.648.84 \n * Google Chrome 10.0.648.87 \n * Google Chrome 10.0.648.9 \n * Google Chrome 10.0.648.90 \n * Google Chrome 10.0.649.0 \n * Google Chrome 10.0.650.0 \n * Google Chrome 10.0.651.0 \n * Google Chrome 11 \n * Google Chrome 11.0.652.0 \n * Google Chrome 11.0.653.0 \n * Google Chrome 11.0.654.0 \n * Google Chrome 11.0.655.0 \n * Google Chrome 11.0.656.0 \n * Google Chrome 11.0.657.0 \n * Google Chrome 11.0.658.0 \n * Google Chrome 11.0.658.1 \n * Google Chrome 11.0.659.0 \n * Google Chrome 11.0.660.0 \n * Google Chrome 11.0.661.0 \n * Google Chrome 11.0.662.0 \n * Google Chrome 11.0.663.0 \n * Google Chrome 11.0.664.1 \n * Google Chrome 11.0.665.0 \n * Google Chrome 11.0.666.0 \n * Google Chrome 11.0.667.0 \n * Google Chrome 11.0.667.2 \n * Google Chrome 11.0.667.3 \n * Google Chrome 11.0.667.4 \n * Google Chrome 11.0.668.0 \n * Google Chrome 11.0.669.0 \n * Google Chrome 11.0.670.0 \n * Google Chrome 11.0.671.0 \n * Google Chrome 11.0.672.0 \n * Google Chrome 11.0.672.1 \n * Google Chrome 11.0.672.2 \n * Google Chrome 11.0.673.0 \n * Google Chrome 11.0.674.0 \n * Google Chrome 11.0.675.0 \n * Google Chrome 11.0.676.0 \n * Google Chrome 11.0.677.0 \n * Google Chrome 11.0.678.0 \n * Google Chrome 11.0.679.0 \n * Google Chrome 11.0.680.0 \n * Google Chrome 11.0.681.0 \n * Google Chrome 11.0.682.0 \n * Google Chrome 11.0.683.0 \n * Google Chrome 11.0.684.0 \n * Google Chrome 11.0.685.0 \n * Google Chrome 11.0.686.0 \n * Google Chrome 11.0.686.1 \n * Google Chrome 11.0.686.2 \n * Google Chrome 11.0.686.3 \n * Google Chrome 11.0.687.0 \n * Google Chrome 11.0.687.1 \n * Google Chrome 11.0.688.0 \n * Google Chrome 11.0.689.0 \n * Google Chrome 11.0.690.0 \n * Google Chrome 11.0.690.1 \n * Google Chrome 11.0.691.0 \n * Google Chrome 11.0.692.0 \n * Google Chrome 11.0.693.0 \n * Google Chrome 11.0.694.0 \n * Google Chrome 11.0.695.0 \n * Google Chrome 11.0.696.0 \n * Google Chrome 11.0.696.1 \n * Google Chrome 11.0.696.10 \n * Google Chrome 11.0.696.11 \n * Google Chrome 11.0.696.12 \n * Google Chrome 11.0.696.13 \n * Google Chrome 11.0.696.14 \n * Google Chrome 11.0.696.15 \n * Google Chrome 11.0.696.16 \n * Google Chrome 11.0.696.17 \n * Google Chrome 11.0.696.18 \n * Google Chrome 11.0.696.19 \n * Google Chrome 11.0.696.2 \n * Google Chrome 11.0.696.20 \n * Google Chrome 11.0.696.21 \n * Google Chrome 11.0.696.22 \n * Google Chrome 11.0.696.23 \n * Google Chrome 11.0.696.24 \n * Google Chrome 11.0.696.25 \n * Google Chrome 11.0.696.26 \n * Google Chrome 11.0.696.27 \n * Google Chrome 11.0.696.28 \n * Google Chrome 11.0.696.29 \n * Google Chrome 11.0.696.3 \n * Google Chrome 11.0.696.30 \n * Google Chrome 11.0.696.31 \n * Google Chrome 11.0.696.32 \n * Google Chrome 11.0.696.33 \n * Google Chrome 11.0.696.34 \n * Google Chrome 11.0.696.35 \n * Google Chrome 11.0.696.36 \n * Google Chrome 11.0.696.37 \n * Google Chrome 11.0.696.38 \n * Google Chrome 11.0.696.39 \n * Google Chrome 11.0.696.4 \n * Google Chrome 11.0.696.40 \n * Google Chrome 11.0.696.41 \n * Google Chrome 11.0.696.42 \n * Google Chrome 11.0.696.43 \n * Google Chrome 11.0.696.44 \n * Google Chrome 11.0.696.45 \n * Google Chrome 11.0.696.46 \n * Google Chrome 11.0.696.47 \n * Google Chrome 11.0.696.48 \n * Google Chrome 11.0.696.49 \n * Google Chrome 11.0.696.5 \n * Google Chrome 11.0.696.50 \n * Google Chrome 11.0.696.51 \n * Google Chrome 11.0.696.52 \n * Google Chrome 11.0.696.53 \n * Google Chrome 11.0.696.54 \n * Google Chrome 11.0.696.55 \n * Google Chrome 11.0.696.56 \n * Google Chrome 11.0.696.57 \n * Google Chrome 11.0.696.58 \n * Google Chrome 11.0.696.59 \n * Google Chrome 11.0.696.60 \n * Google Chrome 11.0.696.61 \n * Google Chrome 11.0.696.62 \n * Google Chrome 11.0.696.63 \n * Google Chrome 11.0.696.64 \n * Google Chrome 11.0.696.65 \n * Google Chrome 11.0.696.66 \n * Google Chrome 11.0.696.67 \n * Google Chrome 11.0.696.68 \n * Google Chrome 11.0.696.69 \n * Google Chrome 11.0.696.7 \n * Google Chrome 11.0.696.70 \n * Google Chrome 11.0.696.71 \n * Google Chrome 11.0.696.72 \n * Google Chrome 11.0.696.77 \n * Google Chrome 11.0.696.8 \n * Google Chrome 11.0.696.9 \n * Google Chrome 11.0.697.0 \n * Google Chrome 11.0.698.0 \n * Google Chrome 11.0.699.0 \n * Google Chrome 12 \n * Google Chrome 12.0.700.0 \n * Google Chrome 12.0.701.0 \n * Google Chrome 12.0.702.0 \n * Google Chrome 12.0.702.1 \n * Google Chrome 12.0.702.2 \n * Google Chrome 12.0.703.0 \n * Google Chrome 12.0.704.0 \n * Google Chrome 12.0.705.0 \n * Google Chrome 12.0.706.0 \n * Google Chrome 12.0.707.0 \n * Google Chrome 12.0.708.0 \n * Google Chrome 12.0.709.0 \n * Google Chrome 12.0.710.0 \n * Google Chrome 12.0.711.0 \n * Google Chrome 12.0.712.0 \n * Google Chrome 12.0.713.0 \n * Google Chrome 12.0.714.0 \n * Google Chrome 12.0.715.0 \n * Google Chrome 12.0.716.0 \n * Google Chrome 12.0.717.0 \n * Google Chrome 12.0.718.0 \n * Google Chrome 12.0.719.0 \n * Google Chrome 12.0.719.1 \n * Google Chrome 12.0.720.0 \n * Google Chrome 12.0.721.0 \n * Google Chrome 12.0.721.1 \n * Google Chrome 12.0.722.0 \n * Google Chrome 12.0.723.0 \n * Google Chrome 12.0.723.1 \n * Google Chrome 12.0.724.0 \n * Google Chrome 12.0.725.0 \n * Google Chrome 12.0.726.0 \n * Google Chrome 12.0.727.0 \n * Google Chrome 12.0.728.0 \n * Google Chrome 12.0.729.0 \n * Google Chrome 12.0.730.0 \n * Google Chrome 12.0.731.0 \n * Google Chrome 12.0.732.0 \n * Google Chrome 12.0.733.0 \n * Google Chrome 12.0.734.0 \n * Google Chrome 12.0.735.0 \n * Google Chrome 12.0.736.0 \n * Google Chrome 12.0.737.0 \n * Google Chrome 12.0.738.0 \n * Google Chrome 12.0.739.0 \n * Google Chrome 12.0.740.0 \n * Google Chrome 12.0.741.0 \n * Google Chrome 12.0.742.0 \n * Google Chrome 12.0.742.1 \n * Google Chrome 12.0.742.10 \n * Google Chrome 12.0.742.100 \n * Google Chrome 12.0.742.105 \n * Google Chrome 12.0.742.11 \n * Google Chrome 12.0.742.111 \n * Google Chrome 12.0.742.112 \n * Google Chrome 12.0.742.113 \n * Google Chrome 12.0.742.114 \n * Google Chrome 12.0.742.115 \n * Google Chrome 12.0.742.12 \n * Google Chrome 12.0.742.120 \n * Google Chrome 12.0.742.121 \n * Google Chrome 12.0.742.122 \n * Google Chrome 12.0.742.123 \n * Google Chrome 12.0.742.124 \n * Google Chrome 12.0.742.13 \n * Google Chrome 12.0.742.14 \n * Google Chrome 12.0.742.15 \n * Google Chrome 12.0.742.16 \n * Google Chrome 12.0.742.17 \n * Google Chrome 12.0.742.18 \n * Google Chrome 12.0.742.19 \n * Google Chrome 12.0.742.2 \n * Google Chrome 12.0.742.20 \n * Google Chrome 12.0.742.21 \n * Google Chrome 12.0.742.22 \n * Google Chrome 12.0.742.3 \n * Google Chrome 12.0.742.30 \n * Google Chrome 12.0.742.4 \n * Google Chrome 12.0.742.41 \n * Google Chrome 12.0.742.42 \n * Google Chrome 12.0.742.43 \n * Google Chrome 12.0.742.44 \n * Google Chrome 12.0.742.45 \n * Google Chrome 12.0.742.46 \n * Google Chrome 12.0.742.47 \n * Google Chrome 12.0.742.48 \n * Google Chrome 12.0.742.49 \n * Google Chrome 12.0.742.5 \n * Google Chrome 12.0.742.50 \n * Google Chrome 12.0.742.51 \n * Google Chrome 12.0.742.52 \n * Google Chrome 12.0.742.53 \n * Google Chrome 12.0.742.54 \n * Google Chrome 12.0.742.55 \n * Google Chrome 12.0.742.56 \n * Google Chrome 12.0.742.57 \n * Google Chrome 12.0.742.58 \n * Google Chrome 12.0.742.59 \n * Google Chrome 12.0.742.6 \n * Google Chrome 12.0.742.60 \n * Google Chrome 12.0.742.61 \n * Google Chrome 12.0.742.63 \n * Google Chrome 12.0.742.64 \n * Google Chrome 12.0.742.65 \n * Google Chrome 12.0.742.66 \n * Google Chrome 12.0.742.67 \n * Google Chrome 12.0.742.68 \n * Google Chrome 12.0.742.69 \n * Google Chrome 12.0.742.70 \n * Google Chrome 12.0.742.71 \n * Google Chrome 12.0.742.72 \n * Google Chrome 12.0.742.73 \n * Google Chrome 12.0.742.74 \n * Google Chrome 12.0.742.75 \n * Google Chrome 12.0.742.77 \n * Google Chrome 12.0.742.8 \n * Google Chrome 12.0.742.82 \n * Google Chrome 12.0.742.9 \n * Google Chrome 12.0.742.91 \n * Google Chrome 12.0.742.92 \n * Google Chrome 12.0.742.93 \n * Google Chrome 12.0.742.94 \n * Google Chrome 12.0.743.0 \n * Google Chrome 12.0.744.0 \n * Google Chrome 12.0.745.0 \n * Google Chrome 12.0.746.0 \n * Google Chrome 12.0.747.0 \n * Google Chrome 13 \n * Google Chrome 13.0.748.0 \n * Google Chrome 13.0.749.0 \n * Google Chrome 13.0.750.0 \n * Google Chrome 13.0.751.0 \n * Google Chrome 13.0.752.0 \n * Google Chrome 13.0.753.0 \n * Google Chrome 13.0.754.0 \n * Google Chrome 13.0.755.0 \n * Google Chrome 13.0.756.0 \n * Google Chrome 13.0.757.0 \n * Google Chrome 13.0.758.0 \n * Google Chrome 13.0.759.0 \n * Google Chrome 13.0.760.0 \n * Google Chrome 13.0.761.0 \n * Google Chrome 13.0.761.1 \n * Google Chrome 13.0.762.0 \n * Google Chrome 13.0.762.1 \n * Google Chrome 13.0.763.0 \n * Google Chrome 13.0.764.0 \n * Google Chrome 13.0.765.0 \n * Google Chrome 13.0.766.0 \n * Google Chrome 13.0.767.0 \n * Google Chrome 13.0.767.1 \n * Google Chrome 13.0.768.0 \n * Google Chrome 13.0.769.0 \n * Google Chrome 13.0.770.0 \n * Google Chrome 13.0.771.0 \n * Google Chrome 13.0.772.0 \n * Google Chrome 13.0.773.0 \n * Google Chrome 13.0.774.0 \n * Google Chrome 13.0.775.0 \n * Google Chrome 13.0.775.1 \n * Google Chrome 13.0.775.2 \n * Google Chrome 13.0.775.4 \n * Google Chrome 13.0.776.0 \n * Google Chrome 13.0.776.1 \n * Google Chrome 13.0.777.0 \n * Google Chrome 13.0.777.1 \n * Google Chrome 13.0.777.2 \n * Google Chrome 13.0.777.3 \n * Google Chrome 13.0.777.4 \n * Google Chrome 13.0.777.5 \n * Google Chrome 13.0.777.6 \n * Google Chrome 13.0.778.0 \n * Google Chrome 13.0.779.0 \n * Google Chrome 13.0.780.0 \n * Google Chrome 13.0.781.0 \n * Google Chrome 13.0.782.0 \n * Google Chrome 13.0.782.1 \n * Google Chrome 13.0.782.10 \n * Google Chrome 13.0.782.100 \n * Google Chrome 13.0.782.101 \n * Google Chrome 13.0.782.102 \n * Google Chrome 13.0.782.103 \n * Google Chrome 13.0.782.104 \n * Google Chrome 13.0.782.105 \n * Google Chrome 13.0.782.106 \n * Google Chrome 13.0.782.107 \n * Google Chrome 13.0.782.108 \n * Google Chrome 13.0.782.109 \n * Google Chrome 13.0.782.11 \n * Google Chrome 13.0.782.112 \n * Google Chrome 13.0.782.12 \n * Google Chrome 13.0.782.13 \n * Google Chrome 13.0.782.14 \n * Google Chrome 13.0.782.15 \n * Google Chrome 13.0.782.16 \n * Google Chrome 13.0.782.17 \n * Google Chrome 13.0.782.18 \n * Google Chrome 13.0.782.19 \n * Google Chrome 13.0.782.20 \n * Google Chrome 13.0.782.21 \n * Google Chrome 13.0.782.210 \n * Google Chrome 13.0.782.211 \n * Google Chrome 13.0.782.212 \n * Google Chrome 13.0.782.213 \n * Google Chrome 13.0.782.214 \n * Google Chrome 13.0.782.215 \n * Google Chrome 13.0.782.216 \n * Google Chrome 13.0.782.217 \n * Google Chrome 13.0.782.218 \n * Google Chrome 13.0.782.219 \n * Google Chrome 13.0.782.220 \n * Google Chrome 13.0.782.23 \n * Google Chrome 13.0.782.237 \n * Google Chrome 13.0.782.238 \n * Google Chrome 13.0.782.24 \n * Google Chrome 13.0.782.25 \n * Google Chrome 13.0.782.26 \n * Google Chrome 13.0.782.27 \n * Google Chrome 13.0.782.28 \n * Google Chrome 13.0.782.29 \n * Google Chrome 13.0.782.3 \n * Google Chrome 13.0.782.30 \n * Google Chrome 13.0.782.31 \n * Google Chrome 13.0.782.32 \n * Google Chrome 13.0.782.33 \n * Google Chrome 13.0.782.34 \n * Google Chrome 13.0.782.35 \n * Google Chrome 13.0.782.36 \n * Google Chrome 13.0.782.37 \n * Google Chrome 13.0.782.38 \n * Google Chrome 13.0.782.39 \n * Google Chrome 13.0.782.4 \n * Google Chrome 13.0.782.40 \n * Google Chrome 13.0.782.41 \n * Google Chrome 13.0.782.42 \n * Google Chrome 13.0.782.43 \n * Google Chrome 13.0.782.44 \n * Google Chrome 13.0.782.45 \n * Google Chrome 13.0.782.46 \n * Google Chrome 13.0.782.47 \n * Google Chrome 13.0.782.48 \n * Google Chrome 13.0.782.49 \n * Google Chrome 13.0.782.50 \n * Google Chrome 13.0.782.51 \n * Google Chrome 13.0.782.52 \n * Google Chrome 13.0.782.53 \n * Google Chrome 13.0.782.55 \n * Google Chrome 13.0.782.56 \n * Google Chrome 13.0.782.6 \n * Google Chrome 13.0.782.7 \n * Google Chrome 13.0.782.81 \n * Google Chrome 13.0.782.82 \n * Google Chrome 13.0.782.83 \n * Google Chrome 13.0.782.84 \n * Google Chrome 13.0.782.85 \n * Google Chrome 13.0.782.86 \n * Google Chrome 13.0.782.87 \n * Google Chrome 13.0.782.88 \n * Google Chrome 13.0.782.89 \n * Google Chrome 13.0.782.90 \n * Google Chrome 13.0.782.91 \n * Google Chrome 13.0.782.92 \n * Google Chrome 13.0.782.93 \n * Google Chrome 13.0.782.94 \n * Google Chrome 13.0.782.95 \n * Google Chrome 13.0.782.96 \n * Google Chrome 13.0.782.97 \n * Google Chrome 13.0.782.98 \n * Google Chrome 13.0.782.99 \n * Google Chrome 14 \n * Google Chrome 14.0.783.0 \n * Google Chrome 14.0.784.0 \n * Google Chrome 14.0.785.0 \n * Google Chrome 14.0.786.0 \n * Google Chrome 14.0.787.0 \n * Google Chrome 14.0.788.0 \n * Google Chrome 14.0.789.0 \n * Google Chrome 14.0.790.0 \n * Google Chrome 14.0.791.0 \n * Google Chrome 14.0.792.0 \n * Google Chrome 14.0.793.0 \n * Google Chrome 14.0.794.0 \n * Google Chrome 14.0.795.0 \n * Google Chrome 14.0.796.0 \n * Google Chrome 14.0.797.0 \n * Google Chrome 14.0.798.0 \n * Google Chrome 14.0.799.0 \n * Google Chrome 14.0.800.0 \n * Google Chrome 14.0.801.0 \n * Google Chrome 14.0.802.0 \n * Google Chrome 14.0.803.0 \n * Google Chrome 14.0.804.0 \n * Google Chrome 14.0.805.0 \n * Google Chrome 14.0.806.0 \n * Google Chrome 14.0.807.0 \n * Google Chrome 14.0.808.0 \n * Google Chrome 14.0.809.0 \n * Google Chrome 14.0.810.0 \n * Google Chrome 14.0.811.0 \n * Google Chrome 14.0.812.0 \n * Google Chrome 14.0.813.0 \n * Google Chrome 14.0.814.0 \n * Google Chrome 14.0.815.0 \n * Google Chrome 14.0.816.0 \n * Google Chrome 14.0.818.0 \n * Google Chrome 14.0.819.0 \n * Google Chrome 14.0.820.0 \n * Google Chrome 14.0.821.0 \n * Google Chrome 14.0.822.0 \n * Google Chrome 14.0.823.0 \n * Google Chrome 14.0.824.0 \n * Google Chrome 14.0.825.0 \n * Google Chrome 14.0.826.0 \n * Google Chrome 14.0.827.0 \n * Google Chrome 14.0.827.10 \n * Google Chrome 14.0.827.12 \n * Google Chrome 14.0.829.1 \n * Google Chrome 14.0.830.0 \n * Google Chrome 14.0.831.0 \n * Google Chrome 14.0.832.0 \n * Google Chrome 14.0.833.0 \n * Google Chrome 14.0.834.0 \n * Google Chrome 14.0.835.0 \n * Google Chrome 14.0.835.1 \n * Google Chrome 14.0.835.100 \n * Google Chrome 14.0.835.101 \n * Google Chrome 14.0.835.102 \n * Google Chrome 14.0.835.103 \n * Google Chrome 14.0.835.104 \n * Google Chrome 14.0.835.105 \n * Google Chrome 14.0.835.106 \n * Google Chrome 14.0.835.107 \n * Google Chrome 14.0.835.108 \n * Google Chrome 14.0.835.109 \n * Google Chrome 14.0.835.11 \n * Google Chrome 14.0.835.110 \n * Google Chrome 14.0.835.111 \n * Google Chrome 14.0.835.112 \n * Google Chrome 14.0.835.113 \n * Google Chrome 14.0.835.114 \n * Google Chrome 14.0.835.115 \n * Google Chrome 14.0.835.116 \n * Google Chrome 14.0.835.117 \n * Google Chrome 14.0.835.118 \n * Google Chrome 14.0.835.119 \n * Google Chrome 14.0.835.120 \n * Google Chrome 14.0.835.121 \n * Google Chrome 14.0.835.122 \n * Google Chrome 14.0.835.123 \n * Google Chrome 14.0.835.124 \n * Google Chrome 14.0.835.125 \n * Google Chrome 14.0.835.126 \n * Google Chrome 14.0.835.127 \n * Google Chrome 14.0.835.128 \n * Google Chrome 14.0.835.13 \n * Google Chrome 14.0.835.14 \n * Google Chrome 14.0.835.149 \n * Google Chrome 14.0.835.15 \n * Google Chrome 14.0.835.150 \n * Google Chrome 14.0.835.151 \n * Google Chrome 14.0.835.152 \n * Google Chrome 14.0.835.153 \n * Google Chrome 14.0.835.154 \n * Google Chrome 14.0.835.155 \n * Google Chrome 14.0.835.156 \n * Google Chrome 14.0.835.157 \n * Google Chrome 14.0.835.158 \n * Google Chrome 14.0.835.159 \n * Google Chrome 14.0.835.16 \n * Google Chrome 14.0.835.160 \n * Google Chrome 14.0.835.161 \n * Google Chrome 14.0.835.162 \n * Google Chrome 14.0.835.163 \n * Google Chrome 14.0.835.18 \n * Google Chrome 14.0.835.184 \n * Google Chrome 14.0.835.186 \n * Google Chrome 14.0.835.187 \n * Google Chrome 14.0.835.2 \n * Google Chrome 14.0.835.20 \n * Google Chrome 14.0.835.202 \n * Google Chrome 14.0.835.203 \n * Google Chrome 14.0.835.204 \n * Google Chrome 14.0.835.21 \n * Google Chrome 14.0.835.22 \n * Google Chrome 14.0.835.23 \n * Google Chrome 14.0.835.24 \n * Google Chrome 14.0.835.25 \n * Google Chrome 14.0.835.26 \n * Google Chrome 14.0.835.27 \n * Google Chrome 14.0.835.28 \n * Google Chrome 14.0.835.29 \n * Google Chrome 14.0.835.30 \n * Google Chrome 14.0.835.31 \n * Google Chrome 14.0.835.32 \n * Google Chrome 14.0.835.33 \n * Google Chrome 14.0.835.34 \n * Google Chrome 14.0.835.35 \n * Google Chrome 14.0.835.4 \n * Google Chrome 14.0.835.8 \n * Google Chrome 14.0.835.86 \n * Google Chrome 14.0.835.87 \n * Google Chrome 14.0.835.88 \n * Google Chrome 14.0.835.89 \n * Google Chrome 14.0.835.9 \n * Google Chrome 14.0.835.90 \n * Google Chrome 14.0.835.91 \n * Google Chrome 14.0.835.92 \n * Google Chrome 14.0.835.93 \n * Google Chrome 14.0.835.94 \n * Google Chrome 14.0.835.95 \n * Google Chrome 14.0.835.96 \n * Google Chrome 14.0.835.97 \n * Google Chrome 14.0.835.98 \n * Google Chrome 14.0.835.99 \n * Google Chrome 14.0.836.0 \n * Google Chrome 14.0.837.0 \n * Google Chrome 14.0.838.0 \n * Google Chrome 14.0.839.0 \n * Google Chrome 15 \n * Google Chrome 15.0.859.0 \n * Google Chrome 15.0.860.0 \n * Google Chrome 15.0.861.0 \n * Google Chrome 15.0.862.0 \n * Google Chrome 15.0.862.1 \n * Google Chrome 15.0.863.0 \n * Google Chrome 15.0.864.0 \n * Google Chrome 15.0.865.0 \n * Google Chrome 15.0.866.0 \n * Google Chrome 15.0.867.0 \n * Google Chrome 15.0.868.0 \n * Google Chrome 15.0.868.1 \n * Google Chrome 15.0.869.0 \n * Google Chrome 15.0.870.0 \n * Google Chrome 15.0.871.0 \n * Google Chrome 15.0.871.1 \n * Google Chrome 15.0.872.0 \n * Google Chrome 15.0.873.0 \n * Google Chrome 15.0.874 102 \n * Google Chrome 15.0.874.0 \n * Google Chrome 15.0.874.1 \n * Google Chrome 15.0.874.10 \n * Google Chrome 15.0.874.101 \n * Google Chrome 15.0.874.102 \n * Google Chrome 15.0.874.103 \n * Google Chrome 15.0.874.104 \n * Google Chrome 15.0.874.106 \n * Google Chrome 15.0.874.11 \n * Google Chrome 15.0.874.116 \n * Google Chrome 15.0.874.117 \n * Google Chrome 15.0.874.119 \n * Google Chrome 15.0.874.12 \n * Google Chrome 15.0.874.120 \n * Google Chrome 15.0.874.121 \n * Google Chrome 15.0.874.13 \n * Google Chrome 15.0.874.14 \n * Google Chrome 15.0.874.15 \n * Google Chrome 15.0.874.16 \n * Google Chrome 15.0.874.17 \n * Google Chrome 15.0.874.18 \n * Google Chrome 15.0.874.19 \n * Google Chrome 15.0.874.2 \n * Google Chrome 15.0.874.20 \n * Google Chrome 15.0.874.21 \n * Google Chrome 15.0.874.22 \n * Google Chrome 15.0.874.23 \n * Google Chrome 15.0.874.24 \n * Google Chrome 15.0.874.3 \n * Google Chrome 15.0.874.4 \n * Google Chrome 15.0.874.44 \n * Google Chrome 15.0.874.45 \n * Google Chrome 15.0.874.46 \n * Google Chrome 15.0.874.47 \n * Google Chrome 15.0.874.48 \n * Google Chrome 15.0.874.49 \n * Google Chrome 15.0.874.5 \n * Google Chrome 15.0.874.6 \n * Google Chrome 15.0.874.7 \n * Google Chrome 15.0.874.8 \n * Google Chrome 15.0.874.9 \n * Google Chrome 16 \n * Google Chrome 16.0.877.0 \n * Google Chrome 16.0.878.0 \n * Google Chrome 16.0.879.0 \n * Google Chrome 16.0.880.0 \n * Google Chrome 16.0.881.0 \n * Google Chrome 16.0.882.0 \n * Google Chrome 16.0.883.0 \n * Google Chrome 16.0.884.0 \n * Google Chrome 16.0.885.0 \n * Google Chrome 16.0.886.0 \n * Google Chrome 16.0.886.1 \n * Google Chrome 16.0.887.0 \n * Google Chrome 16.0.888.0 \n * Google Chrome 16.0.889.0 \n * Google Chrome 16.0.889.2 \n * Google Chrome 16.0.889.3 \n * Google Chrome 16.0.890.0 \n * Google Chrome 16.0.890.1 \n * Google Chrome 16.0.891.0 \n * Google Chrome 16.0.891.1 \n * Google Chrome 16.0.892.0 \n * Google Chrome 16.0.893.0 \n * Google Chrome 16.0.893.1 \n * Google Chrome 16.0.894.0 \n * Google Chrome 16.0.895.0 \n * Google Chrome 16.0.896.0 \n * Google Chrome 16.0.897.0 \n * Google Chrome 16.0.898.0 \n * Google Chrome 16.0.899.0 \n * Google Chrome 16.0.900.0 \n * Google Chrome 16.0.901.0 \n * Google Chrome 16.0.902.0 \n * Google Chrome 16.0.903.0 \n * Google Chrome 16.0.904.0 \n * Google Chrome 16.0.905.0 \n * Google Chrome 16.0.906.0 \n * Google Chrome 16.0.906.1 \n * Google Chrome 16.0.907.0 \n * Google Chrome 16.0.908.0 \n * Google Chrome 16.0.909.0 \n * Google Chrome 16.0.910.0 \n * Google Chrome 16.0.911.0 \n * Google Chrome 16.0.911.1 \n * Google Chrome 16.0.911.2 \n * Google Chrome 16.0.912.0 \n * Google Chrome 16.0.912.1 \n * Google Chrome 16.0.912.10 \n * Google Chrome 16.0.912.11 \n * Google Chrome 16.0.912.12 \n * Google Chrome 16.0.912.13 \n * Google Chrome 16.0.912.14 \n * Google Chrome 16.0.912.15 \n * Google Chrome 16.0.912.19 \n * Google Chrome 16.0.912.2 \n * Google Chrome 16.0.912.20 \n * Google Chrome 16.0.912.21 \n * Google Chrome 16.0.912.22 \n * Google Chrome 16.0.912.23 \n * Google Chrome 16.0.912.24 \n * Google Chrome 16.0.912.25 \n * Google Chrome 16.0.912.26 \n * Google Chrome 16.0.912.27 \n * Google Chrome 16.0.912.28 \n * Google Chrome 16.0.912.29 \n * Google Chrome 16.0.912.3 \n * Google Chrome 16.0.912.30 \n * Google Chrome 16.0.912.31 \n * Google Chrome 16.0.912.32 \n * Google Chrome 16.0.912.33 \n * Google Chrome 16.0.912.34 \n * Google Chrome 16.0.912.35 \n * Google Chrome 16.0.912.36 \n * Google Chrome 16.0.912.37 \n * Google Chrome 16.0.912.38 \n * Google Chrome 16.0.912.39 \n * Google Chrome 16.0.912.4 \n * Google Chrome 16.0.912.40 \n * Google Chrome 16.0.912.41 \n * Google Chrome 16.0.912.42 \n * Google Chrome 16.0.912.43 \n * Google Chrome 16.0.912.5 \n * Google Chrome 16.0.912.6 \n * Google Chrome 16.0.912.62 \n * Google Chrome 16.0.912.63 \n * Google Chrome 16.0.912.66 \n * Google Chrome 16.0.912.7 \n * Google Chrome 16.0.912.74 \n * Google Chrome 16.0.912.75 \n * Google Chrome 16.0.912.76 \n * Google Chrome 16.0.912.77 \n * Google Chrome 16.0.912.8 \n * Google Chrome 16.0.912.9 \n * Google Chrome 17 \n * Google Chrome 17.0.921.3 \n * Google Chrome 17.0.922.0 \n * Google Chrome 17.0.923.0 \n * Google Chrome 17.0.923.1 \n * Google Chrome 17.0.924.0 \n * Google Chrome 17.0.925.0 \n * Google Chrome 17.0.926.0 \n * Google Chrome 17.0.927.0 \n * Google Chrome 17.0.928.0 \n * Google Chrome 17.0.928.1 \n * Google Chrome 17.0.928.2 \n * Google Chrome 17.0.928.3 \n * Google Chrome 17.0.929.0 \n * Google Chrome 17.0.930.0 \n * Google Chrome 17.0.931.0 \n * Google Chrome 17.0.932.0 \n * Google Chrome 17.0.933.0 \n * Google Chrome 17.0.933.1 \n * Google Chrome 17.0.934.0 \n * Google Chrome 17.0.935.0 \n * Google Chrome 17.0.935.1 \n * Google Chrome 17.0.936.0 \n * Google Chrome 17.0.936.1 \n * Google Chrome 17.0.937.0 \n * Google Chrome 17.0.938.0 \n * Google Chrome 17.0.939.0 \n * Google Chrome 17.0.939.1 \n * Google Chrome 17.0.940.0 \n * Google Chrome 17.0.941.0 \n * Google Chrome 17.0.942.0 \n * Google Chrome 17.0.943.0 \n * Google Chrome 17.0.944.0 \n * Google Chrome 17.0.945.0 \n * Google Chrome 17.0.946.0 \n * Google Chrome 17.0.947.0 \n * Google Chrome 17.0.948.0 \n * Google Chrome 17.0.949.0 \n * Google Chrome 17.0.950.0 \n * Google Chrome 17.0.951.0 \n * Google Chrome 17.0.952.0 \n * Google Chrome 17.0.953.0 \n * Google Chrome 17.0.954.0 \n * Google Chrome 17.0.954.1 \n * Google Chrome 17.0.954.2 \n * Google Chrome 17.0.954.3 \n * Google Chrome 17.0.955.0 \n * Google Chrome 17.0.956.0 \n * Google Chrome 17.0.957.0 \n * Google Chrome 17.0.958.0 \n * Google Chrome 17.0.958.1 \n * Google Chrome 17.0.959.0 \n * Google Chrome 17.0.960.0 \n * Google Chrome 17.0.961.0 \n * Google Chrome 17.0.962.0 \n * Google Chrome 17.0.963.0 \n * Google Chrome 17.0.963.1 \n * Google Chrome 17.0.963.10 \n * Google Chrome 17.0.963.11 \n * Google Chrome 17.0.963.12 \n * Google Chrome 17.0.963.13 \n * Google Chrome 17.0.963.14 \n * Google Chrome 17.0.963.15 \n * Google Chrome 17.0.963.16 \n * Google Chrome 17.0.963.17 \n * Google Chrome 17.0.963.18 \n * Google Chrome 17.0.963.19 \n * Google Chrome 17.0.963.2 \n * Google Chrome 17.0.963.20 \n * Google Chrome 17.0.963.21 \n * Google Chrome 17.0.963.22 \n * Google Chrome 17.0.963.23 \n * Google Chrome 17.0.963.24 \n * Google Chrome 17.0.963.25 \n * Google Chrome 17.0.963.26 \n * Google Chrome 17.0.963.27 \n * Google Chrome 17.0.963.28 \n * Google Chrome 17.0.963.29 \n * Google Chrome 17.0.963.3 \n * Google Chrome 17.0.963.30 \n * Google Chrome 17.0.963.31 \n * Google Chrome 17.0.963.32 \n * Google Chrome 17.0.963.33 \n * Google Chrome 17.0.963.34 \n * Google Chrome 17.0.963.35 \n * Google Chrome 17.0.963.36 \n * Google Chrome 17.0.963.37 \n * Google Chrome 17.0.963.38 \n * Google Chrome 17.0.963.39 \n * Google Chrome 17.0.963.4 \n * Google Chrome 17.0.963.40 \n * Google Chrome 17.0.963.41 \n * Google Chrome 17.0.963.42 \n * Google Chrome 17.0.963.43 \n * Google Chrome 17.0.963.44 \n * Google Chrome 17.0.963.45 \n * Google Chrome 17.0.963.46 \n * Google Chrome 17.0.963.47 \n * Google Chrome 17.0.963.48 \n * Google Chrome 17.0.963.49 \n * Google Chrome 17.0.963.5 \n * Google Chrome 17.0.963.50 \n * Google Chrome 17.0.963.51 \n * Google Chrome 17.0.963.52 \n * Google Chrome 17.0.963.53 \n * Google Chrome 17.0.963.54 \n * Google Chrome 17.0.963.55 \n * Google Chrome 17.0.963.56 \n * Google Chrome 17.0.963.57 \n * Google Chrome 17.0.963.59 \n * Google Chrome 17.0.963.6 \n * Google Chrome 17.0.963.60 \n * Google Chrome 17.0.963.61 \n * Google Chrome 17.0.963.62 \n * Google Chrome 17.0.963.63 \n * Google Chrome 17.0.963.64 \n * Google Chrome 17.0.963.65 \n * Google Chrome 17.0.963.66 \n * Google Chrome 17.0.963.67 \n * Google Chrome 17.0.963.69 \n * Google Chrome 17.0.963.7 \n * Google Chrome 17.0.963.70 \n * Google Chrome 17.0.963.74 \n * Google Chrome 17.0.963.75 \n * Google Chrome 17.0.963.76 \n * Google Chrome 17.0.963.77 \n * Google Chrome 17.0.963.78 \n * Google Chrome 17.0.963.79 \n * Google Chrome 17.0.963.8 \n * Google Chrome 17.0.963.80 \n * Google Chrome 17.0.963.81 \n * Google Chrome 17.0.963.82 \n * Google Chrome 17.0.963.83 \n * Google Chrome 17.0.963.84 \n * Google Chrome 17.0.963.9 \n * Google Chrome 18 \n * Google Chrome 18.0.1000.0 \n * Google Chrome 18.0.1001.0 \n * Google Chrome 18.0.1001.1 \n * Google Chrome 18.0.1002.0 \n * Google Chrome 18.0.1003.0 \n * Google Chrome 18.0.1003.1 \n * Google Chrome 18.0.1004.0 \n * Google Chrome 18.0.1005.0 \n * Google Chrome 18.0.1006.0 \n * Google Chrome 18.0.1007.0 \n * Google Chrome 18.0.1008.0 \n * Google Chrome 18.0.1009.0 \n * Google Chrome 18.0.1010.0 \n * Google Chrome 18.0.1010.1 \n * Google Chrome 18.0.1010.2 \n * Google Chrome 18.0.1011.1 \n * Google Chrome 18.0.1012.0 \n * Google Chrome 18.0.1012.1 \n * Google Chrome 18.0.1012.2 \n * Google Chrome 18.0.1013.0 \n * Google Chrome 18.0.1014.0 \n * Google Chrome 18.0.1015.0 \n * Google Chrome 18.0.1016.0 \n * Google Chrome 18.0.1017.0 \n * Google Chrome 18.0.1017.1 \n * Google Chrome 18.0.1017.2 \n * Google Chrome 18.0.1017.3 \n * Google Chrome 18.0.1018.0 \n * Google Chrome 18.0.1019.0 \n * Google Chrome 18.0.1019.1 \n * Google Chrome 18.0.1020.0 \n * Google Chrome 18.0.1021.0 \n * Google Chrome 18.0.1022.0 \n * Google Chrome 18.0.1023.0 \n * Google Chrome 18.0.1024.0 \n * Google Chrome 18.0.1025.0 \n * Google Chrome 18.0.1025.1 \n * Google Chrome 18.0.1025.10 \n * Google Chrome 18.0.1025.100 \n * Google Chrome 18.0.1025.102 \n * Google Chrome 18.0.1025.107 \n * Google Chrome 18.0.1025.108 \n * Google Chrome 18.0.1025.109 \n * Google Chrome 18.0.1025.110 \n * Google Chrome 18.0.1025.111 \n * Google Chrome 18.0.1025.112 \n * Google Chrome 18.0.1025.113 \n * Google Chrome 18.0.1025.114 \n * Google Chrome 18.0.1025.116 \n * Google Chrome 18.0.1025.117 \n * Google Chrome 18.0.1025.118 \n * Google Chrome 18.0.1025.120 \n * Google Chrome 18.0.1025.129 \n * Google Chrome 18.0.1025.130 \n * Google Chrome 18.0.1025.131 \n * Google Chrome 18.0.1025.132 \n * Google Chrome 18.0.1025.133 \n * Google Chrome 18.0.1025.134 \n * Google Chrome 18.0.1025.135 \n * Google Chrome 18.0.1025.136 \n * Google Chrome 18.0.1025.137 \n * Google Chrome 18.0.1025.139 \n * Google Chrome 18.0.1025.140 \n * Google Chrome 18.0.1025.142 \n * Google Chrome 18.0.1025.145 \n * Google Chrome 18.0.1025.146 \n * Google Chrome 18.0.1025.147 \n * Google Chrome 18.0.1025.148 \n * Google Chrome 18.0.1025.149 \n * Google Chrome 18.0.1025.150 \n * Google Chrome 18.0.1025.151 \n * Google Chrome 18.0.1025.162 \n * Google Chrome 18.0.1025.168 \n * Google Chrome 18.0.1025.2 \n * Google Chrome 18.0.1025.29 \n * Google Chrome 18.0.1025.3 \n * Google Chrome 18.0.1025.30 \n * Google Chrome 18.0.1025.31 \n * Google Chrome 18.0.1025.32 \n * Google Chrome 18.0.1025.33 \n * Google Chrome 18.0.1025.35 \n * Google Chrome 18.0.1025.36 \n * Google Chrome 18.0.1025.37 \n * Google Chrome 18.0.1025.38 \n * Google Chrome 18.0.1025.39 \n * Google Chrome 18.0.1025.4 \n * Google Chrome 18.0.1025.40 \n * Google Chrome 18.0.1025.41 \n * Google Chrome 18.0.1025.42 \n * Google Chrome 18.0.1025.43 \n * Google Chrome 18.0.1025.44 \n * Google Chrome 18.0.1025.45 \n * Google Chrome 18.0.1025.46 \n * Google Chrome 18.0.1025.47 \n * Google Chrome 18.0.1025.48 \n * Google Chrome 18.0.1025.49 \n * Google Chrome 18.0.1025.5 \n * Google Chrome 18.0.1025.50 \n * Google Chrome 18.0.1025.51 \n * Google Chrome 18.0.1025.52 \n * Google Chrome 18.0.1025.54 \n * Google Chrome 18.0.1025.55 \n * Google Chrome 18.0.1025.56 \n * Google Chrome 18.0.1025.57 \n * Google Chrome 18.0.1025.58 \n * Google Chrome 18.0.1025.6 \n * Google Chrome 18.0.1025.60 \n * Google Chrome 18.0.1025.7 \n * Google Chrome 18.0.1025.73 \n * Google Chrome 18.0.1025.74 \n * Google Chrome 18.0.1025.8 \n * Google Chrome 18.0.1025.9 \n * Google Chrome 18.0.1025.95 \n * Google Chrome 18.0.1025.96 \n * Google Chrome 18.0.1025.97 \n * Google Chrome 18.0.1025.98 \n * Google Chrome 18.0.1025.99 \n * Google Chrome 19 \n * Google Chrome 19.0.1028.0 \n * Google Chrome 19.0.1029.0 \n * Google Chrome 19.0.1030.0 \n * Google Chrome 19.0.1031.0 \n * Google Chrome 19.0.1032.0 \n * Google Chrome 19.0.1033.0 \n * Google Chrome 19.0.1034.0 \n * Google Chrome 19.0.1035.0 \n * Google Chrome 19.0.1036.0 \n * Google Chrome 19.0.1036.2 \n * Google Chrome 19.0.1036.3 \n * Google Chrome 19.0.1036.4 \n * Google Chrome 19.0.1036.6 \n * Google Chrome 19.0.1036.7 \n * Google Chrome 19.0.1037.0 \n * Google Chrome 19.0.1038.0 \n * Google Chrome 19.0.1039.0 \n * Google Chrome 19.0.1040.0 \n * Google Chrome 19.0.1041.0 \n * Google Chrome 19.0.1042.0 \n * Google Chrome 19.0.1043.0 \n * Google Chrome 19.0.1044.0 \n * Google Chrome 19.0.1045.0 \n * Google Chrome 19.0.1046.0 \n * Google Chrome 19.0.1047.0 \n * Google Chrome 19.0.1048.0 \n * Google Chrome 19.0.1049.0 \n * Google Chrome 19.0.1049.1 \n * Google Chrome 19.0.1049.2 \n * Google Chrome 19.0.1049.3 \n * Google Chrome 19.0.1050.0 \n * Google Chrome 19.0.1051.0 \n * Google Chrome 19.0.1052.0 \n * Google Chrome 19.0.1053.0 \n * Google Chrome 19.0.1054.0 \n * Google Chrome 19.0.1055.0 \n * Google Chrome 19.0.1055.1 \n * Google Chrome 19.0.1055.2 \n * Google Chrome 19.0.1055.3 \n * Google Chrome 19.0.1056.0 \n * Google Chrome 19.0.1056.1 \n * Google Chrome 19.0.1057.0 \n * Google Chrome 19.0.1057.1 \n * Google Chrome 19.0.1057.3 \n * Google Chrome 19.0.1058.0 \n * Google Chrome 19.0.1058.1 \n * Google Chrome 19.0.1059.0 \n * Google Chrome 19.0.1060.0 \n * Google Chrome 19.0.1060.1 \n * Google Chrome 19.0.1061.0 \n * Google Chrome 19.0.1061.1 \n * Google Chrome 19.0.1062.0 \n * Google Chrome 19.0.1062.1 \n * Google Chrome 19.0.1063.0 \n * Google Chrome 19.0.1063.1 \n * Google Chrome 19.0.1064.0 \n * Google Chrome 19.0.1065.0 \n * Google Chrome 19.0.1066.0 \n * Google Chrome 19.0.1067.0 \n * Google Chrome 19.0.1068.0 \n * Google Chrome 19.0.1068.1 \n * Google Chrome 19.0.1069.0 \n * Google Chrome 19.0.1070.0 \n * Google Chrome 19.0.1071.0 \n * Google Chrome 19.0.1072.0 \n * Google Chrome 19.0.1073.0 \n * Google Chrome 19.0.1074.0 \n * Google Chrome 19.0.1075.0 \n * Google Chrome 19.0.1076.0 \n * Google Chrome 19.0.1076.1 \n * Google Chrome 19.0.1077.0 \n * Google Chrome 19.0.1077.1 \n * Google Chrome 19.0.1077.2 \n * Google Chrome 19.0.1077.3 \n * Google Chrome 19.0.1078.0 \n * Google Chrome 19.0.1079.0 \n * Google Chrome 19.0.1080.0 \n * Google Chrome 19.0.1081.0 \n * Google Chrome 19.0.1081.2 \n * Google Chrome 19.0.1082.0 \n * Google Chrome 19.0.1082.1 \n * Google Chrome 19.0.1083.0 \n * Google Chrome 19.0.1084.0 \n * Google Chrome 19.0.1084.1 \n * Google Chrome 19.0.1084.10 \n * Google Chrome 19.0.1084.11 \n * Google Chrome 19.0.1084.12 \n * Google Chrome 19.0.1084.13 \n * Google Chrome 19.0.1084.14 \n * Google Chrome 19.0.1084.15 \n * Google Chrome 19.0.1084.16 \n * Google Chrome 19.0.1084.17 \n * Google Chrome 19.0.1084.18 \n * Google Chrome 19.0.1084.19 \n * Google Chrome 19.0.1084.2 \n * Google Chrome 19.0.1084.20 \n * Google Chrome 19.0.1084.21 \n * Google Chrome 19.0.1084.22 \n * Google Chrome 19.0.1084.23 \n * Google Chrome 19.0.1084.24 \n * Google Chrome 19.0.1084.25 \n * Google Chrome 19.0.1084.26 \n * Google Chrome 19.0.1084.27 \n * Google Chrome 19.0.1084.28 \n * Google Chrome 19.0.1084.29 \n * Google Chrome 19.0.1084.3 \n * Google Chrome 19.0.1084.30 \n * Google Chrome 19.0.1084.31 \n * Google Chrome 19.0.1084.32 \n * Google Chrome 19.0.1084.33 \n * Google Chrome 19.0.1084.35 \n * Google Chrome 19.0.1084.36 \n * Google Chrome 19.0.1084.37 \n * Google Chrome 19.0.1084.38 \n * Google Chrome 19.0.1084.39 \n * Google Chrome 19.0.1084.4 \n * Google Chrome 19.0.1084.40 \n * Google Chrome 19.0.1084.41 \n * Google Chrome 19.0.1084.42 \n * Google Chrome 19.0.1084.43 \n * Google Chrome 19.0.1084.44 \n * Google Chrome 19.0.1084.45 \n * Google Chrome 19.0.1084.46 \n * Google Chrome 19.0.1084.47 \n * Google Chrome 19.0.1084.48 \n * Google Chrome 19.0.1084.5 \n * Google Chrome 19.0.1084.50 \n * Google Chrome 19.0.1084.51 \n * Google Chrome 19.0.1084.52 \n * Google Chrome 19.0.1084.6 \n * Google Chrome 19.0.1084.7 \n * Google Chrome 19.0.1084.8 \n * Google Chrome 19.0.1084.9 \n * Google Chrome 19.0.1085.0 \n * Google Chrome 2.0.156.1 \n * Google Chrome 2.0.157.0 \n * Google Chrome 2.0.157.2 \n * Google Chrome 2.0.158.0 \n * Google Chrome 2.0.159.0 \n * Google Chrome 2.0.169.0 \n * Google Chrome 2.0.169.1 \n * Google Chrome 2.0.170.0 \n * Google Chrome 2.0.172 \n * Google Chrome 2.0.172.2 \n * Google Chrome 2.0.172.27 \n * Google Chrome 2.0.172.28 \n * Google Chrome 2.0.172.30 \n * Google Chrome 2.0.172.31 \n * Google Chrome 2.0.172.33 \n * Google Chrome 2.0.172.37 \n * Google Chrome 2.0.172.38 \n * Google Chrome 2.0.172.43 \n * Google Chrome 2.0.172.8 \n * Google Chrome 20 \n * Google Chrome 20.0.1132.0 \n * Google Chrome 20.0.1132.1 \n * Google Chrome 20.0.1132.10 \n * Google Chrome 20.0.1132.11 \n * Google Chrome 20.0.1132.12 \n * Google Chrome 20.0.1132.13 \n * Google Chrome 20.0.1132.14 \n * Google Chrome 20.0.1132.15 \n * Google Chrome 20.0.1132.16 \n * Google Chrome 20.0.1132.17 \n * Google Chrome 20.0.1132.18 \n * Google Chrome 20.0.1132.19 \n * Google Chrome 20.0.1132.2 \n * Google Chrome 20.0.1132.20 \n * Google Chrome 20.0.1132.21 \n * Google Chrome 20.0.1132.22 \n * Google Chrome 20.0.1132.23 \n * Google Chrome 20.0.1132.24 \n * Google Chrome 20.0.1132.25 \n * Google Chrome 20.0.1132.26 \n * Google Chrome 20.0.1132.27 \n * Google Chrome 20.0.1132.28 \n * Google Chrome 20.0.1132.29 \n * Google Chrome 20.0.1132.3 \n * Google Chrome 20.0.1132.30 \n * Google Chrome 20.0.1132.31 \n * Google Chrome 20.0.1132.32 \n * Google Chrome 20.0.1132.33 \n * Google Chrome 20.0.1132.34 \n * Google Chrome 20.0.1132.35 \n * Google Chrome 20.0.1132.36 \n * Google Chrome 20.0.1132.37 \n * Google Chrome 20.0.1132.38 \n * Google Chrome 20.0.1132.39 \n * Google Chrome 20.0.1132.4 \n * Google Chrome 20.0.1132.40 \n * Google Chrome 20.0.1132.41 \n * Google Chrome 20.0.1132.42 \n * Google Chrome 20.0.1132.43 \n * Google Chrome 20.0.1132.45 \n * Google Chrome 20.0.1132.46 \n * Google Chrome 20.0.1132.47 \n * Google Chrome 20.0.1132.5 \n * Google Chrome 20.0.1132.54 \n * Google Chrome 20.0.1132.55 \n * Google Chrome 20.0.1132.56 \n * Google Chrome 20.0.1132.57 \n * Google Chrome 20.0.1132.6 \n * Google Chrome 20.0.1132.7 \n * Google Chrome 20.0.1132.8 \n * Google Chrome 20.0.1132.9 \n * Google Chrome 21 \n * Google Chrome 21.0.1180.0 \n * Google Chrome 21.0.1180.1 \n * Google Chrome 21.0.1180.2 \n * Google Chrome 21.0.1180.31 \n * Google Chrome 21.0.1180.32 \n * Google Chrome 21.0.1180.33 \n * Google Chrome 21.0.1180.34 \n * Google Chrome 21.0.1180.35 \n * Google Chrome 21.0.1180.36 \n * Google Chrome 21.0.1180.37 \n * Google Chrome 21.0.1180.38 \n * Google Chrome 21.0.1180.39 \n * Google Chrome 21.0.1180.41 \n * Google Chrome 21.0.1180.46 \n * Google Chrome 21.0.1180.47 \n * Google Chrome 21.0.1180.48 \n * Google Chrome 21.0.1180.49 \n * Google Chrome 21.0.1180.50 \n * Google Chrome 21.0.1180.51 \n * Google Chrome 21.0.1180.52 \n * Google Chrome 21.0.1180.53 \n * Google Chrome 21.0.1180.54 \n * Google Chrome 21.0.1180.55 \n * Google Chrome 21.0.1180.56 \n * Google Chrome 21.0.1180.57 \n * Google Chrome 21.0.1180.59 \n * Google Chrome 21.0.1180.60 \n * Google Chrome 21.0.1180.61 \n * Google Chrome 21.0.1180.62 \n * Google Chrome 21.0.1180.63 \n * Google Chrome 21.0.1180.64 \n * Google Chrome 21.0.1180.68 \n * Google Chrome 21.0.1180.69 \n * Google Chrome 21.0.1180.70 \n * Google Chrome 21.0.1180.71 \n * Google Chrome 21.0.1180.72 \n * Google Chrome 21.0.1180.73 \n * Google Chrome 21.0.1180.74 \n * Google Chrome 21.0.1180.75 \n * Google Chrome 21.0.1180.76 \n * Google Chrome 21.0.1180.77 \n * Google Chrome 21.0.1180.78 \n * Google Chrome 21.0.1180.79 \n * Google Chrome 21.0.1180.80 \n * Google Chrome 21.0.1180.81 \n * Google Chrome 21.0.1180.82 \n * Google Chrome 21.0.1180.83 \n * Google Chrome 21.0.1180.84 \n * Google Chrome 21.0.1180.85 \n * Google Chrome 21.0.1180.86 \n * Google Chrome 21.0.1180.87 \n * Google Chrome 21.0.1180.88 \n * Google Chrome 21.0.1180.89 \n * Google Chrome 22 \n * Google Chrome 22.0.1229.0 \n * Google Chrome 22.0.1229.1 \n * Google Chrome 22.0.1229.10 \n * Google Chrome 22.0.1229.11 \n * Google Chrome 22.0.1229.12 \n * Google Chrome 22.0.1229.14 \n * Google Chrome 22.0.1229.16 \n * Google Chrome 22.0.1229.17 \n * Google Chrome 22.0.1229.18 \n * Google Chrome 22.0.1229.2 \n * Google Chrome 22.0.1229.20 \n * Google Chrome 22.0.1229.21 \n * Google Chrome 22.0.1229.22 \n * Google Chrome 22.0.1229.23 \n * Google Chrome 22.0.1229.24 \n * Google Chrome 22.0.1229.25 \n * Google Chrome 22.0.1229.26 \n * Google Chrome 22.0.1229.27 \n * Google Chrome 22.0.1229.28 \n * Google Chrome 22.0.1229.29 \n * Google Chrome 22.0.1229.3 \n * Google Chrome 22.0.1229.31 \n * Google Chrome 22.0.1229.32 \n * Google Chrome 22.0.1229.33 \n * Google Chrome 22.0.1229.35 \n * Google Chrome 22.0.1229.36 \n * Google Chrome 22.0.1229.37 \n * Google Chrome 22.0.1229.39 \n * Google Chrome 22.0.1229.4 \n * Google Chrome 22.0.1229.48 \n * Google Chrome 22.0.1229.49 \n * Google Chrome 22.0.1229.50 \n * Google Chrome 22.0.1229.51 \n * Google Chrome 22.0.1229.52 \n * Google Chrome 22.0.1229.53 \n * Google Chrome 22.0.1229.54 \n * Google Chrome 22.0.1229.55 \n * Google Chrome 22.0.1229.56 \n * Google Chrome 22.0.1229.57 \n * Google Chrome 22.0.1229.58 \n * Google Chrome 22.0.1229.59 \n * Google Chrome 22.0.1229.6 \n * Google Chrome 22.0.1229.60 \n * Google Chrome 22.0.1229.62 \n * Google Chrome 22.0.1229.63 \n * Google Chrome 22.0.1229.64 \n * Google Chrome 22.0.1229.65 \n * Google Chrome 22.0.1229.67 \n * Google Chrome 22.0.1229.7 \n * Google Chrome 22.0.1229.76 \n * Google Chrome 22.0.1229.78 \n * Google Chrome 22.0.1229.79 \n * Google Chrome 22.0.1229.8 \n * Google Chrome 22.0.1229.89 \n * Google Chrome 22.0.1229.9 \n * Google Chrome 22.0.1229.91 \n * Google Chrome 22.0.1229.92 \n * Google Chrome 22.0.1229.94 \n * Google Chrome 22.0.1229.95 \n * Google Chrome 22.0.1229.96 \n * Google Chrome 23.0.1271.0 \n * Google Chrome 23.0.1271.1 \n * Google Chrome 23.0.1271.10 \n * Google Chrome 23.0.1271.11 \n * Google Chrome 23.0.1271.12 \n * Google Chrome 23.0.1271.13 \n * Google Chrome 23.0.1271.14 \n * Google Chrome 23.0.1271.15 \n * Google Chrome 23.0.1271.16 \n * Google Chrome 23.0.1271.17 \n * Google Chrome 23.0.1271.18 \n * Google Chrome 23.0.1271.19 \n * Google Chrome 23.0.1271.2 \n * Google Chrome 23.0.1271.20 \n * Google Chrome 23.0.1271.21 \n * Google Chrome 23.0.1271.22 \n * Google Chrome 23.0.1271.23 \n * Google Chrome 23.0.1271.24 \n * Google Chrome 23.0.1271.26 \n * Google Chrome 23.0.1271.3 \n * Google Chrome 23.0.1271.30 \n * Google Chrome 23.0.1271.31 \n * Google Chrome 23.0.1271.32 \n * Google Chrome 23.0.1271.33 \n * Google Chrome 23.0.1271.35 \n * Google Chrome 23.0.1271.36 \n * Google Chrome 23.0.1271.37 \n * Google Chrome 23.0.1271.38 \n * Google Chrome 23.0.1271.39 \n * Google Chrome 23.0.1271.4 \n * Google Chrome 23.0.1271.40 \n * Google Chrome 23.0.1271.41 \n * Google Chrome 23.0.1271.44 \n * Google Chrome 23.0.1271.45 \n * Google Chrome 23.0.1271.46 \n * Google Chrome 23.0.1271.49 \n * Google Chrome 23.0.1271.5 \n * Google Chrome 23.0.1271.50 \n * Google Chrome 23.0.1271.51 \n * Google Chrome 23.0.1271.52 \n * Google Chrome 23.0.1271.53 \n * Google Chrome 23.0.1271.54 \n * Google Chrome 23.0.1271.55 \n * Google Chrome 23.0.1271.56 \n * Google Chrome 23.0.1271.57 \n * Google Chrome 23.0.1271.58 \n * Google Chrome 23.0.1271.59 \n * Google Chrome 23.0.1271.6 \n * Google Chrome 23.0.1271.60 \n * Google Chrome 23.0.1271.61 \n * Google Chrome 23.0.1271.62 \n * Google Chrome 23.0.1271.64 \n * Google Chrome 23.0.1271.7 \n * Google Chrome 23.0.1271.8 \n * Google Chrome 23.0.1271.83 \n * Google Chrome 23.0.1271.84 \n * Google Chrome 23.0.1271.85 \n * Google Chrome 23.0.1271.86 \n * Google Chrome 23.0.1271.87 \n * Google Chrome 23.0.1271.88 \n * Google Chrome 23.0.1271.89 \n * Google Chrome 23.0.1271.9 \n * Google Chrome 23.0.1271.91 \n * Google Chrome 23.0.1271.95 \n * Google Chrome 23.0.1271.96 \n * Google Chrome 23.0.1271.97 \n * Google Chrome 24.0.1272.0 \n * Google Chrome 24.0.1272.1 \n * Google Chrome 24.0.1273.0 \n * Google Chrome 24.0.1274.0 \n * Google Chrome 24.0.1275.0 \n * Google Chrome 24.0.1276.0 \n * Google Chrome 24.0.1276.1 \n * Google Chrome 24.0.1277.0 \n * Google Chrome 24.0.1278.0 \n * Google Chrome 24.0.1279.0 \n * Google Chrome 24.0.1280.0 \n * Google Chrome 24.0.1281.0 \n * Google Chrome 24.0.1281.1 \n * Google Chrome 24.0.1281.2 \n * Google Chrome 24.0.1281.3 \n * Google Chrome 24.0.1282.0 \n * Google Chrome 24.0.1283.0 \n * Google Chrome 24.0.1284.0 \n * Google Chrome 24.0.1284.1 \n * Google Chrome 24.0.1284.2 \n * Google Chrome 24.0.1285.0 \n * Google Chrome 24.0.1285.1 \n * Google Chrome 24.0.1285.2 \n * Google Chrome 24.0.1286.0 \n * Google Chrome 24.0.1286.1 \n * Google Chrome 24.0.1287.0 \n * Google Chrome 24.0.1287.1 \n * Google Chrome 24.0.1288.0 \n * Google Chrome 24.0.1288.1 \n * Google Chrome 24.0.1289.0 \n * Google Chrome 24.0.1289.1 \n * Google Chrome 24.0.1290.0 \n * Google Chrome 24.0.1291.0 \n * Google Chrome 24.0.1292.0 \n * Google Chrome 24.0.1293.0 \n * Google Chrome 24.0.1294.0 \n * Google Chrome 24.0.1295.0 \n * Google Chrome 24.0.1296.0 \n * Google Chrome 24.0.1297.0 \n * Google Chrome 24.0.1298.0 \n * Google Chrome 24.0.1299.0 \n * Google Chrome 24.0.1300.0 \n * Google Chrome 24.0.1301.0 \n * Google Chrome 24.0.1301.2 \n * Google Chrome 24.0.1302.0 \n * Google Chrome 24.0.1303.0 \n * Google Chrome 24.0.1304.0 \n * Google Chrome 24.0.1304.1 \n * Google Chrome 24.0.1305.0 \n * Google Chrome 24.0.1305.1 \n * Google Chrome 24.0.1305.2 \n * Google Chrome 24.0.1305.3 \n * Google Chrome 24.0.1305.4 \n * Google Chrome 24.0.1306.0 \n * Google Chrome 24.0.1306.1 \n * Google Chrome 24.0.1307.0 \n * Google Chrome 24.0.1307.1 \n * Google Chrome 24.0.1308.0 \n * Google Chrome 24.0.1309.0 \n * Google Chrome 24.0.1310.0 \n * Google Chrome 24.0.1311.0 \n * Google Chrome 24.0.1311.1 \n * Google Chrome 24.0.1312.0 \n * Google Chrome 24.0.1312.1 \n * Google Chrome 24.0.1312.10 \n * Google Chrome 24.0.1312.11 \n * Google Chrome 24.0.1312.12 \n * Google Chrome 24.0.1312.13 \n * Google Chrome 24.0.1312.14 \n * Google Chrome 24.0.1312.15 \n * Google Chrome 24.0.1312.16 \n * Google Chrome 24.0.1312.17 \n * Google Chrome 24.0.1312.18 \n * Google Chrome 24.0.1312.19 \n * Google Chrome 24.0.1312.20 \n * Google Chrome 24.0.1312.21 \n * Google Chrome 24.0.1312.22 \n * Google Chrome 24.0.1312.23 \n * Google Chrome 24.0.1312.24 \n * Google Chrome 24.0.1312.25 \n * Google Chrome 24.0.1312.26 \n * Google Chrome 24.0.1312.27 \n * Google Chrome 24.0.1312.28 \n * Google Chrome 24.0.1312.29 \n * Google Chrome 24.0.1312.30 \n * Google Chrome 24.0.1312.31 \n * Google Chrome 24.0.1312.32 \n * Google Chrome 24.0.1312.33 \n * Google Chrome 24.0.1312.34 \n * Google Chrome 24.0.1312.35 \n * Google Chrome 24.0.1312.36 \n * Google Chrome 24.0.1312.37 \n * Google Chrome 24.0.1312.38 \n * Google Chrome 24.0.1312.39 \n * Google Chrome 24.0.1312.4 \n * Google Chrome 24.0.1312.40 \n * Google Chrome 24.0.1312.41 \n * Google Chrome 24.0.1312.42 \n * Google Chrome 24.0.1312.43 \n * Google Chrome 24.0.1312.44 \n * Google Chrome 24.0.1312.45 \n * Google Chrome 24.0.1312.46 \n * Google Chrome 24.0.1312.47 \n * Google Chrome 24.0.1312.48 \n * Google Chrome 24.0.1312.49 \n * Google Chrome 24.0.1312.5 \n * Google Chrome 24.0.1312.50 \n * Google Chrome 24.0.1312.51 \n * Google Chrome 24.0.1312.52 \n * Google Chrome 24.0.1312.53 \n * Google Chrome 24.0.1312.54 \n * Google Chrome 24.0.1312.55 \n * Google Chrome 24.0.1312.56 \n * Google Chrome 24.0.1312.57 \n * Google Chrome 24.0.1312.6 \n * Google Chrome 24.0.1312.7 \n * Google Chrome 24.0.1312.70 \n * Google Chrome 24.0.1312.8 \n * Google Chrome 24.0.1312.9 \n * Google Chrome 25 \n * Google Chrome 25.0.1364.0 \n * Google Chrome 25.0.1364.1 \n * Google Chrome 25.0.1364.10 \n * Google Chrome 25.0.1364.108 \n * Google Chrome 25.0.1364.11 \n * Google Chrome 25.0.1364.110 \n * Google Chrome 25.0.1364.112 \n * Google Chrome 25.0.1364.113 \n * Google Chrome 25.0.1364.114 \n * Google Chrome 25.0.1364.115 \n * Google Chrome 25.0.1364.116 \n * Google Chrome 25.0.1364.117 \n * Google Chrome 25.0.1364.118 \n * Google Chrome 25.0.1364.119 \n * Google Chrome 25.0.1364.12 \n * Google Chrome 25.0.1364.120 \n * Google Chrome 25.0.1364.121 \n * Google Chrome 25.0.1364.122 \n * Google Chrome 25.0.1364.123 \n * Google Chrome 25.0.1364.124 \n * Google Chrome 25.0.1364.125 \n * Google Chrome 25.0.1364.126 \n * Google Chrome 25.0.1364.13 \n * Google Chrome 25.0.1364.14 \n * Google Chrome 25.0.1364.15 \n * Google Chrome 25.0.1364.152 \n * Google Chrome 25.0.1364.16 \n * Google Chrome 25.0.1364.160 \n * Google Chrome 25.0.1364.17 \n * Google Chrome 25.0.1364.172 \n * Google Chrome 25.0.1364.18 \n * Google Chrome 25.0.1364.19 \n * Google Chrome 25.0.1364.2 \n * Google Chrome 25.0.1364.20 \n * Google Chrome 25.0.1364.21 \n * Google Chrome 25.0.1364.22 \n * Google Chrome 25.0.1364.23 \n * Google Chrome 25.0.1364.24 \n * Google Chrome 25.0.1364.25 \n * Google Chrome 25.0.1364.26 \n * Google Chrome 25.0.1364.27 \n * Google Chrome 25.0.1364.28 \n * Google Chrome 25.0.1364.29 \n * Google Chrome 25.0.1364.3 \n * Google Chrome 25.0.1364.30 \n * Google Chrome 25.0.1364.31 \n * Google Chrome 25.0.1364.32 \n * Google Chrome 25.0.1364.33 \n * Google Chrome 25.0.1364.34 \n * Google Chrome 25.0.1364.35 \n * Google Chrome 25.0.1364.36 \n * Google Chrome 25.0.1364.37 \n * Google Chrome 25.0.1364.38 \n * Google Chrome 25.0.1364.39 \n * Google Chrome 25.0.1364.40 \n * Google Chrome 25.0.1364.41 \n * Google Chrome 25.0.1364.42 \n * Google Chrome 25.0.1364.43 \n * Google Chrome 25.0.1364.44 \n * Google Chrome 25.0.1364.45 \n * Google Chrome 25.0.1364.46 \n * Google Chrome 25.0.1364.47 \n * Google Chrome 25.0.1364.48 \n * Google Chrome 25.0.1364.49 \n * Google Chrome 25.0.1364.5 \n * Google Chrome 25.0.1364.50 \n * Google Chrome 25.0.1364.51 \n * Google Chrome 25.0.1364.52 \n * Google Chrome 25.0.1364.53 \n * Google Chrome 25.0.1364.54 \n * Google Chrome 25.0.1364.55 \n * Google Chrome 25.0.1364.56 \n * Google Chrome 25.0.1364.57 \n * Google Chrome 25.0.1364.58 \n * Google Chrome 25.0.1364.61 \n * Google Chrome 25.0.1364.62 \n * Google Chrome 25.0.1364.63 \n * Google Chrome 25.0.1364.65 \n * Google Chrome 25.0.1364.66 \n * Google Chrome 25.0.1364.67 \n * Google Chrome 25.0.1364.68 \n * Google Chrome 25.0.1364.7 \n * Google Chrome 25.0.1364.70 \n * Google Chrome 25.0.1364.72 \n * Google Chrome 25.0.1364.73 \n * Google Chrome 25.0.1364.74 \n * Google Chrome 25.0.1364.75 \n * Google Chrome 25.0.1364.76 \n * Google Chrome 25.0.1364.77 \n * Google Chrome 25.0.1364.78 \n * Google Chrome 25.0.1364.79 \n * Google Chrome 25.0.1364.8 \n * Google Chrome 25.0.1364.80 \n * Google Chrome 25.0.1364.81 \n * Google Chrome 25.0.1364.82 \n * Google Chrome 25.0.1364.84 \n * Google Chrome 25.0.1364.85 \n * Google Chrome 25.0.1364.86 \n * Google Chrome 25.0.1364.87 \n * Google Chrome 25.0.1364.88 \n * Google Chrome 25.0.1364.89 \n * Google Chrome 25.0.1364.9 \n * Google Chrome 25.0.1364.90 \n * Google Chrome 25.0.1364.91 \n * Google Chrome 25.0.1364.92 \n * Google Chrome 25.0.1364.93 \n * Google Chrome 25.0.1364.95 \n * Google Chrome 25.0.1364.97 \n * Google Chrome 25.0.1364.98 \n * Google Chrome 25.0.1364.99 \n * Google Chrome 26.0.1410.28 \n * Google Chrome 26.0.1410.43 \n * Google Chrome 26.0.1410.46 \n * Google Chrome 26.0.1410.53 \n * Google Chrome 26.0.1410.63 \n * Google Chrome 26.0.1410.64 \n * Google Chrome 27.0.1444.0 \n * Google Chrome 27.0.1444.3 \n * Google Chrome 27.0.1453.0 \n * Google Chrome 27.0.1453.1 \n * Google Chrome 27.0.1453.10 \n * Google Chrome 27.0.1453.102 \n * Google Chrome 27.0.1453.103 \n * Google Chrome 27.0.1453.104 \n * Google Chrome 27.0.1453.105 \n * Google Chrome 27.0.1453.106 \n * Google Chrome 27.0.1453.107 \n * Google Chrome 27.0.1453.108 \n * Google Chrome 27.0.1453.109 \n * Google Chrome 27.0.1453.11 \n * Google Chrome 27.0.1453.110 \n * Google Chrome 27.0.1453.111 \n * Google Chrome 27.0.1453.112 \n * Google Chrome 27.0.1453.113 \n * Google Chrome 27.0.1453.114 \n * Google Chrome 27.0.1453.115 \n * Google Chrome 27.0.1453.116 \n * Google Chrome 27.0.1453.12 \n * Google Chrome 27.0.1453.13 \n * Google Chrome 27.0.1453.15 \n * Google Chrome 27.0.1453.2 \n * Google Chrome 27.0.1453.3 \n * Google Chrome 27.0.1453.34 \n * Google Chrome 27.0.1453.35 \n * Google Chrome 27.0.1453.36 \n * Google Chrome 27.0.1453.37 \n * Google Chrome 27.0.1453.38 \n * Google Chrome 27.0.1453.39 \n * Google Chrome 27.0.1453.4 \n * Google Chrome 27.0.1453.40 \n * Google Chrome 27.0.1453.41 \n * Google Chrome 27.0.1453.42 \n * Google Chrome 27.0.1453.43 \n * Google Chrome 27.0.1453.44 \n * Google Chrome 27.0.1453.45 \n * Google Chrome 27.0.1453.46 \n * Google Chrome 27.0.1453.47 \n * Google Chrome 27.0.1453.49 \n * Google Chrome 27.0.1453.5 \n * Google Chrome 27.0.1453.50 \n * Google Chrome 27.0.1453.51 \n * Google Chrome 27.0.1453.52 \n * Google Chrome 27.0.1453.54 \n * Google Chrome 27.0.1453.55 \n * Google Chrome 27.0.1453.56 \n * Google Chrome 27.0.1453.57 \n * Google Chrome 27.0.1453.58 \n * Google Chrome 27.0.1453.59 \n * Google Chrome 27.0.1453.6 \n * Google Chrome 27.0.1453.60 \n * Google Chrome 27.0.1453.61 \n * Google Chrome 27.0.1453.62 \n * Google Chrome 27.0.1453.63 \n * Google Chrome 27.0.1453.64 \n * Google Chrome 27.0.1453.65 \n * Google Chrome 27.0.1453.66 \n * Google Chrome 27.0.1453.67 \n * Google Chrome 27.0.1453.68 \n * Google Chrome 27.0.1453.69 \n * Google Chrome 27.0.1453.7 \n * Google Chrome 27.0.1453.70 \n * Google Chrome 27.0.1453.71 \n * Google Chrome 27.0.1453.72 \n * Google Chrome 27.0.1453.73 \n * Google Chrome 27.0.1453.74 \n * Google Chrome 27.0.1453.75 \n * Google Chrome 27.0.1453.76 \n * Google Chrome 27.0.1453.77 \n * Google Chrome 27.0.1453.78 \n * Google Chrome 27.0.1453.79 \n * Google Chrome 27.0.1453.8 \n * Google Chrome 27.0.1453.80 \n * Google Chrome 27.0.1453.81 \n * Google Chrome 27.0.1453.82 \n * Google Chrome 27.0.1453.83 \n * Google Chrome 27.0.1453.84 \n * Google Chrome 27.0.1453.85 \n * Google Chrome 27.0.1453.86 \n * Google Chrome 27.0.1453.87 \n * Google Chrome 27.0.1453.88 \n * Google Chrome 27.0.1453.89 \n * Google Chrome 27.0.1453.9 \n * Google Chrome 27.0.1453.90 \n * Google Chrome 27.0.1453.91 \n * Google Chrome 27.0.1453.93 \n * Google Chrome 27.0.1453.94 \n * Google Chrome 28.0.1498.0 \n * Google Chrome 28.0.1500.0 \n * Google Chrome 28.0.1500.10 \n * Google Chrome 28.0.1500.11 \n * Google Chrome 28.0.1500.12 \n * Google Chrome 28.0.1500.13 \n * Google Chrome 28.0.1500.14 \n * Google Chrome 28.0.1500.15 \n * Google Chrome 28.0.1500.16 \n * Google Chrome 28.0.1500.17 \n * Google Chrome 28.0.1500.18 \n * Google Chrome 28.0.1500.19 \n * Google Chrome 28.0.1500.2 \n * Google Chrome 28.0.1500.20 \n * Google Chrome 28.0.1500.21 \n * Google Chrome 28.0.1500.22 \n * Google Chrome 28.0.1500.23 \n * Google Chrome 28.0.1500.24 \n * Google Chrome 28.0.1500.25 \n * Google Chrome 28.0.1500.26 \n * Google Chrome 28.0.1500.27 \n * Google Chrome 28.0.1500.28 \n * Google Chrome 28.0.1500.29 \n * Google Chrome 28.0.1500.3 \n * Google Chrome 28.0.1500.31 \n * Google Chrome 28.0.1500.32 \n * Google Chrome 28.0.1500.33 \n * Google Chrome 28.0.1500.34 \n * Google Chrome 28.0.1500.35 \n * Google Chrome 28.0.1500.36 \n * Google Chrome 28.0.1500.37 \n * Google Chrome 28.0.1500.38 \n * Google Chrome 28.0.1500.39 \n * Google Chrome 28.0.1500.4 \n * Google Chrome 28.0.1500.40 \n * Google Chrome 28.0.1500.41 \n * Google Chrome 28.0.1500.42 \n * Google Chrome 28.0.1500.43 \n * Google Chrome 28.0.1500.44 \n * Google Chrome 28.0.1500.45 \n * Google Chrome 28.0.1500.46 \n * Google Chrome 28.0.1500.47 \n * Google Chrome 28.0.1500.48 \n * Google Chrome 28.0.1500.49 \n * Google Chrome 28.0.1500.5 \n * Google Chrome 28.0.1500.50 \n * Google Chrome 28.0.1500.51 \n * Google Chrome 28.0.1500.52 \n * Google Chrome 28.0.1500.53 \n * Google Chrome 28.0.1500.54 \n * Google Chrome 28.0.1500.56 \n * Google Chrome 28.0.1500.58 \n * Google Chrome 28.0.1500.59 \n * Google Chrome 28.0.1500.6 \n * Google Chrome 28.0.1500.60 \n * Google Chrome 28.0.1500.61 \n * Google Chrome 28.0.1500.62 \n * Google Chrome 28.0.1500.63 \n * Google Chrome 28.0.1500.64 \n * Google Chrome 28.0.1500.66 \n * Google Chrome 28.0.1500.68 \n * Google Chrome 28.0.1500.70 \n * Google Chrome 28.0.1500.71 \n * Google Chrome 28.0.1500.72 \n * Google Chrome 28.0.1500.8 \n * Google Chrome 28.0.1500.89 \n * Google Chrome 28.0.1500.9 \n * Google Chrome 28.0.1500.91 \n * Google Chrome 28.0.1500.93 \n * Google Chrome 28.0.1500.94 \n * Google Chrome 28.0.1500.95 \n * Google Chrome 29.0.1547.0 \n * Google Chrome 29.0.1547.10 \n * Google Chrome 29.0.1547.12 \n * Google Chrome 29.0.1547.14 \n * Google Chrome 29.0.1547.16 \n * Google Chrome 29.0.1547.18 \n * Google Chrome 29.0.1547.2 \n * Google Chrome 29.0.1547.21 \n * Google Chrome 29.0.1547.23 \n * Google Chrome 29.0.1547.28 \n * Google Chrome 29.0.1547.3 \n * Google Chrome 29.0.1547.31 \n * Google Chrome 29.0.1547.33 \n * Google Chrome 29.0.1547.35 \n * Google Chrome 29.0.1547.37 \n * Google Chrome 29.0.1547.39 \n * Google Chrome 29.0.1547.40 \n * Google Chrome 29.0.1547.42 \n * Google Chrome 29.0.1547.46 \n * Google Chrome 29.0.1547.48 \n * Google Chrome 29.0.1547.5 \n * Google Chrome 29.0.1547.51 \n * Google Chrome 29.0.1547.53 \n * Google Chrome 29.0.1547.55 \n * Google Chrome 29.0.1547.57 \n * Google Chrome 29.0.1547.7 \n * Google Chrome 29.0.1547.76 \n * Google Chrome 29.0.1547.9 \n * Google Chrome 3 \n * Google Chrome 3.0 Beta \n * Google Chrome 3.0.182.2 \n * Google Chrome 3.0.190.2 \n * Google Chrome 3.0.193.2 Beta \n * Google Chrome 3.0.195.2 \n * Google Chrome 3.0.195.21 \n * Google Chrome 3.0.195.24 \n * Google Chrome 3.0.195.25 \n * Google Chrome 3.0.195.27 \n * Google Chrome 3.0.195.32 \n * Google Chrome 3.0.195.33 \n * Google Chrome 3.0.195.36 \n * Google Chrome 3.0.195.37 \n * Google Chrome 3.0.195.38 \n * Google Chrome 30.0.1599.0 \n * Google Chrome 30.0.1599.10 \n * Google Chrome 30.0.1599.100 \n * Google Chrome 30.0.1599.101 \n * Google Chrome 30.0.1599.12 \n * Google Chrome 30.0.1599.14 \n * Google Chrome 30.0.1599.16 \n * Google Chrome 30.0.1599.18 \n * Google Chrome 30.0.1599.2 \n * Google Chrome 30.0.1599.21 \n * Google Chrome 30.0.1599.23 \n * Google Chrome 30.0.1599.25 \n * Google Chrome 30.0.1599.27 \n * Google Chrome 30.0.1599.29 \n * Google Chrome 30.0.1599.31 \n * Google Chrome 30.0.1599.33 \n * Google Chrome 30.0.1599.35 \n * Google Chrome 30.0.1599.37 \n * Google Chrome 30.0.1599.39 \n * Google Chrome 30.0.1599.40 \n * Google Chrome 30.0.1599.42 \n * Google Chrome 30.0.1599.44 \n * Google Chrome 30.0.1599.48 \n * Google Chrome 30.0.1599.5 \n * Google Chrome 30.0.1599.51 \n * Google Chrome 30.0.1599.53 \n * Google Chrome 30.0.1599.57 \n * Google Chrome 30.0.1599.59 \n * Google Chrome 30.0.1599.60 \n * Google Chrome 30.0.1599.64 \n * Google Chrome 30.0.1599.66 \n * Google Chrome 30.0.1599.67 \n * Google Chrome 30.0.1599.68 \n * Google Chrome 30.0.1599.69 \n * Google Chrome 30.0.1599.7 \n * Google Chrome 30.0.1599.79 \n * Google Chrome 30.0.1599.80 \n * Google Chrome 30.0.1599.81 \n * Google Chrome 30.0.1599.82 \n * Google Chrome 30.0.1599.84 \n * Google Chrome 30.0.1599.85 \n * Google Chrome 30.0.1599.86 \n * Google Chrome 30.0.1599.87 \n * Google Chrome 30.0.1599.88 \n * Google Chrome 30.0.1599.9 \n * Google Chrome 30.0.1599.90 \n * Google Chrome 31.0.1650.0 \n * Google Chrome 31.0.1650.10 \n * Google Chrome 31.0.1650.11 \n * Google Chrome 31.0.1650.12 \n * Google Chrome 31.0.1650.13 \n * Google Chrome 31.0.1650.14 \n * Google Chrome 31.0.1650.15 \n * Google Chrome 31.0.1650.16 \n * Google Chrome 31.0.1650.17 \n * Google Chrome 31.0.1650.18 \n * Google Chrome 31.0.1650.19 \n * Google Chrome 31.0.1650.2 \n * Google Chrome 31.0.1650.20 \n * Google Chrome 31.0.1650.22 \n * Google Chrome 31.0.1650.23 \n * Google Chrome 31.0.1650.25 \n * Google Chrome 31.0.1650.26 \n * Google Chrome 31.0.1650.27 \n * Google Chrome 31.0.1650.28 \n * Google Chrome 31.0.1650.29 \n * Google Chrome 31.0.1650.3 \n * Google Chrome 31.0.1650.30 \n * Google Chrome 31.0.1650.31 \n * Google Chrome 31.0.1650.32 \n * Google Chrome 31.0.1650.33 \n * Google Chrome 31.0.1650.34 \n * Google Chrome 31.0.1650.35 \n * Google Chrome 31.0.1650.36 \n * Google Chrome 31.0.1650.37 \n * Google Chrome 31.0.1650.38 \n * Google Chrome 31.0.1650.39 \n * Google Chrome 31.0.1650.4 \n * Google Chrome 31.0.1650.41 \n * Google Chrome 31.0.1650.42 \n * Google Chrome 31.0.1650.43 \n * Google Chrome 31.0.1650.44 \n * Google Chrome 31.0.1650.45 \n * Google Chrome 31.0.1650.46 \n * Google Chrome 31.0.1650.47 \n * Google Chrome 31.0.1650.48 \n * Google Chrome 31.0.1650.49 \n * Google Chrome 31.0.1650.5 \n * Google Chrome 31.0.1650.50 \n * Google Chrome 31.0.1650.52 \n * Google Chrome 31.0.1650.54 \n * Google Chrome 31.0.1650.57 \n * Google Chrome 31.0.1650.58 \n * Google Chrome 31.0.1650.6 \n * Google Chrome 31.0.1650.60 \n * Google Chrome 31.0.1650.61 \n * Google Chrome 31.0.1650.62 \n * Google Chrome 31.0.1650.63 \n * Google Chrome 31.0.1650.7 \n * Google Chrome 31.0.1650.8 \n * Google Chrome 31.0.1650.9 \n * Google Chrome 32.0.1651.2 \n * Google Chrome 32.0.1652.1 \n * Google Chrome 32.0.1653.1 \n * Google Chrome 32.0.1654.0 \n * Google Chrome 32.0.1654.3 \n * Google Chrome 32.0.1655.1 \n * Google Chrome 32.0.1656.1 \n * Google Chrome 32.0.1657.0 \n * Google Chrome 32.0.1658.0 \n * Google Chrome 32.0.1658.2 \n * Google Chrome 32.0.1659.1 \n * Google Chrome 32.0.1659.3 \n * Google Chrome 32.0.1660.1 \n * Google Chrome 32.0.1661.0 \n * Google Chrome 32.0.1662.0 \n * Google Chrome 32.0.1662.2 \n * Google Chrome 32.0.1663.1 \n * Google Chrome 32.0.1663.3 \n * Google Chrome 32.0.1664.1 \n * Google Chrome 32.0.1664.3 \n * Google Chrome 32.0.1666.0 \n * Google Chrome 32.0.1667.0 \n * Google Chrome 32.0.1668.0 \n * Google Chrome 32.0.1668.2 \n * Google Chrome 32.0.1668.4 \n * Google Chrome 32.0.1668.6 \n * Google Chrome 32.0.1669.1 \n * Google Chrome 32.0.1669.3 \n * Google Chrome 32.0.1670.1 \n * Google Chrome 32.0.1670.3 \n * Google Chrome 32.0.1670.5 \n * Google Chrome 32.0.1671.2 \n * Google Chrome 32.0.1671.4 \n * Google Chrome 32.0.1671.8 \n * Google Chrome 32.0.1672.2 \n * Google Chrome 32.0.1673.2 \n * Google Chrome 32.0.1673.4 \n * Google Chrome 32.0.1674.1 \n * Google Chrome 32.0.1675.0 \n * Google Chrome 32.0.1675.2 \n * Google Chrome 32.0.1676.0 \n * Google Chrome 32.0.1676.2 \n * Google Chrome 32.0.1677.1 \n * Google Chrome 32.0.1678.1 \n * Google Chrome 32.0.1679.0 \n * Google Chrome 32.0.1680.0 \n * Google Chrome 32.0.1681.0 \n * Google Chrome 32.0.1681.3 \n * Google Chrome 32.0.1682.3 \n * Google Chrome 32.0.1682.5 \n * Google Chrome 32.0.1683.1 \n * Google Chrome 32.0.1684.0 \n * Google Chrome 32.0.1684.2 \n * Google Chrome 32.0.1685.0 \n * Google Chrome 32.0.1685.2 \n * Google Chrome 32.0.1686.0 \n * Google Chrome 32.0.1687.0 \n * Google Chrome 32.0.1688.0 \n * Google Chrome 32.0.1689.0 \n * Google Chrome 32.0.1689.2 \n * Google Chrome 32.0.1690.0 \n * Google Chrome 32.0.1700.0 \n * Google Chrome 32.0.1700.100 \n * Google Chrome 32.0.1700.102 \n * Google Chrome 32.0.1700.103 \n * Google Chrome 32.0.1700.107 \n * Google Chrome 32.0.1700.11 \n * Google Chrome 32.0.1700.13 \n * Google Chrome 32.0.1700.15 \n * Google Chrome 32.0.1700.17 \n * Google Chrome 32.0.1700.19 \n * Google Chrome 32.0.1700.21 \n * Google Chrome 32.0.1700.23 \n * Google Chrome 32.0.1700.26 \n * Google Chrome 32.0.1700.28 \n * Google Chrome 32.0.1700.3 \n * Google Chrome 32.0.1700.31 \n * Google Chrome 32.0.1700.33 \n * Google Chrome 32.0.1700.35 \n * Google Chrome 32.0.1700.39 \n * Google Chrome 32.0.1700.41 \n * Google Chrome 32.0.1700.50 \n * Google Chrome 32.0.1700.52 \n * Google Chrome 32.0.1700.54 \n * Google Chrome 32.0.1700.56 \n * Google Chrome 32.0.1700.58 \n * Google Chrome 32.0.1700.6 \n * Google Chrome 32.0.1700.63 \n * Google Chrome 32.0.1700.65 \n * Google Chrome 32.0.1700.67 \n * Google Chrome 32.0.1700.69 \n * Google Chrome 32.0.1700.70 \n * Google Chrome 32.0.1700.74 \n * Google Chrome 32.0.1700.76 \n * Google Chrome 32.0.1700.77 \n * Google Chrome 32.0.1700.9 \n * Google Chrome 32.0.1700.95 \n * Google Chrome 32.0.1700.97 \n * Google Chrome 32.0.1700.98 \n * Google Chrome 33.0.1750.0 \n * Google Chrome 33.0.1750.10 \n * Google Chrome 33.0.1750.106 \n * Google Chrome 33.0.1750.108 \n * Google Chrome 33.0.1750.11 \n * Google Chrome 33.0.1750.111 \n * Google Chrome 33.0.1750.113 \n * Google Chrome 33.0.1750.116 \n * Google Chrome 33.0.1750.117 \n * Google Chrome 33.0.1750.124 \n * Google Chrome 33.0.1750.125 \n * Google Chrome 33.0.1750.13 \n * Google Chrome 33.0.1750.132 \n * Google Chrome 33.0.1750.135 \n * Google Chrome 33.0.1750.14 \n * Google Chrome 33.0.1750.144 \n * Google Chrome 33.0.1750.146 \n * Google Chrome 33.0.1750.149 \n * Google Chrome 33.0.1750.151 \n * Google Chrome 33.0.1750.152 \n * Google Chrome 33.0.1750.154 \n * Google Chrome 33.0.1750.16 \n * Google Chrome 33.0.1750.166 \n * Google Chrome 33.0.1750.168 \n * Google Chrome 33.0.1750.19 \n * Google Chrome 33.0.1750.20 \n * Google Chrome 33.0.1750.22 \n * Google Chrome 33.0.1750.24 \n * Google Chrome 33.0.1750.26 \n * Google Chrome 33.0.1750.28 \n * Google Chrome 33.0.1750.3 \n * Google Chrome 33.0.1750.31 \n * Google Chrome 33.0.1750.35 \n * Google Chrome 33.0.1750.37 \n * Google Chrome 33.0.1750.39 \n * Google Chrome 33.0.1750.40 \n * Google Chrome 33.0.1750.42 \n * Google Chrome 33.0.1750.44 \n * Google Chrome 33.0.1750.46 \n * Google Chrome 33.0.1750.48 \n * Google Chrome 33.0.1750.5 \n * Google Chrome 33.0.1750.51 \n * Google Chrome 33.0.1750.53 \n * Google Chrome 33.0.1750.55 \n * Google Chrome 33.0.1750.57 \n * Google Chrome 33.0.1750.59 \n * Google Chrome 33.0.1750.60 \n * Google Chrome 33.0.1750.62 \n * Google Chrome 33.0.1750.64 \n * Google Chrome 33.0.1750.66 \n * Google Chrome 33.0.1750.68 \n * Google Chrome 33.0.1750.7 \n * Google Chrome 33.0.1750.71 \n * Google Chrome 33.0.1750.74 \n * Google Chrome 33.0.1750.76 \n * Google Chrome 33.0.1750.79 \n * Google Chrome 33.0.1750.80 \n * Google Chrome 33.0.1750.82 \n * Google Chrome 33.0.1750.85 \n * Google Chrome 33.0.1750.89 \n * Google Chrome 33.0.1750.90 \n * Google Chrome 33.0.1750.92 \n * Google Chrome 34.0.1847.0 \n * Google Chrome 34.0.1847.10 \n * Google Chrome 34.0.1847.101 \n * Google Chrome 34.0.1847.103 \n * Google Chrome 34.0.1847.109 \n * Google Chrome 34.0.1847.112 \n * Google Chrome 34.0.1847.114 \n * Google Chrome 34.0.1847.116 \n * Google Chrome 34.0.1847.118 \n * Google Chrome 34.0.1847.120 \n * Google Chrome 34.0.1847.130 \n * Google Chrome 34.0.1847.131 \n * Google Chrome 34.0.1847.132 \n * Google Chrome 34.0.1847.134 \n * Google Chrome 34.0.1847.136 \n * Google Chrome 34.0.1847.137 \n * Google Chrome 34.0.1847.15 \n * Google Chrome 34.0.1847.23 \n * Google Chrome 34.0.1847.25 \n * Google Chrome 34.0.1847.36 \n * Google Chrome 34.0.1847.38 \n * Google Chrome 34.0.1847.4 \n * Google Chrome 34.0.1847.42 \n * Google Chrome 34.0.1847.44 \n * Google Chrome 34.0.1847.46 \n * Google Chrome 34.0.1847.48 \n * Google Chrome 34.0.1847.5 \n * Google Chrome 34.0.1847.51 \n * Google Chrome 34.0.1847.53 \n * Google Chrome 34.0.1847.55 \n * Google Chrome 34.0.1847.57 \n * Google Chrome 34.0.1847.59 \n * Google Chrome 34.0.1847.60 \n * Google Chrome 34.0.1847.62 \n * Google Chrome 34.0.1847.64 \n * Google Chrome 34.0.1847.66 \n * Google Chrome 34.0.1847.68 \n * Google Chrome 34.0.1847.7 \n * Google Chrome 34.0.1847.72 \n * Google Chrome 34.0.1847.74 \n * Google Chrome 34.0.1847.76 \n * Google Chrome 34.0.1847.78 \n * Google Chrome 34.0.1847.8 \n * Google Chrome 34.0.1847.81 \n * Google Chrome 34.0.1847.83 \n * Google Chrome 34.0.1847.86 \n * Google Chrome 34.0.1847.9 \n * Google Chrome 34.0.1847.92 \n * Google Chrome 34.0.1847.97 \n * Google Chrome 34.0.1847.99 \n * Google Chrome 35.0.1916.0 \n * Google Chrome 35.0.1916.10 \n * Google Chrome 35.0.1916.103 \n * Google Chrome 35.0.1916.105 \n * Google Chrome 35.0.1916.107 \n * Google Chrome 35.0.1916.109 \n * Google Chrome 35.0.1916.110 \n * Google Chrome 35.0.1916.112 \n * Google Chrome 35.0.1916.114 \n * Google Chrome 35.0.1916.13 \n * Google Chrome 35.0.1916.15 \n * Google Chrome 35.0.1916.153 \n * Google Chrome 35.0.1916.18 \n * Google Chrome 35.0.1916.2 \n * Google Chrome 35.0.1916.21 \n * Google Chrome 35.0.1916.23 \n * Google Chrome 35.0.1916.3 \n * Google Chrome 35.0.1916.32 \n * Google Chrome 35.0.1916.34 \n * Google Chrome 35.0.1916.36 \n * Google Chrome 35.0.1916.38 \n * Google Chrome 35.0.1916.4 \n * Google Chrome 35.0.1916.41 \n * Google Chrome 35.0.1916.43 \n * Google Chrome 35.0.1916.45 \n * Google Chrome 35.0.1916.47 \n * Google Chrome 35.0.1916.49 \n * Google Chrome 35.0.1916.51 \n * Google Chrome 35.0.1916.54 \n * Google Chrome 35.0.1916.57 \n * Google Chrome 35.0.1916.6 \n * Google Chrome 35.0.1916.68 \n * Google Chrome 35.0.1916.7 \n * Google Chrome 35.0.1916.72 \n * Google Chrome 35.0.1916.77 \n * Google Chrome 35.0.1916.80 \n * Google Chrome 35.0.1916.84 \n * Google Chrome 35.0.1916.86 \n * Google Chrome 35.0.1916.9 \n * Google Chrome 35.0.1916.92 \n * Google Chrome 35.0.1916.95 \n * Google Chrome 35.0.1916.98 \n * Google Chrome 36.0.1985.122 \n * Google Chrome 36.0.1985.143 \n * Google Chrome 37.0.2062.0 \n * Google Chrome 37.0.2062.10 \n * Google Chrome 37.0.2062.12 \n * Google Chrome 37.0.2062.120 \n * Google Chrome 37.0.2062.124 \n * Google Chrome 37.0.2062.14 \n * Google Chrome 37.0.2062.16 \n * Google Chrome 37.0.2062.18 \n * Google Chrome 37.0.2062.2 \n * Google Chrome 37.0.2062.21 \n * Google Chrome 37.0.2062.23 \n * Google Chrome 37.0.2062.25 \n * Google Chrome 37.0.2062.27 \n * Google Chrome 37.0.2062.29 \n * Google Chrome 37.0.2062.30 \n * Google Chrome 37.0.2062.32 \n * Google Chrome 37.0.2062.34 \n * Google Chrome 37.0.2062.36 \n * Google Chrome 37.0.2062.39 \n * Google Chrome 37.0.2062.43 \n * Google Chrome 37.0.2062.45 \n * Google Chrome 37.0.2062.47 \n * Google Chrome 37.0.2062.49 \n * Google Chrome 37.0.2062.50 \n * Google Chrome 37.0.2062.52 \n * Google Chrome 37.0.2062.54 \n * Google Chrome 37.0.2062.56 \n * Google Chrome 37.0.2062.58 \n * Google Chrome 37.0.2062.6 \n * Google Chrome 37.0.2062.61 \n * Google Chrome 37.0.2062.63 \n * Google Chrome 37.0.2062.65 \n * Google Chrome 37.0.2062.67 \n * Google Chrome 37.0.2062.69 \n * Google Chrome 37.0.2062.70 \n * Google Chrome 37.0.2062.72 \n * Google Chrome 37.0.2062.74 \n * Google Chrome 37.0.2062.76 \n * Google Chrome 37.0.2062.78 \n * Google Chrome 37.0.2062.80 \n * Google Chrome 37.0.2062.89 \n * Google Chrome 37.0.2062.90 \n * Google Chrome 37.0.2062.92 \n * Google Chrome 37.0.2062.94 \n * Google Chrome 37.0.2062.95 \n * Google Chrome 37.0.2062.97 \n * Google Chrome 38.0.2125.101 \n * Google Chrome 38.0.2125.101 ~~~Android~~ \n * Google Chrome 38.0.2125.122 \n * Google Chrome 39.0.2171.63 \n * Google Chrome 39.0.2171.65 \n * Google Chrome 4 \n * Google Chrome 4.0.211.0 \n * Google Chrome 4.0.212.0 \n * Google Chrome 4.0.212.1 \n * Google Chrome 4.0.221.8 \n * Google Chrome 4.0.222.0 \n * Google Chrome 4.0.222.1 \n * Google Chrome 4.0.222.12 \n * Google Chrome 4.0.222.5 \n * Google Chrome 4.0.223.0 \n * Google Chrome 4.0.223.1 \n * Google Chrome 4.0.223.2 \n * Google Chrome 4.0.223.4 \n * Google Chrome 4.0.223.5 \n * Google Chrome 4.0.223.7 \n * Google Chrome 4.0.223.8 \n * Google Chrome 4.0.224.0 \n * Google Chrome 4.0.229.1 \n * Google Chrome 4.0.235.0 \n * Google Chrome 4.0.236.0 \n * Google Chrome 4.0.237.0 \n * Google Chrome 4.0.237.1 \n * Google Chrome 4.0.239.0 \n * Google Chrome 4.0.240.0 \n * Google Chrome 4.0.241.0 \n * Google Chrome 4.0.242.0 \n * Google Chrome 4.0.243.0 \n * Google Chrome 4.0.244.0 \n * Google Chrome 4.0.245.0 \n * Google Chrome 4.0.246.0 \n * Google Chrome 4.0.247.0 \n * Google Chrome 4.0.248.0 \n * Google Chrome 4.0.249.0 \n * Google Chrome 4.0.249.1 \n * Google Chrome 4.0.249.10 \n * Google Chrome 4.0.249.11 \n * Google Chrome 4.0.249.12 \n * Google Chrome 4.0.249.14 \n * Google Chrome 4.0.249.16 \n * Google Chrome 4.0.249.17 \n * Google Chrome 4.0.249.18 \n * Google Chrome 4.0.249.19 \n * Google Chrome 4.0.249.2 \n * Google Chrome 4.0.249.20 \n * Google Chrome 4.0.249.21 \n * Google Chrome 4.0.249.22 \n * Google Chrome 4.0.249.23 \n * Google Chrome 4.0.249.24 \n * Google Chrome 4.0.249.25 \n * Google Chrome 4.0.249.26 \n * Google Chrome 4.0.249.27 \n * Google Chrome 4.0.249.28 \n * Google Chrome 4.0.249.29 \n * Google Chrome 4.0.249.3 \n * Google Chrome 4.0.249.30 \n * Google Chrome 4.0.249.31 \n * Google Chrome 4.0.249.32 \n * Google Chrome 4.0.249.33 \n * Google Chrome 4.0.249.34 \n * Google Chrome 4.0.249.35 \n * Google Chrome 4.0.249.36 \n * Google Chrome 4.0.249.37 \n * Google Chrome 4.0.249.38 \n * Google Chrome 4.0.249.39 \n * Google Chrome 4.0.249.4 \n * Google Chrome 4.0.249.40 \n * Google Chrome 4.0.249.41 \n * Google Chrome 4.0.249.42 \n * Google Chrome 4.0.249.43 \n * Google Chrome 4.0.249.44 \n * Google Chrome 4.0.249.45 \n * Google Chrome 4.0.249.46 \n * Google Chrome 4.0.249.47 \n * Google Chrome 4.0.249.48 \n * Google Chrome 4.0.249.49 \n * Google Chrome 4.0.249.5 \n * Google Chrome 4.0.249.50 \n * Google Chrome 4.0.249.51 \n * Google Chrome 4.0.249.52 \n * Google Chrome 4.0.249.53 \n * Google Chrome 4.0.249.54 \n * Google Chrome 4.0.249.55 \n * Google Chrome 4.0.249.56 \n * Google Chrome 4.0.249.57 \n * Google Chrome 4.0.249.58 \n * Google Chrome 4.0.249.59 \n * Google Chrome 4.0.249.6 \n * Google Chrome 4.0.249.60 \n * Google Chrome 4.0.249.61 \n * Google Chrome 4.0.249.62 \n * Google Chrome 4.0.249.63 \n * Google Chrome 4.0.249.64 \n * Google Chrome 4.0.249.65 \n * Google Chrome 4.0.249.66 \n * Google Chrome 4.0.249.67 \n * Google Chrome 4.0.249.68 \n * Google Chrome 4.0.249.69 \n * Google Chrome 4.0.249.7 \n * Google Chrome 4.0.249.70 \n * Google Chrome 4.0.249.71 \n * Google Chrome 4.0.249.72 \n * Google Chrome 4.0.249.73 \n * Google Chrome 4.0.249.74 \n * Google Chrome 4.0.249.75 \n * Google Chrome 4.0.249.76 \n * Google Chrome 4.0.249.77 \n * Google Chrome 4.0.249.78 \n * Google Chrome 4.0.249.78 Beta \n * Google Chrome 4.0.249.79 \n * Google Chrome 4.0.249.8 \n * Google Chrome 4.0.249.80 \n * Google Chrome 4.0.249.81 \n * Google Chrome 4.0.249.82 \n * Google Chrome 4.0.249.89 \n * Google Chrome 4.0.249.9 \n * Google Chrome 4.0.250.0 \n * Google Chrome 4.0.250.2 \n * Google Chrome 4.0.251.0 \n * Google Chrome 4.0.252.0 \n * Google Chrome 4.0.254.0 \n * Google Chrome 4.0.255.0 \n * Google Chrome 4.0.256.0 \n * Google Chrome 4.0.257.0 \n * Google Chrome 4.0.258.0 \n * Google Chrome 4.0.259.0 \n * Google Chrome 4.0.260.0 \n * Google Chrome 4.0.261.0 \n * Google Chrome 4.0.262.0 \n * Google Chrome 4.0.263.0 \n * Google Chrome 4.0.264.0 \n * Google Chrome 4.0.265.0 \n * Google Chrome 4.0.266.0 \n * Google Chrome 4.0.267.0 \n * Google Chrome 4.0.268.0 \n * Google Chrome 4.0.269.0 \n * Google Chrome 4.0.271.0 \n * Google Chrome 4.0.272.0 \n * Google Chrome 4.0.275.0 \n * Google Chrome 4.0.275.1 \n * Google Chrome 4.0.276.0 \n * Google Chrome 4.0.277.0 \n * Google Chrome 4.0.278.0 \n * Google Chrome 4.0.286.0 \n * Google Chrome 4.0.287.0 \n * Google Chrome 4.0.288.0 \n * Google Chrome 4.0.288.1 \n * Google Chrome 4.0.289.0 \n * Google Chrome 4.0.290.0 \n * Google Chrome 4.0.292.0 \n * Google Chrome 4.0.294.0 \n * Google Chrome 4.0.295.0 \n * Google Chrome 4.0.296.0 \n * Google Chrome 4.0.299.0 \n * Google Chrome 4.0.300.0 \n * Google Chrome 4.0.301.0 \n * Google Chrome 4.0.302.0 \n * Google Chrome 4.0.302.1 \n * Google Chrome 4.0.302.2 \n * Google Chrome 4.0.302.3 \n * Google Chrome 4.0.303.0 \n * Google Chrome 4.0.304.0 \n * Google Chrome 4.0.305.0 \n * Google Chrome 4.1 Beta \n * Google Chrome 4.1.249.0 \n * Google Chrome 4.1.249.1001 \n * Google Chrome 4.1.249.1004 \n * Google Chrome 4.1.249.1006 \n * Google Chrome 4.1.249.1007 \n * Google Chrome 4.1.249.1008 \n * Google Chrome 4.1.249.1009 \n * Google Chrome 4.1.249.1010 \n * Google Chrome 4.1.249.1011 \n * Google Chrome 4.1.249.1012 \n * Google Chrome 4.1.249.1013 \n * Google Chrome 4.1.249.1014 \n * Google Chrome 4.1.249.1015 \n * Google Chrome 4.1.249.1016 \n * Google Chrome 4.1.249.1017 \n * Google Chrome 4.1.249.1018 \n * Google Chrome 4.1.249.1019 \n * Google Chrome 4.1.249.1020 \n * Google Chrome 4.1.249.1021 \n * Google Chrome 4.1.249.1022 \n * Google Chrome 4.1.249.1023 \n * Google Chrome 4.1.249.1024 \n * Google Chrome 4.1.249.1025 \n * Google Chrome 4.1.249.1026 \n * Google Chrome 4.1.249.1027 \n * Google Chrome 4.1.249.1028 \n * Google Chrome 4.1.249.1029 \n * Google Chrome 4.1.249.1030 \n * Google Chrome 4.1.249.1031 \n * Google Chrome 4.1.249.1032 \n * Google Chrome 4.1.249.1033 \n * Google Chrome 4.1.249.1034 \n * Google Chrome 4.1.249.1035 \n * Google Chrome 4.1.249.1036 \n * Google Chrome 4.1.249.1037 \n * Google Chrome 4.1.249.1038 \n * Google Chrome 4.1.249.1039 \n * Google Chrome 4.1.249.1040 \n * Google Chrome 4.1.249.1041 \n * Google Chrome 4.1.249.1042 \n * Google Chrome 4.1.249.1043 \n * Google Chrome 4.1.249.1044 \n * Google Chrome 4.1.249.1045 \n * Google Chrome 4.1.249.1046 \n * Google Chrome 4.1.249.1047 \n * Google Chrome 4.1.249.1048 \n * Google Chrome 4.1.249.1049 \n * Google Chrome 4.1.249.1050 \n * Google Chrome 4.1.249.1051 \n * Google Chrome 4.1.249.1052 \n * Google Chrome 4.1.249.1053 \n * Google Chrome 4.1.249.1054 \n * Google Chrome 4.1.249.1055 \n * Google Chrome 4.1.249.1056 \n * Google Chrome 4.1.249.1057 \n * Google Chrome 4.1.249.1058 \n * Google Chrome 4.1.249.1059 \n * Google Chrome 4.1.249.1060 \n * Google Chrome 4.1.249.1061 \n * Google Chrome 4.1.249.1062 \n * Google Chrome 4.1.249.1063 \n * Google Chrome 4.1.249.1064 \n * Google Chrome 40.0.2214.111 \n * Google Chrome 40.0.2214.115 \n * Google Chrome 40.0.2214.85 \n * Google Chrome 40.0.2214.89 ~~~Android~~ \n * Google Chrome 40.0.2214.91 \n * Google Chrome 41.0.2272 \n * Google Chrome 41.0.2272.118 \n * Google Chrome 41.0.2272.76 \n * Google Chrome 42.0.2311 \n * Google Chrome 42.0.2311.135 \n * Google Chrome 42.0.2311.90 \n * Google Chrome 43.0.2357 \n * Google Chrome 43.0.2357.130 \n * Google Chrome 43.0.2357.65 \n * Google Chrome 44.0.2403 \n * Google Chrome 44.0.2403.157 \n * Google Chrome 44.0.2403.89 \n * Google Chrome 45.0.2454 \n * Google Chrome 45.0.2454.101 \n * Google Chrome 45.0.2454.85 \n * Google Chrome 46.0.2490 \n * Google Chrome 46.0.2490.71 \n * Google Chrome 46.0.2490.76 \n * Google Chrome 46.0.2490.86 \n * Google Chrome 47.0 \n * Google Chrome 47.0.2526.106 \n * Google Chrome 47.0.2526.73 \n * Google Chrome 47.0.2526.80 \n * Google Chrome 48.0.2564.109 \n * Google Chrome 48.0.2564.116 \n * Google Chrome 48.0.2564.82 \n * Google Chrome 49.0.2566.0 \n * Google Chrome 49.0.2623.108 \n * Google Chrome 49.0.2623.75 \n * Google Chrome 49.0.2623.87 \n * Google Chrome 5.0.306.0 \n * Google Chrome 5.0.306.1 \n * Google Chrome 5.0.307.1 \n * Google Chrome 5.0.307.10 \n * Google Chrome 5.0.307.11 \n * Google Chrome 5.0.307.3 \n * Google Chrome 5.0.307.4 \n * Google Chrome 5.0.307.5 \n * Google Chrome 5.0.307.6 \n * Google Chrome 5.0.307.7 \n * Google Chrome 5.0.307.8 \n * Google Chrome 5.0.307.9 \n * Google Chrome 5.0.308.0 \n * Google Chrome 5.0.309.0 \n * Google Chrome 5.0.313.0 \n * Google Chrome 5.0.314.0 \n * Google Chrome 5.0.314.1 \n * Google Chrome 5.0.315.0 \n * Google Chrome 5.0.316.0 \n * Google Chrome 5.0.317.0 \n * Google Chrome 5.0.317.1 \n * Google Chrome 5.0.317.2 \n * Google Chrome 5.0.318.0 \n * Google Chrome 5.0.319.0 \n * Google Chrome 5.0.320.0 \n * Google Chrome 5.0.321.0 \n * Google Chrome 5.0.322.0 \n * Google Chrome 5.0.322.1 \n * Google Chrome 5.0.322.2 \n * Google Chrome 5.0.323.0 \n * Google Chrome 5.0.324.0 \n * Google Chrome 5.0.325.0 \n * Google Chrome 5.0.326.0 \n * Google Chrome 5.0.327.0 \n * Google Chrome 5.0.328.0 \n * Google Chrome 5.0.329.0 \n * Google Chrome 5.0.330.0 \n * Google Chrome 5.0.332.0 \n * Google Chrome 5.0.333.0 \n * Google Chrome 5.0.334.0 \n * Google Chrome 5.0.335.0 \n * Google Chrome 5.0.335.1 \n * Google Chrome 5.0.335.2 \n * Google Chrome 5.0.335.3 \n * Google Chrome 5.0.335.4 \n * Google Chrome 5.0.336.0 \n * Google Chrome 5.0.337.0 \n * Google Chrome 5.0.338.0 \n * Google Chrome 5.0.339.0 \n * Google Chrome 5.0.340.0 \n * Google Chrome 5.0.341.0 \n * Google Chrome 5.0.342.0 \n * Google Chrome 5.0.342.1 \n * Google Chrome 5.0.342.2 \n * Google Chrome 5.0.342.3 \n * Google Chrome 5.0.342.4 \n * Google Chrome 5.0.342.5 \n * Google Chrome 5.0.342.6 \n * Google Chrome 5.0.342.7 \n * Google Chrome 5.0.342.7 Beta Mac \n * Google Chrome 5.0.342.8 \n * Google Chrome 5.0.342.9 \n * Google Chrome 5.0.343.0 \n * Google Chrome 5.0.344.0 \n * Google Chrome 5.0.345.0 \n * Google Chrome 5.0.346.0 \n * Google Chrome 5.0.347.0 \n * Google Chrome 5.0.348.0 \n * Google Chrome 5.0.349.0 \n * Google Chrome 5.0.350.0 \n * Google Chrome 5.0.350.1 \n * Google Chrome 5.0.351.0 \n * Google Chrome 5.0.353.0 \n * Google Chrome 5.0.354.0 \n * Google Chrome 5.0.354.1 \n * Google Chrome 5.0.355.0 \n * Google Chrome 5.0.356.0 \n * Google Chrome 5.0.356.1 \n * Google Chrome 5.0.356.2 \n * Google Chrome 5.0.357.0 \n * Google Chrome 5.0.358.0 \n * Google Chrome 5.0.359.0 \n * Google Chrome 5.0.360.0 \n * Google Chrome 5.0.360.3 \n * Google Chrome 5.0.360.4 \n * Google Chrome 5.0.360.5 \n * Google Chrome 5.0.361.0 \n * Google Chrome 5.0.362.0 \n * Google Chrome 5.0.363.0 \n * Google Chrome 5.0.364.0 \n * Google Chrome 5.0.365.0 \n * Google Chrome 5.0.366.0 \n * Google Chrome 5.0.366.1 \n * Google Chrome 5.0.366.2 \n * Google Chrome 5.0.366.3 \n * Google Chrome 5.0.366.4 \n * Google Chrome 5.0.367.0 \n * Google Chrome 5.0.368.0 \n * Google Chrome 5.0.369.0 \n * Google Chrome 5.0.369.1 \n * Google Chrome 5.0.369.2 \n * Google Chrome 5.0.370.0 \n * Google Chrome 5.0.371.0 \n * Google Chrome 5.0.372.0 \n * Google Chrome 5.0.373.0 \n * Google Chrome 5.0.374.0 \n * Google Chrome 5.0.375.0 \n * Google Chrome 5.0.375.1 \n * Google Chrome 5.0.375.10 \n * Google Chrome 5.0.375.11 \n * Google Chrome 5.0.375.12 \n * Google Chrome 5.0.375.125 \n * Google Chrome 5.0.375.126 \n * Google Chrome 5.0.375.127 \n * Google Chrome 5.0.375.13 \n * Google Chrome 5.0.375.14 \n * Google Chrome 5.0.375.15 \n * Google Chrome 5.0.375.16 \n * Google Chrome 5.0.375.17 \n * Google Chrome 5.0.375.18 \n * Google Chrome 5.0.375.19 \n * Google Chrome 5.0.375.2 \n * Google Chrome 5.0.375.20 \n * Google Chrome 5.0.375.21 \n * Google Chrome 5.0.375.22 \n * Google Chrome 5.0.375.23 \n * Google Chrome 5.0.375.25 \n * Google Chrome 5.0.375.26 \n * Google Chrome 5.0.375.27 \n * Google Chrome 5.0.375.28 \n * Google Chrome 5.0.375.29 \n * Google Chrome 5.0.375.3 \n * Google Chrome 5.0.375.30 \n * Google Chrome 5.0.375.31 \n * Google Chrome 5.0.375.32 \n * Google Chrome 5.0.375.33 \n * Google Chrome 5.0.375.34 \n * Google Chrome 5.0.375.35 \n * Google Chrome 5.0.375.36 \n * Google Chrome 5.0.375.37 \n * Google Chrome 5.0.375.38 \n * Google Chrome 5.0.375.39 \n * Google Chrome 5.0.375.4 \n * Google Chrome 5.0.375.40 \n * Google Chrome 5.0.375.41 \n * Google Chrome 5.0.375.42 \n * Google Chrome 5.0.375.43 \n * Google Chrome 5.0.375.44 \n * Google Chrome 5.0.375.45 \n * Google Chrome 5.0.375.46 \n * Google Chrome 5.0.375.47 \n * Google Chrome 5.0.375.48 \n * Google Chrome 5.0.375.49 \n * Google Chrome 5.0.375.5 \n * Google Chrome 5.0.375.50 \n * Google Chrome 5.0.375.51 \n * Google Chrome 5.0.375.52 \n * Google Chrome 5.0.375.53 \n * Google Chrome 5.0.375.54 \n * Google Chrome 5.0.375.55 \n * Google Chrome 5.0.375.56 \n * Google Chrome 5.0.375.57 \n * Google Chrome 5.0.375.58 \n * Google Chrome 5.0.375.59 \n * Google Chrome 5.0.375.6 \n * Google Chrome 5.0.375.60 \n * Google Chrome 5.0.375.61 \n * Google Chrome 5.0.375.62 \n * Google Chrome 5.0.375.63 \n * Google Chrome 5.0.375.64 \n * Google Chrome 5.0.375.65 \n * Google Chrome 5.0.375.66 \n * Google Chrome 5.0.375.67 \n * Google Chrome 5.0.375.68 \n * Google Chrome 5.0.375.69 \n * Google Chrome 5.0.375.7 \n * Google Chrome 5.0.375.70 \n * Google Chrome 5.0.375.71 \n * Google Chrome 5.0.375.72 \n * Google Chrome 5.0.375.73 \n * Google Chrome 5.0.375.74 \n * Google Chrome 5.0.375.75 \n * Google Chrome 5.0.375.76 \n * Google Chrome 5.0.375.77 \n * Google Chrome 5.0.375.78 \n * Google Chrome 5.0.375.79 \n * Google Chrome 5.0.375.8 \n * Google Chrome 5.0.375.80 \n * Google Chrome 5.0.375.81 \n * Google Chrome 5.0.375.82 \n * Google Chrome 5.0.375.83 \n * Google Chrome 5.0.375.84 \n * Google Chrome 5.0.375.85 \n * Google Chrome 5.0.375.86 \n * Google Chrome 5.0.375.87 \n * Google Chrome 5.0.375.88 \n * Google Chrome 5.0.375.89 \n * Google Chrome 5.0.375.9 \n * Google Chrome 5.0.375.90 \n * Google Chrome 5.0.375.91 \n * Google Chrome 5.0.375.92 \n * Google Chrome 5.0.375.93 \n * Google Chrome 5.0.375.94 \n * Google Chrome 5.0.375.95 \n * Google Chrome 5.0.375.96 \n * Google Chrome 5.0.375.97 \n * Google Chrome 5.0.375.98 \n * Google Chrome 5.0.375.99 \n * Google Chrome 5.0.376.0 \n * Google Chrome 5.0.378.0 \n * Google Chrome 5.0.379.0 \n * Google Chrome 5.0.380.0 \n * Google Chrome 5.0.381.0 \n * Google Chrome 5.0.382.0 \n * Google Chrome 5.0.382.3 \n * Google Chrome 5.0.383.0 \n * Google Chrome 5.0.384.0 \n * Google Chrome 5.0.385.0 \n * Google Chrome 5.0.386.0 \n * Google Chrome 5.0.387.0 \n * Google Chrome 5.0.390.0 \n * Google Chrome 5.0.391.0 \n * Google Chrome 5.0.392.0 \n * Google Chrome 5.0.393.0 \n * Google Chrome 5.0.394.0 \n * Google Chrome 5.0.395.0 \n * Google Chrome 5.0.396.0 \n * Google Chrome 50.0.2661.102 \n * Google Chrome 50.0.2661.75 \n * Google Chrome 50.0.2661.94 \n * Google Chrome 51.0.2704.103 \n * Google Chrome 51.0.2704.63 \n * Google Chrome 51.0.2704.79 \n * Google Chrome 52.0.2743.116 \n * Google Chrome 52.0.2743.82 \n * Google Chrome 53.0.2785.113 \n * Google Chrome 53.0.2785.143 \n * Google Chrome 53.0.2785.89 \n * Google Chrome 54.0.2840.59 \n * Google Chrome 54.0.2840.85 \n * Google Chrome 54.0.2840.87 \n * Google Chrome 54.0.2840.90 \n * Google Chrome 54.0.2840.98 \n * Google Chrome 54.0.2840.99 \n * Google Chrome 55.0.2883.75 \n * Google Chrome 56.0.2924.76 \n * Google Chrome 57.0.2987.133 \n * Google Chrome 57.0.2987.98 \n * Google Chrome 58.0.3029.81 \n * Google Chrome 58.0.3029.96 \n * Google Chrome 59.0.3071.104 \n * Google Chrome 59.0.3071.115 \n * Google Chrome 59.0.3071.86 \n * Google Chrome 6.0.397.0 \n * Google Chrome 6.0.398.0 \n * Google Chrome 6.0.399.0 \n * Google Chrome 6.0.400.0 \n * Google Chrome 6.0.401.0 \n * Google Chrome 6.0.401.1 \n * Google Chrome 6.0.403.0 \n * Google Chrome 6.0.404.0 \n * Google Chrome 6.0.404.1 \n * Google Chrome 6.0.404.2 \n * Google Chrome 6.0.405.0 \n * Google Chrome 6.0.406.0 \n * Google Chrome 6.0.407.0 \n * Google Chrome 6.0.408.0 \n * Google Chrome 6.0.408.1 \n * Google Chrome 6.0.408.10 \n * Google Chrome 6.0.408.2 \n * Google Chrome 6.0.408.3 \n * Google Chrome 6.0.408.4 \n * Google Chrome 6.0.408.5 \n * Google Chrome 6.0.408.6 \n * Google Chrome 6.0.408.7 \n * Google Chrome 6.0.408.8 \n * Google Chrome 6.0.408.9 \n * Google Chrome 6.0.409.0 \n * Google Chrome 6.0.410.0 \n * Google Chrome 6.0.411.0 \n * Google Chrome 6.0.412.0 \n * Google Chrome 6.0.413.0 \n * Google Chrome 6.0.414.0 \n * Google Chrome 6.0.415.0 \n * Google Chrome 6.0.415.1 \n * Google Chrome 6.0.416.0 \n * Google Chrome 6.0.416.1 \n * Google Chrome 6.0.417.0 \n * Google Chrome 6.0.418.0 \n * Google Chrome 6.0.418.1 \n * Google Chrome 6.0.418.2 \n * Google Chrome 6.0.418.3 \n * Google Chrome 6.0.418.4 \n * Google Chrome 6.0.418.5 \n * Google Chrome 6.0.418.6 \n * Google Chrome 6.0.418.7 \n * Google Chrome 6.0.418.8 \n * Google Chrome 6.0.418.9 \n * Google Chrome 6.0.419.0 \n * Google Chrome 6.0.421.0 \n * Google Chrome 6.0.422.0 \n * Google Chrome 6.0.423.0 \n * Google Chrome 6.0.424.0 \n * Google Chrome 6.0.425.0 \n * Google Chrome 6.0.426.0 \n * Google Chrome 6.0.427.0 \n * Google Chrome 6.0.428.0 \n * Google Chrome 6.0.430.0 \n * Google Chrome 6.0.431.0 \n * Google Chrome 6.0.432.0 \n * Google Chrome 6.0.433.0 \n * Google Chrome 6.0.434.0 \n * Google Chrome 6.0.435.0 \n * Google Chrome 6.0.436.0 \n * Google Chrome 6.0.437.0 \n * Google Chrome 6.0.437.1 \n * Google Chrome 6.0.437.2 \n * Google Chrome 6.0.437.3 \n * Google Chrome 6.0.438.0 \n * Google Chrome 6.0.440.0 \n * Google Chrome 6.0.441.0 \n * Google Chrome 6.0.443.0 \n * Google Chrome 6.0.444.0 \n * Google Chrome 6.0.445.0 \n * Google Chrome 6.0.445.1 \n * Google Chrome 6.0.446.0 \n * Google Chrome 6.0.447.0 \n * Google Chrome 6.0.447.1 \n * Google Chrome 6.0.447.2 \n * Google Chrome 6.0.449.0 \n * Google Chrome 6.0.450.0 \n * Google Chrome 6.0.450.1 \n * Google Chrome 6.0.450.2 \n * Google Chrome 6.0.450.3 \n * Google Chrome 6.0.450.4 \n * Google Chrome 6.0.451.0 \n * Google Chrome 6.0.452.0 \n * Google Chrome 6.0.452.1 \n * Google Chrome 6.0.453.0 \n * Google Chrome 6.0.453.1 \n * Google Chrome 6.0.454.0 \n * Google Chrome 6.0.455.0 \n * Google Chrome 6.0.456.0 \n * Google Chrome 6.0.457.0 \n * Google Chrome 6.0.458.0 \n * Google Chrome 6.0.458.1 \n * Google Chrome 6.0.458.2 \n * Google Chrome 6.0.459.0 \n * Google Chrome 6.0.460.0 \n * Google Chrome 6.0.461.0 \n * Google Chrome 6.0.462.0 \n * Google Chrome 6.0.464.1 \n * Google Chrome 6.0.465.1 \n * Google Chrome 6.0.465.2 \n * Google Chrome 6.0.466.0 \n * Google Chrome 6.0.466.1 \n * Google Chrome 6.0.466.2 \n * Google Chrome 6.0.466.3 \n * Google Chrome 6.0.466.4 \n * Google Chrome 6.0.466.5 \n * Google Chrome 6.0.466.6 \n * Google Chrome 6.0.467.0 \n * Google Chrome 6.0.469.0 \n * Google Chrome 6.0.470.0 \n * Google Chrome 6.0.471.0 \n * Google Chrome 6.0.472.0 \n * Google Chrome 6.0.472.1 \n * Google Chrome 6.0.472.10 \n * Google Chrome 6.0.472.11 \n * Google Chrome 6.0.472.12 \n * Google Chrome 6.0.472.13 \n * Google Chrome 6.0.472.14 \n * Google Chrome 6.0.472.15 \n * Google Chrome 6.0.472.16 \n * Google Chrome 6.0.472.17 \n * Google Chrome 6.0.472.18 \n * Google Chrome 6.0.472.19 \n * Google Chrome 6.0.472.2 \n * Google Chrome 6.0.472.20 \n * Google Chrome 6.0.472.21 \n * Google Chrome 6.0.472.22 \n * Google Chrome 6.0.472.23 \n * Google Chrome 6.0.472.24 \n * Google Chrome 6.0.472.25 \n * Google Chrome 6.0.472.26 \n * Google Chrome 6.0.472.27 \n * Google Chrome 6.0.472.28 \n * Google Chrome 6.0.472.29 \n * Google Chrome 6.0.472.3 \n * Google Chrome 6.0.472.30 \n * Google Chrome 6.0.472.31 \n * Google Chrome 6.0.472.32 \n * Google Chrome 6.0.472.33 \n * Google Chrome 6.0.472.34 \n * Google Chrome 6.0.472.35 \n * Google Chrome 6.0.472.36 \n * Google Chrome 6.0.472.37 \n * Google Chrome 6.0.472.38 \n * Google Chrome 6.0.472.39 \n * Google Chrome 6.0.472.4 \n * Google Chrome 6.0.472.40 \n * Google Chrome 6.0.472.41 \n * Google Chrome 6.0.472.42 \n * Google Chrome 6.0.472.43 \n * Google Chrome 6.0.472.44 \n * Google Chrome 6.0.472.45 \n * Google Chrome 6.0.472.46 \n * Google Chrome 6.0.472.47 \n * Google Chrome 6.0.472.48 \n * Google Chrome 6.0.472.49 \n * Google Chrome 6.0.472.5 \n * Google Chrome 6.0.472.50 \n * Google Chrome 6.0.472.51 \n * Google Chrome 6.0.472.52 \n * Google Chrome 6.0.472.53 \n * Google Chrome 6.0.472.54 \n * Google Chrome 6.0.472.55 \n * Google Chrome 6.0.472.56 \n * Google Chrome 6.0.472.57 \n * Google Chrome 6.0.472.58 \n * Google Chrome 6.0.472.59 \n * Google Chrome 6.0.472.6 \n * Google Chrome 6.0.472.60 \n * Google Chrome 6.0.472.61 \n * Google Chrome 6.0.472.62 \n * Google Chrome 6.0.472.63 \n * Google Chrome 6.0.472.7 \n * Google Chrome 6.0.472.8 \n * Google Chrome 6.0.472.9 \n * Google Chrome 6.0.473.0 \n * Google Chrome 6.0.474.0 \n * Google Chrome 6.0.475.0 \n * Google Chrome 6.0.476.0 \n * Google Chrome 6.0.477.0 \n * Google Chrome 6.0.478.0 \n * Google Chrome 6.0.479.0 \n * Google Chrome 6.0.480.0 \n * Google Chrome 6.0.481.0 \n * Google Chrome 6.0.482.0 \n * Google Chrome 6.0.483.0 \n * Google Chrome 6.0.484.0 \n * Google Chrome 6.0.485.0 \n * Google Chrome 6.0.486.0 \n * Google Chrome 6.0.487.0 \n * Google Chrome 6.0.488.0 \n * Google Chrome 6.0.489.0 \n * Google Chrome 6.0.490.0 \n * Google Chrome 6.0.490.1 \n * Google Chrome 6.0.491.0 \n * Google Chrome 6.0.492.0 \n * Google Chrome 6.0.493.0 \n * Google Chrome 6.0.494.0 \n * Google Chrome 6.0.495.0 \n * Google Chrome 6.0.495.1 \n * Google Chrome 6.0.496.0 \n * Google Chrome 60.0.3080.5 \n * Google Chrome 60.0.3112.78 \n * Google Chrome 60.0.3112.80 \n * Google Chrome 61.0.3163.100 \n * Google Chrome 61.0.3163.79 \n * Google Chrome 62.0.3202.62 \n * Google Chrome 62.0.3202.75 \n * Google Chrome 62.0.3202.89 \n * Google Chrome 64 \n * Google Chrome 65 \n * Google Chrome 65.72 \n * Google Chrome 7.0.497.0 \n * Google Chrome 7.0.498.0 \n * Google Chrome 7.0.499.0 \n * Google Chrome 7.0.499.1 \n * Google Chrome 7.0.500.0 \n * Google Chrome 7.0.500.1 \n * Google Chrome 7.0.503.0 \n * Google Chrome 7.0.503.1 \n * Google Chrome 7.0.504.0 \n * Google Chrome 7.0.505.0 \n * Google Chrome 7.0.506.0 \n * Google Chrome 7.0.507.0 \n * Google Chrome 7.0.507.1 \n * Google Chrome 7.0.507.2 \n * Google Chrome 7.0.507.3 \n * Google Chrome 7.0.509.0 \n * Google Chrome 7.0.510.0 \n * Google Chrome 7.0.511.1 \n * Google Chrome 7.0.511.2 \n * Google Chrome 7.0.511.4 \n * Google Chrome 7.0.512.0 \n * Google Chrome 7.0.513.0 \n * Google Chrome 7.0.514.0 \n * Google Chrome 7.0.514.1 \n * Google Chrome 7.0.515.0 \n * Google Chrome 7.0.516.0 \n * Google Chrome 7.0.517.0 \n * Google Chrome 7.0.517.10 \n * Google Chrome 7.0.517.11 \n * Google Chrome 7.0.517.12 \n * Google Chrome 7.0.517.13 \n * Google Chrome 7.0.517.14 \n * Google Chrome 7.0.517.16 \n * Google Chrome 7.0.517.17 \n * Google Chrome 7.0.517.18 \n * Google Chrome 7.0.517.19 \n * Google Chrome 7.0.517.2 \n * Google Chrome 7.0.517.20 \n * Google Chrome 7.0.517.21 \n * Google Chrome 7.0.517.22 \n * Google Chrome 7.0.517.23 \n * Google Chrome 7.0.517.24 \n * Google Chrome 7.0.517.25 \n * Google Chrome 7.0.517.26 \n * Google Chrome 7.0.517.27 \n * Google Chrome 7.0.517.28 \n * Google Chrome 7.0.517.29 \n * Google Chrome 7.0.517.30 \n * Google Chrome 7.0.517.31 \n * Google Chrome 7.0.517.32 \n * Google Chrome 7.0.517.33 \n * Google Chrome 7.0.517.34 \n * Google Chrome 7.0.517.35 \n * Google Chrome 7.0.517.36 \n * Google Chrome 7.0.517.37 \n * Google Chrome 7.0.517.38 \n * Google Chrome 7.0.517.39 \n * Google Chrome 7.0.517.4 \n * Google Chrome 7.0.517.40 \n * Google Chrome 7.0.517.41 \n * Google Chrome 7.0.517.42 \n * Google Chrome 7.0.517.43 \n * Google Chrome 7.0.517.44 \n * Google Chrome 7.0.517.5 \n * Google Chrome 7.0.517.6 \n * Google Chrome 7.0.517.7 \n * Google Chrome 7.0.517.8 \n * Google Chrome 7.0.517.9 \n * Google Chrome 7.0.518.0 \n * Google Chrome 7.0.519.0 \n * Google Chrome 7.0.520.0 \n * Google Chrome 7.0.521.0 \n * Google Chrome 7.0.522.0 \n * Google Chrome 7.0.524.0 \n * Google Chrome 7.0.525.0 \n * Google Chrome 7.0.526.0 \n * Google Chrome 7.0.528.0 \n * Google Chrome 7.0.529.0 \n * Google Chrome 7.0.529.1 \n * Google Chrome 7.0.529.2 \n * Google Chrome 7.0.530.0 \n * Google Chrome 7.0.531.0 \n * Google Chrome 7.0.531.1 \n * Google Chrome 7.0.531.2 \n * Google Chrome 7.0.535.1 \n * Google Chrome 7.0.535.2 \n * Google Chrome 7.0.536.0 \n * Google Chrome 7.0.536.1 \n * Google Chrome 7.0.536.2 \n * Google Chrome 7.0.536.3 \n * Google Chrome 7.0.536.4 \n * Google Chrome 7.0.537.0 \n * Google Chrome 7.0.538.0 \n * Google Chrome 7.0.539.0 \n * Google Chrome 7.0.540.0 \n * Google Chrome 7.0.541.0 \n * Google Chrome 7.0.542.0 \n * Google Chrome 7.0.544.0 \n * Google Chrome 7.0.547.0 \n * Google Chrome 7.0.547.1 \n * Google Chrome 7.0.548.0 \n * Google Chrome 8.0.549.0 \n * Google Chrome 8.0.550.0 \n * Google Chrome 8.0.551.0 \n * Google Chrome 8.0.551.1 \n * Google Chrome 8.0.552.0 \n * Google Chrome 8.0.552.1 \n * Google Chrome 8.0.552.10 \n * Google Chrome 8.0.552.100 \n * Google Chrome 8.0.552.101 \n * Google Chrome 8.0.552.102 \n * Google Chrome 8.0.552.103 \n * Google Chrome 8.0.552.104 \n * Google Chrome 8.0.552.105 \n * Google Chrome 8.0.552.11 \n * Google Chrome 8.0.552.12 \n * Google Chrome 8.0.552.13 \n * Google Chrome 8.0.552.14 \n * Google Chrome 8.0.552.15 \n * Google Chrome 8.0.552.16 \n * Google Chrome 8.0.552.17 \n * Google Chrome 8.0.552.18 \n * Google Chrome 8.0.552.19 \n * Google Chrome 8.0.552.2 \n * Google Chrome 8.0.552.20 \n * Google Chrome 8.0.552.200 \n * Google Chrome 8.0.552.201 \n * Google Chrome 8.0.552.202 \n * Google Chrome 8.0.552.203 \n * Google Chrome 8.0.552.204 \n * Google Chrome 8.0.552.205 \n * Google Chrome 8.0.552.206 \n * Google Chrome 8.0.552.207 \n * Google Chrome 8.0.552.208 \n * Google Chrome 8.0.552.209 \n * Google Chrome 8.0.552.21 \n * Google Chrome 8.0.552.210 \n * Google Chrome 8.0.552.211 \n * Google Chrome 8.0.552.212 \n * Google Chrome 8.0.552.213 \n * Google Chrome 8.0.552.214 \n * Google Chrome 8.0.552.215 \n * Google Chrome 8.0.552.216 \n * Google Chrome 8.0.552.217 \n * Google Chrome 8.0.552.218 \n * Google Chrome 8.0.552.219 \n * Google Chrome 8.0.552.220 \n * Google Chrome 8.0.552.221 \n * Google Chrome 8.0.552.222 \n * Google Chrome 8.0.552.223 \n * Google Chrome 8.0.552.224 \n * Google Chrome 8.0.552.225 \n * Google Chrome 8.0.552.226 \n * Google Chrome 8.0.552.227 \n * Google Chrome 8.0.552.228 \n * Google Chrome 8.0.552.229 \n * Google Chrome 8.0.552.23 \n * Google Chrome 8.0.552.230 \n * Google Chrome 8.0.552.231 \n * Google Chrome 8.0.552.232 \n * Google Chrome 8.0.552.233 \n * Google Chrome 8.0.552.234 \n * Google Chrome 8.0.552.235 \n * Google Chrome 8.0.552.237 \n * Google Chrome 8.0.552.24 \n * Google Chrome 8.0.552.25 \n * Google Chrome 8.0.552.26 \n * Google Chrome 8.0.552.27 \n * Google Chrome 8.0.552.28 \n * Google Chrome 8.0.552.29 \n * Google Chrome 8.0.552.300 \n * Google Chrome 8.0.552.301 \n * Google Chrome 8.0.552.302 \n * Google Chrome 8.0.552.303 \n * Google Chrome 8.0.552.304 \n * Google Chrome 8.0.552.305 \n * Google Chrome 8.0.552.306 \n * Google Chrome 8.0.552.307 \n * Google Chrome 8.0.552.308 \n * Google Chrome 8.0.552.309 \n * Google Chrome 8.0.552.310 \n * Google Chrome 8.0.552.311 \n * Google Chrome 8.0.552.312 \n * Google Chrome 8.0.552.313 \n * Google Chrome 8.0.552.315 \n * Google Chrome 8.0.552.316 \n * Google Chrome 8.0.552.317 \n * Google Chrome 8.0.552.318 \n * Google Chrome 8.0.552.319 \n * Google Chrome 8.0.552.320 \n * Google Chrome 8.0.552.321 \n * Google Chrome 8.0.552.322 \n * Google Chrome 8.0.552.323 \n * Google Chrome 8.0.552.324 \n * Google Chrome 8.0.552.325 \n * Google Chrome 8.0.552.326 \n * Google Chrome 8.0.552.327 \n * Google Chrome 8.0.552.328 \n * Google Chrome 8.0.552.329 \n * Google Chrome 8.0.552.330 \n * Google Chrome 8.0.552.331 \n * Google Chrome 8.0.552.332 \n * Google Chrome 8.0.552.333 \n * Google Chrome 8.0.552.334 \n * Google Chrome 8.0.552.335 \n * Google Chrome 8.0.552.336 \n * Google Chrome 8.0.552.337 \n * Google Chrome 8.0.552.338 \n * Google Chrome 8.0.552.339 \n * Google Chrome 8.0.552.340 \n * Google Chrome 8.0.552.341 \n * Google Chrome 8.0.552.342 \n * Google Chrome 8.0.552.343 \n * Google Chrome 8.0.552.344 \n * Google Chrome 8.0.552.35 \n * Google Chrome 8.0.552.4 \n * Google Chrome 8.0.552.40 \n * Google Chrome 8.0.552.41 \n * Google Chrome 8.0.552.42 \n * Google Chrome 8.0.552.43 \n * Google Chrome 8.0.552.44 \n * Google Chrome 8.0.552.45 \n * Google Chrome 8.0.552.47 \n * Google Chrome 8.0.552.48 \n * Google Chrome 8.0.552.49 \n * Google Chrome 8.0.552.5 \n * Google Chrome 8.0.552.50 \n * Google Chrome 8.0.552.51 \n * Google Chrome 8.0.552.52 \n * Google Chrome 8.0.552.6 \n * Google Chrome 8.0.552.7 \n * Google Chrome 8.0.552.8 \n * Google Chrome 8.0.552.9 \n * Google Chrome 8.0.553.0 \n * Google Chrome 8.0.554.0 \n * Google Chrome 8.0.556.0 \n * Google Chrome 8.0.557.0 \n * Google Chrome 8.0.558.0 \n * Google Chrome 8.0.559.0 \n * Google Chrome 8.0.560.0 \n * Google Chrome 8.0.561.0 \n * Google Chrome 9 \n * Google Chrome 9.0.562.0 \n * Google Chrome 9.0.563.0 \n * Google Chrome 9.0.564.0 \n * Google Chrome 9.0.565.0 \n * Google Chrome 9.0.566.0 \n * Google Chrome 9.0.567.0 \n * Google Chrome 9.0.568.0 \n * Google Chrome 9.0.569.0 \n * Google Chrome 9.0.570.0 \n * Google Chrome 9.0.570.1 \n * Google Chrome 9.0.571.0 \n * Google Chrome 9.0.572.0 \n * Google Chrome 9.0.572.1 \n * Google Chrome 9.0.573.0 \n * Google Chrome 9.0.574.0 \n * Google Chrome 9.0.575.0 \n * Google Chrome 9.0.576.0 \n * Google Chrome 9.0.577.0 \n * Google Chrome 9.0.578.0 \n * Google Chrome 9.0.579.0 \n * Google Chrome 9.0.580.0 \n * Google Chrome 9.0.581.0 \n * Google Chrome 9.0.582.0 \n * Google Chrome 9.0.583.0 \n * Google Chrome 9.0.584.0 \n * Google Chrome 9.0.585.0 \n * Google Chrome 9.0.586.0 \n * Google Chrome 9.0.587.0 \n * Google Chrome 9.0.587.1 \n * Google Chrome 9.0.588.0 \n * Google Chrome 9.0.589.0 \n * Google Chrome 9.0.590.0 \n * Google Chrome 9.0.591.0 \n * Google Chrome 9.0.592.0 \n * Google Chrome 9.0.593.0 \n * Google Chrome 9.0.594.0 \n * Google Chrome 9.0.595.0 \n * Google Chrome 9.0.596.0 \n * Google Chrome 9.0.597.0 \n * Google Chrome 9.0.597.1 \n * Google Chrome 9.0.597.10 \n * Google Chrome 9.0.597.100 \n * Google Chrome 9.0.597.101 \n * Google Chrome 9.0.597.102 \n * Google Chrome 9.0.597.106 \n * Google Chrome 9.0.597.107 \n * Google Chrome 9.0.597.11 \n * Google Chrome 9.0.597.12 \n * Google Chrome 9.0.597.14 \n * Google Chrome 9.0.597.15 \n * Google Chrome 9.0.597.16 \n * Google Chrome 9.0.597.17 \n * Google Chrome 9.0.597.18 \n * Google Chrome 9.0.597.19 \n * Google Chrome 9.0.597.2 \n * Google Chrome 9.0.597.20 \n * Google Chrome 9.0.597.21 \n * Google Chrome 9.0.597.22 \n * Google Chrome 9.0.597.23 \n * Google Chrome 9.0.597.24 \n * Google Chrome 9.0.597.25 \n * Google Chrome 9.0.597.26 \n * Google Chrome 9.0.597.27 \n * Google Chrome 9.0.597.28 \n * Google Chrome 9.0.597.29 \n * Google Chrome 9.0.597.30 \n * Google Chrome 9.0.597.31 \n * Google Chrome 9.0.597.32 \n * Google Chrome 9.0.597.33 \n * Google Chrome 9.0.597.34 \n * Google Chrome 9.0.597.35 \n * Google Chrome 9.0.597.36 \n * Google Chrome 9.0.597.37 \n * Google Chrome 9.0.597.38 \n * Google Chrome 9.0.597.39 \n * Google Chrome 9.0.597.4 \n * Google Chrome 9.0.597.40 \n * Google Chrome 9.0.597.41 \n * Google Chrome 9.0.597.42 \n * Google Chrome 9.0.597.44 \n * Google Chrome 9.0.597.45 \n * Google Chrome 9.0.597.46 \n * Google Chrome 9.0.597.47 \n * Google Chrome 9.0.597.5 \n * Google Chrome 9.0.597.54 \n * Google Chrome 9.0.597.55 \n * Google Chrome 9.0.597.56 \n * Google Chrome 9.0.597.57 \n * Google Chrome 9.0.597.58 \n * Google Chrome 9.0.597.59 \n * Google Chrome 9.0.597.60 \n * Google Chrome 9.0.597.62 \n * Google Chrome 9.0.597.63 \n * Google Chrome 9.0.597.64 \n * Google Chrome 9.0.597.65 \n * Google Chrome 9.0.597.66 \n * Google Chrome 9.0.597.67 \n * Google Chrome 9.0.597.68 \n * Google Chrome 9.0.597.69 \n * Google Chrome 9.0.597.7 \n * Google Chrome 9.0.597.70 \n * Google Chrome 9.0.597.71 \n * Google Chrome 9.0.597.72 \n * Google Chrome 9.0.597.73 \n * Google Chrome 9.0.597.74 \n * Google Chrome 9.0.597.75 \n * Google Chrome 9.0.597.76 \n * Google Chrome 9.0.597.77 \n * Google Chrome 9.0.597.78 \n * Google Chrome 9.0.597.79 \n * Google Chrome 9.0.597.96 \n * Google Chrome 9.0.597.97 \n * Google Chrome 9.0.597.98 \n * Google Chrome 9.0.597.99 \n * Google Chrome 9.0.598.0 \n * Google Chrome 9.0.599.0 \n * Google Chrome 9.0.600.0 \n * Google Chrome OS 0.10.140.0 \n * Google Chrome OS 0.9.110.6 \n * Google Chrome OS 0.9.126.0 \n * Google Chrome OS 0.9.128.3 \n * Google Chrome OS 0.9.130.14 Beta \n * Google Chrome OS 0.9.131.0 \n * Google Chrome OS 0.9.134.14 \n * Google Chrome OS 20.0.1132.0 \n * Google Chrome OS 20.0.1132.1 \n * Google Chrome OS 20.0.1132.10 \n * Google Chrome OS 20.0.1132.11 \n * Google Chrome OS 20.0.1132.12 \n * Google Chrome OS 20.0.1132.13 \n * Google Chrome OS 20.0.1132.14 \n * Google Chrome OS 20.0.1132.15 \n * Google Chrome OS 20.0.1132.16 \n * Google Chrome OS 20.0.1132.17 \n * Google Chrome OS 20.0.1132.18 \n * Google Chrome OS 20.0.1132.19 \n * Google Chrome OS 20.0.1132.2 \n * Google Chrome OS 20.0.1132.20 \n * Google Chrome OS 20.0.1132.21 \n * Google Chrome OS 20.0.1132.3 \n * Google Chrome OS 20.0.1132.4 \n * Google Chrome OS 20.0.1132.5 \n * Google Chrome OS 20.0.1132.6 \n * Google Chrome OS 20.0.1132.7 \n * Google Chrome OS 20.0.1132.8 \n * Google Chrome OS 20.0.1132.9 \n * Google Chrome OS 21.0.1180.0 \n * Google Chrome OS 21.0.1180.1 \n * Google Chrome OS 21.0.1180.10 \n * Google Chrome OS 21.0.1180.11 \n * Google Chrome OS 21.0.1180.13 \n * Google Chrome OS 21.0.1180.14 \n * Google Chrome OS 21.0.1180.15 \n * Google Chrome OS 21.0.1180.17 \n * Google Chrome OS 21.0.1180.18 \n * Google Chrome OS 21.0.1180.2 \n * Google Chrome OS 21.0.1180.3 \n * Google Chrome OS 21.0.1180.31 \n * Google Chrome OS 21.0.1180.32 \n * Google Chrome OS 21.0.1180.33 \n * Google Chrome OS 21.0.1180.34 \n * Google Chrome OS 21.0.1180.35 \n * Google Chrome OS 21.0.1180.36 \n * Google Chrome OS 21.0.1180.37 \n * Google Chrome OS 21.0.1180.38 \n * Google Chrome OS 21.0.1180.39 \n * Google Chrome OS 21.0.1180.4 \n * Google Chrome OS 21.0.1180.41 \n * Google Chrome OS 21.0.1180.46 \n * Google Chrome OS 21.0.1180.47 \n * Google Chrome OS 21.0.1180.48 \n * Google Chrome OS 21.0.1180.49 \n * Google Chrome OS 21.0.1180.5 \n * Google Chrome OS 21.0.1180.50 \n * Google Chrome OS 21.0.1180.51 \n * Google Chrome OS 21.0.1180.52 \n * Google Chrome OS 21.0.1180.53 \n * Google Chrome OS 21.0.1180.54 \n * Google Chrome OS 21.0.1180.55 \n * Google Chrome OS 21.0.1180.56 \n * Google Chrome OS 21.0.1180.57 \n * Google Chrome OS 21.0.1180.6 \n * Google Chrome OS 21.0.1180.7 \n * Google Chrome OS 21.0.1180.79 \n * Google Chrome OS 21.0.1180.8 \n * Google Chrome OS 21.0.1180.81 \n * Google Chrome OS 21.0.1180.9 \n * Google Chrome OS 21.0.1183.0 \n * Google Chrome OS 23.0.1271.94 \n * Google Chrome OS 25.0.1364.0 \n * Google Chrome OS 25.0.1364.1 \n * Google Chrome OS 25.0.1364.10 \n * Google Chrome OS 25.0.1364.108 \n * Google Chrome OS 25.0.1364.11 \n * Google Chrome OS 25.0.1364.110 \n * Google Chrome OS 25.0.1364.112 \n * Google Chrome OS 25.0.1364.113 \n * Google Chrome OS 25.0.1364.114 \n * Google Chrome OS 25.0.1364.115 \n * Google Chrome OS 25.0.1364.116 \n * Google Chrome OS 25.0.1364.117 \n * Google Chrome OS 25.0.1364.118 \n * Google Chrome OS 25.0.1364.119 \n * Google Chrome OS 25.0.1364.12 \n * Google Chrome OS 25.0.1364.120 \n * Google Chrome OS 25.0.1364.121 \n * Google Chrome OS 25.0.1364.122 \n * Google Chrome OS 25.0.1364.123 \n * Google Chrome OS 25.0.1364.124 \n * Google Chrome OS 25.0.1364.125 \n * Google Chrome OS 25.0.1364.126 \n * Google Chrome OS 25.0.1364.13 \n * Google Chrome OS 25.0.1364.14 \n * Google Chrome OS 25.0.1364.15 \n * Google Chrome OS 25.0.1364.152 \n * Google Chrome OS 25.0.1364.154 \n * Google Chrome OS 25.0.1364.155 \n * Google Chrome OS 25.0.1364.156 \n * Google Chrome OS 25.0.1364.159 \n * Google Chrome OS 25.0.1364.16 \n * Google Chrome OS 25.0.1364.160 \n * Google Chrome OS 25.0.1364.161 \n * Google Chrome OS 25.0.1364.168 \n * Google Chrome OS 25.0.1364.169 \n * Google Chrome OS 25.0.1364.17 \n * Google Chrome OS 25.0.1364.170 \n * Google Chrome OS 25.0.1364.171 \n * Google Chrome OS 25.0.1364.172 \n * Google Chrome OS 25.0.1364.173 \n * Google Chrome OS 25.0.1364.18 \n * Google Chrome OS 25.0.1364.19 \n * Google Chrome OS 25.0.1364.2 \n * Google Chrome OS 25.0.1364.20 \n * Google Chrome OS 25.0.1364.21 \n * Google Chrome OS 25.0.1364.22 \n * Google Chrome OS 25.0.1364.23 \n * Google Chrome OS 25.0.1364.24 \n * Google Chrome OS 25.0.1364.25 \n * Google Chrome OS 25.0.1364.26 \n * Google Chrome OS 25.0.1364.27 \n * Google Chrome OS 25.0.1364.28 \n * Google Chrome OS 25.0.1364.29 \n * Google Chrome OS 25.0.1364.3 \n * Google Chrome OS 25.0.1364.30 \n * Google Chrome OS 25.0.1364.31 \n * Google Chrome OS 25.0.1364.32 \n * Google Chrome OS 25.0.1364.33 \n * Google Chrome OS 25.0.1364.34 \n * Google Chrome OS 25.0.1364.35 \n * Google Chrome OS 25.0.1364.36 \n * Google Chrome OS 25.0.1364.37 \n * Google Chrome OS 25.0.1364.38 \n * Google Chrome OS 25.0.1364.39 \n * Google Chrome OS 25.0.1364.40 \n * Google Chrome OS 25.0.1364.41 \n * Google Chrome OS 25.0.1364.42 \n * Google Chrome OS 25.0.1364.43 \n * Google Chrome OS 25.0.1364.44 \n * Google Chrome OS 25.0.1364.45 \n * Google Chrome OS 25.0.1364.46 \n * Google Chrome OS 25.0.1364.47 \n * Google Chrome OS 25.0.1364.48 \n * Google Chrome OS 25.0.1364.49 \n * Google Chrome OS 25.0.1364.5 \n * Google Chrome OS 25.0.1364.50 \n * Google Chrome OS 25.0.1364.51 \n * Google Chrome OS 25.0.1364.52 \n * Google Chrome OS 25.0.1364.53 \n * Google Chrome OS 25.0.1364.54 \n * Google Chrome OS 25.0.1364.55 \n * Google Chrome OS 25.0.1364.56 \n * Google Chrome OS 25.0.1364.57 \n * Google Chrome OS 25.0.1364.58 \n * Google Chrome OS 25.0.1364.61 \n * Google Chrome OS 25.0.1364.62 \n * Google Chrome OS 25.0.1364.63 \n * Google Chrome OS 25.0.1364.65 \n * Google Chrome OS 25.0.1364.66 \n * Google Chrome OS 25.0.1364.67 \n * Google Chrome OS 25.0.1364.68 \n * Google Chrome OS 25.0.1364.7 \n * Google Chrome OS 25.0.1364.70 \n * Google Chrome OS 25.0.1364.72 \n * Google Chrome OS 25.0.1364.73 \n * Google Chrome OS 25.0.1364.74 \n * Google Chrome OS 25.0.1364.75 \n * Google Chrome OS 25.0.1364.76 \n * Google Chrome OS 25.0.1364.77 \n * Google Chrome OS 25.0.1364.78 \n * Google Chrome OS 25.0.1364.79 \n * Google Chrome OS 25.0.1364.8 \n * Google Chrome OS 25.0.1364.80 \n * Google Chrome OS 25.0.1364.81 \n * Google Chrome OS 25.0.1364.82 \n * Google Chrome OS 25.0.1364.84 \n * Google Chrome OS 25.0.1364.85 \n * Google Chrome OS 25.0.1364.86 \n * Google Chrome OS 25.0.1364.87 \n * Google Chrome OS 25.0.1364.88 \n * Google Chrome OS 25.0.1364.89 \n * Google Chrome OS 25.0.1364.9 \n * Google Chrome OS 25.0.1364.90 \n * Google Chrome OS 25.0.1364.91 \n * Google Chrome OS 25.0.1364.92 \n * Google Chrome OS 25.0.1364.93 \n * Google Chrome OS 25.0.1364.95 \n * Google Chrome OS 25.0.1364.98 \n * Google Chrome OS 25.0.1364.99 \n * Google Chrome OS 26.0.1410.0 \n * Google Chrome OS 26.0.1410.1 \n * Google Chrome OS 26.0.1410.10 \n * Google Chrome OS 26.0.1410.11 \n * Google Chrome OS 26.0.1410.12 \n * Google Chrome OS 26.0.1410.14 \n * Google Chrome OS 26.0.1410.15 \n * Google Chrome OS 26.0.1410.16 \n * Google Chrome OS 26.0.1410.17 \n * Google Chrome OS 26.0.1410.18 \n * Google Chrome OS 26.0.1410.19 \n * Google Chrome OS 26.0.1410.20 \n * Google Chrome OS 26.0.1410.21 \n * Google Chrome OS 26.0.1410.22 \n * Google Chrome OS 26.0.1410.23 \n * Google Chrome OS 26.0.1410.24 \n * Google Chrome OS 26.0.1410.25 \n * Google Chrome OS 26.0.1410.26 \n * Google Chrome OS 26.0.1410.27 \n * Google Chrome OS 26.0.1410.28 \n * Google Chrome OS 26.0.1410.29 \n * Google Chrome OS 26.0.1410.3 \n * Google Chrome OS 26.0.1410.30 \n * Google Chrome OS 26.0.1410.31 \n * Google Chrome OS 26.0.1410.32 \n * Google Chrome OS 26.0.1410.33 \n * Google Chrome OS 26.0.1410.34 \n * Google Chrome OS 26.0.1410.35 \n * Google Chrome OS 26.0.1410.36 \n * Google Chrome OS 26.0.1410.37 \n * Google Chrome OS 26.0.1410.38 \n * Google Chrome OS 26.0.1410.39 \n * Google Chrome OS 26.0.1410.4 \n * Google Chrome OS 26.0.1410.40 \n * Google Chrome OS 26.0.1410.41 \n * Google Chrome OS 26.0.1410.42 \n * Google Chrome OS 26.0.1410.43 \n * Google Chrome OS 26.0.1410.44 \n * Google Chrome OS 26.0.1410.45 \n * Google Chrome OS 26.0.1410.46 \n * Google Chrome OS 26.0.1410.47 \n * Google Chrome OS 26.0.1410.48 \n * Google Chrome OS 26.0.1410.49 \n * Google Chrome OS 26.0.1410.5 \n * Google Chrome OS 26.0.1410.50 \n * Google Chrome OS 26.0.1410.51 \n * Google Chrome OS 26.0.1410.52 \n * Google Chrome OS 26.0.1410.54 \n * Google Chrome OS 26.0.1410.55 \n * Google Chrome OS 26.0.1410.56 \n * Google Chrome OS 26.0.1410.57 \n * Google Chrome OS 26.0.1410.6 \n * Google Chrome OS 26.0.1410.7 \n * Google Chrome OS 26.0.1410.8 \n * Google Chrome OS 26.0.1410.9 \n * Google Chrome OS 28.0.1500.71 \n * Google Chrome OS 28.0.1500.95 \n * Google Chrome OS 32.0.1700.95 \n * Google Chrome OS 33.0.1750.152 \n * Google Chrome OS 35.0.1916.155 \n * Google Chrome OS 37.0.2062.119 \n * Google Chrome OS 40.0.2214.114 \n * Google Chrome OS 48.0.2564.116 \n * Google Chrome OS 48.0.2564.92 \n * Google Chrome OS 52.0.2743.85 \n * Google Chrome OS 53.0.2785.103 \n * Google Chrome OS 53.0.2785.144 \n * Google Chrome OS 54.0.2840.79 \n * Google Chrome OS 57.0.2987.137 \n * Google Chrome OS 58.0.3029.89 \n * Google Chrome OS 59.0.3071.91 \n * Google Chrome OS 59.0.3071.92 \n * Google Chrome OS 60.0.3112.114 \n * Google Chrome OS 61.0.3163.113 \n * Google Chrome OS 62.0.3202.97 \n * Google Chrome OS 8.0.552.342 \n * Google Chrome OS 8.0.552.343 \n * Google Chrome OS 8.0.552.344 \n * Google Nexus 5X \n * Google Nexus 6P \n * Google Pixel 2 XL \n * Google Pixel C \n * Google Pixel XL \n * Google V8 \n * HP ProLiant DL385 Gen10 Server 1.02 \n * IBM AIX 5.3 \n * IBM AIX 6.1 \n * IBM AIX 7.1 \n * IBM Aix 7.2 \n * IBM Vios 2.2.0 \n * Intel Xeon CPU E5-1650 v3 \n * Linux kernel 4.14.7 \n * Linux kernel 4.9.74 \n * Microsoft Edge \n * Microsoft Internet Explorer 11 \n * Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 3 \n * Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 3 \n * Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4 \n * Microsoft SQL Server 2008 for x64-based Systems Service Pack 4 \n * Microsoft SQL Server 2012 for 32-bit Systems Service Pack 3 \n * Microsoft SQL Server 2012 for 32-bit Systems Service Pack 4 \n * Microsoft SQL Server 2012 for x64-based Systems Service Pack 3 \n * Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 \n * Microsoft SQL Server 2014 for 32-bit Systems Service Pack 2 \n * Microsoft SQL Server 2014 for x64-based Systems Service Pack 2 \n * Microsoft SQL Server 2016 for x64-based Systems \n * Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 \n * Microsoft SQL Server 2017 for x64-based Systems \n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n * Oracle VM VirtualBox 5.0 \n * Oracle VM VirtualBox 5.0.10 \n * Oracle VM VirtualBox 5.0.11 \n * Oracle VM VirtualBox 5.0.12 \n * Oracle VM VirtualBox 5.0.13 \n * Oracle VM VirtualBox 5.0.14 \n * Oracle VM VirtualBox 5.0.16 \n * Oracle VM VirtualBox 5.0.18 \n * Oracle VM VirtualBox 5.0.22 \n * Oracle VM VirtualBox 5.0.26 \n * Oracle VM VirtualBox 5.0.28 \n * Oracle VM VirtualBox 5.0.32 \n * Oracle VM VirtualBox 5.0.34 \n * Oracle VM VirtualBox 5.0.38 \n * Oracle VM VirtualBox 5.0.8 \n * Oracle VM VirtualBox 5.0.9 \n * Oracle VM VirtualBox 5.1.10 \n * Oracle VM VirtualBox 5.1.14 \n * Oracle VM VirtualBox 5.1.16 \n * Oracle VM VirtualBox 5.1.20 \n * Oracle VM VirtualBox 5.1.24 \n * Oracle VM VirtualBox 5.1.30 \n * Oracle VM VirtualBox 5.1.8 \n * Oracle VM VirtualBox 5.2.0 \n * Oracle VM VirtualBox 5.2.2 \n * Oracle VM VirtualBox 5.2.4 \n * Oracle X86 Servers SW 1.0 \n * Oracle X86 Servers SW 2.0 \n * Redhat Enterprise Linux 5 \n * Redhat Enterprise Linux 6 \n * Redhat Enterprise Linux 7 \n * Redhat Enterprise Linux Desktop 6 \n * Redhat Enterprise Linux Desktop 7 \n * Redhat Enterprise Linux EUS Compute Node 6.7 \n * Redhat Enterprise Linux EUS Compute Node 7.3 \n * Redhat Enterprise Linux EUS Compute Node 7.4 \n * Redhat Enterprise Linux Server (for IBM Power LE) - 4 Year Extended Upd 7.3 \n * Redhat Enterprise Linux Server (for IBM Power LE) - 4 Year Extended Update Support 7.4 \n * Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.2 \n * Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.3 \n * Redhat Enterprise Linux Server - 4 Year Extended Update Support 7.4 \n * Redhat Enterprise Linux Server - AUS 6.6 \n * Redhat Enterprise Linux Server - AUS 7.2 \n * Redhat Enterprise Linux Server - AUS 7.3 \n * Redhat Enterprise Linux Server - AUS 7.4 \n * Redhat Enterprise Linux Server - Extended Update Support 6.7 \n * Redhat Enterprise Linux Server - Extended Update Support 7.3 \n * Redhat Enterprise Linux Server - Extended Update Support 7.4 \n * Redhat Enterprise Linux Server - TUS 6.6 \n * Redhat Enterprise Linux Server - TUS 7.2 \n * Redhat Enterprise Linux Server - TUS 7.3 \n * Redhat Enterprise Linux Server - TUS 7.4 \n * Redhat Enterprise Linux Server 6 \n * Redhat Enterprise Linux Server 7 \n * Redhat Enterprise Linux Workstation 6 \n * Redhat Enterprise Linux Workstation 7 \n * Redhat Enterprise Linux for IBM z Systems - Extended Update Support 6.7 \n * Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.4 \n * Redhat Enterprise Linux for IBM z Systems 6 \n * Redhat Enterprise Linux for IBM z Systems 7 \n * Redhat Enterprise Linux for Power, big endian - Extended Update Support 6.7 \n * Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.3 \n * Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.4 \n * Redhat Enterprise Linux for Power, big endian 6 \n * Redhat Enterprise Linux for Power, big endian 7 \n * Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.3 \n * Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.4 \n * Redhat Enterprise Linux for Power, little endian 7 \n * Redhat Enterprise Linux for Real Time 7 \n * Redhat Enterprise Linux for Real Time for NFV 7 \n * Redhat Enterprise Linux for Scientific Computing 6 \n * Redhat Enterprise Linux for Scientific Computing 7 \n * Redhat Enterprise Mrg 2 \n * Redhat Virtualization Host 4 \n * VMWare ESXi 5.5 \n * VMWare Esxi 6.0 \n * VMWare Esxi 6.5 \n * VMWare Fusion 8.0 \n * VMWare Fusion 8.0.1 \n * VMWare Fusion 8.0.2 \n * VMWare Fusion 8.1.0 \n * VMWare Fusion 8.1.1 \n * VMWare Fusion 8.5 \n * VMWare Fusion 8.5.2 \n * VMWare Fusion 8.5.4 \n * VMWare Fusion 8.5.5 \n * VMWare Fusion 8.5.6 \n * VMWare Fusion 8.5.8 \n * VMWare Identity Manager 2.0 \n * VMWare Identity Manager 2.7 \n * VMWare Identity Manager 2.7.1 \n * VMWare Identity Manager 3.0 \n * VMWare Workstation 12.0 \n * VMWare Workstation 12.5.3 \n * VMWare Workstation 12.5.5 \n * VMWare Workstation 12.5.7 \n * VMWare vCenter Server 6.0 \n * VMWare vCenter Server 6.5 \n * VMWare vCloud Usage Meter 3.0 \n * VMWare vCloud Usage Meter 3.3 \n * VMWare vCloud Usage Meter 3.3.3 \n * VMWare vRealize Automation 6.0 \n * VMWare vRealize Automation 6.1 \n * VMWare vRealize Automation 6.2 \n * VMWare vRealize Automation 6.2.4 \n * VMWare vRealize Automation 6.2.4.1 \n * VMWare vRealize Automation 6.2.5 \n * VMWare vRealize Automation 7.0 \n * VMWare vRealize Automation 7.1 \n * VMWare vRealize Automation 7.2.0 \n * VMWare vRealize Automation 7.3.0 \n * VMWare vSphere Data Protection 6.0 \n * VMWare vSphere Data Protection 6.0.0 \n * VMWare vSphere Data Protection 6.0.5 \n * VMWare vSphere Data Protection 6.0.6 \n * VMWare vSphere Data Protection 6.0.7 \n * VMWare vSphere Data Protection 6.1 \n * VMWare vSphere Data Protection 6.1.0 \n * VMWare vSphere Data Protection 6.1.4 \n * VMWare vSphere Data Protection 6.1.5 \n * VMWare vSphere Data Protection 6.1.6 \n * VMWare vSphere Integrated Containers 1.0 \n * VMWare vSphere Integrated Containers 1.1 \n * VMWare vSphere Integrated Containers 1.2 \n * VMWare vSphere Integrated Containers 1.3 \n * Xen Xen \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nGiven the local nature of this issue, grant only trusted and accountable individuals access to affected computers. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2018-01-03T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102378", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-03-11T18:48:46"}], "f5": [{"id": "F5:K91229003", "type": "f5", "title": "Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754", "description": "\nF5 Product Development has assigned 698651, 701445, 701447, 704490, and 704483 (BIG-IP); 702233, 702236, and 202237 (BIG-IQ); 702353, 702354, and 702355 (Enterprise Manager); 702355, 702377, and 702378 (iWorkflow); CPF-24782, CPF-24783, and CPF-24784 (Traffix); LRS-65859, LRS-65860, and LRS-65861 (LineRate) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H91229003 on the **Diagnostics** > **Identified** > **Medium** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) | 13.x | 13.0.0 - 13.1.0 | 13.1.0.4*** \n13.0.1*** | Medium | [6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) | CPU, BIOS, and kernel \n12.x | 12.1.0 - 12.1.3 | 12.1.3.3*** \n11.x | 11.6.1 - 11.6.3 \n11.5.1 - 11.5.5 \n11.2.1 | 11.6.3.1*** \n11.5.6*** \nARX | 6.x | None | None | None | None | None \nEnterprise Manager | 3.x | 3.1.1 | None | Medium (CVE-2017-5715) \nMedium (CVE-2017-5753) \nMedium (CVE-2017-5754) | [6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5715 \n[5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:U/RC:C>) CVE-2017-5753 \n[6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5754 | CPU, BIOS, and kernel \nBIG-IQ (Cloud, Device, Security, ADC) | 4.x | 4.5.0 | None | Medium (CVE-2017-5715) \nMedium (CVE-2017-5753) \nMedium (CVE-2017-5754) | [6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5715 \n[5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:U/RC:C>) CVE-2017-5753 \n[6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5754 | CPU, BIOS, and kernel \nBIG-IQ Centralized Management | 5.x | 5.0.0 - 5.4.0 | None | Medium (CVE-2017-5715) \nMedium (CVE-2017-5753) \nMedium (CVE-2017-5754) | [6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5715 \n[5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:U/RC:C>) CVE-2017-5753 \n[6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5754 | CPU, BIOS, and kernel \n4.x | 4.6.0 | None \nBIG-IQ Cloud and Orchestration | 1.x | 1.0.0 | None | Medium (CVE-2017-5715) \nMedium (CVE-2017-5753) \nMedium (CVE-2017-5754) | [6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5715 \n[5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:U/RC:C>) CVE-2017-5753 \n[6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5754 | CPU, BIOS, and kernel \nF5 iWorkflow | 2.x | 2.3.0 \n2.2.0 \n2.1.0 \n2.0.1 - 2.0.2 | None | Medium (CVE-2017-5715) \nMedium (CVE-2017-5753) \nMedium (CVE-2017-5754) | [6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5715 \n[5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:U/RC:C>) CVE-2017-5753 \n[6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5754 | CPU, BIOS, and kernel \nLineRate | 2.x | 2.6.0 | None | Medium | ** | CPU, BIOS, and kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | Security bulletin build 93 (5.1.0) \nSecurity bulletin build 32 (5.0.0) | Medium (CVE-2017-5715) \nHigh (CVE-2017-5753) \nHigh (CVE-2017-5754) | [6.7](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N>) (CVE-2017-5715) \n[8.2](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N>) (CVE-2017-5753) \n[7.9](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N>) (CVE-2017-5754) | CPU, BIOS, and kernel \n4.x | 4.0.0 - 4.4.0 | Security bulletin build 14 (4.4.0) \n \n** Confirmation of vulnerability or non-vulnerability is not presently available. F5 is still researching the issue for the products indicated and will update this article with the most current information as soon as it has been confirmed. F5 Technical Support has no additional information on this issue.\n\n1 The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n*** Notes about fixes for CVE-2017-5753 (Spectre Variant 1) and CVE-2017-5754 (Meltdown):\n\n * Performance impact: \n * CVE-2017-5753 (Spectre Variant 1)\n\nF5 does not anticipate a performance impact as a result of the fix for CVE-2017-5753 Spectre Variant 1.\n\n * CVE-2017-5754 (Meltdown)\n\nIn most scenarios, the fix for CVE-2017-5754 Meltdown has a negligible performance impact. F5 recommends testing the performance impact before deploying the fix in a production environment, or testing the fix during a maintenance window with consideration to the possible impact on your specific environment. If you encounter unacceptable performance issues in testing and choose to disable the Meltdown fix, you can do so by typing the following command:\n\ntmsh modify sys db kernel.pti value disable\n\n**Note:** This database variable change is applied without requirement for a reboot.\n\n**Important:** If you choose to disable the Meltdown fix, the BIG-IP system will be vulnerable to the CVE-2017-5754 Meltdown vulnerability. However, in order to take advantage of this vulnerability, the attacker must already possess the ability to run arbitrary code on the system. For non-vCMP systems, good access controls and keeping your system up-to-date with security fixes will mitigate this risk. For vCMP systems with multiple tenants, F5 recommends that you leave the Meltdown fix enabled.\n\n * Virtual F5 products/vCMP guests:\n\nThe Meltdown and Spectre 1 fixes block the ability for those exploits to be executed on the patched OS. If the exploit allows cross-VM boundary information leaks, then a fixed VM is still vulnerable to attacks from a non-fixed VM or the host. Therefore, it is important to apply fixes to both guest VMs and the host that runs them.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nBIG-IP\n\nThe only roles on a BIG-IP system that can exploit these vulnerabilities are the Administrator, Resource Administrator, Manager, and iRules Manager roles. To mitigate against all three vulnerabilities, ensure that you limit access to these roles to only trusted employees.\n\nTo mitigate the Spectre Variant 2 vulnerability in multi-tenancy vCMP configurations, ensure that all guests are set to at least two **Cores Per Guest**.\n\nTraffix SDC\n\nFixes for CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754 are available from F5 via the following security bulletins for Traffix SDC 5.1.0, 5.0.0, and 4.4.0:\n\n * **5.1.0** \\- security bulletin build 93\n * **5.0.0** \\- security bulletin build 32\n * **4.4.0** \\- security bulletin build 14\n\nFor more information, contact your Traffix SDC Technical Support representative.\n\n * <https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html>\n\n**Note**: This link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge.\n\n * <https://meltdownattack.com/>\n\n**Note**: This link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge.\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n", "published": "2018-01-04T04:46:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://support.f5.com/csp/article/K91229003", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-04-13T05:15:17"}], "nessus": [{"id": "SLACKWARE_SSA_2018-057-01.NASL", "type": "nessus", "title": "Slackware 14.2 : Slackware 14.2 kernel (SSA:2018-057-01) (Spectre)", "description": "New kernel packages are available for Slackware 14.2 to mitigate the speculative side channel attack known as Spectre variant 1.", "published": "2018-02-27T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=107006", "cvelist": ["CVE-2017-5753"], "lastseen": "2018-03-03T18:11:22"}, {"id": "UBUNTU_USN-3521-1.NASL", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : nvidia-graphics-drivers-384 vulnerability (USN-3521-1) (Spectre)", "description": "Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory.\n\nThis update provides mitigations to address the issue, along with compatibility fixes for the corresponding Linux kernel updates.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2018-01-10T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=105723", "cvelist": ["CVE-2017-5753"], "lastseen": "2018-02-01T01:16:21"}, {"id": "SOLARIS_APR2018_SRU11_3_31_6_0.NASL", "type": "nessus", "title": "Oracle Solaris Critical Patch Update : apr2018_SRU11_3_31_6_0 (Spectre)", "description": "This Solaris system is missing necessary patches to address a critical security update :\n\n - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris accessible data.\n (CVE-2017-5753)", "published": "2018-04-20T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=109176", "cvelist": ["CVE-2017-5753"], "lastseen": "2018-04-21T14:01:28"}, {"id": "MACOSX_SAFARI11_0_2_PATCH_2018_01_08.NASL", "type": "nessus", "title": "macOS : Apple Safari <= 11.0.2 (11604.4.7.1.6 / 12604.4.7.1.6 / 13604.4.7.10.6) Information Disclosure (Spectre)", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 11.0.2, or is 11.0.2 and missing the January 8th patch.\nIt is, therefore, affected by a vulnerability that exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis.", "published": "2018-01-09T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=105689", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-01-23T05:09:04"}, {"id": "MOZILLA_FIREFOX_57_0_4.NASL", "type": "nessus", "title": "Mozilla Firefox < 57.0.4 Speculative Execution Side-Channel Attack Vulnerability (Spectre)", "description": "The version of Mozilla Firefox installed on the remote Windows host is prior to 57.0.4. It is, therefore, vulnerable to a speculative execution side-channel attack. Code from a malicious web page could read data from other web sites or private data from the browser itself.", "published": "2018-01-05T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=105616", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-01-12T06:56:36"}, {"id": "FEDORA_2018-690989736A.NASL", "type": "nessus", "title": "Fedora 26 : webkitgtk4 (2018-690989736a) (Spectre)", "description": "This update includes improvements to mitigate the effects of Spectre ([CVE-2017-5753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20 17-5753) and [CVE-2017-5715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 7-5715)) :\n\n - Disable SharedArrayBuffers from Web API.\n\n - Reduce the precision of “high” resolution time to 1ms.\n\nAdditional fixes :\n\n - Fix API documentation generation with newer gtk-doc.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2018-01-19T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=106178", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-02-04T11:08:23"}, {"id": "UBUNTU_USN-3542-1.NASL", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-3542-1) (Spectre)", "description": "Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 (CVE-2017-5753 only) and amd64 architectures.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2018-01-23T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=106272", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-02-01T00:59:18"}, {"id": "VMWARE_VCENTER_VMSA-2018-0007.NASL", "type": "nessus", "title": "VMware vCenter Server 6.5.x < 6.5u1f Multiple Vulnerabilities (VMSA-2018-0007) (Spectre-1) (Meltdown)", "description": "The version of VMware vCenter Server installed on the remote host is 6.5.x prior to 6.5u1f. It is, therefore, affected by multiple vulnerabilities. See advisory for details.", "published": "2018-02-22T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=106950", "cvelist": ["CVE-2017-5753", "CVE-2017-5754"], "lastseen": "2018-02-26T23:29:33"}, {"id": "ORACLELINUX_ELSA-2018-4004.NASL", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4004) (Spectre)", "description": "Description of changes:\n\n[4.1.12-112.14.5.el7uek]\n- x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk) [Orabug: 27350825]\n\n[4.1.12-112.14.4.el7uek]\n- kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n\n[4.1.12-112.14.3.el7uek]\n- userns: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- udf: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- net: mpls: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- fs: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- ipv6: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- ipv4: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- Thermal/int340x: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- cw1200: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- p54: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} {CVE-2017-5715}\n- x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715}\n- x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- Set IBPB when running a different VCPU (Dave Hansen) [Orabug: 27339995] {CVE-2017-5715}\n- Clear the host registers after setbe (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715}\n- Use the ibpb_inuse variable. (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715}\n- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715}\n- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini) [Orabug: 27339995] {CVE-2017-5715}\n- Use the 'ibrs_inuse' variable. (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715}\n- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715}\n- x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini) [Orabug: 27339995] {CVE-2017-5715}\n- x86/kvm: Pad RSB on VM transition (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715}\n- x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- x86/kvm: clear registers on VM exit (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715}\n- x86/kvm: Set IBPB when switching VM (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall entrance (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- x86/mm: Set IBPB upon context switch (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715}\n- *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86: Add macro that does not save rax, rcx, rdx on stack to disable IBRS (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86/feature: Report presence of IBPB and IBRS control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- x86/feature: Enable the x86 feature to control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}", "published": "2018-01-12T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=105759", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-02-04T10:59:51"}, {"id": "UBUNTU_USN-3530-1.NASL", "type": "nessus", "title": "Ubuntu 16.04 LTS / 17.04 / 17.10 : webkit2gtk vulnerabilities (USN-3530-1) (Spectre)", "description": "It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions. (CVE-2017-5753, CVE-2017-5715).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2018-01-12T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=105766", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-02-01T01:12:52"}], "openvas": [{"id": "OPENVAS:1361412562310843411", "type": "openvas", "title": "Ubuntu Update for nvidia-graphics-drivers-384 USN-3521-1", "description": "Check the version of nvidia-graphics-drivers-384", "published": "2018-01-10T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843411", "cvelist": ["CVE-2017-5753"], "lastseen": "2018-01-23T13:03:54"}, {"id": "OPENVAS:1361412562310874007", "type": "openvas", "title": "Fedora Update for webkitgtk4 FEDORA-2018-0590e4af13", "description": "Check the version of webkitgtk4", "published": "2018-01-13T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874007", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-01-23T13:03:51"}, {"id": "OPENVAS:1361412562310874035", "type": "openvas", "title": "Fedora Update for webkitgtk4 FEDORA-2018-690989736a", "description": "Check the version of webkitgtk4", "published": "2018-01-19T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874035", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-01-23T13:03:51"}, {"id": "OPENVAS:1361412562310843419", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3530-1", "description": "Check the version of webkit2gtk", "published": "2018-01-12T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843419", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-01-23T13:03:54"}, {"id": "OPENVAS:1361412562310812629", "type": "openvas", "title": "Apple MacOSX Security Updates (HT208397)", "description": "This host is installed with Apple Mac OS X\n and is prone to multiple information disclosure vulnerabilities.", "published": "2018-01-12T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812629", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-01-15T13:03:10"}, {"id": "OPENVAS:1361412562310843428", "type": "openvas", "title": "Ubuntu Update for linux USN-3542-1", "description": "Check the version of linux", "published": "2018-01-23T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843428", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-01-26T11:03:49"}, {"id": "OPENVAS:1361412562310843436", "type": "openvas", "title": "Ubuntu Update for linux-kvm USN-3549-1", "description": "Check the version of linux-kvm", "published": "2018-01-30T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843436", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-02-02T13:04:02"}, {"id": "OPENVAS:1361412562310882822", "type": "openvas", "title": "CentOS Update for kernel CESA-2018:0008 centos6 ", "description": "Check the version of kernel", "published": "2018-01-05T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882822", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-23T13:03:47"}, {"id": "OPENVAS:1361412562310882855", "type": "openvas", "title": "CentOS Update for kernel CESA-2018:0512 centos6 ", "description": "Check the version of kernel", "published": "2018-03-15T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882855", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-03-20T16:37:18"}, {"id": "OPENVAS:1361412562310843474", "type": "openvas", "title": "Ubuntu Update for linux-hwe USN-3597-2", "description": "Check the version of linux-hwe", "published": "2018-03-15T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843474", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-03-20T16:38:35"}], "ubuntu": [{"id": "USN-3521-1", "type": "ubuntu", "title": "NVIDIA graphics drivers vulnerability", "description": "Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory.\n\nThis update provides mitigations to address the issue, along with compatibility fixes for the corresponding Linux kernel updates.", "published": "2018-01-09T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://usn.ubuntu.com/3521-1/", "cvelist": ["CVE-2017-5753"], "lastseen": "2018-03-29T18:18:43"}, {"id": "USN-3542-2", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerabilities", "description": "USN-3542-1 addressed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM.\n\nJann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 (CVE-2017-5753 only) and amd64 architectures.", "published": "2018-01-23T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://usn.ubuntu.com/3542-2/", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-03-29T18:21:11"}, {"id": "USN-3549-1", "type": "ubuntu", "title": "Linux kernel (KVM) vulnerabilities", "description": "Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715, CVE-2017-5753)", "published": "2018-01-29T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://usn.ubuntu.com/3549-1/", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-03-29T18:18:30"}, {"id": "USN-3530-1", "type": "ubuntu", "title": "WebKitGTK+ vulnerabilities", "description": "It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions. (CVE-2017-5753, CVE-2017-5715)", "published": "2018-01-11T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://usn.ubuntu.com/3530-1/", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-03-29T18:19:27"}, {"id": "USN-3542-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 (CVE-2017-5753 only) and amd64 architectures.", "published": "2018-01-23T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://usn.ubuntu.com/3542-1/", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-03-29T18:18:08"}, {"id": "USN-3580-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory.", "published": "2018-02-22T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://usn.ubuntu.com/3580-1/", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-03-29T18:19:50"}, {"id": "USN-3597-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "USNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) for the i386, amd64, and ppc64el architectures in Ubuntu 17.10. This update provides the corresponding mitigations for the arm64 architecture. Original advisory details:\n\nJann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754)\n\nJann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715, CVE-2017-5753)", "published": "2018-03-15T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://usn.ubuntu.com/3597-1/", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-03-29T18:17:53"}, {"id": "USN-3516-1", "type": "ubuntu", "title": "Firefox vulnerabilities", "description": "It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions. (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754).", "published": "2018-01-05T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://usn.ubuntu.com/3516-1/", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-03-29T18:18:14"}, {"id": "USN-3541-2", "type": "ubuntu", "title": "Linux kernel (HWE) vulnerabilities", "description": "USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.\n\nJann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures. (CVE-2017-5715, CVE-2017-5753)\n\nUSN-3523-2 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. Original advisory details:\n\nJann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754)", "published": "2018-01-23T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://usn.ubuntu.com/3541-2/", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-03-29T18:17:08"}, {"id": "USN-3540-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures. (CVE-2017-5715, CVE-2017-5753)\n\nUSN-3522-1 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. Original advisory details:\n\nJann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754)", "published": "2018-01-23T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://usn.ubuntu.com/3540-1/", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-03-29T18:20:54"}], "slackware": [{"id": "SSA-2018-057-01", "type": "slackware", "title": "Slackware 14.2 kernel", "description": "New kernel packages are available for Slackware 14.2 to mitigate the\nspeculative side channel attack known as Spectre variant 1.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/linux-4.4.118/*: Upgraded.\n This kernel includes __user pointer sanitization mitigation for the Spectre\n (variant 1) speculative side channel attack.\n Be sure to upgrade your initrd after upgrading the kernel packages.\n If you use lilo to boot your machine, be sure lilo.conf points to the correct\n kernel and initrd and run lilo as root to update the bootloader.\n If you use elilo to boot your machine, you should run eliloconfig to copy the\n kernel and initrd to the EFI System Partition.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.118/kernel-firmware-20180222_7344ec9-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.118/kernel-generic-4.4.118-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.118/kernel-generic-smp-4.4.118_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.118/kernel-headers-4.4.118_smp-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.118/kernel-huge-4.4.118-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.118/kernel-huge-smp-4.4.118_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.118/kernel-modules-4.4.118-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.118/kernel-modules-smp-4.4.118_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.118/kernel-source-4.4.118_smp-noarch-1.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.118/kernel-firmware-20180222_7344ec9-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.118/kernel-generic-4.4.118-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.118/kernel-headers-4.4.118-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.118/kernel-huge-4.4.118-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.118/kernel-modules-4.4.118-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.118/kernel-source-4.4.118-noarch-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.2 packages:\n260968bbd379913c30d11d8b1daac6ae kernel-firmware-20180222_7344ec9-noarch-1.txz\n0c1ffb6a5ce31e3b467b76366cb45fdf kernel-generic-4.4.118-i586-1.txz\nd9aa76d4956dc5afae7e6a51f3539480 kernel-generic-smp-4.4.118_smp-i686-1.txz\n0ee08392f4b80274a4dfd4ec502bfac2 kernel-headers-4.4.118_smp-x86-1.txz\n5d9561ac8b58e6ca10fb18b9b2385ef9 kernel-huge-4.4.118-i586-1.txz\n7583356ca16efd078db333a1f3e7cd8b kernel-huge-smp-4.4.118_smp-i686-1.txz\n9413547cb17efd1086a167220b440382 kernel-modules-4.4.118-i586-1.txz\n792d09fb27f79dbd89e3edb8f47bb8f5 kernel-modules-smp-4.4.118_smp-i686-1.txz\nc9e204b423f5624aca02c4eabe100c3e kernel-source-4.4.118_smp-noarch-1.txz\n\nSlackware x86_64 14.2 packages:\n260968bbd379913c30d11d8b1daac6ae kernel-firmware-20180222_7344ec9-noarch-1.txz\n92ca007b24d746beef19c13cee9b4fcd kernel-generic-4.4.118-x86_64-1.txz\n60f9bec621769a54c7bb4cf772ab52f3 kernel-headers-4.4.118-x86-1.txz\n14dea8448b42c4308eae40dcca595373 kernel-huge-4.4.118-x86_64-1.txz\nce365549a202ac2b3e35aa553757d3a8 kernel-modules-4.4.118-x86_64-1.txz\n740953188c1956d7720cb3de3c3ef77b kernel-source-4.4.118-noarch-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg kernel-*.txz\n\nIf you are using an initrd, you'll need to rebuild it.\n\nFor a 32-bit SMP machine, use this command (substitute the appropriate\nkernel version if you are not running Slackware 14.2):\n > /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.118-smp | bash\n\nFor a 64-bit machine, or a 32-bit uniprocessor machine, use this command\n(substitute the appropriate kernel version if you are not running\nSlackware 14.2):\n > /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.118 | bash\n\nPlease note that "uniprocessor" has to do with the kernel you are running,\nnot with the CPU. Most systems should run the SMP kernel (if they can)\nregardless of the number of cores the CPU has. If you aren't sure which\nkernel you are running, run "uname -a". If you see SMP there, you are\nrunning the SMP kernel and should use the 4.4.118-smp version when running\nmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit\nsystems should always use 4.4.118 as the version.\n\nIf you are using lilo or elilo to boot the machine, you'll need to ensure\nthat the machine is properly prepared before rebooting.\n\nIf using LILO:\nBy default, lilo.conf contains an image= line that references a symlink\nthat always points to the correct kernel. No editing should be required\nunless your machine uses a custom lilo.conf. If that is the case, be sure\nthat the image= line references the correct kernel file. Either way,\nyou'll need to run "lilo" as root to reinstall the boot loader.\n\nIf using elilo:\nEnsure that the /boot/vmlinuz symlink is pointing to the kernel you wish\nto use, and then run eliloconfig to update the EFI System Partition.", "published": "2018-02-26T15:17:47", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.684951", "cvelist": ["CVE-2017-5753"], "lastseen": "2018-02-27T03:36:44"}, {"id": "SSA-2018-016-01", "type": "slackware", "title": "kernel", "description": "New kernel packages are available for Slackware 14.0 and 14.2 to fix\nsecurity issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/linux-4.4.111/*: Upgraded.\n This kernel includes mitigations for the Spectre (variant 2) and Meltdown\n speculative side channel attacks.\n Be sure to upgrade your initrd after upgrading the kernel packages.\n If you use lilo to boot your machine, be sure lilo.conf points to the correct\n kernel and initrd and run lilo as root to update the bootloader.\n If you use elilo to boot your machine, you should run eliloconfig to copy the\n kernel and initrd to the EFI System Partition.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/linux-3.2.98/kernel-firmware-20180104_65b1c68-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/linux-3.2.98/kernel-generic-3.2.98-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/linux-3.2.98/kernel-generic-smp-3.2.98_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/linux-3.2.98/kernel-headers-3.2.98_smp-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/linux-3.2.98/kernel-huge-3.2.98-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/linux-3.2.98/kernel-huge-smp-3.2.98_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/linux-3.2.98/kernel-modules-3.2.98-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/linux-3.2.98/kernel-modules-smp-3.2.98_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/linux-3.2.98/kernel-source-3.2.98_smp-noarch-1.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/linux-3.2.98/kernel-firmware-20180104_65b1c68-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/linux-3.2.98/kernel-generic-3.2.98-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/linux-3.2.98/kernel-headers-3.2.98-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/linux-3.2.98/kernel-huge-3.2.98-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/linux-3.2.98/kernel-modules-3.2.98-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/linux-3.2.98/kernel-source-3.2.98-noarch-1.txz\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/patches/packages/linux-4.4.111/kernel-firmware-20180104_65b1c68-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/patches/packages/linux-4.4.111/kernel-generic-4.4.111-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/patches/packages/linux-4.4.111/kernel-generic-smp-4.4.111_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/patches/packages/linux-4.4.111/kernel-headers-4.4.111_smp-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/patches/packages/linux-4.4.111/kernel-huge-4.4.111-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/patches/packages/linux-4.4.111/kernel-huge-smp-4.4.111_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/patches/packages/linux-4.4.111/kernel-modules-4.4.111-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/patches/packages/linux-4.4.111/kernel-modules-smp-4.4.111_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/patches/packages/linux-4.4.111/kernel-source-4.4.111_smp-noarch-1.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/patches/packages/linux-4.4.111/kernel-firmware-20180104_65b1c68-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/patches/packages/linux-4.4.111/kernel-generic-4.4.111-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/patches/packages/linux-4.4.111/kernel-headers-4.4.111-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/patches/packages/linux-4.4.111/kernel-huge-4.4.111-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/patches/packages/linux-4.4.111/kernel-modules-4.4.111-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/patches/packages/linux-4.4.111/kernel-source-4.4.111-noarch-1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-firmware-20180104_65b1c68-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-generic-4.14.13-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-generic-smp-4.14.13_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-huge-4.14.13-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-huge-smp-4.14.13_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-modules-4.14.13-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-modules-smp-4.14.13_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/kernel-headers-4.14.13_smp-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/k/kernel-source-4.14.13_smp-noarch-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-firmware-20180104_65b1c68-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-generic-4.14.13-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-huge-4.14.13-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/kernel-modules-4.14.13-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/kernel-headers-4.14.13-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/k/kernel-source-4.14.13-noarch-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 packages:\nbf85158499277e0398e41293370abc4a kernel-firmware-20180104_65b1c68-noarch-1.txz\n0ef73b92f14f3e0494f36b4074d62a35 kernel-generic-3.2.98-i586-1.txz\n193dda4b6e27335a17411c6a29f60ea3 kernel-generic-smp-3.2.98_smp-i686-1.txz\nd9d8f98a4d25cadf60f48160bdf30ae7 kernel-headers-3.2.98_smp-x86-1.txz\n2c45a0a535d82af30302e6f635eb0ba0 kernel-huge-3.2.98-i586-1.txz\n803e8c349a811ee41ee53e350084fe44 kernel-huge-smp-3.2.98_smp-i686-1.txz\nffc5679148ddc84e374382263f2a5961 kernel-modules-3.2.98-i586-1.txz\n01c13c7e9d5aaf71d94567bdc4dd13ea kernel-modules-smp-3.2.98_smp-i686-1.txz\n6f9a2484dca0bfc6cdb1283265c3cc19 kernel-source-3.2.98_smp-noarch-1.txz\n\nSlackware x86_64 14.0 packages:\nbf85158499277e0398e41293370abc4a kernel-firmware-20180104_65b1c68-noarch-1.txz\n6f05db9ce854f92fb440799124d87f4a kernel-generic-3.2.98-x86_64-1.txz\ne32cde2cb8e5c22eae3c473aaddcc492 kernel-headers-3.2.98-x86-1.txz\nfc501013a04b89f4c829dc95d2737d08 kernel-huge-3.2.98-x86_64-1.txz\n4bded5fdf8de31bcff6e6125c6b1cf3e kernel-modules-3.2.98-x86_64-1.txz\ne0c621c22934741155c3f7ec4f25ca97 kernel-source-3.2.98-noarch-1.txz\n\nSlackware 14.2 packages:\nbf85158499277e0398e41293370abc4a kernel-firmware-20180104_65b1c68-noarch-1.txz\n55b1acd85f0dd9813b8d2fef44dd1aae kernel-generic-4.4.111-i586-1.txz\nc0d837091607479cc85adb180eeb35bf kernel-generic-smp-4.4.111_smp-i686-1.txz\nfeb19648f920e02e48d8c9a2b9ad42c0 kernel-headers-4.4.111_smp-x86-1.txz\n8afbb68507e4b57a419b3f0175e60266 kernel-huge-4.4.111-i586-1.txz\n81678780cde9ba1885ead0c5ec8348cd kernel-huge-smp-4.4.111_smp-i686-1.txz\n504677324345522321dce25515e1bb67 kernel-modules-4.4.111-i586-1.txz\n0443b18244cad227346b2dc81301d8c0 kernel-modules-smp-4.4.111_smp-i686-1.txz\ndc6d52e7f44bee953e8885c42ff969fe kernel-source-4.4.111_smp-noarch-1.txz\n\nSlackware x86_64 14.2 packages:\nbf85158499277e0398e41293370abc4a kernel-firmware-20180104_65b1c68-noarch-1.txz\ncc3b1bf83ed853d867b86e68ccae43da kernel-generic-4.4.111-x86_64-1.txz\n3b8e65e8e2ed82c1c3320ddb552dbd5f kernel-headers-4.4.111-x86-1.txz\ndb1e811cec9d0acc003226ca8fff6d73 kernel-huge-4.4.111-x86_64-1.txz\nbe8500e6820957f4ed674fb325fd0c53 kernel-modules-4.4.111-x86_64-1.txz\n80f813a256d80064d584f09d18a77f9b kernel-source-4.4.111-noarch-1.txz\n\nSlackware -current packages:\nbf85158499277e0398e41293370abc4a a/kernel-firmware-20180104_65b1c68-noarch-1.txz\ncd566e152b3504d350b68331a79f9924 a/kernel-generic-4.14.13-i586-1.txz\n830a1b7ab36a1ccd0268d90eb9d202c4 a/kernel-generic-smp-4.14.13_smp-i686-1.txz\n4077c7deecee1131e97e348c07e2bd52 a/kernel-huge-4.14.13-i586-1.txz\n7f1070bb3f47dd960b26bfb4cb383e27 a/kernel-huge-smp-4.14.13_smp-i686-1.txz\na14936b31e2dbdb96f807006faebeaca a/kernel-modules-4.14.13-i586-1.txz\n115efae6390092080c0d8759cf0ab29e a/kernel-modules-smp-4.14.13_smp-i686-1.txz\nfe1ae020a95c8f2ee5dcf6e719454642 d/kernel-headers-4.14.13_smp-x86-1.txz\n8698f2eb6e19738fd70e1190c12f1f77 k/kernel-source-4.14.13_smp-noarch-1.txz\n\nSlackware x86_64 -current packages:\nbf85158499277e0398e41293370abc4a a/kernel-firmware-20180104_65b1c68-noarch-1.txz\nebdd84b0dd7951ab87a0f7ac80115c7b a/kernel-generic-4.14.13-x86_64-1.txz\ndf6d28423447d505d2a934751fb84989 a/kernel-huge-4.14.13-x86_64-1.txz\nc998eec627dc1734a6913bc651f45591 a/kernel-modules-4.14.13-x86_64-1.txz\n61cdd86bb7f642786c72991db7ec1845 d/kernel-headers-4.14.13-x86-1.txz\n8bab48aa2a5aad8547e7e6183db33c17 k/kernel-source-4.14.13-noarch-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg kernel-*.txz\n\nIf you are using an initrd, you'll need to rebuild it.\n\nFor a 32-bit SMP machine, use this command (substitute the appropriate\nkernel version if you are not running Slackware 14.2):\n > /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.111-smp | bash\n\nFor a 64-bit machine, or a 32-bit uniprocessor machine, use this command\n(substitute the appropriate kernel version if you are not running\nSlackware 14.2):\n > /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.111 | bash\n\nPlease note that "uniprocessor" has to do with the kernel you are running,\nnot with the CPU. Most systems should run the SMP kernel (if they can)\nregardless of the number of cores the CPU has. If you aren't sure which\nkernel you are running, run "uname -a". If you see SMP there, you are\nrunning the SMP kernel and should use the 4.4.111-smp version when running\nmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit\nsystems should always use 4.4.111 as the version.\n\nIf you are using lilo or elilo to boot the machine, you'll need to ensure\nthat the machine is properly prepared before rebooting.\n\nIf using LILO:\nBy default, lilo.conf contains an image= line that references a symlink\nthat always points to the correct kernel. No editing should be required\nunless your machine uses a custom lilo.conf. If that is the case, be sure\nthat the image= line references the correct kernel file. Either way,\nyou'll need to run "lilo" as root to reinstall the boot loader.\n\nIf using elilo:\nEnsure that the /boot/vmlinuz symlink is pointing to the kernel you wish\nto use, and then run eliloconfig to update the EFI System Partition.", "published": "2018-01-15T22:32:33", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.1191628", "cvelist": ["CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-02-02T18:11:27"}, {"id": "SSA-2018-037-01", "type": "slackware", "title": "Slackware 14.2 kernel", "description": "New kernel packages are available for Slackware 14.2 to mitigate the\nspeculative side channel attack known as Spectre variant 2.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/linux-4.4.115/*: Upgraded.\n This kernel includes full retpoline mitigation for the Spectre (variant 2)\n speculative side channel attack.\n Please note that this kernel was compiled with gcc-5.5.0, also provided as\n an update for Slackware 14.2. You'll need to install the updated gcc in order\n to compile kernel modules that will load into this updated kernel.\n Be sure to upgrade your initrd after upgrading the kernel packages.\n If you use lilo to boot your machine, be sure lilo.conf points to the correct\n kernel and initrd and run lilo as root to update the bootloader.\n If you use elilo to boot your machine, you should run eliloconfig to copy the\n kernel and initrd to the EFI System Partition.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.115/kernel-firmware-20180201_2aa2ac2-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.115/kernel-generic-4.4.115-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.115/kernel-generic-smp-4.4.115_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.115/kernel-headers-4.4.115_smp-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.115/kernel-huge-4.4.115-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.115/kernel-huge-smp-4.4.115_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.115/kernel-modules-4.4.115-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.115/kernel-modules-smp-4.4.115_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.115/kernel-source-4.4.115_smp-noarch-1.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.115/kernel-firmware-20180201_2aa2ac2-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.115/kernel-generic-4.4.115-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.115/kernel-headers-4.4.115-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.115/kernel-huge-4.4.115-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.115/kernel-modules-4.4.115-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.115/kernel-source-4.4.115-noarch-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.2 packages:\n1ea8df1a6e5a76e8cb875aba9f42993b kernel-firmware-20180201_2aa2ac2-noarch-1.txz\n65ae3758100bf107ff3c23897ef1b5f9 kernel-generic-4.4.115-i586-1.txz\nc683178111756209c6dc1755e525e833 kernel-generic-smp-4.4.115_smp-i686-1.txz\n0c5cca7eb08d4887f88b615a4a832e6e kernel-headers-4.4.115_smp-x86-1.txz\n45397272b94b844c25ae3d13b9409f91 kernel-huge-4.4.115-i586-1.txz\nb326f2b6d30671f5917f7d1e9a00511b kernel-huge-smp-4.4.115_smp-i686-1.txz\n6a1a72436299fdd149fabd67e5db9a00 kernel-modules-4.4.115-i586-1.txz\nbd1e7630fb6dd94f84d317fa55cb60f5 kernel-modules-smp-4.4.115_smp-i686-1.txz\n74e80a52b163efde642a826e12f3ee0a kernel-source-4.4.115_smp-noarch-1.txz\n\nSlackware x86_64 14.2 packages:\n1ea8df1a6e5a76e8cb875aba9f42993b kernel-firmware-20180201_2aa2ac2-noarch-1.txz\nbe30a72f8fda706d0a36e11e71652301 kernel-generic-4.4.115-x86_64-1.txz\n2e6dd637df1bbc83dab278c0fb9a1ffc kernel-headers-4.4.115-x86-1.txz\n8d00477072ed624b4000e5ff9f260d57 kernel-huge-4.4.115-x86_64-1.txz\ne60a0f4aa1a8cc031db89b1d68b4e366 kernel-modules-4.4.115-x86_64-1.txz\nc4f92ddedc88105adcf4eafe863c2de6 kernel-source-4.4.115-noarch-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg kernel-*.txz\n\nIf you are using an initrd, you'll need to rebuild it.\n\nFor a 32-bit SMP machine, use this command (substitute the appropriate\nkernel version if you are not running Slackware 14.2):\n > /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.115-smp | bash\n\nFor a 64-bit machine, or a 32-bit uniprocessor machine, use this command\n(substitute the appropriate kernel version if you are not running\nSlackware 14.2):\n > /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.115 | bash\n\nPlease note that "uniprocessor" has to do with the kernel you are running,\nnot with the CPU. Most systems should run the SMP kernel (if they can)\nregardless of the number of cores the CPU has. If you aren't sure which\nkernel you are running, run "uname -a". If you see SMP there, you are\nrunning the SMP kernel and should use the 4.4.115-smp version when running\nmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit\nsystems should always use 4.4.115 as the version.\n\nIf you are using lilo or elilo to boot the machine, you'll need to ensure\nthat the machine is properly prepared before rebooting.\n\nIf using LILO:\nBy default, lilo.conf contains an image= line that references a symlink\nthat always points to the correct kernel. No editing should be required\nunless your machine uses a custom lilo.conf. If that is the case, be sure\nthat the image= line references the correct kernel file. Either way,\nyou'll need to run "lilo" as root to reinstall the boot loader.\n\nIf using elilo:\nEnsure that the /boot/vmlinuz symlink is pointing to the kernel you wish\nto use, and then run eliloconfig to update the EFI System Partition.", "published": "2018-02-06T22:34:12", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.701978", "cvelist": ["CVE-2017-5715"], "lastseen": "2018-02-07T10:55:48"}], "vmware": [{"id": "VMSA-2018-0002", "type": "vmware", "title": "VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.", "description": "**Bounds-Check bypass and Branch Target Injection issues**\n\nCPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors.) ESXi, Workstation and Fusion are vulnerable to Bounds Check Bypass and Branch Target Injection issues resulting from this vulnerability. \n \nResult of exploitation may allow for information disclosure from one Virtual Machine to another Virtual Machine that is running on the same host. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass) and CVE-2017-5715 (Branch Target Injection) to these issues. \n \nColumn 5 of the following table lists the action required to remediate the observed vulnerability in each release, if a solution is available. \n\n", "published": "2018-01-03T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.vmware.com/security/advisories/VMSA-2018-0002.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-01-23T13:22:44"}, {"id": "VMSA-2018-0007", "type": "vmware", "title": "VMware Virtual Appliance updates address side-channel analysis due to speculative execution", "description": "a. VMware Virtual Appliance Mitigations for Bounds-Check bypass (Spectre-1), and Rogue data cache load issues (Meltdown)\n\nCPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors.) Successful exploitation may allow for information disclosure.\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass), CVE-2017-5754 (Rogue data cache load) to these issues. \n\nColumn 5 of the following table lists the action required to mitigate the vulnerability in each release, if a solution is available.\n", "published": "2018-02-08T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-03-16T19:49:06"}, {"id": "VMSA-2018-0004", "type": "vmware", "title": "VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Mitigations for speculative execution issue.", "description": "**New speculative-execution control mechanism for Virtual Machines \n**\n\nUpdates of vCenter Server, ESXi, Workstation and Fusion virtualize the new speculative-execution control mechanism for Virtual Machines (VMs). As a result, a patched Guest Operating System (Guest OS) can remediate the Branch Target Injection issue (CVE-2017-5715). This issue may allow for information disclosure between processes within the VM.\n\n \nTo remediate CVE-2017-5715 in the Guest OS the following VMware and third party requirements must be met. Please note that these points are meant to be a brief overview. For a more in-depth explaination of the mitigation process please see [VMware Knowledge Base Article 52085](<https://kb.vmware.com/kb/52085>).\n\n_VMware Requirements_ \n\n\n * Deploy the updated version of vCenter Server listed in the table (if vCenter Server is used).\n * Deploy the ESXi patches and/or the new versions for Workstation or Fusion listed in the table.\n * Ensure that your VMs are using Hardware Version 9 or higher. For best performance, Hardware Version 11 or higher is recommended. [VMware Knowledge Base Article 1010675](<https://kb.vmware.com/kb/1010675>) discusses Hardware Versions.\n\n_Third party Requirements_\n\n * Deploy the Guest OS patches for CVE-2017-5715. These patches are to be obtained from your OS vendor.\n * Update the CPU microcode. Additional microcode is needed for your CPU to be able to expose the new MSRs that are used by the patched Guest OS. This microcode should be available from your hardware platform vendor.\n\nColumn 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "published": "2018-01-09T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.vmware.com/security/advisories/VMSA-2018-0004.html", "cvelist": ["CVE-2017-5715"], "lastseen": "2018-03-20T19:57:24"}], "oraclelinux": [{"id": "ELSA-2018-0292", "type": "oraclelinux", "title": "kernel security update", "description": "- 2.6.18-419.0.0.0.8\n- Backport CVEs to RHCK/OL5 [orabug 27547712] {CVE-2017-5753} {CVE-2017-5754}\n- 2.6.18-419.0.0.0.5\n- [fs] fix kernel panic on boot on ia64 guests (Honglei Wang) [orabug 26934100]", "published": "2018-02-23T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2018-0292.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754"], "lastseen": "2018-02-23T19:32:26"}, {"id": "ELSA-2018-4004", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "[4.1.12-112.14.5]\n- x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk) [Orabug: 27350825]\n[4.1.12-112.14.4]\n- kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n[4.1.12-112.14.3]\n- userns: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- udf: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- net: mpls: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- fs: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- ipv6: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- ipv4: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- Thermal/int340x: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- cw1200: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- p54: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}\n- kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} {CVE-2017-5715}\n- x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715}\n- x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- Set IBPB when running a different VCPU (Dave Hansen) [Orabug: 27339995] {CVE-2017-5715}\n- Clear the host registers after setbe (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715}\n- Use the ibpb_inuse variable. (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715}\n- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715}\n- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini) [Orabug: 27339995] {CVE-2017-5715}\n- Use the 'ibrs_inuse' variable. (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715}\n- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715}\n- x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini) [Orabug: 27339995] {CVE-2017-5715}\n- x86/kvm: Pad RSB on VM transition (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715}\n- x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- x86/kvm: clear registers on VM exit (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715}\n- x86/kvm: Set IBPB when switching VM (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall entrance (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- x86/mm: Set IBPB upon context switch (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715}\n- *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86: Add macro that does not save rax, rcx, rdx on stack to disable IBRS (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86/feature: Report presence of IBPB and IBRS control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}\n- x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- x86/feature: Enable the x86 feature to control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}", "published": "2018-01-05T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2018-4004.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-01-06T12:56:17"}, {"id": "ELSA-2018-4017", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "[4.1.12-112.14.13]\n- Revert 'kernel.spec: Require the new microcode_ctl.' (Brian Maly)\n[4.1.12-112.14.12]\n- xen-blkback: add pending_req allocation stats (Ankur Arora) [Orabug: 27386890] \n- xen-blkback: move indirect req allocation out-of-line (Ankur Arora) [Orabug: 27386890] \n- xen-blkback: pull nseg validation out in a function (Ankur Arora) [Orabug: 27386890] \n- xen-blkback: make struct pending_req less monolithic (Ankur Arora) [Orabug: 27386890] \n- x86: Clean up IBRS functionality resident in common code (Kanth Ghatraju) [Orabug: 27403317] \n- x86: Display correct settings for the SPECTRE_V2 bug (Kanth Ghatraju) [Orabug: 27403317] \n- Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth Ghatraju) [Orabug: 27403317] \n- x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27403317] \n- sysfs/cpu: Fix typos in vulnerability documentation (David Woodhouse) [Orabug: 27403317] \n- sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27403317] \n- x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David Woodhouse) [Orabug: 27403317] \n- x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27403317] \n- KVM: x86: Add memory barrier on vmcs field lookup (Andrew Honig) {CVE-2017-5753}\n- KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (Andrew Honig) [Orabug: 27402301] {CVE-2017-1000407} {CVE-2017-1000407}\n- xfs: give all workqueues rescuer threads (Chris Mason) [Orabug: 27397568] \n- ixgbevf: handle mbox_api_13 in ixgbevf_change_mtu (Joao Martins) [Orabug: 27397001]", "published": "2018-01-18T00:00:00", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2018-4017.html", "cvelist": ["CVE-2017-5753", "CVE-2017-1000407"], "lastseen": "2018-01-19T04:55:51"}, {"id": "ELSA-2018-4012", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "kernel-uek\n[4.1.12-94.7.8]\n- x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27378087] [Orabug: 27352353] {CVE-2017-5754}\n- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT (redux) (Konrad Rzeszutek Wilk) [Orabug: 27378074] \n- x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27378063] \n- x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27378035] \n- x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715}\n- x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) [Orabug: 27345388] {CVE-2017-5715}\n- ptrace: remove unlocked RCU dereference. (Jamie Iles) [Orabug: 27345388] {CVE-2017-5715}\n- x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715}\n- x86/ia32: dont save registers on audit call (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715}\n- x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715}\n- x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715}\n[4.1.12-94.7.7]\n- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT. (Konrad Rzeszutek Wilk) [Orabug: 27365568] {CVE-2017-5715}\n- x86/ia32: save and clear registers on syscall. (Jamie Iles) [Orabug: 27364707] {CVE-2017-5754}\n- x86/IBRS: Save current status of MSR_IA32_SPEC_CTRL (Boris Ostrovsky) [Orabug: 27364720] \n- pti: Rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Pavel Tatashin) [Orabug: 27358615] {CVE-2017-5754}\n- x86/spec_ctrl: Add missing IBRS_DISABLE (Konrad Rzeszutek Wilk) \n- Make use of ibrs_inuse consistent. (Jun Nakajima) \n- x86/kvm: Set IBRS on VMEXIT if guest disabled it. (Konrad Rzeszutek Wilk) \n- Re-introduce clearing of r12-15, rbp, rbx (Kris Van Hees) [Orabug: 27345388] {CVE-2017-5715}\n- x86: more ibrs/pti fixes (Pavel Tatashin) [Orabug: 27358615] {CVE-2017-5754}\n- x86/spec: Actually do the check for in_use on ENABLE_IBRS (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- kvm: svm: Expose the CPUID.0x80000008 ebx flag. (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86/spec_ctrl: Provide the sysfs version of the ibrs_enabled (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86: Use better #define for FEATURE_ENABLE_IBRS and 0 (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86: Instead of 0x2, 0x4, and 0x1 use #defines. (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- kpti: Disable when running under Xen PV (Konrad Rzeszutek Wilk) [Orabug: 27358615] {CVE-2017-5754}\n- x86: Dont ENABLE_IBRS in nmi when we are still running on user cr3 (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86/enter: Use IBRS on syscall and interrupts - fix ia32 path (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86: Fix spectre/kpti integration (Konrad Rzeszutek Wilk) [Orabug: 27358615] {CVE-2017-5754}\n- PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27358615] {CVE-2017-5754}\n- KAISER KABI tweaks. (Martin K. Petersen) [Orabug: 27358615] {CVE-2017-5754}\n- x86/ldt: fix crash in ldt freeing. (Jamie Iles) [Orabug: 27358615] {CVE-2017-5754}\n- x86/entry: Define 'cpu_current_top_of_stack' for 64-bit code (Denys Vlasenko) [Orabug: 27358615] {CVE-2017-5754}\n- x86/entry: Remove unused 'kernel_stack' per-cpu variable (Denys Vlasenko) [Orabug: 27358615] {CVE-2017-5754}\n- x86/entry: Stop using PER_CPU_VAR(kernel_stack) (Denys Vlasenko) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: Set _PAGE_NX only if supported (Guenter Roeck) [Orabug: 27358615] {CVE-2017-5754}\n- x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754}\n- KPTI: Report when enabled (Kees Cook) [Orabug: 27358615] {CVE-2017-5754}\n- KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27358615] {CVE-2017-5754}\n- x86/kaiser: Move feature detection up (Borislav Petkov) [Orabug: 27358615] {CVE-2017-5754}\n- x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27358615] {CVE-2017-5754}\n- x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: drop is_atomic arg to kaiser_pagetable_walk() (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- x86/kaiser: Check boottime cmdline params (Borislav Petkov) [Orabug: 27358615] {CVE-2017-5754}\n- x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: fix unlikely error in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: paranoid_entry pass cr3 need to paranoid_exit (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: PCID 0 for kernel and 128 for user (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: enhanced by kernel and user PCIDs (Dave Hansen) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: vmstat show NR_KAISERTABLE as nr_overhead (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: delete KAISER_REAL_SWITCH option (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: cleanups while trying for gold link (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: kaiser_remove_mapping() move along the pgd (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: tidied up kaiser_add/remove_mapping slightly (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: tidied up asm/kaiser.h somewhat (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: ENOMEM if kaiser_pagetable_walk() NULL (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: fix perf crashes (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: KAISER depends on SMP (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: fix build and FIXME in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: do not set _PAGE_NX on pgd_none (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754}\n- kaiser: merged update (Dave Hansen) [Orabug: 27358615] {CVE-2017-5754}\n- KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27358615] {CVE-2017-5754}\n- x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27358615] {CVE-2017-5754}\n- x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754}\n- x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754}\n- x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754}\n- x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754}\n- x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754}\n- x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754}\n- x86/mm: Make flush_tlb_mm_range() more predictable (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754}\n- x86/mm: Remove flush_tlb() and flush_tlb_current_task() (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754}\n- x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754}\n- x86/irq: Do not substract irq_tlb_count from irq_call_count (Aaron Lu) [Orabug: 27358615] {CVE-2017-5754}\n- sched/core: Idle_task_exit() shouldnt use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754}\n- ARM: Hide finish_arch_post_lock_switch() from modules (Steven Rostedt) [Orabug: 27358615] {CVE-2017-5754}\n- x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754}\n- x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754}\n- x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754}\n- sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754}\n- mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27358615] {CVE-2017-5754}\n- x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754}\n- x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754}\n- x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27358615] {CVE-2017-5754}\n- x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754}\n[4.1.12-94.7.6]\n- x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk) [Orabug: 27351275] \n- kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n[4.1.12-94.7.5]\n- userns: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753}\n- udf: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753}\n- net: mpls: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753}\n- fs: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753}\n- ipv6: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753}\n- ipv4: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753}\n- Thermal/int340x: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753}\n- cw1200: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753}\n- qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753}\n- p54: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753}\n- carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753}\n- uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753}\n- bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753}\n- locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753}\n- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753}\n- x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753}\n- kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715}\n- kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} {CVE-2017-5715}\n- x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky) [Orabug: 27345388] {CVE-2017-5715}\n- x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715}\n- Set IBPB when running a different VCPU (Dave Hansen) [Orabug: 27345388] {CVE-2017-5715}\n- Clear the host registers after setbe (Jun Nakajima) [Orabug: 27345388] {CVE-2017-5715}\n- Use the ibpb_inuse variable. (Jun Nakajima) [Orabug: 273 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - K V M : x 8 6 : a d d S P E C _ C T R L t o M S R a n d C P U I D l i s t s ( A n d r e a A r c a n g e l i ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - k v m : v m x : a d d M S R _ I A 3 2 _ S P E C _ C T R L a n d M S R _ I A 3 2 _ P R E D _ C M D ( P a o l o B o n z i n i ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - U s e t h e ' i b r s _ i n u s e ' v a r i a b l e . ( J u n N a k a j i m a ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - k v m : s v m : a d d M S R _ I A 3 2 _ S P E C _ C T R L a n d M S R _ I A 3 2 _ P R E D _ C M D ( A n d r e a A r c a n g e l i ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / s v m : S e t I B P B w h e n r u n n i n g a d i f f e r e n t V C P U ( P a o l o B o n z i n i ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / k v m : P a d R S B o n V M t r a n s i t i o n ( T i m C h e n ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / c p u / A M D : A d d s p e c u l a t i v e c o n t r o l s u p p o r t f o r A M D ( T o m L e n d a c k y ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / m i c r o c o d e : R e c h e c k I B R S a n d I B P B f e a t u r e o n m i c r o c o d e r e l o a d ( T i m C h e n ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 : M o v e I B R S / I B P B f e a t u r e d e t e c t i o n t o s c a t t e r e d . c ( T i m C h e n ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / s p e c _ c t r l : A d d l o c k t o s e r i a l i z e c h a n g e s t o i b r s a n d i b p b c o n t r o l ( T i m C h e n ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / s p e c _ c t r l : A d d s y s c t l k n o b s t o e n a b l e / d i s a b l e S P E C _ C T R L f e a t u r e ( K o n r a d R z e s z u t e k W i l k ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / k v m : c l e a r r e g i s t e r s o n V M e x i t ( T o m L e n d a c k y ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / k v m : S e t I B P B w h e n s w i t c h i n g V M ( T i m C h e n ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - * I N C O M P L E T E * x 8 6 / s y s c a l l : C l e a r u n u s e d e x t r a r e g i s t e r s o n s y s c a l l e n t r a n c e ( K o n r a d R z e s z u t e k W i l k ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / e n t r y : S t u f f R S B f o r e n t r y t o k e r n e l f o r n o n - S M E P p l a t f o r m ( K o n r a d R z e s z u t e k W i l k ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / m m : O n l y s e t I B P B w h e n t h e n e w t h r e a d c a n n o t p t r a c e c u r r e n t t h r e a d ( K o n r a d R z e s z u t e k W i l k ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / m m : S e t I B P B u p o n c o n t e x t s w i t c h ( T i m C h e n ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / i d l e : D i s a b l e I B R S w h e n o f f l i n i n g c p u a n d r e - e n a b l e o n w a k e u p ( T i m C h e n ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / i d l e : D i s a b l e I B R S e n t e r i n g i d l e a n d e n a b l e i t o n w a k e u p ( T i m C h e n ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / s p e c _ c t r l : s a v e I B R S M S R v a l u e i n p a r a n o i d _ e n t r y ( A n d r e a A r c a n g e l i ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - * S c a f f o l d i n g * x 8 6 / s p e c _ c t r l : A d d s y s c t l k n o b s t o e n a b l e / d i s a b l e S P E C _ C T R L f e a t u r e ( T i m C h e n ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / e n t e r : U s e I B R S o n s y s c a l l a n d i n t e r r u p t s ( T i m C h e n ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 : A d d m a c r o t h a t d o e s n o t s a v e r a x , r c x , r d x o n s t a c k t o d i s a b l e I B R S ( T i m C h e n ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / e n t e r : M A C R O S t o s e t / c l e a r I B R S a n d s e t I B P ( T i m C h e n ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / f e a t u r e : R e p o r t p r e s e n c e o f I B P B a n d I B R S c o n t r o l ( T i m C h e n ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 : A d d S T I B P f e a t u r e e n u m e r a t i o n ( K o n r a d R z e s z u t e k W i l k ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / c p u f e a t u r e : A d d X 8 6 _ F E A T U R E _ I A 3 2 _ A R C H _ C A P S a n d X 8 6 _ F E A T U R E _ I B R S _ A T T ( K o n r a d R z e s z u t e k W i l k ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > - x 8 6 / f e a t u r e : E n a b l e t h e x 8 6 f e a t u r e t o c o n t r o l ( T i m C h e n ) [ O r a b u g : 2 7 3 4 5 3 8 8 ] { C V E - 2 0 1 7 - 5 7 1 5 } b r > b r > [ 4 . 1 . 1 2 - 9 4 . 7 . 4 ] b r > - K V M : n V M X : F i x l o s s o f L 2 s N M I b l o c k i n g s t a t e ( W a n p e n g L i ) [ O r a b u g : 2 7 0 6 2 5 2 6 ] b r > - K V M : n V M X : t r a c k N M I b l o c k i n g s t a t e s e p a r a t e l y f o r e a c h V M C S ( P a o l o B o n z i n i ) [ O r a b u g : 2 7 0 6 2 5 2 6 ] b r > - K V M : V M X : r e q u i r e v i r t u a l N M I s u p p o r t ( P a o l o B o n z i n i ) [ O r a b u g : 2 7 0 6 2 5 2 6 ] b r > - K V M : n V M X : F i x t h e N M I I D T - v e c t o r i n g h a n d l i n g ( W a n p e n g L i ) [ O r a b u g : 2 7 0 6 2 5 2 6 ] b r > - n e t l i n k : a l l o w t o l i s t e n ' a l l ' n e t n s ( N i c o l a s D i c h t e l ) [ O r a b u g : 2 7 0 9 8 3 3 2 ] b r > - n e t l i n k : r e n a m e p r i v a t e f l a g s a n d s t a t e s ( N i c o l a s D i c h t e l ) [ O r a b u g : 2 7 0 9 8 3 3 2 ] b r > - n e t n s : u s e a s p i n _ l o c k t o p r o t e c t n s i d m a n a g e m e n t ( N i c o l a s D i c h t e l ) [ O r a b u g : 2 7 0 9 8 3 3 2 ] b r > - n e t n s : n o t i f y n e w n s i d o u t s i d e _ _ p e e r n e t 2 i d ( ) ( N i c o l a s D i c h t e l ) [ O r a b u g : 2 7 0 9 8 3 3 2 ] b r > - n e t n s : r e n a m e p e e r n e t 2 i d ( ) t o p e e r n e t 2 i d _ a l l o c ( ) ( N i c o l a s D i c h t e l ) [ O r a b u g : 2 7 0 9 8 3 3 2 ] b r > - n e t n s : a l w a y s p r o v i d e t h e i d t o r t n l _ n e t _ f i l l ( ) ( N i c o l a s D i c h t e l ) [ O r a b u g : 2 7 0 9 8 3 3 2 ] b r > - n e t n s : r e t u r n s a l w a y s a n i d i n _ _ p e e r n e t 2 i d ( ) ( N i c o l a s D i c h t e l ) [ O r a b u g : 2 7 0 9 8 3 3 2 ] b r > / p > \n \n \n b r > h 2 > R e l a t e d C V E s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n \n / t b o d y > / t a b l e > \n \n b r > h 2 > U p d a t e d P a c k a g e s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r s t y l e = \" c o l o r : # F F 0 0 0 0 ; \" > t d > b > R e l e a s e / A r c h i t e c t u r e / b > t d > b > F i l e n a m e / b > / t d > t d > b > M D 5 s u m / b > / t d > t d > b > S u p e r s e d e d B y A d v i s o r y / b > / t d > / t r > \n t r > t d c o l s p a n = \" 4 \" > / t d > / t r > t r > t d > O r a c l e L i n u x 6 ( x 8 6 _ 6 4 ) / t d > t d > d t r a c e - m o d u l e s - 4 . 1 . 1 2 - 9 4 . 7 . 8 . e l 6 u e k - 0 . 6 . 0 - 4 . e l 6 . s r c . r p m / t d > t d > 9 1 d 8 5 0 f a 4 1 7 7 3 5 f 8 3 f 8 4 6 c d d 5 b f 9 7 a 7 2 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - 4 . 1 . 1 2 - 9 4 . 7 . 8 . e l 6 u e k . s r c . r p m / t d > t d > 5 3 c f d 7 7 e 5 0 e b 3 c 8 6 3 a 1 a 7 a f 2 7 5 b a 4 5 9 c / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > d t r a c e - m o d u l e s - 4 . 1 . 1 2 - 9 4 . 7 . 8 . e l 6 u e k - 0 . 6 . 0 - 4 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > 1 1 9 f e e c d 3 e c 7 4 7 4 4 7 5 6 2 6 d 0 1 d b 3 e c b 0 2 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - 4 . 1 . 1 2 - 9 4 . 7 . 8 . e l 6 u e k . x 8 6 _ 6 4 . r p m / t d > t d > c f 3 1 5 4 8 2 a c 1 8 1 5 9 5 0 0 2 3 d 0 c 3 9 0 e 4 8 3 7 4 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e b u g - 4 . 1 . 1 2 - 9 4 . 7 . 8 . e l 6 u e k . x 8 6 _ 6 4 . r p m / t d > t d > 0 b b 6 6 a 4 0 5 b 1 4 a a d e 6 1 2 5 e 7 b 8 d f e a 4 6 3 d / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e b u g - d e v e l - 4 . 1 . 1 2 - 9 4 . 7 . 8 . e l 6 u e k . x 8 6 _ 6 4 . r p m / t d > t d > 7 1 5 f a 9 8 5 3 e 2 7 8 5 4 0 d 1 e b c 8 f 3 6 b 7 1 2 a 0 8 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e v e l - 4 . 1 . 1 2 - 9 4 . 7 . 8 . e l 6 u e k . x 8 6 _ 6 4 . r p m / t d > t d > 8 b 1 0 5 8 2 5 7 b a 3 3 3 2 9 0 2 f a 4 a c e 7 5 f 0 e 5 2 4 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d o c - 4 . 1 . 1 2 - 9 4 . 7 . 8 . e l 6 u e k . n o a r c h . r p m / t d > t d > 0 3 2 5 1 8 f a 7 0 6 6 8 9 3 1 c e 6 5 4 9 6 1 1 9 7 1 5 a 9 f / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - f i r m w a r e - 4 . 1 . 1 2 - 9 4 . 7 . 8 . e l 6 u e k . n o a r c h . r p m / t d > t d > 0 c 4 6 1 c 6 1 2 c 4 4 8 9 f c 4 6 7 f f b 7 2 a a 1 3 6 c 1 0 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d c o l s p a n = \" 4 \" > / t d > / t r > t r > t d > O r a c l e L i n u x 7 ( x 8 6 _ 6 4 ) / t d > t d > d t r a c e - m o d u l e s - 4 . 1 . 1 2 - 9 4 . 7 . 8 . e l 7 u e k - 0 . 6 . 0 - 4 . e l 7 . s r c . r p m / t d > t d > 1 7 0 e 3 0 1 c 0 a 7 c 9 7 6 f d b c b b 1 b 4 9 c 3 7 a 0 e 0 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - 4 . 1 . 1 2 - 9 4 . 7 . 8 . e l 7 u e k . s r c . r p m / t d > t d > 8 d d 7 a c e b 8 c d f 7 a 2 b 8 4 5 0 3 e d 7 0 4 4 7 e d 7 b / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > d t r a c e - m o d u l e s - 4 . 1 . 1 2 - 9 4 . 7 . 8 . e l 7 u e k - 0 . 6 . 0 - 4 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 6 2 9 9 9 9 4 1 7 e b 4 f 1 6 6 7 9 e a d a 3 7 9 3 3 d 0 d d 1 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - 4 . 1 . 1 2 - 9 4 . 7 . 8 . e l 7 u e k . x 8 6 _ 6 4 . r p m / t d > t d > b 9 a 3 e 5 2 2 2 3 9 e 7 7 4 1 3 5 d d b b 1 e 0 a f 4 1 0 9 3 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e b u g - 4 . 1 . 1 2 - 9 4 . 7 . 8 . e l 7 u e k . x 8 6 _ 6 4 . r p m / t d > t d > 3 7 8 1 5 6 a 7 4 2 b b 8 8 7 c 7 0 6 6 7 1 3 9 4 4 f 0 5 0 0 0 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e b u g - d e v e l - 4 . 1 . 1 2 - 9 4 . 7 . 8 . e l 7 u e k . x 8 6 _ 6 4 . r p m / t d > t d > 5 5 0 8 c a 1 e 2 8 b 0 5 0 3 a 4 c c 0 0 4 8 1 f 5 0 8 2 0 7 4 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e v e l - 4 . 1 . 1 2 - 9 4 . 7 . 8 . e l 7 u e k . x 8 6 _ 6 4 . r p m / t d > t d > d d d 9 0 9 8 8 b 6 d 5 7 5 3 a 3 3 f e f a c 3 5 9 d e 2 d 4 9 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d o c - 4 . 1 . 1 2 - 9 4 . 7 . 8 . e l 7 u e k . n o a r c h . r p m / t d > t d > 0 4 2 1 b 3 1 b 0 1 f e e 6 6 4 8 1 a e 5 8 b 1 7 7 0 e 6 6 7 0 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - f i r m w a r e - 4 . 1 . 1 2 - 9 4 . 7 . 8 . e l 7 u e k . n o a r c h . r p m / t d > t d > 7 6 6 1 5 9 f 6 d b 3 b 3 9 e 7 5 9 b b 4 a 1 d c 1 e 4 b e 9 9 / t d > t d > a h r e f = # > - / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n \n b r > b r > \n b r > p > \n T h i s p a g e i s g e n e r a t e d a u t o m a t i c a l l y a n d h a s n o t b e e n c h e c k e d f o r e r r o r s o r o m i s s i o n s . F o r c l a r i f i c a t i o n \n o r c o r r e c t i o n s p l e a s e c o n t a c t t h e a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / \" > O r a c l e L i n u x U L N t e a m / a > / p > \n \n \n \n / d i v > \n ! - - \n / d i v > \n - - > \n / d i v > \n / d i v > \n \n \n d i v i d = \" m c 1 6 \" c l a s s = \" m c 1 6 v 0 \" > \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > T e c h n i c a l i n f o r m a t i o n / h 2 > \n u l > \n l i > a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / h a r d w a r e - c e r t i f i c a t i o n s \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x C e r t i f i e d H a r d w a r e / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / l i b r a r y / e l s p - l i f e t i m e - 0 6 9 3 3 8 . p d f \" > O r a c l e L i n u x S u p p o r t e d R e l e a s e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > O r a c l e L i n u x S u p p o r t / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / t e c h n o l o g i e s / l i n u x / O r a c l e L i n u x S u p p o r t / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x S u p p o r t / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / p r e m i e r / s e r v e r s - s t o r a g e / o v e r v i e w / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e P r e m i e r S u p p o r t f o r S y s t e m s / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / a d v a n c e d - c u s t o m e r - s e r v i c e s / o v e r v i e w / \" > A d v a n c e d C u s t o m e r S e r v i c e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 2 \" > \n h 2 > C o n n e c t / h 2 > \n u l > \n l i c l a s s = \" f b i c o n \" > a h r e f = \" h t t p : / / w w w . f a c e b o o k . c o m / o r a c l e l i n u x \" t i t l e = \" F a c e b o o k \" n a m e = \" F a c e b o o k \" t a r g e t = \" _ b l a n k \" i d = \" F a c e b o o k \" > F a c e b o o k / a > / l i > \n l i c l a s s = \" t w i c o n \" > a h r e f = \" h t t p : / / w w w . t w i t t e r . c o m / O r a c l e L i n u x \" t i t l e = \" T w i t t e r \" n a m e = \" T w i t t e r \" t a r g e t = \" _ b l a n k \" i d = \" T w i t t e r \" > T w i t t e r / a > / l i > \n l i c l a s s = \" i n i c o n \" > a h r e f = \" h t t p : / / w w w . l i n k e d i n . c o m / g r o u p s ? g i d = 1 2 0 2 3 8 \" t i t l e = \" L i n k e d I n \" n a m e = \" L i n k e d I n \" t a r g e t = \" _ b l a n k \" i d = \" L i n k e d I n \" > L i n k e d I n / a > / l i > \n l i c l a s s = \" y t i c o n \" > a h r e f = \" h t t p : / / w w w . y o u t u b e . c o m / o r a c l e l i n u x c h a n n e l \" t i t l e = \" Y o u T u b e \" n a m e = \" Y o u T u b e \" t a r g e t = \" _ b l a n k \" i d = \" Y o u T u b e \" > Y o u T u b e / a > / l i > \n l i c l a s s = \" b l o g i c o n \" > a h r e f = \" h t t p : / / b l o g s . o r a c l e . c o m / l i n u x \" t i t l e = \" B l o g \" n a m e = \" B l o g \" > B l o g / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 3 \" > \n h 2 > C o n t a c t U s / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / c o r p o r a t e / c o n t a c t / g l o b a l - 0 7 0 5 1 1 . h t m l \" > G l o b a l c o n t a c t s / a > / l i > \n l i > O r a c l e 1 - 8 0 0 - 6 3 3 - 0 6 9 1 / l i > \n / u l > \n / d i v > \n / d i v > \n / d i v > \n \n d i v i d = \" m c 0 4 \" c l a s s = \" m c 0 4 v 1 \" > \n d i v c l a s s = \" m c 0 4 w 1 \" > \n a h r e f = \" h t t p : / / o r a c l e . c o m \" > i m g s r c = \" / / w w w . o r a c l e i m g . c o m / a s s e t s / m c 0 4 - f o o t e r - l o g o . p n g \" b o r d e r = \" 0 \" a l t = \" s o f t w a r e . h a r d w a r e . c o m p l e t e \" / > / a > \n / d i v > \n \n d i v c l a s s = \" m c 0 4 w 2 \" > \n a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / s u b s c r i b e / i n d e x . h t m l \" > S u b s c r i b e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / e m p l o y m e n t / i n d e x . h t m l \" > C a r e e r s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / c o n t a c t / i n d e x . h t m l \" > C o n t a c t U s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / c o p y r i g h t . h t m l \" > L e g a l N o t i c e s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / t e r m s . h t m l \" > T e r m s o f U s e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / p r i v a c y . h t m l \" > Y o u r P r i v a c y R i g h t s / a > \n / d i v > \n / d i v > \n / d i v > \n / b o d y > \n / h t m l > \n ", "published": "2018-01-19T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2018-4012.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-04-04T13:03:10"}, {"id": "ELSA-2018-0007", "type": "oraclelinux", "title": "kernel security update", "description": "- [3.10.0-693.11.6.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-693.11.6]\n- [x86] spec_ctrl: Eliminate redundant FEATURE Not Present messages (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}\n- [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}\n- [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}\n- [x86] kaiser/mm: skip IBRS/CR3 restore when paranoid exception returns to userland (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}\n- [x86] kaiser/mm: consider the init_mm.pgd a kaiser pgd (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}\n[3.10.0-693.11.5]\n- [x86] kaiser/mm: convert userland visible 'kpti' name to 'pti' (Andrea Arcangeli) [1519795 1519798]\n- Revert 'x86/entry: Use retpoline for syscall's indirect calls' (Andrea Arcangeli) [1519795 1519798]\n- [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Andrea Arcangeli) [1519795 1519798]\n- [x86] kaiser/mm: __load_cr3 in resume from RAM after kernel gs has been restored (Andrea Arcangeli) [1519795 1519798]\n[3.10.0-693.11.4]\n- [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Andrea Arcangeli) [1519795 1519798]\n- [x86] spec_ctrl: Documentation spec_ctrl.txt (Andrea Arcangeli) [1519795 1519798]\n- [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Andrea Arcangeli) [1519795 1519798]\n- [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Andrea Arcangeli) [1519795 1519798]\n- [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Andrea Arcangeli) [1519795 1519798]\n- [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Andrea Arcangeli) [1519795 1519798]\n- [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Andrea Arcangeli) [1519795 1519798]\n- [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Andrea Arcangeli) [1519795 1519798]\n- [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Andrea Arcangeli) [1519795 1519798]\n- [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Andrea Arcangeli) [1519795 1519798]\n- [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Andrea Arcangeli) [1519795 1519798]\n- [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Andrea Arcangeli) [1519795 1519798]\n- [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Andrea Arcangeli) [1519795 1519798]\n- [x86] spec_ctrl: issue a __spec_ctrl_ibpb if a credential check isn't possible (Andrea Arcangeli) [1519795 1519798]\n- [x86] mm/kaiser: disable global pages by default with KAISER (Andrea Arcangeli) [1519795 1519798]\n- Revert 'x86/mm/kaiser: Disable global pages by default with KAISER' (Andrea Arcangeli) [1519795 1519798]\n- ibpb: don't optimize spec_cntrl_ibpb on PREEMPT_RCU (Andrea Arcangeli) [1519795 1519798]\n- [x86] spec_ctrl: clear registers after 32bit syscall stackframe is setup (Andrea Arcangeli) [1519800 1519801]\n- [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Andrea Arcangeli) [1519800 1519801]\n- [x86] kaiser/mm: fix pgd freeing in error path (Andrea Arcangeli) [1519800 1519801]\n[3.10.0-693.11.3]\n- [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715 CVE-2017-5754}\n- [x86] entry: Remove trampoline check from paranoid entry path (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715 CVE-2017-5754}\n- [x86] entry: Fix paranoid_exit() trampoline clobber (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715 CVE-2017-5754}\n- [x86] entry: Simplify trampoline stack restore code (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715 CVE-2017-5754}\n- [x86] dumpstack: Remove raw stack dump (Josh Poimboeuf) [1519795 1519798]\n- [x86] spec_ctrl: remove SPEC_CTRL_DEBUG code (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] spec_ctrl: add noibrs noibpb boot options (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] entry: Use retpoline for syscall's indirect calls (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] spec_ctrl: cleanup unnecessary ptregscall_common function (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] syscall: Clear unused extra registers on syscall entrance (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] spec_ctrl: rescan cpuid after a late microcode update (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] spec_ctrl: consolidate the spec control boot detection (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] spec_ctrl: add debug aid to test the entry code without microcode (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] mm: Only set IBPB when the new thread cannot ptrace current thread (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] mm: Set IBPB upon context switch (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] idle: Disable IBRS when offlining cpu and re-enable on wakeup (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] idle: Disable IBRS entering idle and enable it on wakeup (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] spec_ctrl: implement spec ctrl C methods (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] enter: Use IBRS on syscall and interrupts (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] enter: MACROS to set/clear IBRS and set IBPB (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] svm: Set IBPB when running a different VCPU (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [kvm] vmx: Set IBPB when running a different VCPU (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [kvm] x86: clear registers on VM exit (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] kvm: pad RSB on VM transition (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] feature: Report presence of IBPB and IBRS control (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [x86] feature: Enable the x86 feature to control Speculation (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [tools] objtool: Don't print 'call dest' warnings for ignored functions (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}\n- [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}\n- [fs] udf: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}\n- [fs] prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}\n- [kernel] userns: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}\n- [scsi] qla2xxx: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}\n- [netdrv] p54: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}\n- [netdrv] carl9170: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}\n- [media] uvcvideo: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}\n- [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}\n- [x86] cpu/AMD: Make the LFENCE instruction serialized (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}\n- [misc] locking/barriers: introduce new memory barrier gmb() (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}\n- [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: add 'kaiser' and 'nokaiser' boot options (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: fix RESTORE_CR3 crash in kaiser_stop_machine (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: use stop_machine for enable/disable knob (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: use atomic ops to poison/unpoison user pagetables (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: stop patching flush_tlb_single (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm: If INVPCID is available, use it to flush global mappings (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/64: Fix reboot interaction with CR4.PCIDE (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/64: Initialize CR4.PCIDE early (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm: Add the 'nopcid' boot option to turn off PCID (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: validate trampoline stack (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: isolate the user mapped per cpu areas (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: enable kaiser in build (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: selective boot time defaults (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: handle call to xen_pv_domain() on PREEMPT_RT (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: add Kconfig (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: Respect disabled CPU features (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: trampoline stack comments (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: stack trampoline (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: remove paravirt clock warning (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}\n- [x86] mm/kaiser: re-enable vsyscalls (Josh Poimboeuf) [15 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : a l l o w t o b u i l d K A I S E R w i t h K A S R L ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : a l l o w K A I S E R t o b e e n a b l e d / d i s a b l e d a t r u n t i m e ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : u n - p o i s o n P G D s a t r u n t i m e ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : a d d a f u n c t i o n t o c h e c k f o r K A I S E R b e i n g e n a b l e d ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : a d d d e b u g f s f i l e t o t u r n K A I S E R o n / o f f a t r u n t i m e ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : d i s a b l e n a t i v e V S Y S C A L L ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : m a p v i r t u a l l y - a d d r e s s e d p e r f o r m a n c e m o n i t o r i n g b u f f e r s ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : m a p d e b u g I D T t a b l e s ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : a d d k p r o b e s t e x t s e c t i o n ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : m a p t r a c e i n t e r r u p t e n t r y ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : m a p e n t r y s t a c k p e r - c p u a r e a s ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : m a p d y n a m i c a l l y - a l l o c a t e d L D T s ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : m a k e s u r e s t a t i c P G D s a r e 8 k i n s i z e ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : a l l o w N X p o i s o n t o b e s e t i n p 4 d / p g d ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : u n m a p k e r n e l f r o m u s e r s p a c e p a g e t a b l e s ( c o r e p a t c h ) ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : m a r k p e r - c p u d a t a s t r u c t u r e s r e q u i r e d f o r e n t r y / e x i t ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : i n t r o d u c e u s e r - m a p p e d p e r - c p u a r e a s ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : a d d c r 3 s w i t c h e s t o e n t r y c o d e ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : r e m o v e s c r a t c h r e g i s t e r s ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : p r e p a r e a s s e m b l y f o r e n t r y / e x i t C R 3 s w i t c h i n g ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / k a i s e r : D i s a b l e g l o b a l p a g e s b y d e f a u l t w i t h K A I S E R ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m : D o c u m e n t X 8 6 _ C R 4 _ P G E t o g g l i n g b e h a v i o r ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m / t l b : M a k e C R 4 - b a s e d T L B f l u s h e s m o r e r o b u s t ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] m m : D o n o t s e t _ P A G E _ U S E R f o r i n i t _ m m p a g e t a b l e s ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ x 8 6 ] i n c r e a s e r o b u s t e n e s s o f b a d _ i r e t f i x u p h a n d l e r ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ p e r f ] x 8 6 / i n t e l / u n c o r e : F i x m e m o r y l e a k s o n a l l o c a t i o n f a i l u r e s ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ m m ] u s e r f a u l t f d : h u g e t l b f s : p r e v e n t U F F D I O _ C O P Y t o f i l l b e y o n d t h e e n d o f i _ s i z e ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ f s ] u s e r f a u l t f d : n o n - c o o p e r a t i v e : f i x f o r k u s e a f t e r f r e e ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ m m ] u s e r f a u l t f d : h u g e t l b f s : r e m o v e s u p e r f l u o u s p a g e u n l o c k i n V M _ S H A R E D c a s e ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } b r > - [ m m ] f i x b a d r s s - c o u n t e r i f r e m a p _ f i l e _ p a g e s r a c e d m i g r a t i o n ( J o s h P o i m b o e u f ) [ 1 5 1 9 8 0 0 1 5 1 9 8 0 1 ] { C V E - 2 0 1 7 - 5 7 5 4 } / p > \n \n \n b r > h 2 > R e l a t e d C V E s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 7 - 5 7 1 5 . h t m l \" > C V E - 2 0 1 7 - 5 7 1 5 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 7 - 5 7 5 3 . h t m l \" > C V E - 2 0 1 7 - 5 7 5 3 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 7 - 5 7 5 4 . h t m l \" > C V E - 2 0 1 7 - 5 7 5 4 / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n b r > h 2 > U p d a t e d P a c k a g e s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r s t y l e = \" c o l o r : # F F 0 0 0 0 ; \" > t d > b > R e l e a s e / A r c h i t e c t u r e / b > t d > b > F i l e n a m e / b > / t d > t d > b > M D 5 s u m / b > / t d > t d > b > S u p e r s e d e d B y A d v i s o r y / b > / t d > / t r > \n t r > t d c o l s p a n = \" 4 \" > / t d > / t r > t r > t d > O r a c l e L i n u x 7 ( x 8 6 _ 6 4 ) / t d > t d > k e r n e l - 3 . 1 0 . 0 - 6 9 3 . 1 1 . 6 . e l 7 . s r c . r p m / t d > t d > 5 8 b d e 1 d c 4 f 0 9 f 0 8 5 7 3 1 4 f 8 1 a d 7 2 d 9 c 4 4 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - 3 . 1 0 . 0 - 6 9 3 . 1 1 . 6 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 6 a 9 f 4 4 8 0 8 2 4 2 8 3 e a 4 c d 3 b 9 6 9 6 5 b d 2 9 d 8 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - a b i - w h i t e l i s t s - 3 . 1 0 . 0 - 6 9 3 . 1 1 . 6 . e l 7 . n o a r c h . r p m / t d > t d > a b 9 2 f 1 6 5 3 5 d 6 4 e b c d 0 a e 5 9 1 f b 0 0 6 4 f 5 e / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - d e b u g - 3 . 1 0 . 0 - 6 9 3 . 1 1 . 6 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 7 3 7 f 9 1 5 7 6 f b 1 a a f 6 1 6 1 3 f 9 3 f 1 8 2 d 3 5 2 8 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - d e b u g - d e v e l - 3 . 1 0 . 0 - 6 9 3 . 1 1 . 6 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 2 a 3 c f 3 b 7 3 c 1 c d a b 0 9 0 0 2 e 0 9 d 0 5 d 4 7 7 1 9 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - d e v e l - 3 . 1 0 . 0 - 6 9 3 . 1 1 . 6 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 5 f f b f 5 4 c e 5 a 8 4 9 2 6 7 d 7 b 3 f f f e e 2 c 9 e a 4 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - d o c - 3 . 1 0 . 0 - 6 9 3 . 1 1 . 6 . e l 7 . n o a r c h . r p m / t d > t d > a e 1 4 f 6 e 1 7 e d d f 6 1 6 b f 8 3 d a b c a f 9 7 a 3 8 f / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - h e a d e r s - 3 . 1 0 . 0 - 6 9 3 . 1 1 . 6 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 9 2 4 b 5 6 8 6 c 9 f 2 6 d a 4 1 d 9 3 0 1 d a 0 8 1 4 a 6 6 6 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - t o o l s - 3 . 1 0 . 0 - 6 9 3 . 1 1 . 6 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > f 0 d 2 c 4 3 1 7 e 3 0 7 0 5 7 b e 9 7 f 7 4 b b 4 e 5 9 f 5 2 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - t o o l s - l i b s - 3 . 1 0 . 0 - 6 9 3 . 1 1 . 6 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > d f f 6 a 2 5 4 d f 3 3 a 9 6 5 d f 3 d 1 f 3 0 f 2 9 3 1 f b f / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - t o o l s - l i b s - d e v e l - 3 . 1 0 . 0 - 6 9 3 . 1 1 . 6 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 9 3 9 5 3 d d 5 a 0 b 4 1 6 b a 2 5 3 8 9 6 8 0 4 6 b c 2 a 7 3 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > p e r f - 3 . 1 0 . 0 - 6 9 3 . 1 1 . 6 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 4 0 c 1 d 9 c f 3 9 e 4 1 f 7 4 f b 2 9 f f a 5 2 0 3 a 4 9 a 4 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > p y t h o n - p e r f - 3 . 1 0 . 0 - 6 9 3 . 1 1 . 6 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 1 9 7 a 9 4 8 7 6 8 9 2 0 2 9 a 1 e 5 a f f a b 6 7 1 d 9 6 3 3 / t d > t d > a h r e f = # > - / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n \n b r > b r > \n b r > p > \n T h i s p a g e i s g e n e r a t e d a u t o m a t i c a l l y a n d h a s n o t b e e n c h e c k e d f o r e r r o r s o r o m i s s i o n s . F o r c l a r i f i c a t i o n \n o r c o r r e c t i o n s p l e a s e c o n t a c t t h e a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / \" > O r a c l e L i n u x U L N t e a m / a > / p > \n \n \n \n / d i v > \n ! - - \n / d i v > \n - - > \n / d i v > \n / d i v > \n \n \n d i v i d = \" m c 1 6 \" c l a s s = \" m c 1 6 v 0 \" > \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > T e c h n i c a l i n f o r m a t i o n / h 2 > \n u l > \n l i > a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / h a r d w a r e - c e r t i f i c a t i o n s \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x C e r t i f i e d H a r d w a r e / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / l i b r a r y / e l s p - l i f e t i m e - 0 6 9 3 3 8 . p d f \" > O r a c l e L i n u x S u p p o r t e d R e l e a s e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > O r a c l e L i n u x S u p p o r t / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / t e c h n o l o g i e s / l i n u x / O r a c l e L i n u x S u p p o r t / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x S u p p o r t / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / p r e m i e r / s e r v e r s - s t o r a g e / o v e r v i e w / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e P r e m i e r S u p p o r t f o r S y s t e m s / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / a d v a n c e d - c u s t o m e r - s e r v i c e s / o v e r v i e w / \" > A d v a n c e d C u s t o m e r S e r v i c e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 2 \" > \n h 2 > C o n n e c t / h 2 > \n u l > \n l i c l a s s = \" f b i c o n \" > a h r e f = \" h t t p : / / w w w . f a c e b o o k . c o m / o r a c l e l i n u x \" t i t l e = \" F a c e b o o k \" n a m e = \" F a c e b o o k \" t a r g e t = \" _ b l a n k \" i d = \" F a c e b o o k \" > F a c e b o o k / a > / l i > \n l i c l a s s = \" t w i c o n \" > a h r e f = \" h t t p : / / w w w . t w i t t e r . c o m / O r a c l e L i n u x \" t i t l e = \" T w i t t e r \" n a m e = \" T w i t t e r \" t a r g e t = \" _ b l a n k \" i d = \" T w i t t e r \" > T w i t t e r / a > / l i > \n l i c l a s s = \" i n i c o n \" > a h r e f = \" h t t p : / / w w w . l i n k e d i n . c o m / g r o u p s ? g i d = 1 2 0 2 3 8 \" t i t l e = \" L i n k e d I n \" n a m e = \" L i n k e d I n \" t a r g e t = \" _ b l a n k \" i d = \" L i n k e d I n \" > L i n k e d I n / a > / l i > \n l i c l a s s = \" y t i c o n \" > a h r e f = \" h t t p : / / w w w . y o u t u b e . c o m / o r a c l e l i n u x c h a n n e l \" t i t l e = \" Y o u T u b e \" n a m e = \" Y o u T u b e \" t a r g e t = \" _ b l a n k \" i d = \" Y o u T u b e \" > Y o u T u b e / a > / l i > \n l i c l a s s = \" b l o g i c o n \" > a h r e f = \" h t t p : / / b l o g s . o r a c l e . c o m / l i n u x \" t i t l e = \" B l o g \" n a m e = \" B l o g \" > B l o g / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 3 \" > \n h 2 > C o n t a c t U s / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / c o r p o r a t e / c o n t a c t / g l o b a l - 0 7 0 5 1 1 . h t m l \" > G l o b a l c o n t a c t s / a > / l i > \n l i > O r a c l e 1 - 8 0 0 - 6 3 3 - 0 6 9 1 / l i > \n / u l > \n / d i v > \n / d i v > \n / d i v > \n \n d i v i d = \" m c 0 4 \" c l a s s = \" m c 0 4 v 1 \" > \n d i v c l a s s = \" m c 0 4 w 1 \" > \n a h r e f = \" h t t p : / / o r a c l e . c o m \" > i m g s r c = \" / / w w w . o r a c l e i m g . c o m / a s s e t s / m c 0 4 - f o o t e r - l o g o . p n g \" b o r d e r = \" 0 \" a l t = \" s o f t w a r e . h a r d w a r e . c o m p l e t e \" / > / a > \n / d i v > \n \n d i v c l a s s = \" m c 0 4 w 2 \" > \n a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / s u b s c r i b e / i n d e x . h t m l \" > S u b s c r i b e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / e m p l o y m e n t / i n d e x . h t m l \" > C a r e e r s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / c o n t a c t / i n d e x . h t m l \" > C o n t a c t U s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / c o p y r i g h t . h t m l \" > L e g a l N o t i c e s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / t e r m s . h t m l \" > T e r m s o f U s e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / p r i v a c y . h t m l \" > Y o u r P r i v a c y R i g h t s / a > \n / d i v > \n / d i v > \n / d i v > \n / b o d y > \n / h t m l > \n ", "published": "2018-01-04T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2018-0007.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-04-04T13:01:07"}, {"id": "ELSA-2018-4022", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "kernel-uek\n[3.8.13-118.20.2]\n- x86: Add another set of MSR accessor functions (Borislav Petkov) [Orabug: 27444923] {CVE-2017-5753}\n- userns: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753}\n- udf: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753}\n- fs: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753}\n- qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753}\n- p54: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753}\n- carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753}\n- uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753}\n- locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753}\n- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753}\n- x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753}\n- x86/rsb: add comment specifying why we skip STUFF_RSB (Ankur Arora) [Orabug: 27451658] {CVE-2017-5715}\n- x86/rsb: make STUFF_RSB jmp labels more robust (Ankur Arora) [Orabug: 27451658] {CVE-2017-5715}\n- x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86/spectre: Drop the warning about ibrs being obsolete. (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- Add set_ibrs_disabled and set_ibpb_disabled (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715}\n- x86/spec: Don't print the Missing arguments for option spectre_v2 (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715}\n- x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27376697] {CVE-2017-5715}\n- x86, boot: Carve out early cmdline parsing function (Borislav Petkov) [Orabug: 27376697] \n- x86: Add command-line options 'spectre_v2' and 'nospectre_v2' (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715}\n- x86: Fix kABI build breakage (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715}\n- x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715}\n- x86: Use PRED_CMD MSR when ibpb is enabled (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715}\n- x86/mm: Set IBPB upon context switch (Brian Maly) [Orabug: 27376697] {CVE-2017-5715}\n- x86: Display correct settings for the SPECTRE_V[12] bug (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5753}\n- x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5753}\n- x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27376697] {CVE-2017-5715}\n- x86/spec_ctrl: Disable if running as Xen PV guest (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715}\n- sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5754}\n- x86, cpu: Expand cpufeature facility to include cpu bugs (Borislav Petkov) [Orabug: 27376697] {CVE-2017-5715}\n- x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715}\n- x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5754}\n- x86/entry: STUFF_RSB only after switching to kernel CR3 (Ankur Arora) [Orabug: 27376697] {CVE-2017-5715}\n- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Tim Chen) [Orabug: 27376697] {CVE-2017-5715}\n- x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27376697] {CVE-2017-5715}\n- x86: Use IBRS for firmware update path (David Woodhouse) [Orabug: 27376697] {CVE-2017-5715}\n- x86/microcode: Recheck IBRS features on microcode reload (Tim Chen) [Orabug: 27376697] {CVE-2017-5715}\n- x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27376697] {CVE-2017-5715}\n- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27376697] {CVE-2017-5715}\n- x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27376697] {CVE-2017-5715}\n- x86/enter: MACROS to set/clear IBRS (Tim Chen) [Orabug: 27376697] {CVE-2017-5715}\n- x86/feature: Detect the x86 IBRS feature to control Speculation (Tim Chen) [Orabug: 27376697] {CVE-2017-5715}\n- x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27333764] {CVE-2017-5754}\n- PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27333764] [Orabug: 27333760] {CVE-2017-5754} {CVE-2017-5754}\n- kaiser: Set _PAGE_NX only if supported (Lepton Wu) [Orabug: 27333764] {CVE-2017-5754}\n- kaiser: rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754}\n- KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27333764] {CVE-2017-5754}\n- x86/kaiser: Check boottime cmdline params (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754}\n- kaiser: x86: Fix NMI handling (Jiri Kosina) [Orabug: 27333764] {CVE-2017-5754}\n- kaiser: move paravirt clock vsyscall mapping out of kaiser_init (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754}\n- kaiser: disable if xen PARAVIRT (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754}\n- x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754}\n- kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754}\n- kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754}\n- kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754}\n- x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754}\n- kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754}\n- x86/alternatives: add asm ALTERNATIVE macro (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754}\n- kaiser: alloc_ldt_struct() use get_zeroed_page() (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754}\n- x86: kvmclock: Disable use from vDSO if KPTI is enabled (Ben Hutchings) [Orabug: 27333764] {CVE-2017-5754}\n- kaiser: Fix build with CONFIG_FUNCTION_GRAPH_TRACER (Kees Cook) [Orabug: 27333764] {CVE-2017-5754}\n- x86/mm/kaiser: re-enable vsyscalls (Andrea Arcangeli) [Orabug: 27333764] {CVE-2017-5754}\n- KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27333764] {CVE-2017-5754}\n- kprobes: Prohibit probing on .entry.text code (Masami Hiramatsu) [Orabug: 27333764] {CVE-2017-5754}\n- x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754}\n- x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754}\n- x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754}\n- x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754}\n- x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754}\n- x86/mm: Fix flush_tlb_page() on Xen (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754}\n- x86/mm: Disable preemption during CR3 read+write (Sebastian Andrzej Siewior) [Orabug: 27333764] {CVE-2017-5754}\n- sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754}\n- x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754}\n- x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754}\n- x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754}\n- sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754}\n- mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27333764] {CVE-2017-5754}\n- x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754}\n- x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754}\n- x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754}\n- x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754}\n- x86: Clean up cr4 manipulation (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754}\n- x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27333764] {CVE-2017-5754}\n- x86/ldt: Make modify_ldt synchronous (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} {CVE-2015-5157}", "published": "2018-01-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2018-4022.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715", "CVE-2015-5157"], "lastseen": "2018-01-30T02:59:02"}, {"id": "ELSA-2018-4011", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "[4.1.12-112.14.11]\n- x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27363926] [Orabug: 27352353] {CVE-2017-5754}\n- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT (redux) (Konrad Rzeszutek Wilk) [Orabug: 27369994] \n- x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27362581] \n- x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27363792] \n- x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) [Orabug: 27339995] {CVE-2017-5715}\n- ptrace: remove unlocked RCU dereference. (Jamie Iles) [Orabug: 27339995] {CVE-2017-5715}\n- x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- x86/ia32: don't save registers on audit call (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}\n- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT. (Konrad Rzeszutek Wilk) [Orabug: 27365544] {CVE-2017-5715}", "published": "2018-01-12T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2018-4011.html", "cvelist": ["CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-13T09:03:01"}, {"id": "ELSA-2018-4006", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "[4.1.12-112.14.10]\n- x86/ia32: save and clear registers on syscall. (Jamie Iles) [Orabug: 27355759] {CVE-2017-5754}\n- x86/IBRS: Save current status of MSR_IA32_SPEC_CTRL (Boris Ostrovsky) [Orabug: 27355887] \n- pti: Rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Pavel Tatashin) [Orabug: 27352353] {CVE-2017-5754}\n- usb/core: usb_alloc_dev(): fix setting of ->portnum (Nicolai Stange) [Orabug: 27356522] \n- x86/spec_ctrl: Add missing IBRS_DISABLE (Konrad Rzeszutek Wilk) \n- Make use of ibrs_inuse consistent. (Jun Nakajima)\n[4.1.12-112.14.8]\n- x86/kvm: Set IBRS on VMEXIT if guest disabled it. (Konrad Rzeszutek Wilk)\n[4.1.12-112.14.7]\n- Re-introduce clearing of r12-15, rbp, rbx (Kris Van Hees) [Orabug: 27352353] {CVE-2017-5754}\n- x86: more ibrs/pti fixes (Pavel Tatashin) [Orabug: 27352353] {CVE-2017-5754}\n- x86/spec: Actually do the check for in_use on ENABLE_IBRS (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- kvm: svm: Expose the CPUID.0x80000008 ebx flag. (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86/spec_ctrl: Provide the sysfs version of the ibrs_enabled (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86: Use better #define for FEATURE_ENABLE_IBRS and 0 (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86: Instead of 0x2, 0x4, and 0x1 use #defines. (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- kpti: Disable when running under Xen PV (Konrad Rzeszutek Wilk) [Orabug: 27352353] {CVE-2017-5754}\n- x86: Don't ENABLE_IBRS in nmi when we are still running on user cr3 (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86/enter: Use IBRS on syscall and interrupts - fix ia32 path (Konrad Rzeszutek Wilk) {CVE-2017-5715}\n- x86: Fix spectre/kpti integration (Konrad Rzeszutek Wilk) [Orabug: 27352353] {CVE-2017-5754}\n- PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27352353] {CVE-2017-5754}\n- KAISER KABI tweaks. (Martin K. Petersen) [Orabug: 27352353] {CVE-2017-5754}\n- x86/ldt: fix crash in ldt freeing. (Jamie Iles) [Orabug: 27352353] {CVE-2017-5754}\n- x86/entry: Define 'cpu_current_top_of_stack' for 64-bit code (Denys Vlasenko) [Orabug: 27352353] {CVE-2017-5754}\n- x86/entry: Remove unused 'kernel_stack' per-cpu variable (Denys Vlasenko) [Orabug: 27352353] {CVE-2017-5754}\n- x86/entry: Stop using PER_CPU_VAR(kernel_stack) (Denys Vlasenko) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: Set _PAGE_NX only if supported (Guenter Roeck) [Orabug: 27352353] {CVE-2017-5754}\n- x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754}\n- KPTI: Report when enabled (Kees Cook) [Orabug: 27352353] {CVE-2017-5754}\n- KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27352353] {CVE-2017-5754}\n- x86/kaiser: Move feature detection up (Borislav Petkov) [Orabug: 27352353] {CVE-2017-5754}\n- x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27352353] {CVE-2017-5754}\n- x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: drop is_atomic arg to kaiser_pagetable_walk() (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- x86/kaiser: Check boottime cmdline params (Borislav Petkov) [Orabug: 27352353] {CVE-2017-5754}\n- x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: fix unlikely error in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: paranoid_entry pass cr3 need to paranoid_exit (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: PCID 0 for kernel and 128 for user (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: enhanced by kernel and user PCIDs (Dave Hansen) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: vmstat show NR_KAISERTABLE as nr_overhead (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: delete KAISER_REAL_SWITCH option (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: cleanups while trying for gold link (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: kaiser_remove_mapping() move along the pgd (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: tidied up kaiser_add/remove_mapping slightly (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: tidied up asm/kaiser.h somewhat (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: ENOMEM if kaiser_pagetable_walk() NULL (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: fix perf crashes (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: KAISER depends on SMP (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: fix build and FIXME in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: do not set _PAGE_NX on pgd_none (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754}\n- kaiser: merged update (Dave Hansen) [Orabug: 27352353] {CVE-2017-5754}\n- KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27352353] {CVE-2017-5754}\n- x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27352353] {CVE-2017-5754}\n- x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754}\n- x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754}\n- x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754}\n- x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754}\n- x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754}\n- x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754}\n- x86/mm: Make flush_tlb_mm_range() more predictable (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754}\n- x86/mm: Remove flush_tlb() and flush_tlb_current_task() (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754}\n- x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754}\n- x86/irq: Do not substract irq_tlb_count from irq_call_count (Aaron Lu) [Orabug: 27352353] {CVE-2017-5754}\n- sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754}\n- ARM: Hide finish_arch_post_lock_switch() from modules (Steven Rostedt) [Orabug: 27352353] {CVE-2017-5754}\n- x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754}\n- x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754}\n- x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754}\n- sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754}\n- mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27352353] {CVE-2017-5754}\n- x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754}\n- x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754}\n- x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27352353] {CVE-2017-5754}\n- x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754}", "published": "2018-01-09T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2018-4006.html", "cvelist": ["CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-09T12:54:27"}, {"id": "ELSA-2018-0029", "type": "oraclelinux", "title": "libvirt security update", "description": "[3.2.0-14.0.1.el7_4.7]\n- bump release and rebuild\n[3.2.0-14.el7_4.7]\n- qemu: Properly store microcode version in QEMU caps cache (CVE-2017-5715)\n[3.2.0-14.el7_4.6]\n- util: add virFileReadHeaderQuiet wrapper around virFileReadHeaderFD (CVE-2017-5715)\n- util: introduce virHostCPUGetMicrocodeVersion (CVE-2017-5715)\n- cpu_x86: Rename virCPUx86MapInitialize (CVE-2017-5715)\n- conf: include x86 microcode version in virsh capabiltiies (CVE-2017-5715)\n- qemu: capabilities: force update if the microcode version does not match (CVE-2017-5715)\n- cpu: add CPU features and model for indirect branch prediction protection (CVE-2017-5715)", "published": "2018-01-05T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2018-0029.html", "cvelist": ["CVE-2017-5715"], "lastseen": "2018-01-06T12:59:04"}, {"id": "ELSA-2018-0023", "type": "oraclelinux", "title": "qemu-kvm security update", "description": "[1.5.3-141.el7_4.6]\n- Fix CVE-2017-5715\n[1.5.3-141.el7_4.5]\n- kvm-vfio-pci-Only-mmap-TARGET_PAGE_SIZE-regions.patch [bz#1515110]\n- Resolves: bz#1515110\n (Regression in QEMU handling for sub-page MMIO BARs for vfio-pci devices [rhel-7.4.z])", "published": "2018-01-04T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2018-0023.html", "cvelist": ["CVE-2017-5715"], "lastseen": "2018-01-06T12:51:57"}], "redhat": [{"id": "RHSA-2018:0464", "type": "redhat", "title": "(RHSA-2018:0464) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\n* Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\n* Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nRed Hat would like to thank Google Project Zero for reporting these issues.\n\nBug Fix(es):\n\n* Previously, the page table isolation feature was able to modify the kernel Page Global Directory (PGD) entries with the _NX bit even for CPUs without the capability to use the \"no execute\" (NX) bit technology. Consequently, the page tables got corrupted, and the kernel panicked at the first page-fault occurrence. This update adds the check of CPU capabilities before modifying kernel PGD entries with _NX. As a result, the operating system no longer panics on boot due to corrupted page tables under the described circumstances. (BZ#1538169)\n\n* When booting the operating system with the Kernel Page Table Isolation option enabled, the HPET VSYSCALL shadow mapping was not placed correctly. Consequently, the High Precision Event Timer (HPET) feature was not available early enough, and warnings on boot time occurred. This update fixes the placement of HPET VSYSCALL, and the warnings on boot time due to this behavior no longer occur. (BZ#1541281)\n\n* Previously, the routine preparing the kexec crashkernel area did not properly clear the page allocated to be kexec's Page Global Directory (PGD). Consequently, the page table isolation shadow mapping routines failed with a warning message when setting up page table entries. With this update, the underlying source code has been fixed to clear the kexec PGD allocated page before setting up its page table entries. As a result, warnings are no longer issued when setting up kexec. (BZ#1541285)\n\n* When changing a kernel page mapping from Read Only (RO) to Read Write (RW), the Translation Lookaside Buffer (TLB) entry was previously not updated. Consequently, a protection fault on a write operation occurred, which led to a kernel panic. With this update, the underlying source code has been fixed to handle such kind of fault properly, and the kernel no longer panics in the described situation. (BZ#1541892)", "published": "2018-03-07T19:50:33", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2018:0464", "cvelist": ["CVE-2017-5753", "CVE-2017-5754"], "lastseen": "2018-03-07T15:48:38"}, {"id": "RHSA-2018:0090", "type": "redhat", "title": "(RHSA-2018:0090) Important: Red Hat CloudForms 4.2 security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system. CloudForms virtual machines include a copy of the Linux Kernel.\n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "published": "2018-01-16T02:33:22", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2018:0090", "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "lastseen": "2018-01-15T22:07:22"}, {"id": "RHSA-2018:0089", "type": "redhat", "title": "(RHSA-2018:0089) Important: Red Hat CloudForms 4.1 security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system. CloudForms virtual machines include a copy of the Linux Kernel.\n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "published": "2018-01-16T02:33:19", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2018:0089", "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "lastseen": "2018-01-15T22:08:20"}, {"id": "RHSA-2018:0020", "type": "redhat", "title": "(RHSA-2018:0020) Important: kernel security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "published": "2018-01-04T20:05:39", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2018:0020", "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "lastseen": "2018-01-06T09:58:40"}, {"id": "RHSA-2018:0007", "type": "redhat", "title": "(RHSA-2018:0007) Important: kernel security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "published": "2018-01-04T03:30:46", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2018:0007", "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "lastseen": "2018-04-15T16:21:20"}, {"id": "RHSA-2018:0021", "type": "redhat", "title": "(RHSA-2018:0021) Important: kernel-rt security update", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "published": "2018-01-04T21:01:58", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2018:0021", "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "lastseen": "2018-01-06T09:58:56"}, {"id": "RHSA-2018:0011", "type": "redhat", "title": "(RHSA-2018:0011) Important: kernel security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "published": "2018-01-04T03:35:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2018:0011", "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "lastseen": "2018-01-06T09:59:18"}, {"id": "RHSA-2018:0016", "type": "redhat", "title": "(RHSA-2018:0016) Important: kernel-rt security update", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "published": "2018-01-04T10:10:11", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2018:0016", "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "lastseen": "2018-03-28T02:40:33"}, {"id": "RHSA-2018:0045", "type": "redhat", "title": "(RHSA-2018:0045) Important: rhvm-appliance security update", "description": "The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.\n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "published": "2018-01-05T20:35:48", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2018:0045", "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "lastseen": "2018-03-28T02:40:26"}, {"id": "RHSA-2018:0008", "type": "redhat", "title": "(RHSA-2018:0008) Important: kernel security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "published": "2018-01-04T03:31:17", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2018:0008", "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "lastseen": "2018-01-06T09:59:07"}], "zdt": [{"id": "1337DAY-ID-29366", "type": "zdt", "title": "Multiple CPUs - Spectre Information Disclosure (PoC) Exploit", "description": "Exploit for multiple platform in category local exploits", "published": "2018-01-04T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://0day.today/exploit/description/29366", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-01-09T13:27:32"}], "packetstorm": [{"id": "PACKETSTORM:145645", "type": "packetstorm", "title": "Spectre Information Disclosure Proof Of Concept", "description": "", "published": "2018-01-04T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-01-05T00:28:26"}], "threatpost": [{"id": "APPLE-RELEASES-SPECTRE-PATCHES-FOR-SAFARI-MACOS-AND-IOS/129365", "type": "threatpost", "title": "Apple Releases Spectre Patches for Safari, macOS and iOS", "description": "Apple released iOS 11.2.2 software Monday for iPhones, iPads and iPod touch models that patch for the Spectre vulnerabilities. A macOS High Sierra 10.13.2 supplemental update was also released to bolster Spectre defenses in Apple\u2019s Safari browser and WebKit, the web browser engine used by Safari, Mail, and App Store.\n\nThis is the second update for Apple since last week\u2019s revelation of the massive processor vulnerabilities, Meltdown and Spectre, [impacting CPU\u2019s worldwide](<https://threatpost.com/intel-in-security-hot-seat-over-serious-cpu-design-flaw/129289/>). Apple previously released mitigations against Meltdown with updates that included iOS 11.2, macOS and tvOS 11.2.\n\n### Related Posts\n\n#### [Experts Weigh In On Spectre Patch Challenges](<https://threatpost.com/experts-weigh-in-on-spectre-patch-challenges/129337/> \"Permalink to Experts Weigh In On Spectre Patch Challenges\" )\n\nJanuary 7, 2018 , 11:21 pm\n\n#### [Vendors Share Patch Updates on Spectre and Meltdown Mitigation Efforts](<https://threatpost.com/vendors-share-patch-updates-on-spectre-and-meltdown-mitigation-efforts/129307/> \"Permalink to Vendors Share Patch Updates on Spectre and Meltdown Mitigation Efforts\" )\n\nJanuary 4, 2018 , 1:01 pm\n\n#### [MacOS LPE Exploit Gives Attackers Root Access](<https://threatpost.com/macos-lpe-exploit-gives-attackers-root-access/129282/> \"Permalink to MacOS LPE Exploit Gives Attackers Root Access\" )\n\nJanuary 2, 2018 , 5:12 pm\n\nMonday\u2019s three updates include [macOS High Sierra 10.13.2 supplemental](<https://support.apple.com/en-us/HT208397>), [Safari 11.0.2](<https://support.apple.com/en-us/HT208403>), and [iOS 11.2.2](<https://support.apple.com/en-us/HT208401>). The updates \u201cincludes security improvements\u201d to mitigate the two known methods for exploiting Spectre identified as variants \u201cbounds check bypass\u201d ([CVE-2017-5753](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753>)/Spectre/variant 1) and \u201cbranch target injection\u201d ([CVE-2017-5715/Spectre](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715>)/variant 2).\n\nApple said the Safari 11.0.2 update is available for OS X El Capitan 10.11.6 and macOS Sierra 10.12.6. The macOS High Sierra 10.13.2 supplemental update includes security updates for Safari and WebKit. iOS 11.2.2 is for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.\n\nAccording to experts, the Spectre vulnerability, variant is much more difficult attack to carry out than Meltdown because it breaks the isolation between different applications. But, at the same time, it will also be harder to patch.\n\nThere is also a greater sense of urgency with Spectre. A Meltdown attack scenario requires an attacker to already have a foothold on the targeted system. Spectre opens up certain types of remote attack scenarios such as browser-based attacks, according to researchers.\n\nLast week Mozilla, along with Microsoft and Google, updated the code in their browsers to increase them time it takes to execute certain Java commands that could exploit the Spectre flaws, making it exponentially harder \u2013 but not impossible \u2013 to exploit.\n\n\u201cA JavaScript attack being able to pull memory contents of the browser and could result in pulling credentials and session keys, which bypasses a lot of a lot of security protections,\u201d said Jimmy Graham, director of product management at Qualys [in a previous interview with Threatpost](<https://threatpost.com/experts-weigh-in-on-spectre-patch-challenges/129337/>).\n\nApple is not releasing any additional technical details of the patches, including what \u2013 if any \u2013 penalty patches may have on device performance.", "published": "2018-01-08T16:57:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://threatpost.com/apple-releases-spectre-patches-for-safari-macos-and-ios/129365/", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-01-09T01:03:08"}, {"id": "EXPERTS-WEIGH-IN-ON-SPECTRE-PATCH-CHALLENGES/129337", "type": "threatpost", "title": "Experts Weigh In On Spectre Patch Challenges", "description": "The race to patch against the Meltdown and Spectre processor vulnerabilities disclosed last week is on. As of today, there are no known exploits in the wild impacting vulnerable Intel, AMD and ARM devices.\n\nCurrently, vendors are focused on three main mitigation efforts. Patches that address the Meltdown flaws are KPTI (Kernel Page Table Isolation) and KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed). On Thursday, Google unveiled a [Retpoline coding technique](<https://support.google.com/faqs/answer/7625886>) for mitigating against Spectre attacks.\n\n### Related Posts\n\n#### [Vendors Share Patch Updates on Spectre and Meltdown Mitigation Efforts](<https://threatpost.com/vendors-share-patch-updates-on-spectre-and-meltdown-mitigation-efforts/129307/> \"Permalink to Vendors Share Patch Updates on Spectre and Meltdown Mitigation Efforts\" )\n\nJanuary 4, 2018 , 1:01 pm\n\n#### [Intel In Security Hot Seat Over Reported CPU Design Flaw](<https://threatpost.com/intel-in-security-hot-seat-over-serious-cpu-design-flaw/129289/> \"Permalink to Intel In Security Hot Seat Over Reported CPU Design Flaw\" )\n\nJanuary 3, 2018 , 2:33 pm\n\n#### [Intel Patches CPU Bugs Impacting Millions of PCs, Servers](<https://threatpost.com/intel-patches-cpu-bugs-impacting-millions-of-pcs-servers/128962/> \"Permalink to Intel Patches CPU Bugs Impacting Millions of PCs, Servers\" )\n\nNovember 21, 2017 , 3:03 pm\n\nIntel [said last week](<https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits/>) that it is \u201crapidly issuing updates for all types of Intel-based computer systems\u201d that include software patches and firmware updates that will \u201cimmunize\u201d more than 90 percent of processors introduced in the past five years. By the end of this week those ambitious patching efforts will be complete, Intel said.\n\nSecurity experts say two vectors that exploit Spectre will be particularly challenging to \u201cimmunize.\u201d\n\nCurrently known methods for exploiting Meltdown and Spectre are identified as variants \u201cbounds check bypass\u201d ([CVE-2017-5753](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753>)/Spectre/variant 1), \u201cbranch target injection\u201d ([CVE-2017-5715/Spectre](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715>)/variant 2) and \u201crogue data cache load\u201d ([CVE-2017-5754/Meltdown](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754>)/variant 3).\n\n\u201cMeltdown is a well-defined vulnerability where a user-mode program can access privileged kernel-mode memory. This makes patching Meltdown much easier than Spectre by ensuring kernel memory is unmapped from a user-mode, which is what we see in the form of kernel page-table isolation (KPTI),\u201d said Jeff Tang, senior security researcher at Cylance.\n\nSpectre is much more difficult to attack to carry out because it breaks the isolation between different applications, researchers say. But at the same time, it will also be harder to patch.\n\nBen Carr, VP of strategy at Cyberbit, said there is not a single patch that can be applied for Spectre and mitigation efforts will require ongoing efforts. He said Spectre attacks do not rely on a specific feature of a single processor\u2019s memory management and protection system, making future attacks part of a generalized strategy to undermine a CPU.\n\n\u201cIn the case of Spectre, it is a class of attack not a specific vulnerability\u2026 Exploits are based on the side effects of speculative execution, specifically branch prediction. This type of exploit will be tailored and continue to morph and change making patching extremely difficult,\u201d Carr said.\n\nResearchers say, Spectre also represents a larger challenge to the industry because it requires a greater degree of coordination among stakeholders to mitigate.\n\nExploits targeting Spectre variant 1 (bounds check bypass) requires custom compiled binaries from vendors. Fixing variant 2 (branch target injection) entails a microcode update, which will be delivered through Intel OEM partners, as well as a patched OS kernel which leverages the microcode update, said Alex Ionescu, vice president of EDR Strategy.\n\n\u201cAll major browsers have provided patches, and Linux\u2019s kernel JIT engine needs a patch as well. Other JIT-type applications/libraries/kernel components which run arbitrary code will require individual patches,\u201d Ionescu said of variant 1.\n\nMicrosoft Windows kernel has a patch available to leverage an update for variant 2, and Linux is currently merging a fix into their mainline kernel for release to distributions, Ionescu said.\n\nBecause Spectre patches require mitigation techniques that don\u2019t exist, software vendors need to update their compiler infrastructure and recompile their products for patches, researchers said. Next, users need to update their software.\n\n\u201cThat\u2019s quite the pipeline in order to address just one vulnerability with a massive window of opportunity for nefarious actors to cause mischief,\u201d Tang said.\n\nThere is also a greater sense of urgency with Spectre. A Meltdown attack scenario requires an attacker to already have a foothold on the targeted system. Spectre opens up certain types of remote attack scenarios such as browser-based attacks, said Jimmy Graham, director of product management at Qualys.\n\n\u201cA JavaScript attack being able to pull memory contents of the browser and could result in pulling credentials and session keys, which bypasses a lot of a lot of security protections,\u201d Graham said.\n\nLast week Mozilla, along with Microsoft and Google, updated the code in their browsers to increase them time it takes to execute certain Java commands that could exploit the Spectre flaws, making it exponentially harder \u2013 but not impossible \u2013 to exploit.\n\nLastly, experts also claim patches for Spectre negatively impact CPU performance to a greater degree than Meltdown patches, something that could dissuade some from patching.\n\nGoogle said its Retpoline patch for Spectre and Meltdown have a \u201cnegligible\u201d impact on CPU performance. Retpoline has already been deployed by in the Google Cloud infrastructure, with no significant impact on speeds, according to the company.\n\nThe Retpoline technique focuses on mitigating one of the three variants involved in the new attacks (branch target injection/variant 2), considered the most difficult of the three to address. The patch technique is described as \u201ca specially contrived way to run operating system kernel code that prevents incorrect branch speculation,\u201d said Jon Masters, chief ARM architect with Red Hat [in a blog post](<https://www.redhat.com/en/blog/what-are-meltdown-and-spectre-here%E2%80%99s-what-you-need-know>).\n\nThe fix requires CPU vendors to have kernel with countermeasures, such as microcode updates, already in place. Intel said that it would issue its own microcode updates to address the issue. AMD said a microcode update to disable branch [prediction is now available](<https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html>).\n\n\u201cThe Retpoline technique is currently being introduced to the Clang/LLVM compiler as a mitigation for one variant of the Spectre vulnerability,\u201d Tang said. \u201cHowever, the LLVM compiler is predominantly used by Apple\u2019s macOS, certain Linux and BSD distributions, and Google Chrome. Missing from this list is Microsoft Windows and other popular programs for Microsoft Windows that typically use Microsoft\u2019s C/C++ compiler.\u201d\n\nExperts point out each of the patches don\u2019t remove the threat of attacks, just reduce by varying degrees the likelihood an attacker will be successful. They maintain the only the only true fix is replacing a computer\u2019s CPU.\n\n\u201cGiven the increased scrutiny of speculative execution attacks (aka side channel attacks) and the fact that the available updates are merely mitigations, we may see some very creative workarounds that continue to give these vulnerabilities additional lifespan if not new vulnerabilities within the same class,\u201d Tang said.\n\nHe said the same way buffer-overflow vulnerabilities and Heartbleed lead to years of vulnerable programs, Meltdown and Spectre will have a similar impact on the security landscape.", "published": "2018-01-07T23:21:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://threatpost.com/experts-weigh-in-on-spectre-patch-challenges/129337/", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-08T08:58:28"}, {"id": "VENDORS-SHARE-PATCH-UPDATES-ON-SPECTRE-AND-MELTDOWN-MITIGATION-EFFORTS/129307", "type": "threatpost", "title": "Vendors Share Patch Updates on Spectre and Meltdown Mitigation Efforts", "description": "Intel, Amazon, Microsoft and others are playing down concerns over the impact of the massive Spectre and Meltdown vulnerabilities affecting computers, servers and mobile devices worldwide.\n\nThe two flaws, [Spectre and Meltdown](<https://spectreattack.com/>), are far reaching and impact a wide range of microprocessors used in the past decade in computers and mobile devices including those running Android, Chrome, iOS, Linux, macOS and Windows. While Meltdown only affects Intel processors, Spectre affects chips from Intel, AMD, ARM and others.\n\n### Related Posts\n\n#### [Intel In Security Hot Seat Over Reported CPU Design Flaw](<https://threatpost.com/intel-in-security-hot-seat-over-serious-cpu-design-flaw/129289/> \"Permalink to Intel In Security Hot Seat Over Reported CPU Design Flaw\" )\n\nJanuary 3, 2018 , 2:33 pm\n\n#### [Mozilla Patches Critical Bug in Thunderbird](<https://threatpost.com/mozilla-patches-critical-bug-in-thunderbird/129244/> \"Permalink to Mozilla Patches Critical Bug in Thunderbird\" )\n\nDecember 26, 2017 , 2:09 pm\n\n#### [Permissions Flaw Found on Azure AD Connect](<https://threatpost.com/permissions-flaw-found-azure-ad-connect/129170/> \"Permalink to Permissions Flaw Found on Azure AD Connect\" )\n\nDecember 14, 2017 , 12:43 pm\n\nCurrently known vectors for exploiting the flaws are identified as \u201cbounds check bypass\u201d ([CVE-2017-5753](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753>)), \u201cbranch target injection\u201d ([CVE-2017-5715](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715>)) and \u201crogue data cache load\u201d ([CVE-2017-5754](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754>)), according to researchers at Google Project Zero.\n\nHere is how companies are responding to revelations of the flaws, also referred to as \u201cspeculative execution side-channel attacks\u201d vulnerabilities.\n\nAs for Intel, all Intel processors released since 1995 are impacted by Meltdown, according to researchers. The company said Wednesday that OEMs will release relevant Intel firmware updates to address the issue. \u201cCheck with your operating system vendor or system manufacturer and apply any available updates as soon as they are available,\u201d [the company said in a statement](<https://newsroom.intel.com/news/intel-responds-to-security-research-findings/>).\n\nMicrosoft said it was offering an out-of-band update for Windows, ahead of next week\u2019s Patch Tuesday security update. \u201cMicrosoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services,\u201d the company said in [a statement to its Security TechCenter](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002>).\n\nLinux security patches, protecting against Spectre and Meltdown exploits, were pushed out last week. Thomas Gleixner, a Linux kernel developer, posted last month to [the Linux Kernel Mailing List](<https://lkml.org/lkml/2017/12/4/709>) information about isolation patches called KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed).\n\nMobile chip designer [ARM said most processors](<https://developer.arm.com/support/security-update>) designed by the company are not affected by Spectre. Those chips that are include: Cortex-A75, Cortex-A73, Cortex-A72, Cortex-A57-, Cortex-A17, and Cortex-A9.\n\nGoogle addressed the issue on Wednesday stating: \u201cWe are posting before an originally coordinated disclosure date of January 9, 2018 because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation.\u201d\n\nGoogle said Android devices with the [latest security update](<https://source.android.com/security/bulletin/2018-01-01>), released on Jan. 3, are protected. Google Chrome OS versions prior to 63 are not patched. Google added, \u201cChrome 64, due to be released on January 23, will contain mitigations to protect against exploitation.\u201d Google said its Google Cloud Infrastructure and Google App Engine require \u201cno additional user or customer action.\u201d Google Compute Engine customers [have been informed](<https://cloud.google.com/compute/docs/security-bulletins>) the infrastructure is patched, but \u201ccustomers much patch/update guest environment(s),\u201d according to Google.\n\nAmazon [released a statement](<https://aws.amazon.com/security/security-bulletins/AWS-2018-013/>) regarding the impact of Meltdown and Spectre stating: \u201cAll but a small single-digit percentage of instances across the Amazon EC2 fleet are already protected. The remaining ones will be completed in the next several hours, with associated instance maintenance notifications.\u201d\n\n\u201cWhile the updates AWS performs protect underlying infrastructure, in order to be fully protected against these issues, customers must also patch their instance operating systems. Updates for Amazon Linux have been made available, and instructions for updating existing instances are provided further below along with any other AWS-related guidance relevant to this bulletin,\u201d Amazon said.\n\n> Windows 17035 Kernel ASLR/VA Isolation In Practice (like Linux KAISER). First screenshot shows how NtCreateFile is not mapped in the kernel region of the user CR3. Second screenshot shows how a 'shadow' kernel trap handler, is (has to be). [pic.twitter.com/7PriLIJHe1](<https://t.co/7PriLIJHe1>)\n> \n> \u2014 Alex Ionescu (@aionescu) [November 14, 2017](<https://twitter.com/aionescu/status/930412525111296000?ref_src=twsrc%5Etfw>)\n\nApple has not released a statement relating to the Spectre and Meltdown. However, it\u2019s understood that the recent macOS 10.13.2 update, released on Dec. 6, partially addressed the flaw. Alex Ionescu, vice president of endpoint detection and response strategy at Crowdstrike, appears to confirm this in a tweet:\n\n\u201cThe question on everyone\u2019s minds: Does MacOS fix the Intel #KPTI Issue? Why yes, yes it does. Say hello to the \u201cDouble Map\u201d since 10.13.2 \u2014 and with some surprises in 10.13.3 (under Developer NDA so can\u2019t talk/show you).\u201d\n\nAMD [said the impact](<https://www.amd.com/en/corporate/speculative-execution>) of the three known vectors for exploiting Spectre and Meltdown ([CVE-2017-5753](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753>), [CVE-2017-5715](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715>)) and [CVE-2017-5754](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754>)) are minimal. It said issues tied to [CVE-2017-5753](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753>) will be addressed via OS updates made by system vendors and are expected to have \u201cnegligible performance impact\u201d on system performance. However, the \u201cbranch target injection\u201d vector ([CVE-2017-5715](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715>)) could impact a small number of customers. \u201cDifferences in AMD architecture mean there is a near zero risk of exploitation of this variant,\u201d AMD said.\n\nOn the Mozilla Security Blog, Luke Wagner, a Mozilla software engineer, said the Firefox browser is impacted by Meltdown and Spectre.\n\n\u201cOur internal experiments confirm that it is possible to use similar techniques from Web content to read private information between different origins. The full extent of this class of attack is still under investigation and we are working with security researchers and other browser vendors to fully understand the threat and fixes,\u201d [Wagner wrote](<https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/>).\n\nWagner added Mozilla has implemented a short-term fix in all Firefox releases starting with 57. \u201cSince this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox,\u201d he said.\n\nGoogle\u2019s security research team [Google Project Zero](<https://googleprojectzero.blogspot.com/>) discovered the Meltdown flaw last June. Jann Horn, a security analyst at a Google, is credited for discovering the flaw. Also credited for discovering the vulnerability is Werner Haas and Thomas Prescher, at Cyberus Technology; and Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz at the Graz University of Technology.\n\nOn Wednesday, the United States Computer Emergency Readiness Team issued one of the harshest recommendations for fixing the issue. Under the heading \u201cSolutions\u201d, US-CERT states \u201creplace CPU hardware.\u201d\n\n\u201cThe underlying vulnerability is primarily caused by CPU implementation optimization choices. Fully removing the vulnerability requires replacing vulnerable CPU hardware,\u201d US-CERT states.", "published": "2018-01-04T13:01:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://threatpost.com/vendors-share-patch-updates-on-spectre-and-meltdown-mitigation-efforts/129307/", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-04T22:58:39"}, {"id": "NEW-MICROSOFT-BUG-BOUNTY-PROGRAM-LOOKS-TO-SQUASH-THE-NEXT-SPECTRE-MELTDOWN/130523", "type": "threatpost", "title": "New Microsoft Bug Bounty Program Looks To Squash The Next Spectre, Meltdown", "description": "In the wake of the Meltdown and Spectre flaws, Microsoft has rolled out a new bug bounty program targeting speculative execution side channel vulnerabilities.\n\nThe limited time [program](<https://blogs.technet.microsoft.com/msrc/2018/03/14/speculative-execution-bounty-launch/>) is open until December 31, and offers up to $250,000 for identifying new categories of speculative execution attacks that Microsoft and other industry partners are not yet aware of. \n\n### Related Posts\n\n#### [Intel Details CPU \u2018Virtual Fences\u2019 Fix As Safeguard Against Spectre, Meltdown Flaws](<https://threatpost.com/intel-details-cpu-virtual-fences-fix-as-safeguard-against-spectre-meltdown-flaws/130501/> \"Permalink to Intel Details CPU \u2018Virtual Fences\u2019 Fix As Safeguard Against Spectre, Meltdown Flaws\" )\n\nMarch 16, 2018 , 10:38 am\n\n#### [Microsoft Patches 15 Critical Bugs in March Patch Tuesday Update](<https://threatpost.com/microsoft-patches-15-critical-bugs-in-march-patch-tuesday-update/130424/> \"Permalink to Microsoft Patches 15 Critical Bugs in March Patch Tuesday Update\" )\n\nMarch 13, 2018 , 6:25 pm\n\n#### [AMD Investigating Reports of 13 Critical Vulnerabilities Found in Ryzen, EPYC Chips](<https://threatpost.com/amd-investigating-reports-of-13-critical-vulnerabilities-found-in-ryzen-epyc-chips/130404/> \"Permalink to AMD Investigating Reports of 13 Critical Vulnerabilities Found in Ryzen, EPYC Chips\" )\n\nMarch 13, 2018 , 4:04 pm\n\nSpeculative execution side channels are a hardware vulnerability class that affects CPUs from multiple manufacturers. The vulnerabilities were thrust into the spotlight in January after it was disclosed that there are three variants of the issue, dubbed Spectre and Meltdown, that could potentially enable hackers to access users\u2019 data. \n\nThese security flaws impact processors across the board, including Intel, ARM and AMD. Microsoft, for its part, has worked to release firmware and software updates for its devices featuring these CPUs.\n\n\u201cIn recognition of that threat environment change, we are launching a bounty program to encourage research into the new class of vulnerability and the mitigations Microsoft has put in place to help mitigate this class of issues,\u201d Phillip Misner, principal security group manager at Microsoft, said in a [post](<https://blogs.technet.microsoft.com/msrc/2018/03/14/speculative-execution-bounty-launch/>).\n\nMicrosoft\u2019s bug bounty program features a second tier that offers up to $200,000 to find speculative execution side channel attacks that can be used to read sensitive memory that is not allocated to an attacker\u2019s virtual machine on Azure.\n\nAnother tier of the program offers up to $200,000 to find a novel method of bypassing speculative execution mitigations on Windows. That could include a method of bypassing Windows mitigations for \u201cbranch target injections\u201d like Spectre variant 2 (or CVE-2017-5715) or \u201crogue data cache load\u201d like the Meltdown variant (or CVE-2017-5754). \u201cThese bypasses must demonstrate that it is possible to disclose sensitive information when these mitigations are present and enabled,\u201d according to Microsoft.\n\nThe company is also offering up to $25,000 to find instances of a known speculative execution vulnerability in Windows 10 or Microsoft Edge. That includes exploitable instances of Spectre variant 1 (CVE-2017-5753).\n\nMicrosoft has kept up with mitigations around Spectre and Meltdown after the vulnerabilities were first disclosed in January. In March, the company released a myriad of software and firmware/microcode updates, including protected updates for its x86 version of Windows 10 and microcode updates for devices running the Windows 10 Fall Creators Updates and Intel\u2019s sixth-gen Skylake processors.\n\nMost recently, the company offered [new updates](<https://threatpost.com/microsoft-patches-15-critical-bugs-in-march-patch-tuesday-update/130424/>) against Meltdown and Spectre with new releases on this month\u2019s Patch Tuesday for PCs running x86 versions of Windows 7 and 8.1 as well as Server 2008 and 2012.\n\nMicrosoft isn\u2019t alone in offering bounties to look for new side channel vulnerabilities \u2013 last month, [Intel](<https://threatpost.com/intel-expands-bug-bounty-program-post-spectre-and-meltdown/129980/>) also launched a new bug bounty program focused specifically on side channel vulnerabilities similar to Spectre and Meltdown, with potential awards for disclosures totaling up to $250,000.", "published": "2018-03-16T16:15:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://threatpost.com/new-microsoft-bug-bounty-program-looks-to-squash-the-next-spectre-meltdown/130523/", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-03-17T02:50:57"}, {"id": "INTEL-DETAILS-CPU-VIRTUAL-FENCES-FIX-AS-SAFEGUARD-AGAINST-SPECTRE-MELTDOWN-FLAWS/130501", "type": "threatpost", "title": "Intel Details CPU 'Virtual Fences' Fix As Safeguard Against Spectre, Meltdown Flaws", "description": "Intel introduced hardware-based protections to its new chips to protect against the Spectre and Meltdown flaws that rocked the silicon industry when the vulnerabilities were made public in early 2018.\n\nSpectre and Meltdown, which account for three variants of a side-channel analysis security issue in server and desktop processors, could potentially allow hackers to access users\u2019 protected data. The security flaws, which were first disclosed by Google Project Zero in early January, impact processors including those from Intel, ARM and AMD.\n\n### Related Posts\n\n#### [Microsoft Patches 15 Critical Bugs in March Patch Tuesday Update](<https://threatpost.com/microsoft-patches-15-critical-bugs-in-march-patch-tuesday-update/130424/> \"Permalink to Microsoft Patches 15 Critical Bugs in March Patch Tuesday Update\" )\n\nMarch 13, 2018 , 6:25 pm\n\n#### [AMD Investigating Reports of 13 Critical Vulnerabilities Found in Ryzen, EPYC Chips](<https://threatpost.com/amd-investigating-reports-of-13-critical-vulnerabilities-found-in-ryzen-epyc-chips/130404/> \"Permalink to AMD Investigating Reports of 13 Critical Vulnerabilities Found in Ryzen, EPYC Chips\" )\n\nMarch 13, 2018 , 4:04 pm\n\n#### [Intel Releases Updated Spectre Fixes For Broadwell and Haswell Chips](<https://threatpost.com/intel-releases-updated-spectre-fixes-for-broadwell-and-haswell-chips/130144/> \"Permalink to Intel Releases Updated Spectre Fixes For Broadwell and Haswell Chips\" )\n\nFebruary 28, 2018 , 9:59 am\n\nIn order to protect against these flaws, Intel said Thursday said it has designed a new set of CPU design features that work with the operating system to install \u201cvirtual fences\u201d protecting the system from speculative execution attacks that could exploit a variant of the Spectre flaw.\n\n\u201cWe have redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both Variants 2 and 3,\u201d Brian Krzanich, CEO of Intel, said in a blog [post](<https://newsroom.intel.com/editorials/advancing-security-silicon-level/>). \u201cThink of this partitioning as additional \u201cprotective walls\u201d between applications and user privilege levels to create an obstacle for bad actors.\u201d\n\nKrzanich said the new safeguards will be built into Intel\u2019s next-generation Xeon Scalable processors, code-named Cascade Lake, as well as Intel\u2019s eighth-gen Core processors that are expected to ship in the second half of 2018.\n\n\u201cAs we bring these new products to market, ensuring that they deliver the performance improvements people expect from us is critical. Our goal is to offer not only the best performance, but also the best secure performance,\u201d said Krzanich in a statement.\n\nOn the heels of Intel\u2019s announcement of hardware fixes, many in the industry are still waiting for more in-depth details on these upcoming chips, including specifics around performance and how the security features operate at a technical level.\n\n> Promise has been given, but we know only a few details abut the HW solution\u2026<https://t.co/WmThNMIlKh>[#Intel](<https://twitter.com/hashtag/Intel?src=hash&ref_src=twsrc%5Etfw>) [#Meltdown](<https://twitter.com/hashtag/Meltdown?src=hash&ref_src=twsrc%5Etfw>) [#Spectre](<https://twitter.com/hashtag/Spectre?src=hash&ref_src=twsrc%5Etfw>) [#vulnerability](<https://twitter.com/hashtag/vulnerability?src=hash&ref_src=twsrc%5Etfw>) [#hardware](<https://twitter.com/hashtag/hardware?src=hash&ref_src=twsrc%5Etfw>) [#Solution](<https://twitter.com/hashtag/Solution?src=hash&ref_src=twsrc%5Etfw>) [#CyberSecurity](<https://twitter.com/hashtag/CyberSecurity?src=hash&ref_src=twsrc%5Etfw>)\n> \n> \u2014 Peter Santavy (@PSantavy) [March 16, 2018](<https://twitter.com/PSantavy/status/974639244785438720?ref_src=twsrc%5Etfw>)\n\n> Intel has announced that their next-gen Xeons (Cascade Lake) and 8th Gen Core that will ship in H2 have been redesigned in order to protect against Spectre (Var 2, [#CVE](<https://twitter.com/hashtag/CVE?src=hash&ref_src=twsrc%5Etfw>)-2017-5715) and Meltdown (Var 3, CVE-2017-5754) through partitioning. Exact details were not disclosed.\n> \n> \u2014 WikiChip (@WikiChip) [March 16, 2018](<https://twitter.com/WikiChip/status/974642340794191877?ref_src=twsrc%5Etfw>)\n\nIn addition to Intel\u2019s new hardware, Krzanich said that the company has now also released microcode updates for all the Intel products launched in the past five years requiring protection against Spectre and Meltdown.\n\nThat includes the company\u2019s newer Skylake, Kaby Lake and Cannon Lake platforms, as well as its Broadwell and Haswell platforms, which were patched in [February](<https://threatpost.com/intel-issues-updated-spectre-firmware-fixes-for-newer-processors/130025/>).\n\nIntel has been looking to step up its security game on the heels of Google Project Zero\u2019s discovery of Meltdown and Spectre. Earlier this year the company launched a new [bug bounty program](<https://threatpost.com/intel-expands-bug-bounty-program-post-spectre-and-meltdown/129980/>) focused specifically on side channel vulnerabilities similar to Spectre and Meltdown, with potential awards for disclosures totaling up to $250,000. In February, Intel released a [new whitepaper](<https://software.intel.com/sites/default/files/managed/1d/46/Retpoline-A-Branch-Target-Injection-Mitigation.pdf>) detailing Google\u2019s software fix for Spectre, called Retpoline.\n\nThere are three variants of the side-channel issue that impact both the hardware and software of Intel chips; while Meltdown breaks down the mechanism keeping applications from accessing arbitrary system memory, Spectre tricks other applications into accessing arbitrary locations in their memory. Intel said that its hardware security technology will protect against the Spectre variant 2 and Meltdown variant 3 flaws, however software fixes are still required to protect against Spectre variant 1 vulnerabilities.", "published": "2018-03-16T10:38:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://threatpost.com/intel-details-cpu-virtual-fences-fix-as-safeguard-against-spectre-meltdown-flaws/130501/", "cvelist": ["CVE-2017-5754"], "lastseen": "2018-03-16T19:05:42"}, {"id": "INTEL-HALTS-SPECTRE-FIXES-ON-OLDER-CHIPS-CITING-LIMITED-ECOSYSTEM-SUPPORT/130965", "type": "threatpost", "title": "Intel Halts Spectre Fixes On Older Chips, Citing Limited Ecosystem Support", "description": "Intel has halted patches for an array of older chips that would protect them against the Spectre vulnerability, according to a recent microcode update.\n\nThe microcode [update](<https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf>) shows that its older products \u2013 including Wolfdale, Bloomfield, Clarksfield, Gulftown, Harpertown, Jasper Forest, SoFIA 3GR, and Yorkfield \u2013 will no longer receive patches.\n\n### Related Posts\n\n#### [Microsoft Fixes Bad Patch That Left Windows 7, Server 2008 Open to Attack](<https://threatpost.com/microsoft-fixes-bad-patch-that-left-windows-7-server-2008-open-to-attack/130871/> \"Permalink to Microsoft Fixes Bad Patch That Left Windows 7, Server 2008 Open to Attack\" )\n\nMarch 30, 2018 , 2:51 pm\n\n#### [New Microsoft Bug Bounty Program Looks To Squash The Next Spectre, Meltdown](<https://threatpost.com/new-microsoft-bug-bounty-program-looks-to-squash-the-next-spectre-meltdown/130523/> \"Permalink to New Microsoft Bug Bounty Program Looks To Squash The Next Spectre, Meltdown\" )\n\nMarch 16, 2018 , 4:15 pm\n\n#### [Intel Details CPU \u2018Virtual Fences\u2019 Fix As Safeguard Against Spectre, Meltdown Flaws](<https://threatpost.com/intel-details-cpu-virtual-fences-fix-as-safeguard-against-spectre-meltdown-flaws/130501/> \"Permalink to Intel Details CPU \u2018Virtual Fences\u2019 Fix As Safeguard Against Spectre, Meltdown Flaws\" )\n\nMarch 16, 2018 , 10:38 am\n\n\u201cWe\u2019ve now completed release of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered by Google Project Zero,\u201d said Intel in a statement to Threatpost. \u201cHowever, as indicated in our latest microcode revision guidance, we will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback.\u201d\n\nAccording to the Intel\u2019s microcode update, \u201cafter a comprehensive investigation of the microarchitectures and microcode capabilities for\u2026 products, Intel has determined to not release microcode updates for these products for one or more reasons.\u201d\n\nSome of these possible reasons, according to Intel\u2019s microcode update, include:\n\n\u2022 Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)\n\n\u2022 Limited Commercially Available System Software support\n\n\u2022 Based on customer inputs, most of these products are implemented as \u201cclosed systems\u201d and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.\n\nThe Spectre and Meltdown defects, which account for three variants of a side-channel analysis security issue in server and desktop processors, were identified earlier this year and could potentially allow hackers to access users\u2019 protected data. Meltdown breaks down the mechanism keeping applications from accessing arbitrary system memory, while Spectre tricks other applications into accessing arbitrary locations in their memory.\n\nIntel has been pushing out patches for its chips over the past few months after the vulnerabilities were revealed. As of this week the rest of Intel\u2019s chips in its microcode update \u2013 beyond its older chips that won\u2019t receive patches \u2013 are listed as in \u201cProduction,\u201d meaning that patches have been issued for them \u2013 with the exception of Intel\u2019s Coffee Lake lineup, which is listed as a \u201cProduction Candidate.\u201d\n\nTim Woods, VP of technology alliances at FireMon, told Threatpost that Intel may have ceased plans to patch these chips due to the inability of its partners to push out updates, as well as architectural challenges that block practical implementation of an update.\n\n\u201cRegardless of Intel\u2019s reason, their posture underscores the critical importance of an organization to take ownership of the security of their infrastructure,\u201d he said. \u201cThis entails looking at physical security, cloud-based assets, network, server, and desktop assets. In the case of Intel\u2019s resistance to finding a suitable patch for the Spectre vulnerability, it may be that those affected systems must be replaced.\u201d\n\nThe Spectre and Meltdown security flaws were first disclosed by Google Project Zero in early January and impact an array of processors on the market, including those from Intel, ARM and AMD. Intel, for its part, has issued several microcode updates to help safeguard its chips from the security flaws. In [February](<https://threatpost.com/intel-releases-updated-spectre-fixes-for-broadwell-and-haswell-chips/130144/>), the Santa Clara, Calif.-based company issued these patches for both newer chip platforms, like Kaby Lake, Coffee Lake and Skylake; as well as older processors, including Broadwell and Haswell chips.\n\nMeanwhile, in [March](<https://threatpost.com/intel-details-cpu-virtual-fences-fix-as-safeguard-against-spectre-meltdown-flaws/130501/>), Intel introduced hardware-based protections to its new chips to protect against the Spectre and Meltdown flaws that rocked the silicon industry when the vulnerabilities were made public in early 2018. Intel said designed a new set of CPU design features that work with the operating system to install \u201cvirtual fences\u201d protecting the system from speculative execution attacks that could exploit a variant of the Spectre flaw.\n\n\u201cWe have redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both Variants 2 and 3,\u201d Brian Krzanich, CEO of Intel, said in a recent March blog [post](<https://newsroom.intel.com/editorials/advancing-security-silicon-level/>). \u201cThink of this partitioning as additional \u201cprotective walls\u201d between applications and user privilege levels to create an obstacle for bad actors.\u201d", "published": "2018-04-04T11:18:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://threatpost.com/intel-halts-spectre-fixes-on-older-chips-citing-limited-ecosystem-support/130965/", "cvelist": ["CVE-2017-5715"], "lastseen": "2018-04-04T19:45:34"}], "kaspersky": [{"id": "KLA11173", "type": "kaspersky", "title": "\r KLA11173OSI vulnerability in VMware Products\t\t\t ", "description": "### *CVSS*:\n8.8\n\n### *Detect date*:\n01/09/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nA bounds check bypass and branch target injection vulnerability was found in VMware ESXi, VMWare Workstation and VMware Fusion. By exploiting this vulnerability malicious users can obtain sensitive information.\n\n### *Affected products*:\nVMware Workstation 12.x earlier than 12.5.8 \nVMware Workstation 14.x earlier than 14.1.1 \nVMware Fusion earlier than 8.5.10 \nESXi 6.5 earlier than ESXi550-201801401-BG \nESXi 6.0 earlier than ESXi600-201711402-SG \nESXi 5.5 earlier than ESXi550-201801402-BG \n\n\n### *Solution*:\nUpdate to latest version \n[Download VMware Fusion](<https://www.vmware.com/go/downloadfusion>) \n[Download VMware Workstation Pro](<https://www.vmware.com/go/downloadworkstation>)\n\n### *Original advisories*:\n[VMSA-2018-0004](<https://www.vmware.com/security/advisories/VMSA-2018-0004.html>) \n[VMSA-2018-0002](<https://www.vmware.com/security/advisories/VMSA-2018-0002.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[VMware Workstation](<https://threats.kaspersky.com/en/product/VMware-Workstation/>)\n\n### *CVE-IDS*:\n[CVE-2017-5753](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753>) \n[CVE-2017-5715](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715>)", "published": "2018-01-09T00:00:00", "cvss": {"score": 8.8, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA11173", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-03-30T14:11:46"}], "msrc": [{"id": "MSRC:3EC2FAA8CFB89D38DF89D5273501E00C", "type": "msrc", "title": "Speculative Execution Bounty Launch", "description": "Today, Microsoft is announcing the launch of a limited-time bounty program for speculative execution side channel vulnerabilities. This new class of vulnerabilities was disclosed in January 2018 and represented a major advancement in the research in this field. In recognition of that threat environment change, we are launching a bounty program to encourage research into the new class of vulnerability and the mitigations Microsoft has put in place to help mitigate this class of issues.\n\n**Quick Facts:**\n\n * **Bounty Duration**: Open until December 31, 2018\n * **Full Details**: [Speculative Execution Bounty Program](<https://aka.ms/sescbounty>)\n * **Bounty Terms**: [Standard terms and conditions apply](<https://technet.microsoft.com/en-us/library/mt845778.aspx>)\n * **Bounty Tiers**: (below)\n** Tier** | ** Payout **(USD) \n---|--- \nTier 1: New categories of speculative execution attacks | Up to $250,000 \nTier 2: Azure speculative execution mitigation bypass | Up to $200,000 \nTier 3: Windows speculative execution mitigation bypass | Up to $200,000 \nTier 4: Instance of a known speculative execution vulnerability (such as CVE-2017-5753) in Windows 10 or Microsoft Edge. This vulnerability must enable the disclosure of sensitive information across a trust boundary | Up to $25,000 \n \n \n\nSpeculative execution is truly a new class of vulnerabilities, and we expect that research is already underway exploring new attack methods. This bounty program is intended as a way to foster that research and the coordinated disclosure of vulnerabilities related to these issues. Tier 1 focuses on new categories of attacks involving speculative execution side channels. To help the community better understand what is currently known amongst the industry, our Security Research & Defense team has published [blog](<https://aka.ms/sescsrdblog>) with additional information. Tiers 2 and 3 focus on identifying possible bypasses for mitigations that have been added to Windows and Azure to defend against the attacks that have been identified. Tier 4 covers exploitable instances of CVE-2017-5753 or CVE-2017-5715 that may exist.\n\nSpeculative execution side channel vulnerabilities require an industry response. To that end, Microsoft will share, under the principles of coordinated vulnerability disclosure, the research disclosed to us under this program so that affected parties can collaborate on solutions to these vulnerabilities. Together with security researchers, we can build a more secure environment for customers.\n\n \n\nPhillip Misner \nPrincipal Security Group Manager \nMicrosoft Security Response Center", "published": "2018-03-15T00:00:04", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://blogs.technet.microsoft.com/msrc/2018/03/14/speculative-execution-bounty-launch/", "cvelist": ["CVE-2017-5715", "CVE-2017-5753"], "lastseen": "2018-03-15T00:11:09"}], "exploitdb": [{"id": "EDB-ID:43427", "type": "exploitdb", "title": "Multiple CPUs - 'Spectre' Information Disclosure", "description": "Multiple CPUs - 'Spectre' Information Disclosure. CVE-2017-5715,CVE-2017-5753. Local exploit for Multiple platform", "published": "2018-01-03T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/43427/", "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "lastseen": "2018-01-24T14:17:37"}], "cert": [{"id": "VU:584653", "type": "cert", "title": "CPU hardware vulnerable to side-channel attacks", "description": "### Overview\n\nCPU hardware implementations are vulnerable to cache side-channel attacks. These vulnerabilities are referred to as [Meltdown](<https://meltdownattack.com/>) and [Spectre](<https://spectreattack.com/>).\n\n### Description\n\n**Note: This Vulnerability Note is the product of ongoing analysis and represents our best knowledge as of the most recent revision. As a result, the content may change as our understanding of the issues develops.**\n\nCPU hardware implementations are vulnerable to side-channel attacks referred to as [Meltdown](<https://meltdownattack.com/>) and [Spectre](<https://spectreattack.com/>). Both Spectre and Meltdown take advantage of the ability to extract information from instructions that have executed on a CPU using the CPU cache as a side-channel. These attacks are described in detail by [Google Project Zero](<https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html>), the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz) and Anders Fogh. The issues are organized into three variants: \n\n\n * Variant 1 (CVE-2017-5753, [Spectre](<https://spectreattack.com/spectre.pdf>)): Bounds check bypass\n * Variant 2 (CVE-2017-5715, also [Spectre](<https://spectreattack.com/spectre.pdf>)): Branch target injection[](<https://spectreattack.com/spectre.pdf>)\n * Variant 3 (CVE-2017-5754, [Meltdown](<https://meltdownattack.com/meltdown.pdf>)): Rogue data cache load, memory access permission check performed after kernel memory read\n \n**Spectre** \n \nSpectre attacks take advantage of a CPU's branch prediction capabilities. Modern CPUs include a feature called branch prediction, which speculatively executes instructions at a location that the CPU believes it will branch to. Such speculative execution helps to more fully utilize the parts of the CPU, minimizing the time waiting, and therefore improving performance. When a branch is successfully predicted, instructions will retire, which means the outcomes of the instructions such as register and memory writes will be committed. If a branch is mispredicted, the speculatively-executed instructions will be discarded, and the direct side-effects of the instructions are undone. What is not undone are the indirect side-effects, such as CPU cache changes. By measuring latency of memory access operations, the cache can be used to extract values from speculatively-executed instructions. \n \nWith Spectre variant 1 (CVE-2017-5753), the instructions after a conditional branch are speculatively executed as the result of a misprediction. With Spectre variant 2 (CVE-2017-5715), the CPU executes instructions at a location determined by a mispredicted branch target. \n \nWith both variants of the Spectre attack, the impact is that a process may leak sensitive data to other processes on a system. Spectre may also allow one part of an application to access other parts of the same process memory space that would otherwise not be permitted. \n \nWhile the Spectre attack itself does not cross a user/kernel memory privilege boundary, depending on the configuration of the target platform, the Spectre attack may indirectly allow a user-space application to access kernel memory. For example, the[ Project Zero blog post](<https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html>) describes a scenario that uses eBPF to exfiltrate kernel memory contents into user-space code. This is made possible because eBPF JIT allows for userspace applications to inject code that is executed in kernel space. While this code is verified by the kernel, eBPF-compliant code will be allowed to execute with kernel permissions. The exploit described by Project Zero leverages eBPF to execute the Spectre attack in kernel space, while exfiltrating the data to user space. It is possible that other technologies that allow in-kernel code execution may also possibly be leveraged to leak kernel memory using Spectre. \n \n**Meltdown** \n \nMeltdown is related to the Spectre attack in that it also uses a cache side channel to access data that otherwise wouldn't be available. The main difference is that it leverages out-of-order execution capabilities in modern CPUs. Like speculative execution due to branch prediction, as used by Spectre, out-of-order execution on a CPU is a technique for ensuring fullest utilization of the CPU's parts. Although instructions may appear sequentially in the machine language, a CPU that supports out-of-order execution may execute instructions in a non-sequential manner, which can minimize the time that a CPU spends idle. \n \nMeltdown leverages insecure behavior that has been demonstrated in Intel CPUs and may affect CPUs from other vendors. Vulnerable CPUs allow memory reads in out-of-order instruction execution, and also contain a race condition between the raising of exceptions and the out-of-order instruction execution. The Meltdown attack reads a kernel memory value, which raises an exception because code running with user-space privileges are not permitted to directly read kernel memory. However, due to the race condition, out-of-order instructions following the faulting instruction may also execute. Even though instructions appear after the faulting instruction, out-of-order execution allows them to execute, using data retrieved from the instruction that raises the exception. By the time the exception is raised, some number of out-of-order instructions have executed. Although the raised exception causes the CPU to roll back the out-of-order instructions, the cache state is not reverted. This allows data from out-of-order instructions to persist beyond the point when the exception has been raised. \n \nThe impact of Meltdown is that a process running in user space is able to view the contents of kernel memory. Meltdown may also allow Spectre-like memory content leaking that does not cross the user/kernel privilege boundary. \n \nThe Linux kernel mitigations for Meltdown are referred to as KAISER, and subsequently KPTI, which aim to improve separation of kernel and user memory pages. Because the Spectre attacks do not cross user/kernel boundaries, the protections introduced with KAISER/KPTI do not add any protection against them. \n \nThe following table compares Spectre and Meltdown. \n \n| ![](/icons/ecblank.gif)| **Spectre**| **Meltdown** \n---|---|--- \n**CPU mechanism for triggering**| Speculative execution from branch prediction| Out-of-order execution \n**Affected platforms**| CPUs that perform speculative execution from branch prediction| CPUs that allow memory reads in out-of-order instructions \n**Difficulty of successful attack**| High - Requires tailoring to the software environment of the victim process| Low - Kernel memory access exploit code is mostly universal \n**Impact**| Cross- and intra-process (including kernel) memory disclosure| Kernel memory disclosure to userspace \n**Software mitigations**| Variant 1: Compiler changes. Web browser updates to help prevent exploitation from JavaScript \nVariant 2: Indirect Branch Restricted Speculation ([IBRS](<https://lkml.org/lkml/2018/1/4/615>)). \n**Note: **The software mitigation for Spectre variant 2 requires CPU microcode updates| Kernel page-table isolation ([KPTI](<https://en.wikipedia.org/wiki/Kernel_page-table_isolation>)) \n \n### Impact\n\nAn attacker able to execute code with user privileges can achieve various impacts. The Meltdown attack allows reading of kernel memory from userspace. This can result in privilege escalation, disclosure of sensitive information, or it can weaken kernel-level protections, such as KASLR. The Spectre attack can allow inter-process or intra-process data leaks. \n \nTo execute code locally, an attacker would require a valid account or independent compromise of the target. Attacks using JavaScript in web browsers are possible. Multi-user and multi-tenant systems (including virtualized and cloud environments) likely face the greatest risk. Systems used to browse arbitrary web sites are also at risk. Single-user systems that do not readily provide a way for attackers to execute code locally face significantly lower risk. \n \n--- \n \n### Solution\n\n**Apply updates** \n \nOperating system, CPU microcode updates, and some application updates mitigate these attacks. Note that in many cases, the software fixes for these vulnerabilities will have a negative affect on system performance. Also note that Microsoft Windows systems [will no longer receive security updates](<https://doublepulsar.com/important-information-about-microsoft-meltdown-cpu-security-fixes-antivirus-vendors-and-you-a852ba0292ec>) via Windows Update if they are not running compliant anti-virus software. As with deploying any software updates, be sure to prioritize and test updates as necessary. \n \n**Consider CPU Options** \n \nInitial reports from the field indicate that overall system performance is impacted by many of the available patches for these vulnerabilities. Depending on the software workflow and the CPU capabilities present, the performance impact of software mitigations may be non-trivial and therefore may become an ongoing operational concern for some organizations. While we recognize that replacing existing CPUs in already deployed systems is not practical, organizations acquiring new systems should evaluate their CPU selection in light of the expected longevity of this vulnerability in available hardware as well as the performance impacts resulting from the various platform-specific software patches. Deployment contexts and performance requirements vary widely, and must be balanced by informed evaluation of the associated security risks. Contact your system vendor to determine if the CPU and operating system combination will experience a performance penalty due to software mitigations for these vulnerabilities. \n \n--- \n \n### Vendor Information \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nAmazon| | -| 05 Jan 2018 \nAMD| | -| 03 Jan 2018 \nAndroid Open Source Project| | -| 05 Jan 2018 \nApple| | -| 02 Feb 2018 \nArm| | -| 03 Jan 2018 \nCentOS| | -| 05 Jan 2018 \nCisco| | -| 05 Jan 2018 \nCitrix| | -| 05 Jan 2018 \nDebian GNU/Linux| | -| 05 Jan 2018 \nDell| | -| 08 Jan 2018 \nDragonFly BSD Project| | -| 08 Jan 2018 \nFedora Project| | -| 05 Jan 2018 \nFortinet, Inc.| | -| 05 Jan 2018 \nFreeBSD Project| | -| 05 Jan 2018 \nFujitsu| | -| 11 Jan 2018 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23584653 Vendor Status Inquiry>). \n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 4.4 | AV:L/AC:M/Au:S/C:C/I:N/A:N \nTemporal | 3.4 | E:POC/RL:OF/RC:C \nEnvironmental | 5.1 | CDP:ND/TD:H/CR:H/IR:ND/AR:ND \n \n### References\n\n * <https://meltdownattack.com/>\n * <https://meltdownattack.com/meltdown.pdf>\n * <https://spectreattack.com/>\n * <https://spectreattack.com/spectre.pdf>\n * <https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html>\n * <https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html>\n * <https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/>\n * <https://github.com/IAIK/KAISER>\n * <https://gruss.cc/files/kaiser.pdf>\n * <https://gruss.cc/files/prefetch.pdf>\n * <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5aa90a84589282b87666f92b6c3c917c8080a9bf>\n * <https://lkml.org/lkml/2017/12/27/2>\n * <https://lkml.org/lkml/2018/1/4/615>\n * <https://lwn.net/Articles/741878/>\n * <https://lwn.net/Articles/737940/>\n * <https://lwn.net/Articles/742702/>\n * <http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table>\n * <https://nakedsecurity.sophos.com/2018/01/03/fckwit-aka-kaiser-aka-kpti-intel-cpu-flaw-needs-low-level-os-patches/>\n * <https://en.wikipedia.org/wiki/Kernel_page-table_isolation>\n * <https://chrisam.net/2018/01/04/speculative-execution-side-channel-vulnerabilities-vendor-published-info/>\n * <https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/>\n * <https://doublepulsar.com/important-information-about-microsoft-meltdown-cpu-security-fixes-antivirus-vendors-and-you-a852ba0292ec>\n * [https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle;=true](<https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true>)\n * <https://github.com/iadgov/Spectre-and-Meltdown-Guidance>\n * <https://arxiv.org/abs/1802.03802>\n\n### Credit\n\nThese issues were researched and reported by researchers at Google Project Zero (Jann Horn) the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (Gruss et. al.), Paul Kocher, and Anders Fogh.\n\nThis document was written by Art Manion and Will Dormann.\n\n### Other Information\n\n * CVE IDs: [CVE-2017-5753](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5753>) [CVE-2017-5715](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5715>) [CVE-2017-5754](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5754>)\n * US-CERT Alert: [TA18-004A](<http://www.us-cert.gov/cas/techalerts/TA18-004A.html>)\n * Date Public: 03 Jan 2018\n * Date First Published: 03 Jan 2018\n * Date Last Updated: 23 Feb 2018\n * Document Revision: 219\n\n", "published": "2018-01-03T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.kb.cert.org/vuls/id/584653", "cvelist": ["CVE-2017-5753", "CVE-2017-5753", "CVE-2017-5753", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5754", "CVE-2017-5754", "CVE-2017-5715", "CVE-2017-5715", "CVE-2017-5715", "CVE-2017-5715"], "lastseen": "2018-02-23T23:36:19"}], "xen": [{"id": "XSA-254", "type": "xen", "title": "Information leak via side effects of speculative execution", "description": "#### ISSUE DESCRIPTION\nProcessors give the illusion of a sequence of instructions executed one-by-one. However, in order to most efficiently use cpu resources, modern superscalar processors actually begin executing many instructions in parallel. In cases where instructions depend on the result of previous instructions or checks which have not yet completed, execution happens based on guesses about what the outcome will be. If the guess is correct, execution has been sped up. If the guess is incorrect, partially-executed instructions are cancelled and architectural state changes (to registers, memory, and so on) reverted; but the whole process is no slower than if no guess had been made at all. This is sometimes called "speculative execution".\nUnfortunately, although architectural state is rolled back, there are other side effects, such as changes to TLB or cache state, which are not rolled back. These side effects can subsequently be detected by an attacker to determine information about what happened during the speculative execution phase. If an attacker can cause speculative execution to access sensitive memory areas, they may be able to infer what that sensitive memory contained.\nFurthermore, these guesses can often be 'poisoned', such that attacker can cause logic to reliably 'guess' the way the attacker chooses. This advisory discusses three ways to cause speculative execution to access sensitive memory areas (named here according to the discoverer's naming scheme):\nSP1, "Bounds-check bypass": Poison the branch predictor, such that operating system or hypervisor code is speculatively executed past boundary and security checks. This would allow an attacker to, for instance, cause speculative code in the normal hypercall / emulation path to execute with wild array indexes.\nSP2, "Branch Target Injection": Poison the branch predictor. Well-abstracted code often involves calling function pointers via indirect branches; reading these function pointers may involve a (slow) memory access, so the CPU attempts to guess where indirect branches will lead. Poisoning this enables an attacker to speculatively branch to any code that exists in the hypervisor.\nSP3, "Rogue Data Load": On some processors, certain pagetable permission checks only happen when the instruction is retired; effectively meaning that speculative execution is not subject to pagetable permission checks. On such processors, an attacker can speculatively execute arbitrary code in userspace with, effectively, the highest privilege level.\nMore information is available here: <a href=\"https://meltdownattack.com\">https://meltdownattack.com</a>/ <a href=\"https://spectreattack.com\">https://spectreattack.com</a>/\nAdditional Xen-specific background:\n64-bit Xen hypervisors on systems with less than 5TiB of RAM map all of physical RAM, so code speculatively executed in a hypervisor context can read all of system RAM.\nWhen running PV guests, the guest and the hypervisor share the address space; guest kernels run in a lower privilege level, and Xen runs in the highest privilege level. (HVM and PVH guests run in a separate address space to the hypervisor.) However, only 64-bit PV guests can generate addresses large enough to point to hypervisor memory.\n#### IMPACT\nXen guests may be able to infer the contents of arbitrary host memory, including memory assigned to other guests.\nAn attacker's choice of code to speculatively execute (and thus the ease of extracting useful information) goes up with the numbers. For SP1, or SP2 on systems where SMEP (supervisor mode execute protection) is enabled: an attacker is limited to windows of code after bound checks of user-supplied indexes. For SP2 without SMEP, or SP3, an attacker can write arbitrary code to speculatively execute.\nNOTE ON TIMING\nThis vulnerability was originally scheduled to be made public on 9 January. It was accelerated at the request of the discloser due to one of the issues being made public.\n#### VULNERABLE SYSTEMS\nSystems running all versions of Xen are affected.\nFor SP1 and SP2, both Intel and AMD are vulnerable.\nFor SP3, only Intel processors are vulnerable. Furthermore, only 64-bit PV guests can exploit SP3 against Xen. PVH and 32-bit PV guests cannot exploit SP3.\nWe believe that ARM is affected, but unfortunately due to the accelerated schedule, we haven't been able to get concrete input from ARM. We are asking ARM and will publish more information when it is available.\n", "published": "2018-01-03T22:29:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://xenbits.xen.org/xsa/advisory-254.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-04T02:51:08"}], "centos": [{"id": "CESA-2018:0008", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2018:0008\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-January/022701.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\n", "published": "2018-01-04T19:46:26", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2018-January/022701.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-06T12:59:39"}, {"id": "CESA-2018:0512", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2018:0512\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* hw: cpu: speculative execution branch target injection (s390-only) (CVE-2017-5715, Important)\n\n* hw: cpu: speculative execution bounds-check bypass (s390 and powerpc) (CVE-2017-5753, Important)\n\n* hw: cpu: speculative execution permission faults handling (powerpc-only) (CVE-2017-5754)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fixes:\n\n* If a fibre channel (FC) switch was powered down and then powered on again, the SCSI device driver stopped permanently the SCSI device's request queue. Consequently, the FC port login failed, leaving the port state as \"Bypassed\" instead of \"Online\", and users had to reboot the operating system. This update fixes the driver to avoid the permanent stop of the request queue. As a result, SCSI device now continues working as expected after power cycling the FC switch. (BZ#1519857)\n\n* Previously, on final close or unlink of a file, the find_get_pages() function in the memory management sometimes found no pages even if there were some pages left to save. Consequently, a kernel crash occurred when attempting to enter the unlink() function. This update fixes the find_get_pages() function in the memory management code to not return 0 too early. As a result, the kernel no longer crashes due to this behavior.(BZ#1527811)\n\n* Using IPsec connections under a heavy load could previously lead to a network performance degradation, especially when using the aesni-intel module. This update fixes the issue by making the cryptd queue length configurable so that it can be increased to prevent an overflow and packet drop. As a result, using IPsec under a heavy load no longer reduces network performance. (BZ#1527802)\n\n* Previously, a deadlock in the bnx2fc driver caused all adapters to block and the SCSI error handler to become unresponsive. As a result, data transferring through the adapter was sometimes blocked. This update fixes bnx2fc, and data transferring through the adapter is no longer blocked due to this behavior. (BZ#1523783)\n\n* If an NFSv3 client mounted a subdirectory of an exported file system, a directory entry to the mount hosting the export was incorrectly held even after clearing the cache. Consequently, attempts to unmount the subdirectory with the umount command failed with the EBUSY error. With this update, the underlying source code has been fixed, and the unmount operation now succeeds as expected in the described situation. (BZ#1535938)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs. The system must be rebooted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-March/022801.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\n", "published": "2018-03-14T14:47:28", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2018-March/022801.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-03-14T20:48:21"}, {"id": "CESA-2018:0007", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2018:0007\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-January/022696.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\n", "published": "2018-01-04T11:36:27", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2018-January/022696.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-06T13:02:30"}, {"id": "CESA-2018:0012", "type": "centos", "title": "microcode_ctl security update", "description": "**CentOS Errata and Security Advisory** CESA-2018:0012\n\n\nThe microcode_ctl packages provide microcode updates for Intel and AMD processors.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715)\n\nNote: This is the microcode counterpart of the CVE-2017-5715 kernel mitigation.\n\nRed Hat would like to thank Google Project Zero for reporting this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-January/022697.html\n\n**Affected packages:**\nmicrocode_ctl\n\n**Upstream details at:**\n", "published": "2018-01-04T11:40:52", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2018-January/022697.html", "cvelist": ["CVE-2017-5715"], "lastseen": "2018-01-06T13:02:39"}, {"id": "CESA-2018:0013", "type": "centos", "title": "microcode_ctl security update", "description": "**CentOS Errata and Security Advisory** CESA-2018:0013\n\n\nThe microcode_ctl packages provide microcode updates for Intel and AMD processors.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715)\n\nNote: This is the microcode counterpart of the CVE-2017-5715 kernel mitigation.\n\nRed Hat would like to thank Google Project Zero for reporting this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-January/022700.html\n\n**Affected packages:**\nmicrocode_ctl\n\n**Upstream details at:**\n", "published": "2018-01-04T19:41:20", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2018-January/022700.html", "cvelist": ["CVE-2017-5715"], "lastseen": "2018-01-06T13:00:10"}, {"id": "CESA-2018:0029", "type": "centos", "title": "libvirt security update", "description": "**CentOS Errata and Security Advisory** CESA-2018:0029\n\n\nThe libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715)\n\nNote: This is the libvirt side of the CVE-2017-5715 mitigation.\n\nRed Hat would like to thank Google Project Zero for reporting this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-January/022704.html\n\n**Affected packages:**\nlibvirt\nlibvirt-admin\nlibvirt-client\nlibvirt-daemon\nlibvirt-daemon-config-network\nlibvirt-daemon-config-nwfilter\nlibvirt-daemon-driver-interface\nlibvirt-daemon-driver-lxc\nlibvirt-daemon-driver-network\nlibvirt-daemon-driver-nodedev\nlibvirt-daemon-driver-nwfilter\nlibvirt-daemon-driver-qemu\nlibvirt-daemon-driver-secret\nlibvirt-daemon-driver-storage\nlibvirt-daemon-driver-storage-core\nlibvirt-daemon-driver-storage-disk\nlibvirt-daemon-driver-storage-gluster\nlibvirt-daemon-driver-storage-iscsi\nlibvirt-daemon-driver-storage-logical\nlibvirt-daemon-driver-storage-mpath\nlibvirt-daemon-driver-storage-rbd\nlibvirt-daemon-driver-storage-scsi\nlibvirt-daemon-kvm\nlibvirt-daemon-lxc\nlibvirt-devel\nlibvirt-docs\nlibvirt-libs\nlibvirt-lock-sanlock\nlibvirt-login-shell\nlibvirt-nss\n\n**Upstream details at:**\n", "published": "2018-01-04T21:10:02", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2018-January/022704.html", "cvelist": ["CVE-2017-5715"], "lastseen": "2018-01-06T13:02:19"}, {"id": "CESA-2018:0023", "type": "centos", "title": "qemu security update", "description": "**CentOS Errata and Security Advisory** CESA-2018:0023\n\n\nKernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715)\n\nNote: This is the qemu-kvm side of the CVE-2017-5715 mitigation.\n\nRed Hat would like to thank Google Project Zero for reporting this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-January/022705.html\n\n**Affected packages:**\nqemu-img\nqemu-kvm\nqemu-kvm-common\nqemu-kvm-tools\n\n**Upstream details at:**\n", "published": "2018-01-04T21:11:07", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2018-January/022705.html", "cvelist": ["CVE-2017-5715"], "lastseen": "2018-01-06T13:01:28"}, {"id": "CESA-2018:0094", "type": "centos", "title": "iwl100, iwl1000, iwl105, iwl135, iwl2000, iwl2030, iwl3160, iwl3945, iwl4965, iwl5000, iwl5150, iwl6000, iwl6000g2a, iwl6000g2b, iwl6050, iwl7260, iwl7265, linux security update", "description": "**CentOS Errata and Security Advisory** CESA-2018:0094\n\n\nThe linux-firmware packages contain all of the firmware files that are required by various devices to operate.\n\nThis update supersedes microcode provided by Red Hat with the CVE-2017-5715 (\u201cSpectre\u201d) CPU branch injection vulnerability mitigation. (Historically, Red Hat has provided updated microcode, developed by our microprocessor partners, as a customer convenience.) Further testing has uncovered problems with the microcode provided along with the \u201cSpectre\u201d mitigation that could lead to system instabilities. As a result, Red Hat is providing an microcode update that reverts to the last known good microcode version dated before 03 January 2018. Red Hat strongly recommends that customers contact their hardware provider for the latest microcode updates.\n\nIMPORTANT: Customers using Intel Skylake-, Broadwell-, and Haswell-based platforms must obtain and install updated microcode from their hardware vendor immediately. The \"Spectre\" mitigation requires both an updated kernel from Red Hat and updated microcode from your hardware vendor.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-January/022711.html\n\n**Affected packages:**\niwl100-firmware\niwl1000-firmware\niwl105-firmware\niwl135-firmware\niwl2000-firmware\niwl2030-firmware\niwl3160-firmware\niwl3945-firmware\niwl4965-firmware\niwl5000-firmware\niwl5150-firmware\niwl6000-firmware\niwl6000g2a-firmware\niwl6000g2b-firmware\niwl6050-firmware\niwl7260-firmware\niwl7265-firmware\nlinux-firmware\n\n**Upstream details at:**\n", "published": "2018-01-17T16:51:32", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2018-January/022711.html", "cvelist": ["CVE-2017-5715"], "lastseen": "2018-01-17T21:01:59"}, {"id": "CESA-2018:0014", "type": "centos", "title": "iwl100, iwl1000, iwl105, iwl135, iwl2000, iwl2030, iwl3160, iwl3945, iwl4965, iwl5000, iwl5150, iwl6000, iwl6000g2a, iwl6000g2b, iwl6050, iwl7260, iwl7265, linux security update", "description": "**CentOS Errata and Security Advisory** CESA-2018:0014\n\n\nThe linux-firmware packages contain all of the firmware files that are required by various devices to operate.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715)\n\nNote: This is the microcode counterpart of the CVE-2017-5715 kernel mitigation.\n\nRed Hat would like to thank Google Project Zero for reporting this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-January/022698.html\n\n**Affected packages:**\niwl100-firmware\niwl1000-firmware\niwl105-firmware\niwl135-firmware\niwl2000-firmware\niwl2030-firmware\niwl3160-firmware\niwl3945-firmware\niwl4965-firmware\niwl5000-firmware\niwl5150-firmware\niwl6000-firmware\niwl6000g2a-firmware\niwl6000g2b-firmware\niwl6050-firmware\niwl7260-firmware\niwl7265-firmware\nlinux-firmware\n\n**Upstream details at:**\n", "published": "2018-01-04T11:47:37", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2018-January/022698.html", "cvelist": ["CVE-2017-5715"], "lastseen": "2018-01-06T13:01:37"}, {"id": "CESA-2018:0030", "type": "centos", "title": "libvirt security update", "description": "**CentOS Errata and Security Advisory** CESA-2018:0030\n\n\nThe libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715)\n\nNote: This is the libvirt side of the CVE-2017-5715 mitigation.\n\nRed Hat would like to thank Google Project Zero for reporting this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-January/022703.html\n\n**Affected packages:**\nlibvirt\nlibvirt-client\nlibvirt-devel\nlibvirt-lock-sanlock\nlibvirt-python\n\n**Upstream details at:**\n", "published": "2018-01-04T19:54:04", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2018-January/022703.html", "cvelist": ["CVE-2017-5715"], "lastseen": "2018-01-06T12:59:43"}], "taosecurity": [{"id": "TAOSECURITY:37F5AF86E0886FC0FBDCCE15A1236586", "type": "taosecurity", "title": "Lies and More Lies", "description": "[![](https://2.bp.blogspot.com/-c4ZT0eWE-KQ/WmXzQf0mZCI/AAAAAAAArJ4/DSVzcNgJeSIGPDOmWlYsRI-vW0wJnJVPgCLcBGAs/s400/skyfall.png)](<https://2.bp.blogspot.com/-c4ZT0eWE-KQ/WmXzQf0mZCI/AAAAAAAArJ4/DSVzcNgJeSIGPDOmWlYsRI-vW0wJnJVPgCLcBGAs/s1600/skyfall.png>)\n\nFollowing the release of the Spectre and Meltdown CPU attacks, the security community wondered if other researchers would find related speculative attack problems. When [the following](<https://web.archive.org/web/20180118025523/https://skyfallattack.com/>) appeared, we were concerned: \n \n_\"Skyfall and Solace_ \n_ \n__More vulnerabilities in modern computers._ \n_ \n__Following the recent release of the Meltdown and Spectre vulnerabilities, CVE-2017-5175, CVE-2017-5753 and CVE-2017-5754, there has been considerable speculation as to whether all the issues described can be fully mitigated. _ \n_ \n__Skyfall and Solace are two speculative attacks based on the work highlighted by Meltdown and Spectre._ \n_ \n__Full details are still under embargo and will be published soon when chip manufacturers and Operating System vendors have prepared patches._ \n_ \n__Watch this space...\"_ \n \nIt turns out this was a hoax. The [latest version of the site](<https://web.archive.org/web/20180122141236/https://skyfallattack.com/>) says, in part: \n \n_\"With little more than a couple of quickly registered domain names, thousands of people were hooked..._ \n_ \n__Skyfall_ \n_ \n__The idea here was to suggest a link to Intel's Skylake processor._ \n_ \n__Solace_ \n_ \n__The idea here was to suggest a link to the Solaris operating system._ \n_ \n__Copy the styling of the original Meltdown and Spectre sites and add a couple of favicons based loosely on the Intel and Solaris logos and I was nearly done._ \n_ \n__The final step was to add on https, because if a site's got an SSL certificate it must be legitimate, and the bait was set.\"_ \n \nThe problem with this \"explanation\" is that it wasn't just a logo, domain name and SSL certificate. The \"security professional\" who created this site outright lied, as shown at the top of this post. Don't fall for his false narrative. \n \nI'm not naming names or linking to the sites here, because the person responsible already thinks he's too clever.\n\nCopyright 2003-2016 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)", "published": "2018-01-22T14:28:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://taosecurity.blogspot.com/2018/01/lies-and-more-lies.html", "cvelist": ["CVE-2017-5175", "CVE-2017-5753", "CVE-2017-5754"], "lastseen": "2018-02-28T10:51:09"}], "suse": [{"id": "SUSE-SU-2018:0113-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various\n security and bugfixes.\n\n This update is only provided as a fix update for IBM Z platform.\n\n - CVE-2017-5753 / "Spectre Attack": IBM Z fixes were included but not\n enabled in the previous update. This update enables those fixes.\n - CVE-2017-5715 / "Spectre Attack": IBM Z fixes were already included in\n the previous update. A bugfix for the patches has been applied on top.\n - CVE-2017-5754: The IBM Z architecture is not affected by the "Meltdown"\n attack.\n\n", "published": "2018-01-16T21:08:19", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00043.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-17T00:53:11"}, {"id": "SUSE-SU-2018:0131-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\n security and bugfixes.\n\n This update is only provided as a fix update for IBM Z platform.\n\n - CVE-2017-5753 / "Spectre Attack": IBM Z fixes were included but not\n enabled in the previous update. This update enables those fixes.\n - CVE-2017-5715 / "Spectre Attack": IBM Z fixes were already included in\n the previous update. A bugfix for the patches has been applied on top.\n - CVE-2017-5754: The IBM Z architecture is not affected by the "Meltdown"\n attack.\n\n", "published": "2018-01-18T15:10:57", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00046.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-18T18:53:15"}, {"id": "SUSE-SU-2018:0171-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive\n various security and bugfixes.\n\n This update is only provided as a fix update for IBM Z platform.\n\n - CVE-2017-5753 / "Spectre Attack": IBM Z fixes were included but not\n enabled in the previous update. This update enables those fixes.\n - CVE-2017-5715 / "Spectre Attack": IBM Z fixes were already included in\n the previous update. A bugfix for the patches has been applied on top.\n - CVE-2017-5754: The IBM Z architecture is not affected by the "Meltdown"\n attack.\n\n", "published": "2018-01-22T15:08:49", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00051.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-22T18:53:35"}, {"id": "SUSE-SU-2018:0114-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive\n various security and bugfixes.\n\n This update is only provided as a fix update for IBM Z platform.\n\n - CVE-2017-5753 / "Spectre Attack": IBM Z fixes were included but not\n enabled in the previous update. This update enables those fixes.\n - CVE-2017-5715 / "Spectre Attack": IBM Z fixes were already included in\n the previous update. A bugfix for the patches has been applied on top.\n - CVE-2017-5754: The IBM Z architecture is not affected by the "Meltdown"\n attack.\n\n", "published": "2018-01-16T21:08:59", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00044.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-17T00:53:11"}, {"id": "SUSE-SU-2018:0069-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\n security and bugfixes.\n\n This update is only provided as a fix update for IBM Z platform.\n\n - CVE-2017-5753 / "Spectre Attack": IBM Z fixes were included but not\n enabled in the previous update. This update enables those fixes.\n - CVE-2017-5715 / "Spectre Attack": IBM Z fixes were already included in\n the previous update. A bugfix for the patches has been applied on top.\n - CVE-2017-5754: The IBM Z architecture is not affected by the "Meltdown"\n attack.\n\n", "published": "2018-01-11T18:10:26", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00034.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-11T22:52:40"}, {"id": "OPENSUSE-SU-2018:0022-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.104 to receive various\n security and bugfixes.\n\n This update adds mitigations for various side channel attacks against\n modern CPUs that could disclose content of otherwise unreadable memory\n (bnc#1068032).\n\n - CVE-2017-5753 / "SpectreAttack": Local attackers on systems with modern\n CPUs featuring deep instruction pipelining could use attacker\n controllable speculative execution over code patterns in the Linux\n Kernel to leak content from otherwise not readable memory in the same\n address space, allowing retrieval of passwords, cryptographic keys and\n other secrets.\n\n This problem is mitigated by adding speculative fencing on affected code\n paths throughout the Linux kernel.\n\n\n - CVE-2017-5715 / "SpectreAttack": Local attackers on systems with modern\n CPUs featuring branch prediction could use mispredicted branches to\n speculatively execute code patterns that in turn could be made to leak\n other non-readable content in the same address space, an attack similar\n to CVE-2017-5753.\n\n This problem is mitigated by disabling predictive branches, depending\n on CPU architecture either by firmware updates and/or fixes in the\n user-kernel privilege boundaries.\n\n Please also check with your CPU / Hardware vendor on updated firmware\n or BIOS images regarding this issue.\n\n As this feature can have a performance impact, it can be disabled using\n the "nospec" kernel commandline option.\n\n\n - CVE-2017-5754 / "MeltdownAttack": Local attackers on systems with modern\n CPUs featuring deep instruction pipelining could use code patterns in\n userspace to speculative executive code that would read\n otherwise read protected memory, an attack similar to CVE-2017-5753.\n\n This problem is mitigated by unmapping the Linux Kernel from the user\n address space during user code execution, following a approach called\n "KAISER". The terms used here are "KAISER" / "Kernel Address Isolation"\n and "PTI" / "Page Table Isolation".\n\n Note that this is only done on affected platforms.\n\n This feature can be enabled / disabled by the "pti=[on|off|auto]" or\n "nopti" commandline options.\n\n\n The following security bugs were fixed:\n\n - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux\n kernel did not validate that the underlying cryptographic hash algorithm\n is unkeyed, allowing a local attacker able to use the AF_ALG-based hash\n interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm\n (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by\n executing a crafted sequence of system calls that encounter a missing\n SHA-3 initialization (bnc#1073874).\n - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did\n not correctly handle zero-length inputs, allowing a local attacker able\n to use the AF_ALG-based skcipher interface\n (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service\n (uninitialized-memory free and kernel crash) or have unspecified other\n impact by executing a crafted sequence of system calls that use the\n blkcipher_walk API. Both the generic implementation\n (crypto/salsa20_generic.c) and x86 implementation\n (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable\n (bnc#1073792).\n\n The following non-security bugs were fixed:\n\n - Add undefine _unique_build_ids (bsc#964063)\n - alsa: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds\n (bsc#1031717).\n - alsa: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines (bsc#1031717).\n - alsa: hda - Add mute led support for HP EliteBook 840 G3 (bsc#1031717).\n - alsa: hda - Add mute led support for HP ProBook 440 G4 (bsc#1031717).\n - alsa: hda - add support for docking station for HP 820 G2 (bsc#1031717).\n - alsa: hda - add support for docking station for HP 840 G3 (bsc#1031717).\n - alsa: hda - change the location for one mic on a Lenovo machine\n (bsc#1031717).\n - alsa: hda: Drop useless WARN_ON() (bsc#1031717).\n - alsa: hda - Fix click noises on Samsung Ativ Book 8 (bsc#1031717).\n - alsa: hda - fix headset mic detection issue on a Dell machine\n (bsc#1031717).\n - alsa: hda - fix headset mic problem for Dell machines with alc274\n (bsc#1031717).\n - alsa: hda - Fix headset microphone detection for ASUS N551 and N751\n (bsc#1031717).\n - alsa: hda - Fix mic regression by ASRock mobo fixup (bsc#1031717).\n - alsa: hda - Fix missing COEF init for ALC225/295/299 (bsc#1031717).\n - alsa: hda - Fix surround output pins for ASRock B150M mobo (bsc#1031717).\n - alsa: hda - On-board speaker fixup on ACER Veriton (bsc#1031717).\n - alsa: hda/realtek - Add ALC256 HP depop function (bsc#1031717).\n - alsa: hda/realtek - Add default procedure for suspend and resume state\n (bsc#1031717).\n - alsa: hda/realtek - Add support for Acer Aspire E5-475 headset mic\n (bsc#1031717).\n - alsa: hda/realtek - Add support for ALC1220 (bsc#1031717).\n - alsa: hda/realtek - Add support for headset MIC for ALC622 (bsc#1031717).\n - alsa: hda/realtek - ALC891 headset mode for Dell (bsc#1031717).\n - alsa: hda/realtek - change the location for one of two front microphones\n (bsc#1031717).\n - alsa: hda/realtek - Enable jack detection function for Intel ALC700\n (bsc#1031717).\n - alsa: hda/realtek - Fix ALC275 no sound issue (bsc#1031717).\n - alsa: hda/realtek - Fix Dell AIO LineOut issue (bsc#1031717).\n - alsa: hda/realtek - Fix headset and mic on several Asus laptops with\n ALC256 (bsc#1031717).\n - alsa: hda/realtek - Fix headset mic and speaker on Asus X441SA/X441UV\n (bsc#1031717).\n - alsa: hda/realtek - fix headset mic detection for MSI MS-B120\n (bsc#1031717).\n - alsa: hda/realtek - Fix headset mic on several Asus laptops with ALC255\n (bsc#1031717).\n - alsa: hda/realtek - Fix pincfg for Dell XPS 13 9370 (bsc#1031717).\n - alsa: hda/realtek - Fix speaker support for Asus AiO ZN270IE\n (bsc#1031717).\n - alsa: hda/realtek - Fix typo of pincfg for Dell quirk (bsc#1031717).\n - alsa: hda/realtek - New codec device ID for ALC1220 (bsc#1031717).\n - alsa: hda/realtek - New codecs support for ALC215/ALC285/ALC289\n (bsc#1031717).\n - alsa: hda/realtek - New codec support for ALC257 (bsc#1031717).\n - alsa: hda/realtek - New codec support of ALC1220 (bsc#1031717).\n - alsa: hda/realtek - No loopback on ALC225/ALC295 codec (bsc#1031717).\n - alsa: hda/realtek - Remove ALC285 device ID (bsc#1031717).\n - alsa: hda/realtek - Support Dell headset mode for ALC3271 (bsc#1031717).\n - alsa: hda/realtek - Support headset mode for ALC234/ALC274/ALC294\n (bsc#1031717).\n - alsa: hda/realtek - There is no loopback mixer in the ALC234/274/294\n (bsc#1031717).\n - alsa: hda/realtek - Update headset mode for ALC225 (bsc#1031717).\n - alsa: hda/realtek - Update headset mode for ALC298 (bsc#1031717).\n - alsa: hda - Skip Realtek SKU check for Lenovo machines (bsc#1031717).\n - alsa: pcm: prevent UAF in snd_pcm_info (bsc#1031717).\n - alsa: rawmidi: Avoid racy info ioctl via ctl device (bsc#1031717).\n - alsa: seq: Remove spurious WARN_ON() at timer check (bsc#1031717).\n - alsa: usb-audio: Add check return value for usb_string() (bsc#1031717).\n - alsa: usb-audio: Fix out-of-bound error (bsc#1031717).\n - alsa: usb-audio: Fix the missing ctl name suffix at parsing SU\n (bsc#1031717).\n - apei / ERST: Fix missing error handling in erst_reader() (bsc#1072556).\n - arm: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio\n (bnc#1012382).\n - arm: Hide finish_arch_post_lock_switch() from modules (bsc#1068032).\n - asoc: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure\n (bsc#1031717).\n - asoc: twl4030: fix child-node lookup (bsc#1031717).\n - asoc: wm_adsp: Fix validation of firmware and coeff lengths\n (bsc#1031717).\n - autofs: fix careless error in recent commit (bnc#1012382 bsc#1065180).\n - bcache: Fix building error on MIPS (bnc#1012382).\n - bnxt_en: Do not print "Link speed -1 no longer supported" messages\n (bsc#1070116).\n - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032).\n - btrfs: clear space cache inode generation always (bnc#1012382).\n - btrfs: embed extent_changeset::range_changed to the structure (dependent\n patch, bsc#1031395).\n - btrfs: qgroup: Fix qgroup reserved space underflow by only freeing\n reserved ranges (bsc#1031395).\n - btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered\n write and quotas being enabled (bsc#1031395).\n - btrfs: qgroup: Introduce extent changeset for qgroup reserve functions\n (dependent patch, bsc#1031395).\n - btrfs: qgroup: Return actually freed bytes for qgroup release or free\n data (bsc#1031395).\n - btrfs: qgroup-test: Fix backport error in qgroup selftest (just to make\n CONFIG_BTRFS_FS_RUN_SANITY_TESTS pass compile).\n - btrfs: ulist: make the finalization function public (dependent patch,\n bsc#1031395).\n - btrfs: ulist: rename ulist_fini to ulist_release (dependent patch,\n bsc#1031395).\n - carl9170: prevent speculative execution (bnc#1068032).\n - ceph: drop negative child dentries before try pruning inode's alias\n (bsc#1073525).\n - Check cmdline_find_option() retval properly and use boot_cpu_has().\n - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009).\n - cw1200: prevent speculative execution (bnc#1068032).\n - drm/radeon: fix atombios on big endian (bnc#1012382).\n - e1000e: Fix e1000_check_for_copper_link_ich8lan return value\n (bsc#1073809).\n - eeprom: at24: check at24_read/write arguments (bnc#1012382).\n - Fix unsed variable warning in has_unmovable_pages (bsc#1073868).\n - fs: prevent speculative execution (bnc#1068032).\n - genwqe: Take R/W permissions into account when dealing with memory pages\n (bsc#1073090).\n - ibmvnic: Include header descriptor support for ARP packets (bsc#1073912).\n - ibmvnic: Increase maximum number of RX/TX queues (bsc#1073912).\n - ibmvnic: Rename IBMVNIC_MAX_TX_QUEUES to IBMVNIC_MAX_QUEUES\n (bsc#1073912).\n - ib/uverbs: Fix command checking as part of ib_uverbs_ex_modify_qp()\n (FATE#321231 FATE#321473 FATE#322153 FATE#322149).\n - ip_gre: remove the incorrect mtu limit for ipgre tap (bsc#1022912\n FATE#321246).\n - ipv6: prevent speculative execution (bnc#1068032).\n - iw_cxgb4: fix misuse of integer variable (bsc#963897,FATE#320114).\n - iw_cxgb4: only insert drain cqes if wq is flushed (bsc#321658\n FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781).\n - iw_cxgb4: reflect the original WR opcode in drain cqes (bsc#321658\n FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781).\n - iw_cxgb4: when flushing, complete all wrs in a chain (bsc#321658\n FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781).\n - kabi fix for new hash_cred function (bsc#1012917).\n - kaiser: add "nokaiser" boot option, using ALTERNATIVE.\n - kaiser: align addition to x86/mm/Makefile.\n - kaiser: asm/tlbflush.h handle noPGE at lower level.\n - kaiser: cleanups while trying for gold link.\n - kaiser: disabled on Xen PV.\n - kaiser: do not set _PAGE_NX on pgd_none.\n - kaiser: drop is_atomic arg to kaiser_pagetable_walk().\n - kaiser: enhanced by kernel and user PCIDs.\n - kaiser: ENOMEM if kaiser_pagetable_walk() NULL.\n - kaiser: fix build and FIXME in alloc_ldt_struct().\n - kaiser: fix perf crashes.\n - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER.\n - kaiser: fix unlikely error in alloc_ldt_struct().\n - kaiser: KAISER depends on SMP.\n - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID.\n - kaiser: kaiser_remove_mapping() move along the pgd.\n - kaiser: Kernel Address Isolation.\n - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush.\n - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user.\n - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET.\n - kaiser: paranoid_entry pass cr3 need to paranoid_exit.\n - kaiser: PCID 0 for kernel and 128 for user.\n - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls.\n - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE.\n - kaiser: tidied up asm/kaiser.h somewhat.\n - kaiser: tidied up kaiser_add/remove_mapping slightly.\n - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush.\n - kaiser: vmstat show NR_KAISERTABLE as nr_overhead.\n - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user.\n - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032).\n - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032).\n - kvm: x86: Exit to user-mode on #UD intercept when emulator requires\n (bnc#1012382).\n - kvm: x86: inject exceptions produced by x86_decode_insn (bnc#1012382).\n - kvm: x86: pvclock: Handle first-time write to pvclock-page contains\n random junk (bnc#1012382).\n - locking/barriers: introduce new memory barrier gmb() (bnc#1068032).\n - mmc: core: Do not leave the block driver in a suspended state\n (bnc#1012382).\n - mm/mmu_context, sched/core: Fix mmu_context.h assumption (bsc#1068032).\n - mtd: nand: Fix writing mtdoops to nand flash (bnc#1012382).\n - netlink: add a start callback for starting a netlink dump (bnc#1012382).\n - net/mlx5e: DCBNL, Implement tc with ets type and zero bandwidth\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5e: Fix ETS BW check (bsc#966170 FATE#320225 bsc#966172\n FATE#320226).\n - net/mlx5: Fix error flow in CREATE_QP command (bsc#1015342 FATE#321688\n bsc#1015343 FATE#321689).\n - net: mpls: prevent speculative execution (bnc#1068032).\n - nfsd: Fix another OPEN stateid race (bnc#1012382).\n - nfsd: Fix stateid races between OPEN and CLOSE (bnc#1012382).\n - nfsd: Make init_open_stateid() a bit more whole (bnc#1012382).\n - nfs: improve shinking of access cache (bsc#1012917).\n - nfs: revalidate "." etc correctly on "open" (bsc#1068951).\n - nfs: revalidate "." etc correctly on "open" (git-fixes). Fix References:\n tag.\n - nfsv4: always set NFS_LOCK_LOST when a lock is lost (bsc#1068951).\n - nvme-fabrics: introduce init command check for a queue that is not alive\n (bsc#1072890).\n - nvme-fc: check if queue is ready in queue_rq (bsc#1072890).\n - nvme-fc: do not use bit masks for set/test_bit() numbers (bsc#1072890).\n - nvme-loop: check if queue is ready in queue_rq (bsc#1072890).\n - nvmet-fc: cleanup nvmet add_port/remove_port (bsc#1072890).\n - nvmet_fc: correct broken add_port (bsc#1072890).\n - p54: prevent speculative execution (bnc#1068032).\n - powerpc/barrier: add gmb.\n - powerpc: Secure memory rfi flush (bsc#1068032).\n - ptrace: Add a new thread access check (bsc#1068032).\n - qla2xxx: prevent speculative execution (bnc#1068032).\n - Revert "drm/radeon: dont switch vt on suspend" (bnc#1012382).\n - Revert "ipsec: Fix aborted xfrm policy dump crash" (kabi).\n - Revert "netlink: add a start callback for starting a netlink dump"\n (kabi).\n - s390: add ppa to system call and program check path (bsc#1068032).\n - s390: introduce CPU alternatives.\n - s390: introduce CPU alternatives (bsc#1068032).\n - s390/qeth: add missing hash table initializations (bnc#1072216,\n LTC#162173).\n - s390/qeth: fix early exit from error path (bnc#1072216, LTC#162173).\n - s390/qeth: fix thinko in IPv4 multicast address tracking (bnc#1072216,\n LTC#162173).\n - s390/spinlock: add gmb memory barrier\n - s390/spinlock: add gmb memory barrier (bsc#1068032).\n - s390/spinlock: add ppa to system call path Signoff the s390 patches.\n - sched/core: Add switch_mm_irqs_off() and use it in the scheduler\n (bsc#1068032).\n - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()\n (bsc#1068032).\n - sched/rt: Do not pull from current CPU if only one CPU to pull\n (bnc#1022476).\n - scsi_dh_alua: skip RTPG for devices only supporting active/optimized\n (bsc#1064311).\n - scsi: lpfc: correct sg_seg_cnt attribute min vs default (bsc#1072166).\n - scsi: qedi: Limit number for CQ queues (bsc#1072866).\n - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043).\n This is specific to FUJITSU ETERNUS_DX* targets. They can return\n "Illegal Request - Logical unit not supported" and processing should\n leave the timeout loop in this case.\n - scsi: ses: check return code from ses_recv_diag() (bsc#1039616).\n - scsi: ses: Fixup error message 'failed to get diagnostic page\n 0xffffffea' (bsc#1039616).\n - scsi: ses: Fix wrong page error (bsc#1039616).\n - scsi: ses: make page2 support optional (bsc#1039616).\n - sfc: pass valid pointers from efx_enqueue_unwind (bsc#1017967\n FATE#321663).\n - sunrpc: add auth_unix hash_cred() function (bsc#1012917).\n - sunrpc: add generic_auth hash_cred() function (bsc#1012917).\n - sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917).\n - sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917).\n - sunrpc: replace generic auth_cred hash with auth-specific function\n (bsc#1012917).\n - sunrpc: use supplimental groups in auth hash (bsc#1012917).\n - Thermal/int340x: prevent speculative execution (bnc#1068032).\n - udf: prevent speculative execution (bnc#1068032).\n - Update config files: enable KAISER.\n - usb: host: fix incorrect updating of offset (bsc#1047487).\n - userns: prevent speculative execution (bnc#1068032).\n - uvcvideo: prevent speculative execution (bnc#1068032).\n - vxlan: correctly handle ipv6.disable module parameter (bsc#1072962).\n - x86/boot: Add early cmdline parsing for options with arguments.\n - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032).\n - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032).\n - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature\n (bsc#1068032).\n - x86/CPU: Check speculation control CPUID bit (bsc#1068032).\n - x86/efi-bgrt: Replace early_memremap() with memremap() (bnc#1012382).\n - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032).\n - x86/entry: Add a function to overwrite the RSB (bsc#1068032).\n - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform\n (bsc#1068032).\n - x86/entry: Use IBRS on entry to kernel space (bsc#1068032).\n - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032).\n - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup\n (bsc#1068032).\n - x86/idle: Toggle IBRS when going idle (bsc#1068032).\n - x86/kaiser: Check boottime cmdline params.\n - x86/kaiser: Move feature detection up (bsc#1068032).\n - x86/kaiser: Reenable PARAVIRT.\n - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling.\n - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm\n (bsc#1068032).\n - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm\n (bsc#1068032).\n - x86/kvm: Flush IBP when switching VMs (bsc#1068032).\n - x86/kvm: Pad RSB on VM transition (bsc#1068032).\n - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032).\n - x86/mm/64: Fix reboot interaction with CR4.PCIDE (bsc#1068032).\n - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (bsc#1068032).\n - x86/mm: Add INVPCID helpers (bsc#1068032).\n - x86/mm: Add the 'nopcid' boot option to turn off PCID (bsc#1068032).\n - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (bsc#1068032).\n - x86/mm: Enable CR4.PCIDE on supported systems (bsc#1068032).\n - x86/mm: Fix INVPCID asm constraint (bsc#1068032).\n - x86/mm: If INVPCID is available, use it to flush global mappings\n (bsc#1068032).\n - x86/mm: Make flush_tlb_mm_range() more predictable (bsc#1068032).\n - x86/mm: Only set IBPB when the new thread cannot ptrace current thread\n (bsc#1068032).\n - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()\n (bsc#1068032).\n - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (bsc#1068032).\n - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP\n code (bsc#1068032).\n - x86/mm, sched/core: Turn off IRQs in switch_mm() (bsc#1068032).\n - x86/mm, sched/core: Uninline switch_mm() (bsc#1068032).\n - x86/mm: Set IBPB upon context switch (bsc#1068032).\n - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032).\n - x86/paravirt: Dont patch flush_tlb_single (bsc#1068032).\n - x86/spec: Add IBRS control functions (bsc#1068032).\n - x86/spec: Add "nospec" chicken bit (bsc#1068032).\n - x86/spec: Check CPUID direclty post microcode reload to support IBPB\n feature (bsc#1068032).\n - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032).\n - x86/spec_ctrl: Check whether IBPB is enabled before using it\n (bsc#1068032).\n - x86/spec_ctrl: Check whether IBRS is enabled before using it\n (bsc#1068032).\n - x86/svm: Add code to clear registers on VM exit (bsc#1068032).\n - x86/svm: Clobber the RSB on VM exit (bsc#1068032).\n - x86/svm: Set IBPB when running a different VCPU (bsc#1068032).\n - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032).\n\n", "published": "2018-01-05T12:06:40", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-17805", "CVE-2017-5715", "CVE-2017-17806"], "lastseen": "2018-01-05T14:51:02"}, {"id": "SUSE-SU-2018:0909-1", "type": "suse", "title": "Security update for xen (important)", "description": "This update for xen fixes the following issues:\n\n Update to Xen 4.7.5 bug fix only release (bsc#1027519)\n\n Security issues fixed:\n\n - CVE-2018-7540: Fixed DoS via non-preemptable L3/L4 pagetable freeing\n (XSA-252) (bsc#1080635)\n - CVE-2018-7541: A grant table v2 -> v1 transition may crash Xen (XSA-255)\n (bsc#1080662)\n - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 Fixed information leaks via\n side effects of speculative execution (XSA-254). Includes Spectre v2\n mitigation. (bsc#1074562)\n\n\n - Preserve xen-syms from xen-dbg.gz to allow processing vmcores with\n crash(1) (bsc#1087251)\n - Xen HVM: Fixed unchecked MSR access error (bsc#1072834)\n - Add script, udev rule and systemd service to watch for vcpu\n online/offline events in a HVM domU They are triggered via xl vcpu-set\n domU N (fate#324965)\n - Make sure tools and tools-domU require libs from the very same build\n\n", "published": "2018-04-10T18:07:40", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00009.html", "cvelist": ["CVE-2018-7540", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715", "CVE-2018-7541"], "lastseen": "2018-04-10T21:08:33"}, {"id": "SUSE-SU-2018:0010-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various\n security and bugfixes.\n\n This update adds mitigations for various side channel attacks against\n modern CPUs that could disclose content of otherwise unreadable memory\n (bnc#1068032).\n\n - CVE-2017-5753 / "SpectreAttack": Local attackers on systems with modern\n CPUs featuring deep instruction pipelining could use attacker\n controllable speculative execution over code patterns in the Linux\n Kernel to leak content from\n otherwise not readable memory in the same address space, allowing\n retrieval of passwords, cryptographic keys and other secrets.\n\n This problem is mitigated by adding speculative fencing on affected code\n paths throughout the Linux kernel.\n\n\n - CVE-2017-5715 / "SpectreAttack": Local attackers on systems with modern\n CPUs featuring branch prediction could use mispredicted branches to\n speculatively execute code patterns that in turn could be made to leak\n other non-readable content in the same address space, an attack similar\n to CVE-2017-5753.\n\n This problem is mitigated by disabling predictive branches, depending\n on CPU architecture either by firmware updates and/or fixes in the\n user-kernel privilege boundaries.\n\n Please also check with your CPU / Hardware vendor for available firmware\n or BIOS updates.\n\n As this feature can have a performance impact, it can be disabled using\n the "nospec" kernel commandline option.\n\n\n - CVE-2017-5754 / "MeltdownAttack": Local attackers on systems with modern\n CPUs featuring deep instruction pipelining could use code patterns in\n userspace to speculative executive code that would read\n otherwise read protected memory.\n\n This problem is mitigated by unmapping the Linux Kernel from the user\n address space during user code execution, following a approach called\n "KAISER". The terms used here are "KAISER" / "Kernel Address Isolation"\n and "PTI" / "Page Table Isolation".\n\n This is only enabled by default on affected architectures.\n\n This feature can be enabled / disabled by the "pti=[on|off|auto]" or\n "nopti" commandline options.\n\n\n The following security bugs were fixed:\n\n - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux\n kernel did not validate that the underlying cryptographic hash algorithm\n is unkeyed, allowing a local attacker able to use the AF_ALG-based hash\n interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm\n (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by\n executing a crafted sequence of system calls that encounter a missing\n SHA-3 initialization (bnc#1073874).\n - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did\n not correctly handle zero-length inputs, allowing a local attacker able\n to use the AF_ALG-based skcipher interface\n (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service\n (uninitialized-memory free and kernel crash) or have unspecified other\n impact by executing a crafted sequence\n of system calls that use the blkcipher_walk API. Both the generic\n implementation (crypto/salsa20_generic.c) and x86 implementation\n (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable\n (bnc#1073792).\n\n\n The following non-security bugs were fixed:\n\n - Add undefine _unique_build_ids (bsc#964063)\n - apei / ERST: Fix missing error handling in erst_reader() (bsc#1072556).\n - arm: Hide finish_arch_post_lock_switch() from modules (bsc#1068032).\n - autofs: fix careless error in recent commit (bnc#1012382 bsc#1065180).\n - bnxt_en: Do not print "Link speed -1 no longer supported" messages\n (bsc#1070116).\n - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032).\n - carl9170: prevent speculative execution (bnc#1068032).\n - ceph: drop negative child dentries before try pruning inode's alias\n (bsc#1073525).\n - Check cmdline_find_option() retval properly and use boot_cpu_has().\n - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009).\n - cw1200: prevent speculative execution (bnc#1068032).\n - e1000e: Fix e1000_check_for_copper_link_ich8lan return value\n (bsc#1073809).\n - Fix unsed variable warning in has_unmovable_pages (bsc#1073868).\n - fs: prevent speculative execution (bnc#1068032).\n - genwqe: Take R/W permissions into account when dealing with memory pages\n (bsc#1073090).\n - ibmvnic: Include header descriptor support for ARP packets (bsc#1073912).\n - ibmvnic: Increase maximum number of RX/TX queues (bsc#1073912).\n - ibmvnic: Rename IBMVNIC_MAX_TX_QUEUES to IBMVNIC_MAX_QUEUES\n (bsc#1073912).\n - ipv6: prevent speculative execution (bnc#1068032).\n - iw_cxgb4: fix misuse of integer variable (bsc#963897,FATE#320114).\n - iw_cxgb4: only insert drain cqes if wq is flushed (bsc#321658\n FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781).\n - kaiser: add "nokaiser" boot option, using ALTERNATIVE.\n - kaiser: align addition to x86/mm/Makefile.\n - kaiser: asm/tlbflush.h handle noPGE at lower level.\n - kaiser: cleanups while trying for gold link.\n - kaiser: disabled on Xen PV.\n - kaiser: do not set _PAGE_NX on pgd_none.\n - kaiser: drop is_atomic arg to kaiser_pagetable_walk().\n - kaiser: enhanced by kernel and user PCIDs.\n - kaiser: ENOMEM if kaiser_pagetable_walk() NULL.\n - kaiser: fix build and FIXME in alloc_ldt_struct().\n - kaiser: fix perf crashes.\n - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER.\n - kaiser: fix unlikely error in alloc_ldt_struct().\n - kaiser: KAISER depends on SMP.\n - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID.\n - kaiser: kaiser_remove_mapping() move along the pgd.\n - kaiser: Kernel Address Isolation.\n - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush.\n - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user.\n - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET.\n - kaiser: paranoid_entry pass cr3 need to paranoid_exit.\n - kaiser: PCID 0 for kernel and 128 for user.\n - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls.\n - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE.\n - kaiser: tidied up asm/kaiser.h somewhat.\n - kaiser: tidied up kaiser_add/remove_mapping slightly.\n - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush.\n - kaiser: vmstat show NR_KAISERTABLE as nr_overhead.\n - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user.\n - kvm: svm: Do not intercept new speculative control MSRs (bsc#1068032).\n - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032).\n - locking/barriers: introduce new memory barrier gmb() (bnc#1068032).\n - mm/mmu_context, sched/core: Fix mmu_context.h assumption (bsc#1068032).\n - net/mlx5e: DCBNL, Implement tc with ets type and zero bandwidth\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n - net: mpls: prevent speculative execution (bnc#1068032).\n - nfs: revalidate "." etc correctly on "open" (bsc#1068951).\n - nfs: revalidate "." etc correctly on "open" (git-fixes). Fix References:\n tag.\n - nfsv4: always set NFS_LOCK_LOST when a lock is lost (bsc#1068951).\n - nvme-fabrics: introduce init command check for a queue that is not alive\n (bsc#1072890).\n - nvme-fc: check if queue is ready in queue_rq (bsc#1072890).\n - nvme-fc: do not use bit masks for set/test_bit() numbers (bsc#1072890).\n - nvme-loop: check if queue is ready in queue_rq (bsc#1072890).\n - nvmet-fc: cleanup nvmet add_port/remove_port (bsc#1072890).\n - nvmet_fc: correct broken add_port (bsc#1072890).\n - p54: prevent speculative execution (bnc#1068032).\n - powerpc/barrier: add gmb.\n - powerpc: Secure memory rfi flush (bsc#1068032).\n - ptrace: Add a new thread access check (bsc#1068032).\n - qla2xxx: prevent speculative execution (bnc#1068032).\n - s390: add ppa to system call and program check path (bsc#1068032).\n - s390: introduce CPU alternatives (bsc#1068032).\n - s390/qeth: add missing hash table initializations (bnc#1072216,\n LTC#162173).\n - s390/qeth: fix early exit from error path (bnc#1072216, LTC#162173).\n - s390/qeth: fix thinko in IPv4 multicast address tracking (bnc#1072216,\n LTC#162173).\n - s390/spinlock: add gmb memory barrier (bsc#1068032).\n - sched/core: Add switch_mm_irqs_off() and use it in the scheduler\n (bsc#1068032).\n - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()\n (bsc#1068032).\n - scsi_dh_alua: skip RTPG for devices only supporting active/optimized\n (bsc#1064311).\n - scsi: lpfc: correct sg_seg_cnt attribute min vs default (bsc#1072166).\n - scsi: qedi: Limit number for CQ queues (bsc#1072866).\n - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043).\n This is specific to FUJITSU ETERNUS_DX* targets. They can return\n "Illegal Request - Logical unit not supported" and processing should\n leave the timeout loop in this case.\n - scsi: ses: check return code from ses_recv_diag() (bsc#1039616).\n - scsi: ses: Fixup error message 'failed to get diagnostic page\n 0xffffffea' (bsc#1039616).\n - scsi: ses: Fix wrong page error (bsc#1039616).\n - scsi: ses: make page2 support optional (bsc#1039616).\n - sfc: pass valid pointers from efx_enqueue_unwind (bsc#1017967\n FATE#321663).\n - thermal/int340x: prevent speculative execution (bnc#1068032).\n - udf: prevent speculative execution (bnc#1068032).\n - Update config files: enable KAISER.\n - usb: host: fix incorrect updating of offset (bsc#1047487).\n - userns: prevent speculative execution (bnc#1068032).\n - uvcvideo: prevent speculative execution (bnc#1068032).\n - vxlan: correctly handle ipv6.disable module parameter (bsc#1072962).\n - x86/boot: Add early cmdline parsing for options with arguments.\n - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032).\n - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032).\n - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature\n (bsc#1068032).\n - x86/CPU: Check speculation control CPUID bit (bsc#1068032).\n - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032).\n - x86/entry: Add a function to overwrite the RSB (bsc#1068032).\n - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform\n (bsc#1068032).\n - x86/entry: Use IBRS on entry to kernel space (bsc#1068032).\n - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032).\n - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup\n (bsc#1068032).\n - x86/idle: Toggle IBRS when going idle (bsc#1068032).\n - x86/kaiser: Check boottime cmdline params.\n - x86/kaiser: Move feature detection up (bsc#1068032).\n - x86/kaiser: Reenable PARAVIRT.\n - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling.\n - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm\n (bsc#1068032).\n - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm\n (bsc#1068032).\n - x86/kvm: Flush IBP when switching VMs (bsc#1068032).\n - x86/kvm: Pad RSB on VM transition (bsc#1068032).\n - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032).\n - x86/mm/64: Fix reboot interaction with CR4.PCIDE (bsc#1068032).\n - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (bsc#1068032).\n - x86/mm: Add INVPCID helpers (bsc#1068032).\n - x86/mm: Add the 'nopcid' boot option to turn off PCID (bsc#1068032).\n - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (bsc#1068032).\n - x86/mm: Enable CR4.PCIDE on supported systems (bsc#1068032).\n - x86/mm: Fix INVPCID asm constraint (bsc#1068032).\n - x86/mm: If INVPCID is available, use it to flush global mappings\n (bsc#1068032).\n - x86/mm: Make flush_tlb_mm_range() more predictable (bsc#1068032).\n - x86/mm: Only set IBPB when the new thread cannot ptrace current thread\n (bsc#1068032).\n - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()\n (bsc#1068032).\n - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (bsc#1068032).\n - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP\n code (bsc#1068032).\n - x86/mm, sched/core: Turn off IRQs in switch_mm() (bsc#1068032).\n - x86/mm, sched/core: Uninline switch_mm() (bsc#1068032).\n - x86/mm: Set IBPB upon context switch (bsc#1068032).\n - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032).\n - x86/paravirt: Dont patch flush_tlb_single (bsc#1068032).\n - x86/spec: Add IBRS control functions (bsc#1068032).\n - x86/spec: Add "nospec" chicken bit (bsc#1068032).\n - x86/spec: Check CPUID direclty post microcode reload to support IBPB\n feature (bsc#1068032).\n - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032).\n - x86/spec_ctrl: Check whether IBPB is enabled before using it\n (bsc#1068032).\n - x86/spec_ctrl: Check whether IBRS is enabled before using it\n (bsc#1068032).\n - x86/svm: Add code to clear registers on VM exit (bsc#1068032).\n - x86/svm: Clobber the RSB on VM exit (bsc#1068032).\n - x86/svm: Set IBPB when running a different VCPU (bsc#1068032).\n - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032).\n\n", "published": "2018-01-04T12:09:28", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-17805", "CVE-2017-5715", "CVE-2017-17806"], "lastseen": "2018-01-04T14:51:00"}, {"id": "SUSE-SU-2018:0012-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various\n security and bugfixes.\n\n This update adds mitigations for various side channel attacks against\n modern CPUs that could disclose content of otherwise unreadable memory\n (bnc#1068032).\n\n - CVE-2017-5753 / "Spec\u0102\u2026\u00c2\u00a7reAttack": Local attackers on systems with modern\n CPUs featuring deep instruction pipelining could use attacker\n controllable speculative execution over code patterns in the Linux\n Kernel to leak content from otherwise not readable memory in the same\n address space, allowing retrieval of passwords, cryptographic keys and\n other secrets.\n\n This problem is mitigated by adding speculative fencing on affected code\n paths throughout the Linux kernel.\n\n\n - CVE-2017-5715 / "SpectreAttack": Local attackers on systems with modern\n CPUs featuring branch prediction could use mispredicted branches to\n speculatively execute code patterns that in turn could be made to leak\n other non-readable content in the same address space, an attack similar\n to CVE-2017-5753.\n\n This problem is mitigated by disabling predictive branches, depending\n on CPU architecture either by firmware updates and/or fixes in the\n user-kernel privilege boundaries.\n\n Please also check with your CPU / Hardware vendor on updated firmware\n or BIOS images regarding this issue.\n\n As this feature can have a performance impact, it can be disabled using\n the "nospec" kernel commandline option.\n\n\n - CVE-2017-5754 / "MeltdownAttack": Local attackers on systems with modern\n CPUs featuring deep instruction pipelining could use code patterns in\n userspace to speculative executive code that would read\n otherwise read protected memory, an attack similar to CVE-2017-5753.\n\n This problem is mitigated by unmapping the Linux Kernel from the user\n address space during user code execution, following a approach called\n "KAISER". The terms used here are "KAISER" / "Kernel Address Isolation"\n and "PTI" / "Page Table Isolation".\n\n Note that this is only done on affected platforms.\n\n This feature can be enabled / disabled by the "pti=[on|off|auto]" or\n "nopti" commandline options.\n\n Also the following unrelated security bugs were fixed:\n\n - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux\n kernel did not validate that the underlying cryptographic hash algorithm\n is unkeyed, allowing a local attacker able to use the AF_ALG-based hash\n interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm\n (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by\n executing a crafted sequence of system calls that encounter a missing\n SHA-3 initialization (bnc#1073874).\n - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did\n not correctly handle zero-length inputs, allowing a local attacker able\n to use the AF_ALG-based skcipher interface\n (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service\n (uninitialized-memory free and kernel crash) or have unspecified other\n impact by executing a crafted sequence of system calls that use the\n blkcipher_walk API. Both the generic implementation\n (crypto/salsa20_generic.c) and x86 implementation\n (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable\n (bnc#1073792).\n\n The following non-security bugs were fixed:\n\n - Add undefine _unique_build_ids (bsc#964063)\n - Always sign validate_negotiate_info reqs (bsc#1071009, fate#324404).\n - apei / ERST: Fix missing error handling in erst_reader() (bsc#1072556).\n - arm: Hide finish_arch_post_lock_switch() from modules (bsc#1068032).\n - autofs: fix careless error in recent commit (bnc#1012382 bsc#1065180).\n - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032).\n - carl9170: prevent speculative execution (bnc#1068032).\n - Check cmdline_find_option() retval properly and use boot_cpu_has().\n - cw1200: prevent speculative execution (bnc#1068032).\n - e1000e: Avoid receiver overrun interrupt bursts (bsc#969470 FATE#319819).\n - e1000e: Fix e1000_check_for_copper_link_ich8lan return value\n (bsc#1073809).\n - Fix leak of validate_negotiate_info resp (bsc#1071009, fate#324404).\n - Fix NULL pointer deref in SMB2_tcon() (bsc#1071009, fate#324404).\n - Fix validate_negotiate_info uninitialized mem (bsc#1071009, fate#324404).\n - fs: prevent speculative execution (bnc#1068032).\n - genwqe: Take R/W permissions into account when dealing with memory pages\n (bsc#1073090).\n - ibmvnic: Include header descriptor support for ARP packets (bsc#1073912).\n - ibmvnic: Increase maximum number of RX/TX queues (bsc#1073912).\n - ibmvnic: Rename IBMVNIC_MAX_TX_QUEUES to IBMVNIC_MAX_QUEUES\n (bsc#1073912).\n - ipv6: prevent speculative execution (bnc#1068032).\n - kaiser: add "nokaiser" boot option, using ALTERNATIVE.\n - kaiser: align addition to x86/mm/Makefile.\n - kaiser: asm/tlbflush.h handle noPGE at lower level.\n - kaiser: cleanups while trying for gold link.\n - kaiser: Disable on Xen PV.\n - kaiser: do not set _PAGE_NX on pgd_none.\n - kaiser: drop is_atomic arg to kaiser_pagetable_walk().\n - kaiser: enhanced by kernel and user PCIDs.\n - kaiser: ENOMEM if kaiser_pagetable_walk() NULL.\n - kaiser: fix build and FIXME in alloc_ldt_struct().\n - kaiser: fix perf crashes.\n - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER.\n - kaiser: fix unlikely error in alloc_ldt_struct().\n - kaiser: KAISER depends on SMP.\n - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID.\n - kaiser: kaiser_remove_mapping() move along the pgd.\n - kaiser: Kernel Address Isolation.\n - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush.\n - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user.\n - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET.\n - kaiser: paranoid_entry pass cr3 need to paranoid_exit.\n - kaiser: PCID 0 for kernel and 128 for user.\n - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls.\n - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE.\n - kaiser: tidied up asm/kaiser.h somewhat.\n - kaiser: tidied up kaiser_add/remove_mapping slightly.\n - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush.\n - kaiser: vmstat show NR_KAISERTABLE as nr_overhead.\n - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user.\n - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032).\n - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032).\n - locking/barriers: introduce new memory barrier gmb() (bnc#1068032).\n - mm/mmu_context, sched/core: Fix mmu_context.h assumption (bsc#1068032).\n - net: mpls: prevent speculative execution (bnc#1068032).\n - nfs: revalidate "." etc correctly on "open" (bsc#1068951).\n - nfs: revalidate "." etc correctly on "open" (git-fixes). Fix References\n tag.\n - nfsv4: always set NFS_LOCK_LOST when a lock is lost (bsc#1068951).\n - p54: prevent speculative execution (bnc#1068032).\n - powerpc/barrier: add gmb.\n - powerpc: Secure memory rfi flush (bsc#1068032).\n - ptrace: Add a new thread access check (bsc#1068032).\n - qla2xxx: prevent speculative execution (bnc#1068032).\n - Redo encryption backport to fix pkt signing (bsc#1071009, fate#324404).\n - s390: add ppa to system call and program check path (bsc#1068032).\n - s390: introduce CPU alternatives.\n - s390: introduce CPU alternatives (bsc#1068032).\n - s390/spinlock: add gmb memory barrier\n - s390/spinlock: add gmb memory barrier (bsc#1068032).\n - s390/spinlock: add ppa to system call path Signoff the s390 patches.\n - sched/core: Add switch_mm_irqs_off() and use it in the scheduler\n (bsc#1068032).\n - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()\n (bsc#1068032).\n - scsi_dh_alua: skip RTPG for devices only supporting active/optimized\n (bsc#1064311).\n - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043).\n This is specific to FUJITSU ETERNUS_DX* targets. They can return\n "Illegal Request - Logical unit not supported" and processing should\n leave the timeout loop in this case.\n - scsi: ses: check return code from ses_recv_diag() (bsc#1039616).\n - scsi: ses: Fixup error message 'failed to get diagnostic page\n 0xffffffea' (bsc#1039616).\n - scsi: ses: Fix wrong page error (bsc#1039616).\n - scsi: ses: make page2 support optional (bsc#1039616).\n - Thermal/int340x: prevent speculative execution (bnc#1068032).\n - udf: prevent speculative execution (bnc#1068032).\n - Update config files: enable KAISER.\n - usb: host: fix incorrect updating of offset (bsc#1047487).\n - userns: prevent speculative execution (bnc#1068032).\n - uvcvideo: prevent speculative execution (bnc#1068032).\n - vxlan: correctly handle ipv6.disable module parameter (bsc#1072962).\n - x86/boot: Add early cmdline parsing for options with arguments.\n - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032).\n - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032).\n - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature\n (bsc#1068032).\n - x86/CPU: Check speculation control CPUID bit (bsc#1068032).\n - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032).\n - x86/entry: Add a function to overwrite the RSB (bsc#1068032).\n - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform\n (bsc#1068032).\n - x86/entry: Use IBRS on entry to kernel space (bsc#1068032).\n - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032).\n - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup\n (bsc#1068032).\n - x86/idle: Toggle IBRS when going idle (bsc#1068032).\n - x86/kaiser: Check boottime cmdline params.\n - x86/kaiser: Move feature detection up (bsc#1068032).\n - x86/kaiser: Reenable PARAVIRT.\n - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling.\n - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm\n (bsc#1068032).\n - x86/kvm: Flush IBP when switching VMs (bsc#1068032).\n - x86/kvm: Pad RSB on VM transition (bsc#1068032).\n - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032).\n - x86/mm/64: Fix reboot interaction with CR4.PCIDE (bsc#1068032).\n - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (bsc#1068032).\n - x86/mm: Add INVPCID helpers (bsc#1068032).\n - x86/mm: Add the 'nopcid' boot option to turn off PCID (bsc#1068032).\n - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (bsc#1068032).\n - x86/mm: Enable CR4.PCIDE on supported systems (bsc#1068032).\n - x86/mm: Fix INVPCID asm constraint (bsc#1068032).\n - x86/mm: If INVPCID is available, use it to flush global mappings\n (bsc#1068032).\n - x86/mm: Make flush_tlb_mm_range() more predictable (bsc#1068032).\n - x86/mm: Only set IBPB when the new thread cannot ptrace current thread\n (bsc#1068032).\n - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()\n (bsc#1068032).\n - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (bsc#1068032).\n - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP\n code (bsc#1068032).\n - x86/mm, sched/core: Turn off IRQs in switch_mm() (bsc#1068032).\n - x86/mm, sched/core: Uninline switch_mm() (bsc#1068032).\n - x86/mm: Set IBPB upon context switch (bsc#1068032).\n - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032).\n - x86/paravirt: Dont patch flush_tlb_single (bsc#1068032).\n - x86/spec: Add IBRS control functions (bsc#1068032).\n - x86/spec: Add "nospec" chicken bit (bsc#1068032).\n - x86/spec: Check CPUID direclty post microcode reload to support IBPB\n feature (bsc#1068032).\n - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032).\n - x86/spec_ctrl: Check whether IBPB is enabled before using it\n (bsc#1068032).\n - x86/spec_ctrl: Check whether IBRS is enabled before using it\n (bsc#1068032).\n - x86/svm: Add code to clear registers on VM exit (bsc#1068032).\n - x86/svm: Clobber the RSB on VM exit (bsc#1068032).\n - x86/svm: Set IBPB when running a different VCPU (bsc#1068032).\n - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032).\n\n", "published": "2018-01-04T12:19:21", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-17805", "CVE-2017-5715", "CVE-2017-17806"], "lastseen": "2018-01-04T14:51:00"}, {"id": "OPENSUSE-SU-2018:0026-1", "type": "suse", "title": "Security update for kernel-firmware (important)", "description": "This update for kernel-firmware fixes the following issues:\n\n - Add microcode_amd_fam17h.bin (bsc#1068032 CVE-2017-5715)\n\n This new firmware disables branch prediction on AMD family 17h processor\n to mitigate an attack on the branch predictor that could lead to\n information disclosure from e.g. kernel memory (bsc#1068032 CVE-2017-5715).\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "published": "2018-01-05T18:09:20", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00018.html", "cvelist": ["CVE-2017-5715"], "lastseen": "2018-01-05T20:51:08"}], "malwarebytes": [{"id": "MALWAREBYTES:C47D8F4321BF60FB315B6C46B47DF46F", "type": "malwarebytes", "title": "Meltdown and Spectre: what you need to know", "description": "**UPDATE **(as of 1/12/18)**: **Several vendors have produced patches for Meltdown and Spectre, however performance problems dog the fixes. Details on the patches** **[were published here](<https://blog.malwarebytes.com/cybercrime/exploits/2018/01/meltdown-and-spectre-fallout-patching-problems-persist/>).\n\n**UPDATE **(as of 1/04/18)**: **Since the Malwarebytes Database Update 1.0.3624, all Malwarebytes users are able to receive the Microsoft patch to mitigate Meltdown.\n\n### Overview\n\nIf you've been keeping up with computer news over the last few days, you might have heard about Meltdown and Spectre, and you might be wondering what they are and what they can do. Basically, Meltdown and Spectre are the names for multiple new vulnerabilities discovered and reported for numerous processors. Meltdown is a vulnerability for Intel processors while Spectre can be used to attack nearly all processor types.\n\nThe potential danger of an attack using these vulnerabilities includes being able to read \"secured\" memory belonging to a process. This can do things like reveal personally identifiable information, banking information, and of course usernames and passwords. For Meltdown, an actual malicious process needs to be running on the system to interact, while Spectre can be launched from the browser using a script.\n\nMicrosoft, Google, Mozilla, and other vendors have been releasing patches all day to help protect users from this vulnerability. Some of the updates from Microsoft may negatively interact with certain antivirus solutions. However, Malwarebytes is completely compatible with our latest database update. The best thing to do to protect yourself is to update your browsers and your operating system with these patches as soon as you see an update available.\n\nFor a quick guide on how to protect yourself from this threat, please check out \"[Meltdown and Spectre Vulnerabilities - what you should do to protect your computer](<https://support.malwarebytes.com/docs/DOC-2297>)\" on the Malwarebytes support knowledge base.\n\n### Details\n\nThe Google Project Zero team, in collaboration with other academic researchers, has published information about three variants of a hardware bug with important ramifications. These variants\u2014branch target injection ([CVE-2017-5715](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715>)), bounds check bypass ([CVE-2017-5753](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753>)), and rogue data cache load ([CVE-2017-5754](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754>))\u2014affect _all modern processors_.\n\nIf you're wondering if you could be impacted, the answer is most certainly yes.\n\nThe vulnerabilities, named [Meltdown](<https://meltdownattack.com/meltdown.pdf>) and [Spectre](<https://spectreattack.com/spectre.pdf>), are particularly nasty, since they take place at a low level on the system, which makes them hard to find and hard to fix.\n\nModern computer architecture isolates user applications and the operating system, which helps to prevent unauthorized reading or writing to the system\u2019s memory. Similarly, this design prevents programs from accessing memory used by other programs. What Meltdown and Spectre do is bypass those security measures, therefore opening countless possibilities for exploitation.\n\nThe core issue stems from a design flaw that allows attackers access to memory contents from any device, be it desktop, smart phone, or cloud server, exposing passwords and other sensitive data. The flaw in question is tied to what is called [speculative execution](<https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/>), which happens when a processor guesses the next operations to perform based on previously cached iterations.\n\nThe Meltdown variant only impacts Intel CPUs, whereas the second set of Spectre variants_ _impacts all vendors of CPUs with support of speculative execution. This includes most CPUs produced during the last 15 years from Intel, AMD, ARM, and IBM.\n\nIt is not known whether threat actors are currently using these bugs. Although due to their implementation, it might be impossible to find out, as [confirmed by the vulnerability researchers:](<https://meltdownattack.com>)\n\n> _Can I detect if someone has exploited Meltdown or Spectre against me? \n_Probably not. The exploitation does not leave any traces in traditional log files.\n\nWhile there are no attacks reported in the wild as of yet, several Proof of Concepts have been made available, including this video that [shows a memory extraction (using a non-disclosed POC)](<https://youtu.be/bReA1dvGJ6Y>). This is particularly damaging because 1. There aren't many options for protection currently and 2. as previously stated, even if threat actors do spring to action, it might be impossible to verify if that's the case. \n\n### Mitigations\n\nBecause the Meltdown and Spectre variants are hardware vulnerabilities, deploying security programs or adopting safer surfing habits will do little to protect against potential attack. However, a patch for the Meltdown variant has already been rolled out on [Linux](<https://lkml.org/lkml/2017/12/4/709>), [macOS](<https://twitter.com/aionescu/status/948609809540046849>), and [all supported versions of Windows.](<https://twitter.com/aionescu/status/930412525111296000>)\n\nAccording to our telemetry, most Malwarebytes users are already able to receive the latest Microsoft update. However, we are working to ensure that our entire user base has access to the patch.\n\nUnfortunately, Microsoft's fix comes with significant impact on performance, although estimates of how much vary greatly. An [advisory from Microsoft](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180002>) recommends users to:\n\n 1. Keep computers up to date.\n 2. Install the applicable firmware update provided by OEM device manufacturers.\n\nIf you are having issues getting the Windows update, please refer to [this article](<https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released>), as Microsoft has stated some possible incompatibility issues with certain security software.\n\nNo software patch for Spectre is available at the time of this article. Partial hardening and [mitigations](<https://reviews.llvm.org/D41723>) are being worked on, but they are unlikely to be published soon.\n\nThe Spectre bug can be exploited via JavaScript and WebAssembly, which makes it even more critical. It is therefore recommended to apply some countermeasures such as [Site Isolation in Chrome](<https://support.google.com/chrome/answer/7623121?hl=en-GB>). Mozilla is rolling out a Firefox patch [to mitigate the issue while working on a long-term solution](<https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/>). Microsoft is taking similar action for [Edge and Internet Explorer](<https://blogs.windows.com/msedgedev/2018/01/03/speculative-execution-mitigations-microsoft-edge-internet-explorer/>).\n\nCloud providers ([Amazon](<https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/>), [Online.net](<https://blog.online.net/2018/01/03/important-note-about-the-security-flaw-impacting-arm-intel-hardware/>), [DigitalOcean](<https://blog.digitalocean.com/a-message-about-intel-security-findings/>)) also rushed to issue emergency notifications to their customers for upcoming downtimes in order to prevent situations where code from the hypervisor could be leaked from a virtual machine, for example.\n\nThe aftermath from these bugs is far from being completely understood, so please check back on this blog for further updates.\n\nVendor advisories:\n\n * Intel: <https://newsroom.intel.com/news/intel-responds-to-security-research-findings/>\n * AMD: <http://www.amd.com/en/corporate/speculative-execution>\n * ARM: <https://developer.arm.com/support/security-update>\n\nThe post [Meltdown and Spectre: what you need to know](<https://blog.malwarebytes.com/security-world/2018/01/meltdown-and-spectre-what-you-need-to-know/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "published": "2018-01-04T15:53:24", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://blog.malwarebytes.com/security-world/2018/01/meltdown-and-spectre-what-you-need-to-know/", "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "lastseen": "2018-01-12T17:57:53"}, {"id": "MALWAREBYTES:3DDE32E41BE8356C194673EE3ED7FDBE", "type": "malwarebytes", "title": "Meltdown and Spectre fallout: patching problems persist", "description": "Last week, the disclosure by multiple teams [from Graz and Pennsylvania University, Rambus, Data61, Cyberus Technology](<https://github.com/IAIK/meltdown>), and [Google Project Zero](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1272>) of vulnerabilities under the aliases Meltdown and Spectre rocked the security world, sending vendors scurrying to create patches, if at all possible, and laying bare a design flaw in nearly all modern processors.\n\nThe fallout from these revelations continues to take shape, as new information on the vulnerabilities and the difficulties with patching them comes to light daily. In the days since Meltdown and Spectre have been made public, we've tracked which elements of the design flaw, known as speculative execution, are vulnerable and how different vendors are handling the patching process. By examining the applied patches' impact against one of our own products, Adwcleaner, we found that they are, indeed, causing increases in CPU usage, which could result in higher costs for individuals billed by Cloud providers accordingly.\n\n### What is speculative execution?\n\nSpeculative execution is an effective optimization technique used by most modern processors to determine where code is likely to go next. Hence, when it encounters a conditional branch instruction, the processor makes a guess for which branch might be executed based on the previous branches' processing history. It then _speculatively_ executes instructions until the original condition is known to be true or false. If the latter, the pending instructions are abandoned, and the processor reloads its state based on what it determines to be the correct execution path.\n\nThe issue with this behaviour and the way it's currently implemented in numerous chips is that when the processor makes a wrong guess, it has already _speculatively_ executed a few instructions. These are saved in cache, even if they are from the invalid branch. Spectre and Meltdown take advantage of this situation by comparing the loading time of two variables, determining if one has been loaded during the speculative execution, and deducing its value.\n\nAs explained [in our post last week](<https://blog.malwarebytes.com/security-world/2018/01/meltdown-and-spectre-what-you-need-to-know/>), the potential danger of an attack using these vulnerabilities includes being able to read \u201csecured\u201d memory belonging to a process. This can do things like reveal personally identifiable information, banking information, and of course usernames and passwords. On cloud environment, these vulnerabilities allow extracting data from the host and other VMs.\n\n### Example of speculative execution\n\nUsing the [Project Zero example](<https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html>) below, the process will evaluate the condition _if(untrusted_offset_from_caller < arr1->length)_ at a later time, and start a speculative execution of both branches, leading to two different _index2_ values. This example corresponds to variant 1 of Spectre ([CVE-2017-5753)](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753>) and works on most Intel, AMD, ARM, and IBM CPUs.\n \n \n struct array {\n unsigned long length;\n unsigned char data[];\n };\n struct array *arr1 = ...; /* small array */\n struct array *arr2 = ...; /* array of size 0x400 */\n /* >0x400 (OUT OF BOUNDS!) */\n unsigned long untrusted_offset_from_caller = ...;\n if (untrusted_offset_from_caller < arr1->length) {\n unsigned char value = arr1->data[untrusted_offset_from_caller];\n unsigned long index2 = ((value&1)*0x100)+0x200;\n if (index2 < arr2->length) {\n unsigned char value2 = arr2->data[index2];\n }\n\nIf the processor predicts that the condition is true, _value_ will load:\n \n \n unsigned char value = arr1->data[untrusted_offset_from_caller];\n \n\nBased on _value_, it's possible to load _index2,_ which can be _0x200_ or _0x300_ due to the bitwise operation:\n \n \n unsigned long index2 = ((value&1)*0x100)+0x200;\n \n\nThe second condition is then executed and the last instruction loads _value2_ as _arr2->data[0x200]_ or _arr2->data[0x300]_.\n\nOnce the initial condition has been evaluated and the processor notices that the execution flow above is wrong, the value of _value2_ stays in the L1 cache. It's then possible to compare the loading time of _arr2->data[0x200]_ and _arr2->data[0x300]_, and deduce which one has been evaluated during the speculative execution. From there, it's easy to figure out related variables: Here the value of _arr1->data[untrusted_offset_from_caller] _is a value that shouldn't be possible to retrieve according to the expected code flow, since it allows to leak out-of-bound memory.\n\nIn order to exploit this behaviour, the code pattern above has to be present on the victim's machine. As detailed in [Jann Horn's writeup](<https://bugs.chromium.org/p/project-zero/issues/attachmentText?aid=287305>), a locally installed software, a JIT (Javascript is a particularly interesting candidate), or an interpreter (he used [eBPF](<https://lwn.net/Articles/740157/>)) meet the requirements.\n\n### Four variants\n\nWhile it was initially reported that Spectre and Meltdown correspond to three vulnerabilities**, four variants **actually exist:** \n**\n\n * _Spectre_: \n * Variant 1 - [CVE-2017-5753](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753>)\n * Variant 2 - [CVE-2017-5715](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715>)\n * _Meltdown_: \n * Variant 3 - [CVE-2017-5754](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754>)\n * Variant 3a - /\n\nVariants 1 and 2 of Spectre impact Intel, IBM, ARM, and AMD CPUs. Meltdown appears to be exclusive to Intel CPUs, and allows attackers to read privileged memory from an unprivileged context, still using the speculative execution feature. Its variant 3a [is exploitable](<https://github.com/lgeek/spec_poc_arm>) on a few ARM CPUs only.\n\nThe fact that these vulnerabilities impact the CPUs themselves make them difficult to patch. A software-only solution may bring important performance issues, as would a hardware-only fix. Thus, various hardware vendors have been working together in the past months working on fixes. However, while major players like Amazon and Microsoft got early access to the vulnerabilities reports, other providers did not. They discovered the vulnerabilities at the same time as the disclosure on January 3.\n\n### Vendors band together\n\nThose who weren't in on the secret [formed a task group](<https://twitter.com/scaleway/status/949014513487171585>) with other providers in order to exchange information and to pressure hardware manufacturers. Scaleway, OVH, Linode, Packet, Digital Ocean, Vultr, Nexcess, and prgmr.com have been part of it, later joined by Amazon, Tata Communications, and also parts of the RedHat and Ubuntu teams. On January 9, part of the researchers ([Moritz Lipp](<https://twitter.com/mlqxyz>), [Daniel Gruss](<https://twitter.com/lavados>), [Michael Schwarz](<https://twitter.com/misc0110>) from the Graz University of Technology) who discovered the vulnerabilities [also joined in.](<https://twitter.com/scaleway/status/950778120633765888>)\n\nSome Open-Source developers also [explained](<https://marc.info/?l=openbsd-tech&m=151521435721902&w=2>) that they had not received [any information](<http://lists.dragonflybsd.org/pipermail/users/2018-January/313758.html>) prior the public disclosure, but were actively working on providing patches.\n\n> We have received *no* non-public information. I've seen posts elsewhere by \nother *BSD people implying that they receive little or no prior warning, so \nI have no reason to believe this was specific to OpenBSD and/or our \nphilosophy.\n\nMitigations began to land upstream in the Linux kernel shortly after the public disclosure to address the vulnerabilities separately. Some require a hardware-vendor-issued microcode to be applied to the processor in order to make the software patch effective. Most of these patches are simply workarounds, however, to avoid making the CPU behave as explained above. We _may_ expect some hardware change in future generations of processors at some point, but there's no easy, quick fix for now.\n\n### Available patches for hardware and OSes\n\nThe upstream Linux patch for Meltdown (variants 3 and 3a) takes advantage of KPTI ([Kernel Page Table Isolation](<https://lwn.net/Articles/741878/>)) and [has been backported](<http://kroah.com/log/blog/2018/01/06/meltdown-status/>) to Linux 4.14, 4.9 and 4.4. It's is available in most distribution's official kernels. Debian [has shipped it](<https://security-tracker.debian.org/tracker/CVE-2017-5754>) in most releases, [as RedHat](<https://access.redhat.com/security/vulnerabilities/speculativeexecution>) has done. Ubuntu [published](<https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown>) theirs a few hours ago, although [some critical issues](<https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1741934>) have been discovered and quickly addressed. [Tails](<https://tails.boum.org/news/version_3.4/>) published an update, too. The patches for ARM64 haven't been merged yet but are expected to be merged later.\n\nVariant 1 (Spectre) requires changes to compilers behaviour and [Intel suggests adding LFENCE](<https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf>) (see _3.1 Bounds Check Bypass Mitigation; _other vendors have other suggestions) as a barrier to stop speculation in specific places. This means that the kernel and software has to be recompiled in order to avoid making the processor use the speculative execution when it's problematic. Again, although we may expect hardware changes in future generations of Intel chips, we can't expect this to happen for a long time.\n\nVariant 2 (also Spectre) requires both a microcode patch from CPU vendors and a patch from the kernel to leverage IBRS ([Indirect Branch Speculation Feature](<https://lwn.net/Articles/743019/>)), STIBP, and IBPB. Another suggestion called \"retpoline\" has been introduced by [Paul Turner from Google](<https://support.google.com/faqs/answer/7625886>) and is also being implemented in various compilers, including [GCC](<https://gcc.gnu.org/ml/gcc-patches/2018-01/msg00422.html>) and [LLVM](<https://reviews.llvm.org/D41723>), even though some questions [still remain](<https://lkml.org/lkml/2018/1/4/708>) about its efficiency on certain CPU models.\n\n**Vulnerability** | **(Linux) Software mitigation** | **Hardware mitigation** \n---|---|--- \n**Meltdown (3 & 3a) \n** | KPTI | Not needed \n**Spectre 1** | n/a | n/a \n**Spectre 2** | IBRS / Retpoline | Microcode \n \nProprietary vendors have also published several updates:\n\n * Apple addressed the two Meltdown variants [in iOS 11.2, macOS 10.13.2, and tvOS 11.2.](<https://support.apple.com/en-us/HT201222>) Spectre is being mitigated in iOS 11.2.2 and the macOS 10.13.2 Supplemental Update, even though only recompiled software are an effective mitigation for variant 1.\n * Google has included some mitigations for the three variants in its [Android Security Bulletin on January 5](<https://source.android.com/security/bulletin/2018-01-01>). Note that further mitigations are expected in next month's updates, especially a kernel with KPTI.\n\nRegarding Microsoft, the process has been bumpier. They've released various fixes for the platform, but made [several requirements](<https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software>) for the patches for Spectre and Meltdown to be effective:\n\n 1. If an antivirus solution is registered in the Windows Security Center, it needs to set the following registry key:\n \n \n \n Key=\"HKEY_LOCAL_MACHINE\" Subkey=\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\" Value=\"cadca5fe-87d3-4b96-b7fb-a231484277cc\" Type=\"REG_DWORD\u201d\n Data=\"0x00000000\u201d\n \n \n\nOnly then can the January Patch Tuesday patch be applied. Note that Malwarebytes users [have been able to successfully receive the patch since its publication](<https://blog.malwarebytes.com/security-world/2018/01/meltdown-and-spectre-what-you-need-to-know/>).\n\n2\\. As pointed out by [Kevin Beaumont](<https://doublepulsar.com/important-information-about-microsoft-meltdown-cpu-security-fixes-antivirus-vendors-and-you-a852ba0292ec>), a specific manipulation [must be done](<https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution>) on Windows Server to apply the patch and enable it. After creating the following keys and restarting the host, the mitigation should be in place:\n \n \n reg add \u201cHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management\u201d /v FeatureSettingsOverride /t REG_DWORD /d 0 /f\n reg add \u201cHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management\u201d /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f\n reg add \u201cHKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Virtualization\u201d /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d \u201c1.0\u201d /f\n \n\nA few moments later, users began to report computers running with AMD processors becoming unbootable after applying the patch. [Microsoft has stopped delivering the patch](<https://support.microsoft.com/en-us/help/4073707/windows-os-security-update-block-for-some-amd-based-devices>) to those configurations while working with AMD to find a solution.\n\n### Available software patches\n\nApart from hardware manufacturers and OS vendors, software editors have also been quick to mitigate the exploitation of Spectre. Browser vendors and virtualization solutions are particularly exposed to these vulnerabilities and have been the fastest to respond.\n\n * Xen published [an advisory](<https://xenbits.xen.org/xsa/advisory-254.html>) sharing details about the vulnerabilities in its hypervisor's scope alongside [a documentation page](<https://wiki.xenproject.org/wiki/Respond_to_Meltdown_and_Spectre>) explaining how to mitigate.\n * Mozilla [released Firefox 57.0.4](<https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/>) soon after publishing [an article](<https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/>) explaining how they managed to exploit Spectre remotely using Javascript and WebAssembly. This update makes time source less precise, thus making the exploitation a lot more unreliable while more in-depth fixes are engineered.\n * Google Chrome followed [shortly after](<https://www.chromium.org/Home/chromium-security/ssca>) with [an explanatory article](<https://webkit.org/blog/8048/what-spectre-and-meltdown-mean-for-webkit/>) about how Spectre could be exploited using WebKit's JavascriptCore and listing the upcoming mitigations in Webkit.\n\nNumerous Proof of Concepts have been published to demonstrate the exploitation of the different variants, from [reconstructing an image](<https://www.youtube.com/watch?v=L1N1P2zxaZE> \"\" ) to applying it [against a specifically-crafted Intel SGX enclave](<https://github.com/lsds/spectre-attack-sgx>). It's also possible to test if mitigations are in place: Microsoft [released a solution](<https://blogs.technet.microsoft.com/ralphkyttle/2018/01/05/verifying-spectre-meltdown-protections-remotely/>) that can be used remotely based on the new PowerShell [SpeculationControl](<https://www.powershellgallery.com/packages/SpeculationControl>) module, and [several solutions](<https://askubuntu.com/questions/992137/how-to-check-that-kpti-is-enabled-on-my-ubuntu/992186#992186>) are available on Linux-based OSes.\n\n### Patches impact on AdwCleaner's infrastructure\n\n_**Disclaimer**: The following is not a benchmark, but feedback based on what we have observed in our hardware environment and software stack. The observed behaviour is highly dependent on the workload, and there may be no changes observed in yours._\n\nAs part of our security process, we've applied fixes as soon as they were made available by our distributions and hosting providers. We were expecting some performance increase, especially on AdwCleaner storage backend, but it was hard to quantify.\n\n[![CPU load before and after KPTI patch on AdwCleaner storage backend.](https://blog.malwarebytes.com/wp-content/uploads/2018/01/cpu_kpti_adwc_backend-600x232.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/01/cpu_kpti_adwc_backend.png>)\n\nCPU load before and after KPTI patch on AdwCleaner storage backend.\n\nAfter applying the new Linux kernel with the KPTI backport, we've observed a 10 to 15 percent increase of CPU usage. (We applied the patch slightly before 00:00 UTC on January 6). These servers do not take advantage of PCID, which could make [the difference in performance less visible](<https://archive.fo/ma8Iw>). As this usage increase appears to be the new baseline for some time, [this is likely](<https://twitter.com/_msw_/status/949889060180434944>) to at least temporary lead [to important cost](<https://forums.aws.amazon.com/thread.jspa?threadID=269858>) increases for users of providers billing based on CPU usage, although some providers are reported working with severely impacted customers.\n\nAs the situation still evolves quickly every day, some updates may be added to both [the original story](<https://blog.malwarebytes.com/security-world/2018/01/meltdown-and-spectre-what-you-need-to-know/>) and this blogpost.\n\n**Particularly interesting literature:**\n\n * [ARM Whitepaper - \"Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism\"](<https://developer.arm.com/support/security-update>)\n\nThe post [Meltdown and Spectre fallout: patching problems persist](<https://blog.malwarebytes.com/cybercrime/exploits/2018/01/meltdown-and-spectre-fallout-patching-problems-persist/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "published": "2018-01-11T14:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://blog.malwarebytes.com/cybercrime/exploits/2018/01/meltdown-and-spectre-fallout-patching-problems-persist/", "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "lastseen": "2018-01-14T21:58:04"}], "lenovo": [{"id": "LENOVO:PS500151-NOSID", "type": "lenovo", "title": "Reading Privileged Memory with a Side Channel", "description": "**Lenovo Security Advisory**: LEN-18282\n\n**Potential Impact: **Malicious code running locally may be able to observe contents of privileged memory, circumventing expected privilege levels.\n\n**Severity:** High\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier:**\n\n\u201cSpectre\u201d CVE-2017-5753, CVE-2017-5715 \n\u201cMeltdown\u201d CVE-2017-5754\n\n**Summary Description:**\n\nLenovo is aware of vulnerabilities regarding certain processors nicknamed \u201cSpectre\u201d and \u201cMeltdown\u201d by their discoverers. Both are \u201cside channel\u201d exploits, meaning they do not access protected data directly, but rather induce the processor to operate in a specific way, and observe execution timing or other externally visible characteristics to infer the protected data.\n\nWe are working continuously with our processor, operating system, and component suppliers to incorporate fixes as we receive them. Lenovo will update this page frequently as fixes are released and new information emerges. Please check back often.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nThere are three related vulnerability variants. All require operating system updates to address. One requires processor microcode updates (see product impact section below).\n\nVariant 1: Bounds check bypass (CVE-2017-5753)\n\n * Requires operating system updates\n * May require driver and/or application updates\n * Vulnerable to Spectre attack\n\nVariant 2: Branch target injection (CVE-2017-5715)\n\n * Requires processor microcode updates\n * Requires operating system updates\n * May require driver and/or application updates\n * Vulnerable to Spectre attack\n\nVariant 3: Rogue data cache load (CVE-2017-5754)\n\n * Requires operating system updates\n * Vulnerable to Meltdown attack\n\nWe recommend updating OS and firmware as soon as updates are available. For PCs, go to <https://support.microsoft.com/en-us/help/4073119/windows-client-guidance-for-it-pros-to-protect-against-speculative-exe> to get the latest OS patches.\n\nPrior to patching and firmware update, you can limit your risk by following the usual security best practices to prevent an attacker from running code locally on your system. For example: Limit access to only known and trusted users; install only well-vetted, trusted applications; visit only reputable web sites with minimal obtrusive advertising and content pulled-in from other sources; and if feasible, turn off JavaScript in your browser.\n\n**Product Impact:**\n\n**CPU Microcode Updates:** Intel and AMD provide to Lenovo the CPU microcode updates required to address Variant 2, which Lenovo then incorporates into BIOS/UEFI firmware. We are building and testing BIOS/UEFI firmware packages as we receive new microcode from Intel and AMD. New firmware packages will be added to the product tables as they become ready.\n\n**Anti-Virus Blocking Microsoft Windows Updates:** Microsoft has found some anti-virus products conflict with their OS patches (<https://support.microsoft.com/help/4072698>). Microsoft blocks installation of those patches until the anti-virus product has been updated or removed. Please see <https://support.microsoft.com/en-us/help/4072699> for information on how to unblock the installation.\n\n**NVIDIA GPU Device Drivers:** Lenovo has become aware that NVIDIA GPU drivers and software (running on the host CPU, not the GPU) are vulnerable to CVE-2017-5753 and CVE-2017-5715 (Spectre). Please see Lenovo advisory [LEN-16730](<https://support.lenovo.com/us/en/solutions/LEN-16730>) for more information and updates.\n\n**Web Browsers:** Google, Microsoft, and Mozilla have reported it is possible to use aspects of these vulnerabilities within their web browser applications. Please see these references for more information and updates:\n\n * Google Chrome \u2013 <https://www.chromium.org/Home/chromium-security/ssca>\n * Microsoft Edge & Internet Explorer \u2013 <https://blogs.windows.com/msedgedev/2018/01/03/speculative-execution-mitigations-microsoft-edge-internet-explorer/>\n * Mozilla Firefox \u2013 <https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/>\n\n_**CLIENT SYSTEMS**_\n\n_The following guidance is specific to Lenovo Personal Computing (PCSD) offerings._\n\n**CPU Microcode Updates:** Based on customer feedback, we are also integrating additional BIOS fixes such as [Intel AMT MEBx bypass](<http://support.lenovo.com/us/en/solutions/LEN-19568>) updates. All side channel related updates continue to be listed on this advisory.\n", "published": "2018-04-19T15:31:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://support.lenovo.com/us/en/solutions/len-18282", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-04-19T21:24:23"}], "thn": [{"id": "THN:58CFE19533148E77597FE0AC59963145", "type": "thn", "title": "[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks", "description": "[![how-to-patch-intel-flaws](https://1.bp.blogspot.com/-j5ET0G4e1Ic/Wk8vVnQ-bQI/AAAAAAAAvZM/w43UQOgeEFUlk6OU3DefadyB07EEdikGwCLcBGAs/s1600/how-to-patch-intel-flaws.png)](<https://1.bp.blogspot.com/-j5ET0G4e1Ic/Wk8vVnQ-bQI/AAAAAAAAvZM/w43UQOgeEFUlk6OU3DefadyB07EEdikGwCLcBGAs/s1600/how-to-patch-intel-flaws.png>)\n\nRecently uncovered two huge processor vulnerabilities called [Meltdown and Spectre](<https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html>) have taken the whole world by storm, while vendors are rushing out to patch the vulnerabilities in its products. \n \nThe issues apply to all modern processors and affect nearly all operating systems (Windows, Linux, Android, iOS, macOS, FreeBSD, and more), smartphones and other computing devices made in the past 20 years. \n \n\n\n### What are Spectre and Meltdown?\n\n \nWe have [explained both](<https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html>), Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715), exploitation techniques in our previous article. \n \nIn short, Spectre and Meltdown are the names of security vulnerabilities found in many processors from Intel, ARM and AMD that could allow attackers to steal your passwords, encryption keys and other private information. \n \nBoth attacks abuse 'speculative execution' to access privileged memory\u2014including those allocated for the kernel\u2014from a low privileged user process like a malicious app running on a device, allowing attackers to steal passwords, login keys, and other valuable information. \n \n\n\n### Protect Against Meltdown and Spectre CPU Flaws\n\n \nSome, including US-CERT, have suggested the only true patch for these issues is for chips to be replaced, but this solution seems to be impractical for the general user and most companies. \n \nVendors have made significant progress in rolling out fixes and firmware updates. While the Meltdown flaw has already been patched by most companies like Microsoft, Apple and Google, Spectre is not easy to patch and will haunt people for quite some time. \n \nHere's the list of available patches from major tech manufacturers: \n \n\n\n#### Windows OS (7/8/10) and Microsoft Edge/IE\n\n \nMicrosoft has already released an out-of-band security update ([KB4056892](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4056892>)) for Windows 10 to address the Meltdown issue and will be releasing patches for Windows 7 and Windows 8 on January 9th. \n \nBut if you are running a third-party antivirus software then it is possible your system won\u2019t install patches automatically. So, if you are having trouble installing the automatic security update, turn off your antivirus and use Windows Defender or Microsoft Security Essentials. \n\n\n> \"The compatibility issue is caused when antivirus applications make unsupported calls into Windows kernel memory,\" Microsoft noted in a [blog post](<https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released>). \"These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot.\"\n\n \n\n\n#### Apple macOS, iOS, tvOS, and Safari Browser\n\n \nApple noted in its [advisory](<https://support.apple.com/en-us/HT208394>), \"All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.\" \n \nTo help defend against the Meltdown attacks, Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2, has planned to release mitigations in Safari to help defend against Spectre in the coming days. \n\n\n#### \nAndroid OS\n\n \n\n\nAndroid users running the most recent version of the mobile operating system released on January 5 as part of the [Android January security patch](<https://source.android.com/security/bulletin/2018-01-01>) update are protected, according to Google. \n \nSo, if you own a Google-branded phone, like Nexus or Pixel, your phone will either automatically download the update, or you'll simply need to install it. However, other Android users have to wait for their device manufacturers to release a compatible security update. \n \nThe tech giant also noted that it's unaware of any successful exploitation of either Meltdown or Spectre on ARM-based Android devices. \n \n\n\n#### Firefox Web Browser\n\n \nMozilla has released [Firefox version 57.0.4](<https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/>) which includes mitigations for both Meltdown and Spectre timing attacks. So users are advised to update their installations as soon as possible. \n\n\n> \"Since this new class of attacks involves measuring precise time intervals, as a partial, short-term mitigation we are disabling or reducing the precision of several time sources in Firefox,\" Mozilla software engineer Luke Wagner wrote in a [blog post](<https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/>).\n\n \n\n\n#### Google Chrome Web Browser\n\n \nGoogle has scheduled the patches for Meltdown and Spectre exploits on January 23 with the release of Chrome 64, which will include mitigations to protect your desktop and smartphone from web-based attacks. \n \nIn the meantime, users can enable an experimental feature called \"Site Isolation\" that can offer some protection against the web-based exploits but might also cause performance problems. \n\n\n> \"Site Isolation makes it harder for untrusted websites to access or steal information from your accounts on other websites. Websites typically cannot access each other's data inside the browser, thanks to code that enforces the Same Origin Policy.\" Google [says](<https://www.chromium.org/Home/chromium-security/site-isolation>).\n\nHere's how to turn on Site Isolation: \n\n\n * Copy chrome://flags/#enable-site-per-process and paste it into the URL field at the top of your Chrome web browser, and then hit the Enter key.\n * Look for Strict Site Isolation, then click the box labelled Enable.\n * Once done, hit Relaunch Now to relaunch your Chrome browser.\n\n \n\n\n#### Linux Distributions\n\n \nThe Linux kernel developers have also released patches for the Linux kernel with releases including versions 4.14.11, 4.9.74, 4.4.109, 3.16.52, 3.18.91 and 3.2.97, which can be downloaded from [Kernel.org](<https://kernel.org/>). \n \n\n\n#### VMware and Citrix\n\n \nA global leader in cloud computing and virtualisation, VMware, has also [released](<https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html>) a list of its products affected by the two attacks and security updates for its ESXi, Workstation and Fusion products to patch against Meltdown attacks. \n \nOn the other hand, another popular cloud computing and virtualisation vendor Citrix did not release any security patches to address the issue. Instead, the company guided its customers and [recommended](<https://support.citrix.com/article/CTX231399>) them to check for any update on relevant third-party software.\n", "published": "2018-01-04T21:18:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://thehackernews.com/2018/01/meltdown-spectre-patches.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-27T09:17:18"}, {"id": "THN:A9578C2890D2B5F0AAB1E763BC9E058C", "type": "thn", "title": "[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks", "description": "[![how-to-patch-intel-flaws](https://1.bp.blogspot.com/-j5ET0G4e1Ic/Wk8vVnQ-bQI/AAAAAAAAvZM/w43UQOgeEFUlk6OU3DefadyB07EEdikGwCLcBGAs/s1600/how-to-patch-intel-flaws.png)](<https://1.bp.blogspot.com/-j5ET0G4e1Ic/Wk8vVnQ-bQI/AAAAAAAAvZM/w43UQOgeEFUlk6OU3DefadyB07EEdikGwCLcBGAs/s1600/how-to-patch-intel-flaws.png>)\n\nRecently uncovered two huge processor vulnerabilities called [Meltdown and Spectre](<https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html>) have taken the whole world by storm, while vendors are rushing out to patch the vulnerabilities in its products. \n \nThe issues apply to all modern processors and affect nearly all operating systems (Windows, Linux, Android, iOS, macOS, FreeBSD, and more), smartphones and other computing devices made in the past 20 years. \n \n\n\n### What are Spectre and Meltdown?\n\n \nWe have [explained both](<https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html>), Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715), exploitation techniques in our previous article. \n \nIn short, Spectre and Meltdown are the names of security vulnerabilities found in many processors from Intel, ARM and AMD that could allow attackers to steal your passwords, encryption keys and other private information. \n \nBoth attacks abuse 'speculative execution' to access privileged memory\u2014including those allocated for the kernel\u2014from a low privileged user process like a malicious app running on a device, allowing attackers to steal passwords, login keys, and other valuable information. \n \n\n\n### Protect Against Meltdown and Spectre CPU Flaws\n\n \nSome, including US-CERT, have suggested the only true patch for these issues is for chips to be replaced, but this solution seems to be impractical for the general user and most companies. \n \nVendors have made significant progress in rolling out fixes and firmware updates. While the Meltdown flaw has already been patched by most companies like Microsoft, Apple and Google, Spectre is not easy to patch and will haunt people for quite some time. \n \nHere's the list of available patches from major tech manufacturers: \n \n\n\n#### Windows OS (7/8/10) and Microsoft Edge/IE\n\n \nMicrosoft has already released an out-of-band security update ([KB4056892](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB4056892>)) for Windows 10 to address the Meltdown issue and will be releasing patches for Windows 7 and Windows 8 on January 9th. \n \nBut if you are running a third-party antivirus software then it is possible your system won\u2019t install patches automatically. So, if you are having trouble installing the automatic security update, turn off your antivirus and use Windows Defender or Microsoft Security Essentials. \n\n\n> \"The compatibility issue is caused when antivirus applications make unsupported calls into Windows kernel memory,\" Microsoft noted in a [blog post](<https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released>). \"These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot.\"\n\n \n\n\n#### Apple macOS, iOS, tvOS, and Safari Browser\n\n \nApple noted in its [advisory](<https://support.apple.com/en-us/HT208394>), \"All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.\" \n \nTo help defend against the Meltdown attacks, Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2, has planned to release mitigations in Safari to help defend against Spectre in the coming days. \n\n\n#### \nAndroid OS\n\n \n\n\nAndroid users running the most recent version of the mobile operating system released on January 5 as part of the [Android January security patch](<https://source.android.com/security/bulletin/2018-01-01>) update are protected, according to Google. \n \nSo, if you own a Google-branded phone, like Nexus or Pixel, your phone will either automatically download the update, or you'll simply need to install it. However, other Android users have to wait for their device manufacturers to release a compatible security update. \n \nThe tech giant also noted that it's unaware of any successful exploitation of either Meltdown or Spectre on ARM-based Android devices. \n \n\n\n#### Firefox Web Browser\n\n \nMozilla has released [Firefox version 57.0.4](<https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/>) which includes mitigations for both Meltdown and Spectre timing attacks. So users are advised to update their installations as soon as possible. \n\n\n> \"Since this new class of attacks involves measuring precise time intervals, as a partial, short-term mitigation we are disabling or reducing the precision of several time sources in Firefox,\" Mozilla software engineer Luke Wagner wrote in a [blog post](<https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/>).\n\n \n\n\n#### Google Chrome Web Browser\n\n \nGoogle has scheduled the patches for Meltdown and Spectre exploits on January 23 with the release of Chrome 64, which will include mitigations to protect your desktop and smartphone from web-based attacks. \n \nIn the meantime, users can enable an experimental feature called \"Site Isolation\" that can offer some protection against the web-based exploits but might also cause performance problems. \n\n\n> \"Site Isolation makes it harder for untrusted websites to access or steal information from your accounts on other websites. Websites typically cannot access each other's data inside the browser, thanks to code that enforces the Same Origin Policy.\" Google [says](<https://www.chromium.org/Home/chromium-security/site-isolation>).\n\nHere's how to turn on Site Isolation: \n\n\n * Copy chrome://flags/#enable-site-per-process and paste it into the URL field at the top of your Chrome web browser, and then hit the Enter key.\n * Look for Strict Site Isolation, then click the box labelled Enable.\n * Once done, hit Relaunch Now to relaunch your Chrome browser.\n\n \n\n\n#### Linux Distributions\n\n \nThe Linux kernel developers have also released patches for the Linux kernel with releases including versions 4.14.11, 4.9.74, 4.4.109, 3.16.52, 3.18.91 and 3.2.97, which can be downloaded from [Kernel.org](<https://kernel.org/>). \n \n\n\n#### VMware and Citrix\n\n \nA global leader in cloud computing and virtualisation, VMware, has also [released](<https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html>) a list of its products affected by the two attacks and security updates for its ESXi, Workstation and Fusion products to patch against Meltdown attacks. \n \nOn the other hand, another popular cloud computing and virtualisation vendor Citrix did not release any security patches to address the issue. Instead, the company guided its customers and [recommended](<https://support.citrix.com/article/CTX231399>) them to check for any update on relevant third-party software.\n", "published": "2018-01-04T21:18:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://thehackernews.com/2018/01/meltdown-spectre-patches.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-05T11:53:57"}, {"id": "THN:957E43F77013CD97637E674F5EC9583A", "type": "thn", "title": "Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors", "description": "[![meltdown-spectre-kernel-vulnerability](https://4.bp.blogspot.com/-5FFuHggfEjk/Wk3IqVSdzhI/AAAAAAAAvYQ/QMuOUldwtrUZX1b2LM5XwOuyMppCgVfugCLcBGAs/s1600/meltdown-spectre-kernel-vulnerability.png)](<https://4.bp.blogspot.com/-5FFuHggfEjk/Wk3IqVSdzhI/AAAAAAAAvYQ/QMuOUldwtrUZX1b2LM5XwOuyMppCgVfugCLcBGAs/s1600/meltdown-spectre-kernel-vulnerability.png>)\n\nUnlike the [initial reports](<https://thehackernews.com/2018/01/intel-kernel-vulnerability.html>) suggested about Intel chips being vulnerable to some severe \u2018memory leaking\u2019 flaws, full technical details about the vulnerabilities have now been emerged, which revealed that almost every modern processor since 1995 is vulnerable to the issues. \n \nDisclosed today by [Google Project Zero](<https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html>), the vulnerabilities potentially impact all major CPUs, including those from AMD, ARM, and Intel\u2014threatening almost all PCs, laptops, tablets, and smartphones, regardless of manufacturer or operating system. \n \nThese hardware vulnerabilities have been categorized into [two attacks](<https://meltdownattack.com/>), named **Meltdown** (CVE-2017-5754) and **Spectre** (CVE-2017-5753 and CVE-2017-5715), which could allow attackers to steal sensitive data which is currently processed on the computer. \n \nBoth attacks take advantage of a feature in chips known as \"speculative execution,\" a technique used by most modern CPUs to optimize performance. \n\n\n> \"In order to improve performance, many CPUs may choose to speculatively execute instructions based on assumptions that are considered likely to be true. During speculative execution, the processor is verifying these assumptions; if they are valid, then the execution continues. If they are invalid, then the execution is unwound, and the correct execution path can be started based on the actual conditions,\" Project Zero says.\n\nTherefore, it is possible for such speculative execution to have \"side effects which are not restored when the CPU state is unwound and can lead to information disclosure,\" which can be accessed using side-channel attacks. \n \n\n\n### Meltdown Attack\n\nThe first issue, Meltdown ([paper](<https://meltdownattack.com/meltdown.pdf>)), allows attackers to read not only kernel memory but also the entire physical memory of the target machines, and therefore all secrets of other programs and the operating system. \n \n\n\n> \u201cMeltdown is a related microarchitectural attack which exploits out-of-order execution in order to leak the target\u2019s physical memory.\u201d\n\n \nMeltdown uses speculative execution to break the isolation between user applications and the operating system, allowing any application to access all system memory, including memory allocated for the kernel. \n \n\n\n> \u201cMeltdown exploits a privilege escalation vulnerability specific to Intel processors, due to which speculatively executed instructions can bypass memory protection.\u201d\n\n \nNearly all desktop, laptop, and cloud computers affected by Meltdown. \n \n\n\n### Spectre Attack\n\n[![exploit-for-spectre-vulnerability](https://3.bp.blogspot.com/-1yTiPu0uT10/Wk3DFbBm1SI/AAAAAAAAvYA/cTh_hcFW4BsPElNE559D-1CaoQ5rR8TWwCLcBGAs/s1600/exploit-for-spectre-vulnerability.png)](<https://3.bp.blogspot.com/-1yTiPu0uT10/Wk3DFbBm1SI/AAAAAAAAvYA/cTh_hcFW4BsPElNE559D-1CaoQ5rR8TWwCLcBGAs/s1600/exploit-for-spectre-vulnerability.png>)\n\nThe second problem, Spectre ([paper](<https://spectreattack.com/spectre.pdf>)), is not easy to patch and will haunt people for quite some time since this issue requires changes to processor architecture in order to fully mitigate. \n \nSpectre attack breaks the isolation between different applications, allowing the attacker-controlled program to trick error-free programs into leaking their secrets by forcing them into accessing arbitrary portions of its memory, which can then be read through a side channel. \n \nSpectre attacks can be used to leak information from the kernel to user programs, as well as from virtualization hypervisors to guest systems. \n\n\n> \u201cIn addition to violating process isolation boundaries using native code, Spectre attacks can also be used to violate browser sandboxing, by mounting them via portable JavaScript code. We wrote a JavaScript program that successfully reads data from the address space of the browser process running it.\u201d the paper explains.\n\n \n\n\n> \u201cKAISER patch, which has been widely applied as a mitigation to the Meltdown attack, does not protect against Spectre.\u201d\n\n \nAccording to researchers, this vulnerability impacts almost every system, including desktops, laptops, cloud servers, as well as smartphones\u2014powered by Intel, AMD, and ARM chips. \n \n\n\n### What You Should Do: Mitigations And Patches\n\n \nMany vendors have security patches available for one or both of these attacks. \n\n\n * **Windows \u2014** Microsoft has issued an out-of-band patch update for Windows 10, while other versions of Windows will be patched on the traditional Patch Tuesday on January 9, 2018\n * **MacOS \u2014** Apple had already fixed most of these security holes in macOS High Sierra 10.13.2 last month, but MacOS 10.13.3 will enhance or complete these mitigations.\n * **Linux \u2014** Linux kernel developers have also released patches by implementing kernel page-table isolation (KPTI) to move the kernel into an entirely separate address space.\n * **Android \u2014** Google has released security patches for Pixel/Nexus users as part of the Android January security patch update. Other users have to wait for their device manufacturers to release a compatible security update.\n\n \n\n\n#### **Mitigations for Chrome Users**\n\n \n\n\nSince this exploit can be executed through the website, Chrome users can turn on Site Isolation feature on their devices to mitigate these flaws.\n\n \n\n\nHere's how to turn Site Isolation on Windows, Mac, Linux, Chrome OS or Android:\n\n * Copy **_chrome://flags/#enable-site-per-process_** and paste it into the URL field at the top of your Chrome web browser, and then hit the Enter key.\n * Look for Strict Site Isolation, then click the box labeled Enable.\n * Once done, hit **_Relaunch Now_** to relaunch your Chrome browser.\n\nThere is no single fix for both the attacks since each requires protection independently.\n", "published": "2018-01-03T19:34:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-04T11:00:45"}, {"id": "THN:788E9312DDA39D9A09855DF379A0FD4D", "type": "thn", "title": "Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors", "description": "[![meltdown-spectre-kernel-vulnerability](https://4.bp.blogspot.com/-5FFuHggfEjk/Wk3IqVSdzhI/AAAAAAAAvYQ/QMuOUldwtrUZX1b2LM5XwOuyMppCgVfugCLcBGAs/s1600/meltdown-spectre-kernel-vulnerability.png)](<https://4.bp.blogspot.com/-5FFuHggfEjk/Wk3IqVSdzhI/AAAAAAAAvYQ/QMuOUldwtrUZX1b2LM5XwOuyMppCgVfugCLcBGAs/s1600/meltdown-spectre-kernel-vulnerability.png>)\n\nUnlike the [initial reports](<https://thehackernews.com/2018/01/intel-kernel-vulnerability.html>) suggested about Intel chips being vulnerable to some severe \u2018memory leaking\u2019 flaws, full technical details about the vulnerabilities have now been emerged, which revealed that almost every modern processor since 1995 is vulnerable to the issues. \n \nDisclosed today by [Google Project Zero](<https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html>), the vulnerabilities potentially impact all major CPUs, including those from AMD, ARM, and Intel\u2014threatening almost all PCs, laptops, tablets, and smartphones, regardless of manufacturer or operating system. \n \nThese hardware vulnerabilities have been categorized into [two attacks](<https://meltdownattack.com/>), named **Meltdown** (CVE-2017-5754) and **Spectre** (CVE-2017-5753 and CVE-2017-5715), which could allow attackers to steal sensitive data which is currently processed on the computer. \n \nBoth attacks take advantage of a feature in chips known as \"speculative execution,\" a technique used by most modern CPUs to optimize performance. \n\n\n> \"In order to improve performance, many CPUs may choose to speculatively execute instructions based on assumptions that are considered likely to be true. During speculative execution, the processor is verifying these assumptions; if they are valid, then the execution continues. If they are invalid, then the execution is unwound, and the correct execution path can be started based on the actual conditions,\" Project Zero says.\n\nTherefore, it is possible for such speculative execution to have \"side effects which are not restored when the CPU state is unwound and can lead to information disclosure,\" which can be accessed using side-channel attacks. \n \n\n\n### Meltdown Attack\n\nThe first issue, Meltdown ([paper](<https://meltdownattack.com/meltdown.pdf>)), allows attackers to read not only kernel memory but also the entire physical memory of the target machines, and therefore all secrets of other programs and the operating system. \n \n\n\n> \u201cMeltdown is a related microarchitectural attack which exploits out-of-order execution in order to leak the target\u2019s physical memory.\u201d\n\n \nMeltdown uses speculative execution to break the isolation between user applications and the operating system, allowing any application to access all system memory, including memory allocated for the kernel. \n \n\n\n> \u201cMeltdown exploits a privilege escalation vulnerability specific to Intel processors, due to which speculatively executed instructions can bypass memory protection.\u201d\n\n \nNearly all desktop, laptop, and cloud computers affected by Meltdown. \n \n\n\n### Spectre Attack\n\n[![exploit-for-spectre-vulnerability](https://3.bp.blogspot.com/-1yTiPu0uT10/Wk3DFbBm1SI/AAAAAAAAvYA/cTh_hcFW4BsPElNE559D-1CaoQ5rR8TWwCLcBGAs/s1600/exploit-for-spectre-vulnerability.png)](<https://3.bp.blogspot.com/-1yTiPu0uT10/Wk3DFbBm1SI/AAAAAAAAvYA/cTh_hcFW4BsPElNE559D-1CaoQ5rR8TWwCLcBGAs/s1600/exploit-for-spectre-vulnerability.png>)\n\nThe second problem, Spectre ([paper](<https://spectreattack.com/spectre.pdf>)), is not easy to patch and will haunt people for quite some time since this issue requires changes to processor architecture in order to fully mitigate. \n \nSpectre attack breaks the isolation between different applications, allowing the attacker-controlled program to trick error-free programs into leaking their secrets by forcing them into accessing arbitrary portions of its memory, which can then be read through a side channel. \n \nSpectre attacks can be used to leak information from the kernel to user programs, as well as from virtualization hypervisors to guest systems. \n\n\n> \u201cIn addition to violating process isolation boundaries using native code, Spectre attacks can also be used to violate browser sandboxing, by mounting them via portable JavaScript code. We wrote a JavaScript program that successfully reads data from the address space of the browser process running it.\u201d the paper explains.\n\n \n\n\n> \u201cKAISER patch, which has been widely applied as a mitigation to the Meltdown attack, does not protect against Spectre.\u201d\n\n \nAccording to researchers, this vulnerability impacts almost every system, including desktops, laptops, cloud servers, as well as smartphones\u2014powered by Intel, AMD, and ARM chips. \n \n\n\n### What You Should Do: Mitigations And Patches\n\n \nMany vendors have security patches available for one or both of these attacks. \n\n\n * **Windows \u2014** Microsoft has issued an out-of-band patch update for Windows 10, while other versions of Windows will be patched on the traditional Patch Tuesday on January 9, 2018\n * **MacOS \u2014** Apple had already fixed most of these security holes in macOS High Sierra 10.13.2 last month, but MacOS 10.13.3 will enhance or complete these mitigations.\n * **Linux \u2014** Linux kernel developers have also released patches by implementing kernel page-table isolation (KPTI) to move the kernel into an entirely separate address space.\n * **Android \u2014** Google has released security patches for Pixel/Nexus users as part of the Android January security patch update. Other users have to wait for their device manufacturers to release a compatible security update.\n\n \n\n\n#### **Mitigations for Chrome Users**\n\n \n\n\nSince this exploit can be executed through the website, Chrome users can turn on Site Isolation feature on their devices to mitigate these flaws.\n\n \n\n\nHere's how to turn Site Isolation on Windows, Mac, Linux, Chrome OS or Android:\n\n * Copy **_chrome://flags/#enable-site-per-process_** and paste it into the URL field at the top of your Chrome web browser, and then hit the Enter key.\n * Look for Strict Site Isolation, then click the box labeled Enable.\n * Once done, hit **_Relaunch Now_** to relaunch your Chrome browser.\n\nThere is no single fix for both the attacks since each requires protection independently.\n", "published": "2018-01-03T19:34:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-27T09:17:18"}, {"id": "THN:718A9E01EB9A2B76DC08D8973AACAF7E", "type": "thn", "title": "Intel Admits It Won't Be Possible to Fix Spectre (V2) Flaw in Some Processors", "description": "[![](https://1.bp.blogspot.com/-2_Cd6sqB6Vs/WsSyh3cSdJI/AAAAAAAAwGE/cIL2D4AGirs92hWsEG4dYopGn39jDYHKgCLcBGAs/s1600-e20/intel-hacking.png)](<https://1.bp.blogspot.com/-2_Cd6sqB6Vs/WsSyh3cSdJI/AAAAAAAAwGE/cIL2D4AGirs92hWsEG4dYopGn39jDYHKgCLcBGAs/s1600-e20/intel-hacking.png>)\n\nAs speculated by the researcher who disclosed [Meltdown and Spectre flaws](<https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html>) in Intel processors, some of the Intel processors will not receive patches for the Spectre (variant 2) side-channel analysis attack \n \nIn a recent microcode revision guidance ([PDF](<https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf>)), Intel admits that it would not be possible to address the Spectre design flaw in its specific old CPUs, because it requires changes to the processor architecture to mitigate the issue fully. \n \nThe chip-maker has marked \"Stopped\" to the production status for a total 9 product families\u2014Bloomfield, Clarksfield, Gulftown, Harpertown Xeon, Jasper Forest, Penryn, SoFIA 3GR, Wolfdale, and Yorkfield. \n \nThese vulnerable chip families\u2014which are mostly old that went on sale between 2007 and 2011\u2014will no longer receive microcode updates, leaving more than 230 Intel processor models vulnerable to hackers that powers millions of computers and mobile devices. \n \nAccording to the revised guidance, \"after a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons.\" \n \nIntel mentions three reasons in its documentation for not addressing the flaw in some of the impacted products: \n\n\n * Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)\n * Limited Commercially Available System Software support\n * Based on customer inputs, most of these products are implemented as \"closed systems\" and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.\nSpectre variant 2 vulnerability (CVE-2017-5715) affects systems wherein microprocessors utilize speculative execution and indirect branch prediction, allowing a malicious program to read sensitive information, such as passwords, encryption keys, or sensitive information, including that of the kernel, using a side-channel analysis attack. \n \nHowever, these processors can install pre-mitigation production microcode updates to mitigate Variant 1 (Spectre) and Variant 3 (Meltdown) flaws. \n\n\n> \"We've now completed release of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered by Google. However, as indicated in our latest microcode revision guidance, we will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback.\" says an Intel spokesperson via email.\n\nBesides Intel, AMD Ryzen and EPYC processors were also found vulnerable to [13 critical vulnerabilities](<https://thehackernews.com/2018/03/amd-processor-vulnerabilities.html>) that could allow an unauthorized attacker to access sensitive data, install persistent malware inside the chip, and gain full access to the compromised systems. \n \nAMD has [acknowledged](<https://thehackernews.com/2018/03/amd-processor-hacking.html>) reported vulnerabilities and promised to roll out firmware patches for millions of affected devices in the coming weeks. \n \nHowever, CTS Labs, the security firm that discovered and disclosed the vulnerabilities, claimed that AMD could take several months to release patches for most of the security issues, where some of them cannot be fixed.\n", "published": "2018-04-04T00:17:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://thehackernews.com/2018/04/intel-spectre-vulnerability.html", "cvelist": ["CVE-2017-5715"], "lastseen": "2018-04-05T18:39:23"}], "huawei": [{"id": "HUAWEI-SA-20180106-01-CPU", "type": "huawei", "title": "Security Advisory - CPU Vulnerabilities 'Meltdown' and 'Spectre'", "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "published": "2018-01-06T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180106-01-cpu-en", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-03-01T12:35:16"}], "cisco": [{"id": "CISCO-SA-20180104-CPUSIDECHANNEL", "type": "cisco", "title": "CPU Side-Channel Information Disclosure Vulnerabilities", "description": "A vulnerability due to the design of most modern CPUs could allow a local attacker to access sensitive information on a targeted system.\n\nThe vulnerability is due to improper implementation of the speculative execution of instructions by the affected software. This vulnerability can by triggered by performing a bounds check bypass. An attacker could exploit this vulnerability by executing arbitrary code and performing a side-channel attack on a targeted system. A successful exploit could allow the attacker to read sensitive memory information.\n\nA vulnerability due to the design of most modern CPUs could allow a local attacker to access sensitive information on a targeted system.\n\nThe vulnerability is due to improper implementation of the speculative execution of instructions by the affected software. This vulnerability can by triggered by utilizing branch target injection. An attacker could exploit this vulnerability by executing arbitrary code and performing a side-channel attack on a targeted system. A successful exploit could allow the attacker to read sensitive memory information.\n\nA vulnerability in Intel CPU hardware could allow a local attacker to gain access to sensitive information on a targeted system.\n\nThe vulnerability is due to side-channel attacks, which are also referred to as Meltdown attacks. A local attacker could exploit this vulnerability by executing arbitrary code on the affected system. A successful exploit could allow the attacker to gain access to sensitive information on the targeted system, including accessing memory from the CPU cache.\n\nOn January 3, 2018, researchers disclosed three vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged local attacker, in specific circumstances, to read privileged memory belonging to other processes or memory allocated to the operating system kernel.\n\nThe first two vulnerabilities, CVE-2017-5753 and CVE-2017-5715, are collectively known as Spectre. The third vulnerability, CVE-2017-5754, is known as Meltdown. The vulnerabilities are all variants of the same attack and differ in the way that speculative execution is exploited.\n\nTo exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Although the underlying CPU and operating system combination in a product or service may be affected by these vulnerabilities, the majority of Cisco products are closed systems that do not allow customers to run custom code and are, therefore, not vulnerable. There is no vector to exploit them. Cisco products are considered potentially vulnerable only if they allow customers to execute custom code side-by-side with Cisco code on the same microprocessor.\n\nA Cisco product that may be deployed as a virtual machine or a container, even while not directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. Cisco recommends that customers harden their virtual environments, tightly control user access, and ensure that all security updates are installed. Customers who are deploying products as a virtual device in multi-tenant hosting environments should ensure that the underlying hardware, as well as operating system or hypervisor, is patched against the vulnerabilities in question.\n\nAlthough Cisco cloud services are not directly affected by these vulnerabilities, the infrastructure on which they run may be impacted. Refer to the ?Affected Products? section of this advisory for information about the impact of these vulnerabilities on Cisco cloud services.\n\nCisco will release software updates that address these vulnerabilities.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel\"]", "published": "2018-01-04T22:20:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel", "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "lastseen": "2018-04-09T20:19:24"}], "seebug": [{"id": "SSV:97059", "type": "seebug", "title": "Reading privileged memory with a side-channel\n (Meltdown & Spectre)", "description": "We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.\r\n\r\nVariants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD and ARM on 2017-06-01 [1].\r\n\r\nSo far, there are three known variants of the issue:\r\n\r\n* Variant 1: bounds check bypass (CVE-2017-5753)\r\n* Variant 2: branch target injection (CVE-2017-5715)\r\n* Variant 3: rogue data cache load (CVE-2017-5754)\r\n\r\nBefore the issues described here were publicly disclosed, Daniel Gruss, Moritz Lipp, Yuval Yarom, Paul Kocher, Daniel Genkin, Michael Schwarz, Mike Hamburg, Stefan Mangard, Thomas Prescher and Werner Haas also reported them; their [writeups/blogposts/paper drafts] are at:\r\n\r\n* [Spectre](https://spectreattack.com/spectre.pdf) (variants 1 and 2)\r\n* [Meltdown](https://meltdownattack.com/meltdown.pdf) (variant 3)\r\n\r\nDuring the course of our research, we developed the following proofs of concept (PoCs):\r\n\r\n1. A PoC that demonstrates the basic principles behind variant 1 in userspace on the tested Intel Haswell Xeon CPU, the AMD FX CPU, the AMD PRO CPU and an ARM Cortex A57 [2]. This PoC only tests for the ability to read data inside mis-speculated execution within the same process, without crossing any privilege boundaries.\r\n2. A PoC for variant 1 that, when running with normal user privileges under a modern Linux kernel with a distro-standard config, can perform arbitrary reads in a 4GiB range [3] in kernel virtual memory on the Intel Haswell Xeon CPU. If the kernel's BPF JIT is enabled (non-default configuration), it also works on the AMD PRO CPU. On the Intel Haswell Xeon CPU, kernel virtual memory can be read at a rate of around 2000 bytes per second after around 4 seconds of startup time. [4]\r\n3. A PoC for variant 2 that, when running with root privileges inside a KVM guest created using virt-manager on the Intel Haswell Xeon CPU, with a specific (now outdated) version of Debian's distro kernel [5] running on the host, can read host kernel memory at a rate of around 1500 bytes/second, with room for optimization. Before the attack can be performed, some initialization has to be performed that takes roughly between 10 and 30 minutes for a machine with 64GiB of RAM; the needed time should scale roughly linearly with the amount of host RAM. (If 2MB hugepages are available to the guest, the initialization should be much faster, but that hasn't been tested.)\r\n4. A PoC for variant 3 that, when running with normal user privileges, can read kernel memory on the Intel Haswell Xeon CPU under some precondition. We believe that this precondition is that the targeted kernel memory is present in the L1D cache.\r\n\r\nFor interesting resources around this topic, look down into the \"Literature\" section.\r\n\r\nA warning regarding explanations about processor internals in this blogpost: This blogpost contains a lot of speculation about hardware internals based on observed behavior, which might not necessarily correspond to what processors are actually doing.\r\n\r\nWe have some ideas on possible mitigations and provided some of those ideas to the processor vendors; however, we believe that the processor vendors are in a much better position than we are to design and evaluate mitigations, and we expect them to be the source of authoritative guidance.\r\n\r\nThe PoC code and the writeups that we sent to the CPU vendors will be made available at a later date.\r\n### Tested Processors\r\n* Intel(R) Xeon(R) CPU E5-1650 v3 @ 3.50GHz (called \"Intel Haswell Xeon CPU\" in the rest of this document)\r\n* AMD FX(tm)-8320 Eight-Core Processor (called \"AMD FX CPU\" in the rest of this document)\r\n* AMD PRO A8-9600 R7, 10 COMPUTE CORES 4C+6G (called \"AMD PRO CPU\" in the rest of this document)\r\n* An ARM Cortex A57 core of a Google Nexus 5x phone [6] (called \"ARM Cortex A57\" in the rest of this document)\r\n\r\n### Glossary\r\nretire: An instruction retires when its results, e.g. register writes and memory writes, are committed and made visible to the rest of the system. Instructions can be executed out of order, but must always retire in order.\r\n\r\nlogical processor core: A logical processor core is what the operating system sees as a processor core. With hyperthreading enabled, the number of logical cores is a multiple of the number of physical cores.\r\n\r\ncached/uncached data: In this blogpost, \"uncached\" data is data that is only present in main memory, not in any of the cache levels of the CPU. Loading uncached data will typically take over 100 cycles of CPU time.\r\n\r\nspeculative execution: A processor can execute past a branch without knowing whether it will be taken or where its target is, therefore executing instructions before it is known whether they should be executed. If this speculation turns out to have been incorrect, the CPU can discard the resulting state without architectural effects and continue execution on the correct execution path. Instructions do not retire before it is known that they are on the correct execution path.\r\n\r\nmis-speculation window: The time window during which the CPU speculatively executes the wrong code and has not yet detected that mis-speculation has occurred.\r\n\r\n### Variant 1: Bounds check bypass\r\nThis section explains the common theory behind all three variants and the theory behind our PoC for variant 1 that, when running in userspace under a Debian distro kernel, can perform arbitrary reads in a 4GiB region of kernel memory in at least the following configurations:\r\n\r\n* Intel Haswell Xeon CPU, eBPF JIT is off (default state)\r\n* Intel Haswell Xeon CPU, eBPF JIT is on (non-default state)\r\n* AMD PRO CPU, eBPF JIT is on (non-default state)\r\n\r\nThe state of the eBPF JIT can be toggled using the net.core.bpf_jit_enable sysctl.\r\n\r\n### Theoretical explanation\r\nThe Intel [Optimization Reference Manual](https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-optimization-manual.pdf) says the following regarding Sandy Bridge (and later microarchitectural revisions) in section 2.3.2.3 (\"Branch Prediction\"):\r\n\r\nBranch prediction predicts the branch target and enables the\r\nprocessor to begin executing instructions long before the branch\r\ntrue execution path is known.\r\n\r\nIn section 2.3.5.2 (\"L1 DCache\"):\r\n\r\nLoads can:\r\n[...]\r\n* Be carried out speculatively, before preceding branches are resolved.\r\n* Take cache misses out of order and in an overlapped manner.\r\n\r\nIntel's Software Developer's Manual [7] states in Volume 3A, section 11.7 (\"Implicit Caching (Pentium 4, Intel Xeon, and P6 family processors\"):\r\n\r\nImplicit caching occurs when a memory element is made potentially cacheable, although the element may never have been accessed in the normal von Neumann sequence. Implicit caching occurs on the P6 and more recent processor families due to aggressive prefetching, branch prediction, and TLB miss handling. Implicit caching is an extension of the behavior of existing Intel386, Intel486, and Pentium processor systems, since software running on these processor families also has not been able to deterministically predict the behavior of instruction prefetch.\r\n\r\nConsider the code sample below. If `arr1->length` is uncached, the processor can speculatively load data from `arr1->data[untrusted_offset_from_caller]`. This is an out-of-bounds read. That should not matter because the processor will effectively roll back the execution state when the branch has executed; none of the speculatively executed instructions will retire (e.g. cause registers etc. to be affected).\r\n```\r\nstruct array {\r\n unsigned long length;\r\n unsigned char data[];\r\n};\r\nstruct array *arr1 = ...;\r\nunsigned long untrusted_offset_from_caller = ...;\r\nif (untrusted_offset_from_caller < arr1->length) {\r\n unsigned char value = arr1->data[untrusted_offset_from_caller];\r\n ...\r\n}\r\n```\r\n\r\nHowever, in the following code sample, there's an issue. If `arr1->length`, `arr2->data[0x200]` and `arr2->data[0x300]` are not cached, but all other accessed data is, and the branch conditions are predicted as true, the processor can do the following speculatively before `arr1->length` has been loaded and the execution is re-steered:\r\n\r\n* load value = `arr1->data[untrusted_offset_from_caller]`\r\n* start a load from a data-dependent offset in `arr2->data`, loading the corresponding cache line into the L1 cache\r\n```\r\nstruct array {\r\n unsigned long length;\r\n unsigned char data[];\r\n};\r\nstruct array *arr1 = ...; /* small array */\r\nstruct array *arr2 = ...; /* array of size 0x400 */\r\n/* >0x400 (OUT OF BOUNDS!) */\r\nunsigned long untrusted_offset_from_caller = ...;\r\nif (untrusted_offset_from_caller < arr1->length) {\r\n unsigned char value = arr1->data[untrusted_offset_from_caller];\r\n unsigned long index2 = ((value&1)*0x100)+0x200;\r\n if (index2 < arr2->length) {\r\n unsigned char value2 = arr2->data[index2];\r\n }\r\n}\r\n```\r\n\r\nAfter the execution has been returned to the non-speculative path because the processor has noticed that `untrusted_offset_from_caller` is bigger than `arr1->length`, the cache line containing `arr2->data[index2]` stays in the L1 cache. By measuring the time required to load `arr2->data[0x200]` and `arr2->data[0x300]`, an attacker can then determine whether the value of index2 during speculative execution was 0x200 or 0x300 - which discloses whether `arr1->data[untrusted_offset_from_caller]`&1 is 0 or 1.\r\n\r\nTo be able to actually use this behavior for an attack, an attacker needs to be able to cause the execution of such a vulnerable code pattern in the targeted context with an out-of-bounds index. For this, the vulnerable code pattern must either be present in existing code, or there must be an interpreter or JIT engine that can be used to generate the vulnerable code pattern. So far, we have not actually identified any existing, exploitable instances of the vulnerable code pattern; the PoC for leaking kernel memory using variant 1 uses the eBPF interpreter or the eBPF JIT engine, which are built into the kernel and accessible to normal users.\r\n\r\nA minor variant of this could be to instead use an out-of-bounds read to a function pointer to gain control of execution in the mis-speculated path. We did not investigate this variant further.\r\n\r\n### Attacking the kernel\r\nThis section describes in more detail how variant 1 can be used to leak Linux kernel memory using the eBPF bytecode interpreter and JIT engine. While there are many interesting potential targets for variant 1 attacks, we chose to attack the Linux in-kernel eBPF JIT/interpreter because it provides more control to the attacker than most other JITs.\r\n\r\nThe Linux kernel supports eBPF since version 3.18. Unprivileged userspace code can supply bytecode to the kernel that is verified by the kernel and then:\r\n\r\n* either interpreted by an in-kernel bytecode interpreter\r\n* or translated to native machine code that also runs in kernel context using a JIT engine (which translates individual bytecode instructions without performing any further optimizations)\r\n\r\nExecution of the bytecode can be triggered by attaching the eBPF bytecode to a socket as a filter and then sending data through the other end of the socket.\r\n\r\nWhether the JIT engine is enabled depends on a run-time configuration setting - but at least on the tested Intel processor, the attack works independent of that setting.\r\n\r\nUnlike classic BPF, eBPF has data types like data arrays and function pointer arrays into which eBPF bytecode can index. Therefore, it is possible to create the code pattern described above in the kernel using eBPF bytecode.\r\n\r\neBPF's data arrays are less efficient than its function pointer arrays, so the attack will use the latter where possible.\r\n\r\nBoth machines on which this was tested have no SMAP, and the PoC relies on that (but it shouldn't be a precondition in principle).\r\n\r\nAdditionally, at least on the Intel machine on which this was tested, bouncing modified cache lines between cores is slow, apparently because the MESI protocol is used for cache coherence [8]. Changing the reference counter of an eBPF array on one physical CPU core causes the cache line containing the reference counter to be bounced over to that CPU core, making reads of the reference counter on all other CPU cores slow until the changed reference counter has been written back to memory. Because the length and the reference counter of an eBPF array are stored in the same cache line, this also means that changing the reference counter on one physical CPU core causes reads of the eBPF array's length to be slow on other physical CPU cores (intentional false sharing).\r\n\r\nThe attack uses two eBPF programs. The first one tail-calls through a page-aligned eBPF function pointer array prog_map at a configurable index. In simplified terms, this program is used to determine the address of prog_map by guessing the offset from prog_map to a userspace address and tail-calling through prog_map at the guessed offsets. To cause the branch prediction to predict that the offset is below the length of prog_map, tail calls to an in-bounds index are performed in between. To increase the mis-speculation window, the cache line containing the length of prog_map is bounced to another core. To test whether an offset guess was successful, it can be tested whether the userspace address has been loaded into the cache.\r\n\r\nBecause such straightforward brute-force guessing of the address would be slow, the following optimization is used: 215 adjacent userspace memory mappings [9], each consisting of 24 pages, are created at the userspace address user_mapping_area, covering a total area of 231 bytes. Each mapping maps the same physical pages, and all mappings are present in the pagetables.\r\n\r\n![](https://images.seebug.org/1515056154332)\r\n\r\n\r\nThis permits the attack to be carried out in steps of 2^31 bytes. For each step, after causing an out-of-bounds access through prog_map, only one cache line each from the first 2^4 pages of user_mapping_area have to be tested for cached memory. Because the L3 cache is physically indexed, any access to a virtual address mapping a physical page will cause all other virtual addresses mapping the same physical page to become cached as well.\r\n\r\nWhen this attack finds a hit\u2014a cached memory location\u2014the upper 33 bits of the kernel address are known (because they can be derived from the address guess at which the hit occurred), and the low 16 bits of the address are also known (from the offset inside user_mapping_area at which the hit was found). The remaining part of the address of user_mapping_area is the middle.\r\n\r\n![](https://images.seebug.org/1515056196730)\r\n\r\n\r\n\r\nThe remaining bits in the middle can be determined by bisecting the remaining address space: Map two physical pages to adjacent ranges of virtual addresses, each virtual address range the size of half of the remaining search space, then determine the remaining address bit-wise.\r\n\r\nAt this point, a second eBPF program can be used to actually leak data. In pseudocode, this program looks as follows:\r\n```\r\nuint64_t bitmask = <runtime-configurable>;\r\nuint64_t bitshift_selector = <runtime-configurable>;\r\nuint64_t prog_array_base_offset = <runtime-configurable>;\r\nuint64_t secret_data_offset = <runtime-configurable>;\r\n// index will be bounds-checked by the runtime,\r\n// but the bounds check will be bypassed speculatively\r\nuint64_t secret_data = bpf_map_read(array=victim_array, index=secret_data_offset);\r\n// select a single bit, move it to a specific position, and add the base offset\r\nuint64_t progmap_index = (((secret_data & bitmask) >> bitshift_selector) << 7) + prog_array_base_offset;\r\nbpf_tail_call(prog_map, progmap_index);\r\n```\r\n\r\nThis program reads 8-byte-aligned 64-bit values from an eBPF data array \"victim_map\" at a runtime-configurable offset and bitmasks and bit-shifts the value so that one bit is mapped to one of two values that are 27 bytes apart (sufficient to not land in the same or adjacent cache lines when used as an array index). Finally it adds a 64-bit offset, then uses the resulting value as an offset into prog_map for a tail call.\r\n\r\nThis program can then be used to leak memory by repeatedly calling the eBPF program with an out-of-bounds offset into victim_map that specifies the data to leak and an out-of-bounds offset into prog_map that causes prog_map + offset to point to a userspace memory area. Misleading the branch prediction and bouncing the cache lines works the same way as for the first eBPF program, except that now, the cache line holding the length of victim_map must also be bounced to another core.\r\n\r\n### Variant 2: Branch target injection\r\nThis section describes the theory behind our PoC for variant 2 that, when running with root privileges inside a KVM guest created using virt-manager on the Intel Haswell Xeon CPU, with a specific version of Debian's distro kernel running on the host, can read host kernel memory at a rate of around 1500 bytes/second.\r\n\r\n#### Basics\r\nPrior research (see the Literature section at the end) has shown that it is possible for code in separate security contexts to influence each other's branch prediction. So far, this has only been used to infer information about where code is located (in other words, to create interference from the victim to the attacker); however, the basic hypothesis of this attack variant is that it can also be used to redirect execution of code in the victim context (in other words, to create interference from the attacker to the victim; the other way around).\r\n\r\n![](https://images.seebug.org/1515056233946)\r\n\r\n\r\nThe basic idea for the attack is to target victim code that contains an indirect branch whose target address is loaded from memory and flush the cache line containing the target address out to main memory. Then, when the CPU reaches the indirect branch, it won't know the true destination of the jump, and it won't be able to calculate the true destination until it has finished loading the cache line back into the CPU, which takes a few hundred cycles. Therefore, there is a time window of typically over 100 cycles in which the CPU will speculatively execute instructions based on branch prediction.\r\n\r\n#### Haswell branch prediction internals\r\nSome of the internals of the branch prediction implemented by Intel's processors have already been published; however, getting this attack to work properly required significant further experimentation to determine additional details.\r\n\r\nThis section focuses on the branch prediction internals that were experimentally derived from the Intel Haswell Xeon CPU.\r\n\r\nHaswell seems to have multiple branch prediction mechanisms that work very differently:\r\n\r\n* A generic branch predictor that can only store one target per source address; used for all kinds of jumps, like absolute jumps, relative jumps and so on.\r\n* A specialized indirect call predictor that can store multiple targets per source address; used for indirect calls.\r\n* (There is also a specialized return predictor, according to Intel's optimization manual, but we haven't analyzed that in detail yet. If this predictor could be used to reliably dump out some of the call stack through which a VM was entered, that would be very interesting.)\r\n\r\n#### Generic predictor\r\nThe generic branch predictor, as documented in prior research, only uses the lower 31 bits of the address of the last byte of the source instruction for its prediction. If, for example, a branch target buffer (BTB) entry exists for a jump from 0x4141.0004.1000 to 0x4141.0004.5123, the generic predictor will also use it to predict a jump from 0x4242.0004.1000. When the higher bits of the source address differ like this, the higher bits of the predicted destination change together with it\u2014in this case, the predicted destination address will be 0x4242.0004.5123\u2014so apparently this predictor doesn't store the full, absolute destination address.\r\n\r\nBefore the lower 31 bits of the source address are used to look up a BTB entry, they are folded together using XOR. Specifically, the following bits are folded together:\r\n\r\n![](https://images.seebug.org/1515056301551)\r\n\r\nIn other words, if a source address is XORed with both numbers in a row of this table, the branch predictor will not be able to distinguish the resulting address from the original source address when performing a lookup. For example, the branch predictor is able to distinguish source addresses 0x100.0000 and 0x180.0000, and it can also distinguish source addresses 0x100.0000 and 0x180.8000, but it can't distinguish source addresses 0x100.0000 and 0x140.2000 or source addresses 0x100.0000 and 0x180.4000. In the following, this will be referred to as aliased source addresses.\r\n\r\nWhen an aliased source address is used, the branch predictor will still predict the same target as for the unaliased source address. This indicates that the branch predictor stores a truncated absolute destination address, but that hasn't been verified.\r\n\r\nBased on observed maximum forward and backward jump distances for different source addresses, the low 32-bit half of the target address could be stored as an absolute 32-bit value with an additional bit that specifies whether the jump from source to target crosses a 232 boundary; if the jump crosses such a boundary, bit 31 of the source address determines whether the high half of the instruction pointer should increment or decrement.\r\n\r\n#### Indirect call predictor\r\nThe inputs of the BTB lookup for this mechanism seem to be:\r\n\r\n* The low 12 bits of the address of the source instruction (we are not sure whether it's the address of the first or the last byte) or a subset of them.\r\n* The branch history buffer state.\r\n\r\nIf the indirect call predictor can't resolve a branch, it is resolved by the generic predictor instead. Intel's optimization manual hints at this behavior: \"Indirect Calls and Jumps. These may either be predicted as having a monotonic target or as having targets that vary in accordance with recent program behavior.\"\r\n\r\nThe branch history buffer (BHB) stores information about the last 29 taken branches - basically a fingerprint of recent control flow - and is used to allow better prediction of indirect calls that can have multiple targets.\r\n\r\nThe update function of the BHB works as follows (in pseudocode; src is the address of the last byte of the source instruction, dst is the destination address):\r\n```\r\nvoid bhb_update(uint58_t *bhb_state, unsigned long src, unsigned long dst) {\r\n *bhb_state <<= 2;\r\n *bhb_state ^= (dst & 0x3f);\r\n *bhb_state ^= (src & 0xc0) >> 6;\r\n *bhb_state ^= (src & 0xc00) >> (10 - 2);\r\n *bhb_state ^= (src & 0xc000) >> (14 - 4);\r\n *bhb_state ^= (src & 0x30) << (6 - 4);\r\n *bhb_state ^= (src & 0x300) << (8 - 8);\r\n *bhb_state ^= (src & 0x3000) >> (12 - 10);\r\n *bhb_state ^= (src & 0x30000) >> (16 - 12);\r\n *bhb_state ^= (src & 0xc0000) >> (18 - 14);\r\n}\r\n```\r\nSome of the bits of the BHB state seem to be folded together further using XOR when used for a BTB access, but the precise folding function hasn't been understood yet.\r\n\r\nThe BHB is interesting for two reasons. First, knowledge about its approximate behavior is required in order to be able to accurately cause collisions in the indirect call predictor. But it also permits dumping out the BHB state at any repeatable program state at which the attacker can execute code - for example, when attacking a hypervisor, directly after a hypercall. The dumped BHB state can then be used to fingerprint the hypervisor or, if the attacker has access to the hypervisor binary, to determine the low 20 bits of the hypervisor load address (in the case of KVM: the low 20 bits of the load address of kvm-intel.ko).\r\n\r\n#### Reverse-Engineering Branch Predictor Internals\r\n\r\nThis subsection describes how we reverse-engineered the internals of the Haswell branch predictor. Some of this is written down from memory, since we didn't keep a detailed record of what we were doing.\r\n\r\nWe initially attempted to perform BTB injections into the kernel using the generic predictor, using the knowledge from prior research that the generic predictor only looks at the lower half of the source address and that only a partial target address is stored. This kind of worked - however, the injection success rate was very low, below 1%. (This is the method we used in our preliminary PoCs for method 2 against modified hypervisors running on Haswell.)\r\n\r\nWe decided to write a userspace test case to be able to more easily test branch predictor behavior in different situations.\r\n\r\nBased on the assumption that branch predictor state is shared between hyperthreads [10], we wrote a program of which two instances are each pinned to one of the two logical processors running on a specific physical core, where one instance attempts to perform branch injections while the other measures how often branch injections are successful. Both instances were executed with ASLR disabled and had the same code at the same addresses. The injecting process performed indirect calls to a function that accesses a (per-process) test variable; the measuring process performed indirect calls to a function that tests, based on timing, whether the per-process test variable is cached, and then evicts it using CLFLUSH. Both indirect calls were performed through the same callsite. Before each indirect call, the function pointer stored in memory was flushed out to main memory using CLFLUSH to widen the speculation time window. Additionally, because of the reference to \"recent program behavior\" in Intel's optimization manual, a bunch of conditional branches that are always taken were inserted in front of the indirect call.\r\n\r\nIn this test, the injection success rate was above 99%, giving us a base setup for future experiments.\r\n\r\n![](https://images.seebug.org/1515056368577)\r\n\r\n\r\nWe then tried to figure out the details of the prediction scheme. We assumed that the prediction scheme uses a global branch history buffer of some kind.\r\n\r\nTo determine the duration for which branch information stays in the history buffer, a conditional branch that is only taken in one of the two program instances was inserted in front of the series of always-taken conditional jumps, then the number of always-taken conditional jumps (N) was varied. The result was that for N=25, the processor was able to distinguish the branches (misprediction rate under 1%), but for N=26, it failed to do so (misprediction rate over 99%).\r\nTherefore, the branch history buffer had to be able to store information about at least the last 26 branches.\r\n\r\nThe code in one of the two program instances was then moved around in memory. This revealed that only the lower 20 bits of the source and target addresses have an influence on the branch history buffer.\r\n\r\nTesting with different types of branches in the two program instances revealed that static jumps, taken conditional jumps, calls and returns influence the branch history buffer the same way; non-taken conditional jumps don't influence it; the address of the last byte of the source instruction is the one that counts; IRETQ doesn't influence the history buffer state (which is useful for testing because it permits creating program flow that is invisible to the history buffer).\r\n\r\nMoving the last conditional branch before the indirect call around in memory multiple times revealed that the branch history buffer contents can be used to distinguish many different locations of that last conditional branch instruction. This suggests that the history buffer doesn't store a list of small history values; instead, it seems to be a larger buffer in which history data is mixed together.\r\n\r\nHowever, a history buffer needs to \"forget\" about past branches after a certain number of new branches have been taken in order to be useful for branch prediction. Therefore, when new data is mixed into the history buffer, this can not cause information in bits that are already present in the history buffer to propagate downwards - and given that, upwards combination of information probably wouldn't be very useful either. Given that branch prediction also must be very fast, we concluded that it is likely that the update function of the history buffer left-shifts the old history buffer, then XORs in the new state (see diagram).\r\n\r\n![](https://images.seebug.org/1515056391971)\r\n\r\n\r\nIf this assumption is correct, then the history buffer contains a lot of information about the most recent branches, but only contains as many bits of information as are shifted per history buffer update about the last branch about which it contains any data. Therefore, we tested whether flipping different bits in the source and target addresses of a jump followed by 32 always-taken jumps with static source and target allows the branch prediction to disambiguate an indirect call. [11]\r\n\r\nWith 32 static jumps in between, no bit flips seemed to have an influence, so we decreased the number of static jumps until a difference was observable. The result with 28 always-taken jumps in between was that bits 0x1 and 0x2 of the target and bits 0x40 and 0x80 of the source had such an influence; but flipping both 0x1 in the target and 0x40 in the source or 0x2 in the target and 0x80 in the source did not permit disambiguation. This shows that the per-insertion shift of the history buffer is 2 bits and shows which data is stored in the least significant bits of the history buffer. We then repeated this with decreased amounts of fixed jumps after the bit-flipped jump to determine which information is stored in the remaining bits.\r\n#### Reading host memory from a KVM guest\r\nLocating the host kernel\r\nOur PoC locates the host kernel in several steps. The information that is determined and necessary for the next steps of the attack consists of:\r\n\r\n* lower 20 bits of the address of kvm-intel.ko\r\n* full address of kvm.ko\r\n* full address of vmlinux\r\n\r\nLooking back, this is unnecessarily complicated, but it nicely demonstrates the various techniques an attacker can use. A simpler way would be to first determine the address of vmlinux, then bisect the addresses of kvm.ko and kvm-intel.ko.\r\n\r\nIn the first step, the address of kvm-intel.ko is leaked. For this purpose, the branch history buffer state after guest entry is dumped out. Then, for every possible value of bits 12..19 of the load address of kvm-intel.ko, the expected lowest 16 bits of the history buffer are computed based on the load address guess and the known offsets of the last 8 branches before guest entry, and the results are compared against the lowest 16 bits of the leaked history buffer state.\r\n\r\nThe branch history buffer state is leaked in steps of 2 bits by measuring misprediction rates of an indirect call with two targets. One way the indirect call is reached is from a vmcall instruction followed by a series of N branches whose relevant source and target address bits are all zeroes. The second way the indirect call is reached is from a series of controlled branches in userspace that can be used to write arbitrary values into the branch history buffer.\r\nMisprediction rates are measured as in the section \"Reverse-Engineering Branch Predictor Internals\", using one call target that loads a cache line and another one that checks whether the same cache line has been loaded.\r\n\r\n![](https://images.seebug.org/1515056430572)\r\n\r\n\r\nWith N=29, mispredictions will occur at a high rate if the controlled branch history buffer value is zero because all history buffer state from the hypercall has been erased. With N=28, mispredictions will occur if the controlled branch history buffer value is one of `0<<(28*2), 1<<(28*2), 2<<(28*2), 3<<(28*2)` - by testing all four possibilities, it can be detected which one is right. Then, for decreasing values of N, the four possibilities are `{0|1|2|3}<<(28*2) | (history_buffer_for(N+1) >> 2)`. By repeating this for decreasing values for N, the branch history buffer value for N=0 can be determined.\r\n\r\n![](https://images.seebug.org/1515056469539)\r\n\r\nAt this point, the low 20 bits of kvm-intel.ko are known; the next step is to roughly locate kvm.ko.\r\nFor this, the generic branch predictor is used, using data inserted into the BTB by an indirect call from kvm.ko to kvm-intel.ko that happens on every hypercall; this means that the source address of the indirect call has to be leaked out of the BTB.\r\n\r\nkvm.ko will probably be located somewhere in the range from 0xffffffffc0000000 to 0xffffffffc4000000, with page alignment (0x1000). This means that the first four entries in the table in the section \"Generic Predictor\" apply; there will be 2^4-1=15 aliasing addresses for the correct one. But that is also an advantage: It cuts down the search space from 0x4000 to 0x4000/2^4=1024.\r\n\r\nTo find the right address for the source or one of its aliasing addresses, code that loads data through a specific register is placed at all possible call targets (the leaked low 20 bits of kvm-intel.ko plus the in-module offset of the call target plus a multiple of 2^20) and indirect calls are placed at all possible call sources. Then, alternatingly, hypercalls are performed and indirect calls are performed through the different possible non-aliasing call sources, with randomized history buffer state that prevents the specialized prediction from working. After this step, there are 2^16 remaining possibilities for the load address of kvm.ko.\r\n\r\nNext, the load address of vmlinux can be determined in a similar way, using an indirect call from vmlinux to kvm.ko. Luckily, none of the bits which are randomized in the load address of vmlinux are folded together, so unlike when locating kvm.ko, the result will directly be unique. vmlinux has an alignment of 2MiB and a randomization range of 1GiB, so there are still only 512 possible addresses.\r\nBecause (as far as we know) a simple hypercall won't actually cause indirect calls from vmlinux to kvm.ko, we instead use port I/O from the status register of an emulated serial port, which is present in the default configuration of a virtual machine created with virt-manager.\r\n\r\nThe only remaining piece of information is which one of the 16 aliasing load addresses of kvm.ko is actually correct. Because the source address of an indirect call to kvm.ko is known, this can be solved using bisection: Place code at the various possible targets that, depending on which instance of the code is speculatively executed, loads one of two cache lines, and measure which one of the cache lines gets loaded.\r\n\r\n#### Identifying cache sets\r\nThe PoC assumes that the VM does not have access to hugepages.To discover eviction sets for all L3 cache sets with a specific alignment relative to a 4KiB page boundary, the PoC first allocates 25600 pages of memory. Then, in a loop, it selects random subsets of all remaining unsorted pages such that the expected number of sets for which an eviction set is contained in the subset is 1, reduces each subset down to an eviction set by repeatedly accessing its cache lines and testing whether the cache lines are always cached (in which case they're probably not part of an eviction set) and attempts to use the new eviction set to evict all remaining unsorted cache lines to determine whether they are in the same cache set [12].\r\n\r\n#### Locating the host-virtual address of a guest page\r\nBecause this attack uses a FLUSH+RELOAD approach for leaking data, it needs to know the host-kernel-virtual address of one guest page. Alternative approaches such as PRIME+PROBE should work without that requirement.\r\n\r\nThe basic idea for this step of the attack is to use a branch target injection attack against the hypervisor to load an attacker-controlled address and test whether that caused the guest-owned page to be loaded. For this, a gadget that simply loads from the memory location specified by R8 can be used - R8-R11 still contain guest-controlled values when the first indirect call after a guest exit is reached on this kernel build.\r\n\r\nWe expected that an attacker would need to either know which eviction set has to be used at this point or brute-force it simultaneously; however, experimentally, using random eviction sets works, too. Our theory is that the observed behavior is actually the result of L1D and L2 evictions, which might be sufficient to permit a few instructions worth of speculative execution.\r\n\r\nThe host kernel maps (nearly?) all physical memory in the physmap area, including memory assigned to KVM guests. However, the location of the physmap is randomized (with a 1GiB alignment), in an area of size 128PiB. Therefore, directly bruteforcing the host-virtual address of a guest page would take a long time. It is not necessarily impossible; as a ballpark estimate, it should be possible within a day or so, maybe less, assuming 12000 successful injections per second and 30 guest pages that are tested in parallel; but not as impressive as doing it in a few minutes.\r\n\r\nTo optimize this, the problem can be split up: First, brute-force the physical address using a gadget that can load from physical addresses, then brute-force the base address of the physmap region. Because the physical address can usually be assumed to be far below 128PiB, it can be brute-forced more efficiently, and brute-forcing the base address of the physmap region afterwards is also easier because then address guesses with 1GiB alignment can be used.\r\n\r\nTo brute-force the physical address, the following gadget can be used:\r\n```\r\nffffffff810a9def: 4c 89 c0 mov rax,r8\r\nffffffff810a9df2: 4d 63 f9 movsxd r15,r9d\r\nffffffff810a9df5: 4e 8b 04 fd c0 b3 a6 mov r8,QWORD PTR [r15*8-0x7e594c40]\r\nffffffff810a9dfc: 81\r\nffffffff810a9dfd: 4a 8d 3c 00 lea rdi,[rax+r8*1]\r\nffffffff810a9e01: 4d 8b a4 00 f8 00 00 mov r12,QWORD PTR [r8+rax*1+0xf8]\r\nffffffff810a9e08: 00\r\n```\r\n\r\nThis gadget permits loading an 8-byte-aligned value from the area around the kernel text section by setting R9 appropriately, which in particular permits loading page_offset_base, the start address of the physmap. Then, the value that was originally in R8 - the physical address guess minus 0xf8 - is added to the result of the previous load, 0xfa is added to it, and the result is dereferenced.\r\n#### Cache set selection\r\nTo select the correct L3 eviction set, the attack from the following section is essentially executed with different eviction sets until it works.\r\n\r\n#### Leaking data\r\nAt this point, it would normally be necessary to locate gadgets in the host kernel code that can be used to actually leak data by reading from an attacker-controlled location, shifting and masking the result appropriately and then using the result of that as offset to an attacker-controlled address for a load. But piecing gadgets together and figuring out which ones work in a speculation context seems annoying. So instead, we decided to use the eBPF interpreter, which is built into the host kernel - while there is no legitimate way to invoke it from inside a VM, the presence of the code in the host kernel's text section is sufficient to make it usable for the attack, just like with ordinary ROP gadgets.\r\n\r\nThe eBPF interpreter entry point has the following function signature:\r\n```\r\nstatic unsigned int __bpf_prog_run(void *ctx, const struct bpf_insn *insn)\r\n```\r\nThe second parameter is a pointer to an array of statically pre-verified eBPF instructions to be executed - which means that `__bpf_prog_run()` will not perform any type checks or bounds checks. The first parameter is simply stored as part of the initial emulated register state, so its value doesn't matter.\r\n\r\nThe eBPF interpreter provides, among other things:\r\n\r\n* multiple emulated 64-bit registers\r\n* 64-bit immediate writes to emulated registers\r\n* memory reads from addresses stored in emulated registers\r\n* bitwise operations (including bit shifts) and arithmetic operations\r\n\r\nTo call the interpreter entry point, a gadget that gives RSI and RIP control given R8-R11 control and controlled data at a known memory location is necessary. The following gadget provides this functionality:\r\n```\r\nffffffff81514edd: 4c 89 ce mov rsi,r9\r\nffffffff81514ee0: 41 ff 90 b0 00 00 00 call QWORD PTR [r8+0xb0]\r\n```\r\n\r\nNow, by pointing R8 and R9 at the mapping of a guest-owned page in the physmap, it is possible to speculatively execute arbitrary unvalidated eBPF bytecode in the host kernel. Then, relatively straightforward bytecode can be used to leak data into the cache.\r\n### Variant 3: Rogue data cache load\r\nBasically, read Anders Fogh's blogpost: https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/\r\n\r\nIn summary, an attack using this variant of the issue attempts to read kernel memory from userspace without misdirecting the control flow of kernel code. This works by using the code pattern that was used for the previous variants, but in userspace. The underlying idea is that the permission check for accessing an address might not be on the critical path for reading data from memory to a register, where the permission check could have significant performance impact. Instead, the memory read could make the result of the read available to following instructions immediately and only perform the permission check asynchronously, setting a flag in the reorder buffer that causes an exception to be raised if the permission check fails.\r\n\r\nWe do have a few additions to make to Anders Fogh's blogpost:\r\n```\r\n\"Imagine the following instruction executed in usermode\r\nmov rax,[somekernelmodeaddress]\r\nIt will cause an interrupt when retired, [...]\"\r\n```\r\n\r\nIt is also possible to already execute that instruction behind a high-latency mispredicted branch to avoid taking a page fault. This might also widen the speculation window by increasing the delay between the read from a kernel address and delivery of the associated exception.\r\n\r\n\"First, I call a syscall that touches this memory. Second, I use the prefetcht0 instruction to improve my odds of having the address loaded in L1.\"\r\n\r\nWhen we used prefetch instructions after doing a syscall, the attack stopped working for us, and we have no clue why. Perhaps the CPU somehow stores whether access was denied on the last access and prevents the attack from working if that is the case?\r\n\r\n\"Fortunately I did not get a slow read suggesting that Intel null\u2019s the result when the access is not allowed.\"\r\n\r\nThat (read from kernel address returns all-zeroes) seems to happen for memory that is not sufficiently cached but for which pagetable entries are present, at least after repeated read attempts. For unmapped memory, the kernel address read does not return a result at all.\r\n\r\n#### Ideas for further research\r\nWe believe that our research provides many remaining research topics that we have not yet investigated, and we encourage other public researchers to look into these.\r\nThis section contains an even higher amount of speculation than the rest of this blogpost - it contains untested ideas that might well be useless.\r\n\r\n#### Leaking without data cache timing\r\nIt would be interesting to explore whether there are microarchitectural attacks other than measuring data cache timing that can be used for exfiltrating data out of speculative execution.\r\n\r\n#### Other microarchitectures\r\nOur research was relatively Haswell-centric so far. It would be interesting to see details e.g. on how the branch prediction of other modern processors works and how well it can be attacked.\r\n\r\n#### Other JIT engines\r\nWe developed a successful variant 1 attack against the JIT engine built into the Linux kernel. It would be interesting to see whether attacks against more advanced JIT engines with less control over the system are also practical - in particular, JavaScript engines.\r\n\r\n#### More efficient scanning for host-virtual addresses and cache sets\r\nIn variant 2, while scanning for the host-virtual address of a guest-owned page, it might make sense to attempt to determine its L3 cache set first. This could be done by performing L3 evictions using an eviction pattern through the physmap, then testing whether the eviction affected the guest-owned page.\r\n\r\nThe same might work for cache sets - use an L1D+L2 eviction set to evict the function pointer in the host kernel context, use a gadget in the kernel to evict an L3 set using physical addresses, then use that to identify which cache sets guest lines belong to until a guest-owned eviction set has been constructed.\r\nDumping the complete BTB state\r\nGiven that the generic BTB seems to only be able to distinguish 231-8 or fewer source addresses, it seems feasible to dump out the complete BTB state generated by e.g. a hypercall in a timeframe around the order of a few hours. (Scan for jump sources, then for every discovered jump source, bisect the jump target.) This could potentially be used to identify the locations of functions in the host kernel even if the host kernel is custom-built.\r\n\r\nThe source address aliasing would reduce the usefulness somewhat, but because target addresses don't suffer from that, it might be possible to correlate (source,target) pairs from machines with different KASLR offsets and reduce the number of candidate addresses based on KASLR being additive while aliasing is bitwise.\r\n\r\nThis could then potentially allow an attacker to make guesses about the host kernel version or the compiler used to build it based on jump offsets or distances between functions.\r\n#### Variant 2: Leaking with more efficient gadgets\r\nIf sufficiently efficient gadgets are used for variant 2, it might not be necessary to evict host kernel function pointers from the L3 cache at all; it might be sufficient to only evict them from L1D and L2.\r\n\r\n#### Various speedups\r\nIn particular the variant 2 PoC is still a bit slow. This is probably partly because:\r\n\r\n* It only leaks one bit at a time; leaking more bits at a time should be doable.\r\n* It heavily uses IRETQ for hiding control flow from the processor.\r\n\r\nIt would be interesting to see what data leak rate can be achieved using variant 2.\r\n\r\n#### Leaking or injection through the return predictor\r\nIf the return predictor also doesn't lose its state on a privilege level change, it might be useful for either locating the host kernel from inside a VM (in which case bisection could be used to very quickly discover the full address of the host kernel) or injecting return targets (in particular if the return address is stored in a cache line that can be flushed out by the attacker and isn't reloaded before the return instruction).\r\n\r\nHowever, we have not performed any experiments with the return predictor that yielded conclusive results so far.\r\n#### Leaking data out of the indirect call predictor\r\nWe have attempted to leak target information out of the indirect call predictor, but haven't been able to make it work.\r\n\r\n### Vendor statements\r\nThe following statement were provided to us regarding this issue from the vendors to whom Project Zero disclosed this vulnerability:\r\n\r\n### Intel\r\nNo current statement provided at this time.\r\n\r\n### AMD\r\nAMD provided the following link: http://www.amd.com/en/corporate/speculative-execution\r\n\r\n### ARM\r\nArm recognises that the speculation functionality of many modern high-performance processors, despite working as intended, can be used in conjunction with the timing of cache operations to leak some information as described in this blog. Correspondingly, Arm has developed software mitigations that we recommend be deployed.\r\n\r\nSpecific details regarding the affected processors and mitigations can be found at this website: https://developer.arm.com/support/security-update\r\n\r\nArm has included a detailed technical whitepaper as well as links to information from some of Arm\u2019s architecture partners regarding their specific implementations and mitigations.\r\n### Literature\r\nNote that some of these documents - in particular Intel's documentation - change over time, so quotes from and references to it may not reflect the latest version of Intel's documentation.\r\n\r\n* https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-optimization-manual.pdf: Intel's optimization manual has many interesting pieces of optimization advice that hint at relevant microarchitectural behavior; for example:\r\n\t* \"Placing data immediately following an indirect branch can cause a performance problem. If the data consists of all zeros, it looks like a long stream of ADDs to memory destinations and this can cause resource conflicts and slow down branch recovery. Also, data immediately following indirect branches may appear as branches to the branch predication [sic] hardware, which can branch off to execute other data pages. This can lead to subsequent self-modifying code problems.\"\r\n\t* \"Loads can:[...]Be carried out speculatively, before preceding branches are resolved.\"\r\n\t* \"Software should avoid writing to a code page in the same 1-KByte subpage that is being executed or fetching code in the same 2-KByte subpage of that is being written. In addition, sharing a page containing directly or speculatively executed code with another processor as a data page can trigger an SMC condition that causes the entire pipeline of the machine and the trace cache to be cleared. This is due to the self-modifying code condition.\"\r\n\t* \"if mapped as WB or WT, there is a potential for speculative processor reads to bring the data into the caches\"\r\n\t* \"Failure to map the region as WC may allow the line to be speculatively read into the processor caches (via the wrong path of a mispredicted branch).\"\r\n* https://software.intel.com/en-us/articles/intel-sdm: Intel's Software Developer Manuals\r\n* http://www.agner.org/optimize/microarchitecture.pdf: Agner Fog's documentation of reverse-engineered processor behavior and relevant theory was very helpful for this research.\r\n* http://www.cs.binghamton.edu/~dima/micro16.pdf and https://github.com/felixwilhelm/mario_baslr: Prior research by Dmitry Evtyushkin, Dmitry Ponomarev and Nael Abu-Ghazaleh on abusing branch target buffer behavior to leak addresses that we used as a starting point for analyzing the branch prediction of Haswell processors. Felix Wilhelm's research based on this provided the basic idea behind variant 2.\r\n* https://arxiv.org/pdf/1507.06955.pdf: The rowhammer.js research by Daniel Gruss, Cl\u00e9mentine Maurice and Stefan Mangard contains information about L3 cache eviction patterns that we reused in the KVM PoC to evict a function pointer.\r\n* https://xania.org/201602/bpu-part-one: Matt Godbolt blogged about reverse-engineering the structure of the branch predictor on Intel processors.\r\n* https://www.sophia.re/thesis.pdf: Sophia D'Antoine wrote a thesis that shows that opcode scheduling can theoretically be used to transmit data between hyperthreads.\r\n* https://gruss.cc/files/kaiser.pdf: Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Cl\u00e9mentine Maurice, and Stefan Mangard wrote a paper on mitigating microarchitectural issues caused by pagetable sharing between userspace and the kernel.\r\n* https://www.jilp.org/: This journal contains many articles on branch prediction.\r\n* http://blog.stuffedcow.net/2013/01/ivb-cache-replacement/: This blogpost by Henry Wong investigates the L3 cache replacement policy used by Intel's Ivy Bridge architecture.\r\n\r\n### References\r\n* [1] This initial report did not contain any information about variant 3. We had discussed whether direct reads from kernel memory could work, but thought that it was unlikely. We later tested and reported variant 3 prior to the publication of Anders Fogh's work at https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/.\r\n* [2] The precise model names are listed in the section \"Tested Processors\". The code for reproducing this is in the writeup_files.tar archive in our bugtracker, in the folders userland_test_x86 and userland_test_aarch64.\r\n* [3] The attacker-controlled offset used to perform an out-of-bounds access on an array by this PoC is a 32-bit value, limiting the accessible addresses to a 4GiB window in the kernel heap area.\r\n* [4] This PoC won't work on CPUs with SMAP support; however, that is not a fundamental limitation.\r\n* [5] linux-image-4.9.0-3-amd64 at version 4.9.30-2+deb9u2 (available at http://snapshot.debian.org/archive/debian/20170701T224614Z/pool/main/l/linux/linux-image-4.9.0-3-amd64_4.9.30-2%2Bdeb9u2_amd64.deb, sha256 5f950b26aa7746d75ecb8508cc7dab19b3381c9451ee044cd2edfd6f5efff1f8, signed via Release.gpg, Release, Packages.xz); that was the current distro kernel version when I set up the machine. It is very unlikely that the PoC works with other kernel versions without changes; it contains a number of hardcoded addresses/offsets.\r\n* [6] The phone was running an Android build from May 2017.\r\n* [7] https://software.intel.com/en-us/articles/intel-sdm\r\n* [8] https://software.intel.com/en-us/articles/avoiding-and-identifying-false-sharing-among-threads, section \"background\"\r\n* [9] More than 215 mappings would be more efficient, but the kernel places a hard cap of 216 on the number of VMAs that a process can have.\r\n* [10] Intel's optimization manual states that \"In the first implementation of HT Technology, the physical execution resources are shared and the architecture state is duplicated for each logical processor\", so it would be plausible for predictor state to be shared. While predictor state could be tagged by logical core, that would likely reduce performance for multithreaded processes, so it doesn't seem likely.\r\n* [11] In case the history buffer was a bit bigger than we had measured, we added some margin - in particular because we had seen slightly different history buffer lengths in different experiments, and because 26 isn't a very round number.\r\n* [12] The basic idea comes from http://palms.ee.princeton.edu/system/files/SP_vfinal.pdf, section IV, although the authors of that paper still used hugepages.", "published": "2018-01-04T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.seebug.org/vuldb/ssvid-97059", "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "lastseen": "2018-01-04T18:28:12"}], "paloalto": [{"id": "PAN-SA-2018-0001", "type": "paloalto", "title": "Information about Meltdown and Spectre findings", "description": "Palo Alto Networks is aware of recent vulnerability disclosures, known as Meltdown and Spectre, that affect modern CPU architectures. At this time, our findings show that these vulnerabilities pose no increased risk to Palo Alto Networks PAN-OS devices. (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754). This security advisory will be updated as more information becomes available or if there are changes in the impact of these vulnerabilities.\n", "published": "2018-01-04T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://securityadvisories.paloaltonetworks.com/Home/Detail/120", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-12T05:00:38"}], "cloudfoundry": [{"id": "CFOUNDRY:86B5C35F8F0E334D1CCCDAF1214EDFEF", "type": "cloudfoundry", "title": "USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities - Cloud Foundry", "description": "# \n\n# Severity\n\nCritical\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nUSN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nJann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 ([CVE-2017-5753](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5753>) only), amd64, ppc64el, and s390x architectures. ([CVE-2017-5715](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5715>), [CVE-2017-5753](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5753>))\n\nUSN-3522-2 mitigated [CVE-2017-5754](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5754>) (Meltdown) for the amd64 architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. Original advisory details:\n\nJann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. ([CVE-2017-5754](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5754>))\n\n**Please Note: These stemcells address critical vulnerabilities in Ubuntu associated with [Meltdown and Spectre](<https://meltdownattack.com/>). This update may include degradations to performance. The Cloud Foundry Project will be performing additional performance testing and will make updates to this notice as more information is available.**\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is critical unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3312.x versions prior to 3312.51\n * 3363.x versions prior to 3363.48\n * 3421.x versions prior to 3421.38\n * 3445.x versions prior to 3445.24\n * 3468.x versions prior to 3468.20\n * All other stemcells not listed.\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3312.x versions to 3312.51\n * Upgrade 3363.x versions to 3363.48\n * Upgrade 3421.x versions to 3421.38\n * Upgrade 3445.x versions to 3445.24\n * Upgrade 3468.x versions to 3468.20\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n\n# References\n\n * [USN-3540-2](<http://www.ubuntu.com/usn/usn-3540-2/>)\n * [CVE-2017-5753](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5753>)\n * [CVE-2017-5715](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5715>)\n * [CVE-2017-5754](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5754>)\n", "published": "2018-01-23T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.cloudfoundry.org/blog/usn-3540-2/", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-01-26T20:45:13"}, {"id": "CFOUNDRY:08639CF3E8D6C946D02AFEE0F4B5B0A0", "type": "cloudfoundry", "title": "USN-3522-2: Linux (Xenial HWE) vulnerability - Cloud Foundry", "description": "# \n\n# Severity\n\nCritical\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nUSN-3522-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nJann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. ([CVE-2017-5754](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5754>))\n\n**Please Note: These stemcells address the critical vulnerability in Ubuntu associated with [Meltdown](<https://meltdownattack.com/>). This update may include degradations to performance. The Cloud Foundry Project will be performing additional performance testing and will make updates to this notice as more information is available.**\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is critical unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3312.x versions prior to 3312.49\n * 3363.x versions prior to 3363.45\n * 3421.x versions prior to 3421.35\n * 3445.x versions prior to 3445.21\n * 3468.x versions prior to 3468.16\n * All other stemcells not listed.\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3312.x versions to 3312.49\n * Upgrade 3363.x versions to 3363.45\n * Upgrade 3421.x versions to 3421.35\n * Upgrade 3445.x versions to 3445.21\n * Upgrade 3468.x versions to 3468.16\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n\n# References\n\n * [USN-3522-2](<http://www.ubuntu.com/usn/usn-3522-2/>)\n * [CVE-2017-5754](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5754>)\n", "published": "2018-01-11T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.cloudfoundry.org/blog/usn-3522-2/", "cvelist": ["CVE-2017-5754"], "lastseen": "2018-01-12T14:52:55"}, {"id": "CFOUNDRY:8730FEC9F4689F70DBBC5917AC5BF0C6", "type": "cloudfoundry", "title": "USN-3522-4: Linux kernel (Xenial HWE) regression - Cloud Foundry", "description": "# \n\n# Severity\n\nCritical\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nUSN-3522-2 fixed a vulnerability in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS to address Meltdown ([CVE-2017-5754](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5754>)). Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nJann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is critical unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3312.x versions prior to 3312.49\n * 3363.x versions prior to 3363.45\n * 3421.x versions prior to 3421.35\n * 3445.x versions prior to 3445.21\n * 3468.x versions prior to 3468.16\n * All other stemcells not listed.\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3312.x versions to 3312.49\n * Upgrade 3363.x versions to 3363.45\n * Upgrade 3421.x versions to 3421.35\n * Upgrade 3445.x versions to 3445.21\n * Upgrade 3468.x versions to 3468.16\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n\n# References\n\n * [USN-3522-4](<http://www.ubuntu.com/usn/usn-3522-4/>)\n * [CVE-2017-5754](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5754>)\n", "published": "2018-01-11T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.cloudfoundry.org/blog/usn-3522-4/", "cvelist": ["CVE-2017-5754"], "lastseen": "2018-01-12T14:52:57"}], "talosblog": [{"id": "TALOSBLOG:6AF8BBB020A686E442B50095CA9B7A36", "type": "talosblog", "title": "Meltdown and Spectre", "description": "Cisco Talos is aware of three new vulnerabilities impacting Intel, AMD, Qualcomm and ARM processors used by almost all computers. We are investigating these issues and although we have not observed exploitation of these vulnerabilities in the wild, that does not mean that it has not occurred. We have observed publicly available proof of concept exploit code being developed to exploit these vulnerabilities. \n \nThese issues have been assigned the following CVE entries: \n \n\n\nMeltdown: An attacker can access kernel memory from user space \n\n\n * Rogue data cache load ([CVE-2017-5754](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754>))\n Spectre: An attacker can read memory contents from other users' running programs \n\n\n * Branch target injection ([CVE-2017-5715](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715>))\n * Bounds check bypass ([CVE-2017-5753](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753>))\n \n\n\nThese issues involve side channel and cache attacks that enable an attacker to steal sensitive information from memory space they should not be able to normally access. Google Project Zero published a [blog](<https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html>) providing technical details regarding these vulnerabilities. An example attack scenario would be an attacker stealing credentials from the memory space of another process. Two criteria must be met in order for these vulnerabilities to be exploited. \n\n\n 1. The device being targeted must utilize an affected Intel, AMD, Qualcomm, or ARM processor (most processors from the last 10+ years fall into the category of \"vulnerable\").\n 2. An attacker must be able to execute their own code (this includes Javascript) on the device. Depending on the vulnerability, the code may be executed as unprivileged code, or in others, as privileged (\"root\" or \"SYSTEM\") code.\n There are three likely scenarios where attackers may attempt to leverage these vulnerabilities. \n\n\n 1. Spectre could be leveraged to launch attacks against virtualized hosting environments. Given that it is possible to read host memory from within a guest, this could result in an attacker gaining access to the host OS. This sort of attack scenario mainly impacts cloud hosting providers such as Amazon, Azure, Google, etc. These providers are working to ensure customers are not impacted by these vulnerabilities. Check with your specific hosting provider for additional details. It is important to note that successfully exploiting these vulnerabilities in this scenario is not trivial.\n 2. It is important to note that Spectre is accessible from within the web browser on affected devices which could allow malicious web sites to read arbitrary data from other browser tabs. Mozilla has confirmed this on their blog [here](<https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/>). This could allow a remote attacker to obtain sensitive information, such as session or cookie data for other active sessions. It is important to note that this sort of an attack would likely only work under specific conditions. This attack would also require an attacker to convince a user to visit a malicious website in order to execute the code required to steal data. \n\n 3. Meltdown could enable attackers to exploit additional vulnerabilities more easily. Meltdown allows for the defeating of Kernel Address Space Randomization (KASLR). This means that any vulnerability that wasn't previously exploitable due to KASLR is now potentially exploitable if chained together with Meltdown. This would be specific to the vulnerability the attacker is attempting to leverage, but from an attacker perspective it does remove some of the hurdles and problems encountered during the creation of their exploits. \nAs with all vulnerabilities, applying published patches is a crucial step to preventing an attacker from successfully exploiting these vulnerabilities. Microsoft, Linux and Apple have released patches for Meltdown. Other affected products are listed [here](<https://meltdownattack.com/#faq-advisory>). Applying the Microsoft patch may result in incompatibility issues with existing security software running on your system. To verify your patch status you can use the PowerShell modules provided by [Microsoft](<https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s>). For affected Cisco devices please refer to the PSIRT [advisory](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel>). Currently no patches are available for Spectre. As soon as Operating System patches are available for Spectre, we recommend that you apply them to your system as soon as possible. \n \nAs with all attacks, it is also critical that the initial infection vector be blocked whenever possible as each of these vulnerabilities require an attacker to be able to execute code on an affected system. \n \nSome examples of blocking the initial vector include: \n \n\n\n 1. Using ad blocking and script disabling software can minimize the risk of Javascript-based browser attacks.\n 2. Cisco Umbrella can be used to block access to known malicious sites that may be launching attacks targeting these vulnerabilities.\n 3. Web Security Appliance (WSA) can be used to block access to known malicious sites.\n 4. FirePower NGFW can be used to block network based attacks leveraging these vulnerabilities.\n 5. AMP for Endpoints and Networks can be used to block known droppers that may be used to infect systems with malware that leverages these vulnerabilities.\n 6. AMP's exploit prevention engine covers multiple [techniques](<https://blogs.cisco.com/security/introducing-exploit-prevention-to-stop-file-less-attacks>) that would be used after a successful Meltdown or Spectre memory read, that would be necessary for gaining code execution.\n\n## Coverage\n\n \nSnort SIDs: 45357-45368 \n \nAMP Compatibility is documented [here](<https://supportforums.cisco.com/t5/sourcefire-documents/cisco-amp-for-endpoints-compatibility-with-windows-security/ta-p/3306874>). AMP's exploit prevention system is documented [here](<https://blogs.cisco.com/security/introducing-exploit-prevention-to-stop-file-less-attacks>). \n \nThese signatures cover the specific PoC's and sample code outlined in the [Spectre](<https://spectreattack.com/spectre.pdf>) and [Meltdown](<https://meltdownattack.com/meltdown.pdf>) whitepapers. While these signatures have the potential to detect variants, they may not work for all cases. We still recommended that affected organizations install the OS and firmware patches to protect against this class of attacks. Talos is continuing to monitor the situation and will provide updated information as soon as it is available. \n \n\n\n[![](http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA)](<http://feeds.feedburner.com/~ff/feedburner/Talos?a=klH8APkYvTg:ZTxt_OvS2Hk:yIl2AUoC8zA>)\n\n![](http://feeds.feedburner.com/~r/feedburner/Talos/~4/klH8APkYvTg)", "published": "2018-01-08T09:16:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/klH8APkYvTg/meltdown-and-spectre.html", "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "lastseen": "2018-01-29T19:59:50"}], "aix": [{"id": "SPECTRE_MELTDOWN_ADVISORY.ASC", "type": "aix", "title": "IBM has released AIX and VIOS iFixes in response to the vulnerabilities known as Spectre and Meltdown.", "description": "spectre_meltdown_advisory.asc: Version 2\n\nIBM SECURITY ADVISORY\n\nFirst Issued: Thu Jan 25 08:15:51 CST 2018 \n|Updated: Fri Feb 9 14:32:35 CST 2018 \n|Update: Clarified reboot requirements and firmware dependencies for the AIX \n| and VIOS iFixes. Refer to the FIXES section for these changes.\n| Additional iFixes are now available. Additional iFixes are now available\n| for:\n| AIX 5300-12-09, 32-bit kernel version\n| AIX 6100-09-08 and 6100-09-09\n| AIX 7100-04-03 and 7100-04-04\n| AIX 7200-00-03 and 7200-00-04\n| AIX 7200-01-01 and 7200-01-02\n| VIOS 2.2.4.30 and 2.2.4.40\n| VIOS 2.2.5.10 and 2.2.5.20\n| VIOS 2.2.6.0\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc\nhttps://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc\nftp://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc\n\nSecurity Bulletin: IBM has released AIX and VIOS iFixes in response to the \n vulnerabilities known as Spectre and Meltdown.\n\n===============================================================================\n\nSUMMARY:\n\n IBM has released the following fixes for AIX and VIOS in response to \n CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754.\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2017-5715\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715\n\n CVEID: CVE-2017-5753\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753\n\n CVEID: CVE-2017-5754\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n| AIX 5.3 (32-bit and 64-bit kernels), 6.1, 7.1, 7.2\n VIOS 2.2.x \n\n The vulnerabilities in the following filesets are being addressed:\n \n key_fileset = aix\n\n Fileset Lower Level Upper Level KEY \n ---------------------------------------------------------\n| bos.mp 5.3.12.0 5.3.12.9 key_w_fs\n bos.mp64 5.3.12.0 5.3.12.10 key_w_fs\n| bos.mp64 6.1.9.0 6.1.9.300 key_w_fs\n bos.mp64 7.1.4.0 7.1.4.33 key_w_fs\n bos.mp64 7.1.5.0 7.1.5.0 key_w_fs\n bos.mp64 7.2.0.0 7.2.0.5 key_w_fs\n bos.mp64 7.2.1.0 7.2.1.4 key_w_fs\n bos.mp64 7.2.2.0 7.2.2.0 key_w_fs\n \n To find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i bos.mp64\n\n Note: AIX or VIOS users of all fileset levels should continue to monitor\n their My Notifications alerts and the IBM PSIRT Blog for additional \n information about these vulnerabilities:\n\n - My Notifications\n http://www.ibm.com/support/mynotifications\n\n - IBM PSIRT Blog - Potential Impact on Processors in the Power Family\n https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/\n\n\n REMEDIATION:\n\n A. APARS\n \n IBM has assigned the following APARs to this problem:\n\n AIX Level APAR Availability SP KEY\n ------------------------------------------------\n 5.3.12 IJ03029 N/A N/A key_w_apar\n 6.1.9 IJ03030 ** SP11 key_w_apar\n 7.1.4 IJ03032 ** SP6 key_w_apar\n 7.1.5 IJ03033 ** SP2 key_w_apar\n 7.2.0 IJ03034 ** SP6 key_w_apar\n 7.2.1 IJ03035 ** SP4 key_w_apar\n 7.2.2 IJ03036 ** SP2 key_w_apar\n\n| VIOS Level APAR Availability SP KEY\n| ------------------------------------------------\n| 2.2.4 IJ03030 ** 2.2.4.60 key_w_apar\n| 2.2.5 IJ03030 ** 2.2.5.40 key_w_apar\n| 2.2.6 IJ03030 ** 2.2.6.20 key_w_apar\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IJ03032\n http://www.ibm.com/support/docview.wss?uid=isg1IJ03033\n http://www.ibm.com/support/docview.wss?uid=isg1IJ03034\n http://www.ibm.com/support/docview.wss?uid=isg1IJ03035\n http://www.ibm.com/support/docview.wss?uid=isg1IJ03036\n\n https://www.ibm.com/support/docview.wss?uid=isg1IJ03032\n https://www.ibm.com/support/docview.wss?uid=isg1IJ03033\n https://www.ibm.com/support/docview.wss?uid=isg1IJ03034\n https://www.ibm.com/support/docview.wss?uid=isg1IJ03035\n https://www.ibm.com/support/docview.wss?uid=isg1IJ03036\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n AIX and VIOS fixes are available.\n\n IMPORTANT: Both the AIX/VIOS and FW fixes are required to address\n the vulnerabilities. \n\n| An LPAR system reboot is required to complete the iFix installation,\n| or Live Update may be used on AIX 7.2 to avoid a reboot.\n\n| AIX and VIOS iFix Dependency:\n| The Power Firmware fix must be applied prior to the LPAR reboot\n| (or Live Update) for the fix to be active. If the Power Firmware\n| fix is applied after the patched AIX or VIOS LPAR has been rebooted\n| (or Live Update completed), the fix must be activated by either:\n\n| 1. Performing an additional reboot of the AIX or VIOS LPAR\n| or\n| 2. Performing an LPAR migration to a destination frame that already\n| has the Power Firmware fix applied.\n\n Link to the related Power Firmware Security Bulletin and fix\n information:\n http://www-01.ibm.com/support/docview.wss?uid=isg3T1026811\n\n The AIX/VIOS fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_fix.tar\n http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_fix.tar\n https://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_fix.tar \n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n \n AIX Level Interim Fix (*.Z) KEY\n ----------------------------------------------\n| 5.3.12.9 IJ03029m9c.180124.epkg.Z key_w_fix\n 5.3.12.9 IJ03029m9a.180117.epkg.Z key_w_fix\n 5.3.12.9 IJ03029m9b.180117.epkg.Z key_w_fix\n| 6.1.9.8 IJ03030m8a.180117.epkg.Z key_w_fix\n| 6.1.9.9 IJ03030m9a.180116.epkg.Z key_w_fix\n 6.1.9.10 IJ03030mAa.180116.epkg.Z key_w_fix\n| 7.1.4.3 IJ03032m3a.180125.epkg.Z key_w_fix\n| 7.1.4.3 IJ03032m3b.180125.epkg.Z key_w_fix\n| 7.1.4.4 IJ03032m4a.180125.epkg.Z key_w_fix\n 7.1.4.5 IJ03032m5a.180116.epkg.Z key_w_fix\n 7.1.5.0 IJ03033m1a.180116.epkg.Z key_w_fix\n 7.1.5.1 IJ03033m1a.180116.epkg.Z key_w_fix\n| 7.2.0.3 IJ03034m3a.180117.epkg.Z key_w_fix\n| 7.2.0.4 IJ03034m4a.180117.epkg.Z key_w_fix\n 7.2.0.5 IJ03034m5a.180117.epkg.Z key_w_fix\n| 7.2.1.1 IJ03035m1a.180118.epkg.Z key_w_fix\n| 7.2.1.1 IJ03035m1b.180118.epkg.Z key_w_fix\n| 7.2.1.2 IJ03035m2a.180118.epkg.Z key_w_fix\n 7.2.1.3 IJ03035m3a.180117.epkg.Z key_w_fix\n 7.2.2.0 IJ03036m1a.180116.epkg.Z key_w_fix\n 7.2.2.1 IJ03036m1a.180116.epkg.Z key_w_fix\n \n Please note that the above table refers to AIX TL/SP level as\n opposed to fileset level, i.e., 7.2.2.1 is AIX 7200-02-01.\n \n| NOTE: Multiple iFixes are provided for AIX 5300-12-09,\n| 7100-04-03, and 7200-01-01.\n| IJ03029m9c is for AIX 5300-12-09 with bos.mp fileset level 5.3.12.9.\n IJ03029m9a is for AIX 5300-12-09 with bos.mp64 fileset level 5.3.12.9.\n IJ03029m9b is for AIX 5300-12-09 with bos.mp64 fileset level 5.3.12.10.\n| IJ03032m3a is for AIX 7100-04-03 with bos.mp64 fileset level 7.1.4.30.\n| IJ03032m3b is for AIX 7100-04-03 with bos.mp64 fileset level 7.1.4.31.\n| IJ03035m1a is for AIX 7200-01-01 with bos.mp64 fileset level 7.2.1.1. \n| IJ03035m1b is for AIX 7200-01-01 with bos.mp64 fileset level 7.2.1.2.\n\n Please reference the Affected Products and Version section above\n for help with checking installed fileset levels.\n\n\n VIOS Level Interim Fix (*.Z) KEY\n -----------------------------------------------\n| 2.2.4.30 IJ03030m8a.180117.epkg.Z key_w_fix\n| 2.2.4.40 IJ03030m9a.180116.epkg.Z key_w_fix\n 2.2.4.50 IJ03030m9b.180116.epkg.Z key_w_fix\n| 2.2.5.10 IJ03030m8a.180117.epkg.Z key_w_fix\n| 2.2.5.20 IJ03030m9a.180116.epkg.Z key_w_fix\n 2.2.5.30 IJ03030m9b.180116.epkg.Z key_w_fix\n| 2.2.6.0 IJ03030mAa.180116.epkg.Z key_w_fix\n 2.2.6.10 IJ03030mAa.180116.epkg.Z key_w_fix\n \n To extract the fixes from the tar file:\n\n tar xvf spectre_meltdown_fix.tar\n cd spectre_meltdown_fix\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command as the following:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n| d6ddda167a389195f6e48fb1868677e170f8f7ab679eb2af1e15f6672cd18e2e IJ03029m9c.180124.epkg.Z key_w_csum\n 11249eb38318b8779e5f86836edd2913278081e22d61ed68df207175bde6bd3a IJ03029m9a.180117.epkg.Z key_w_csum\n b0cfe72d0d7de4f5f99cdcf802b1a298586b6f7511bcb63e9644008faa4b7353 IJ03029m9b.180117.epkg.Z key_w_csum\n| 043d6e933e98c5b45ec7f93e61d0fb9647575d309151f7f9f6a4c4d4bd7376b0 IJ03030m8a.180117.epkg.Z key_w_csum\n| 873d25f7743c52d75cff80d1343d638f1f406bff2f70b2b362670a56d7abf3cb IJ03030m9a.180116.epkg.Z key_w_csum\n 44834d4990a178c6773c7fbd6bc00fbc81b23944b9988329294ae0cbb93ec20f IJ03030m9b.180116.epkg.Z key_w_csum\n f1fc5a1bb4daab5f9d2abc1006df087a688ed2832a7eb15a0de4f45efe94d6a6 IJ03030mAa.180116.epkg.Z key_w_csum\n| 61e8ecdf43a25b590697cc924940573a49adc639be381b05123dac0bb6cf6f9c IJ03032m3a.180125.epkg.Z key_w_csum\n| 895f3e1f269f0ef2f4f8d4d2801642e408731f7e813b279e9dd6616f9975f154 IJ03032m3b.180125.epkg.Z key_w_csum\n| 09627d285a0fcd81d7eca4a23270457bd9bca2d3e104593f392a837cb7e1faa1 IJ03032m4a.180125.epkg.Z key_w_csum\n 896215923b7d6001a5aff7ed7d420d9963bef177d88af1ef2b30d131e1c10029 IJ03032m5a.180116.epkg.Z key_w_csum\n 48ba4ca0c38611852dcbfcfb25376025941285df77e629953bf9bc534815e3cd IJ03033m1a.180116.epkg.Z key_w_csum\n| eb1e9f32dd4c7072a05fc41b77f6de957d0812eb788747efb7d8f17573566277 IJ03034m3a.180117.epkg.Z key_w_csum\n| 64de96295eadae27b967dbd8a5c0c799b13bb4869edc63b970c470bfb820ce58 IJ03034m4a.180117.epkg.Z key_w_csum\n 8d18635a490926c67e992ea0cff6fab853f451802a3172a6f7bfd1244fa81e5c IJ03034m5a.180117.epkg.Z key_w_csum\n| e7e2e4443f33f6449b4d0bfe9a649859dec540156621459662c1f96149c61cb2 IJ03035m1a.180118.epkg.Z key_w_csum\n| 5d4feacb66f678458df8f0ad053b5c1e64868c6e61debff08c175219efa0b415 IJ03035m1b.180118.epkg.Z key_w_csum\n| f89f04a4586ac847fa31cf240448be5221f17783fc3b1a574c894a6dcb727424 IJ03035m2a.180118.epkg.Z key_w_csum\n ed4f1af7ddd8a8f679ea1c6de410ad53c3b63d3c0b6c15561bbccea4f4837232 IJ03035m3a.180117.epkg.Z key_w_csum\n b1c4f488d6084eb7df5e68af3195d5f167f0d17dbb7c0290d9db4646fdd6c06a IJ03036m1a.180116.epkg.Z key_w_csum\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM Support at\n http://ibm.com/support/ and describe the discrepancy. \n \n openssl dgst -sha1 -verify [pubkey_file] -signature [advisory_file].sig [advisory_file]\n \n openssl dgst -sha1 -verify [pubkey_file] -signature [ifix_file].sig [ifix_file]\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc.sig \n\n C. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: Both the AIX/VIOS and FW fixes are required to address \n the vulnerabilities. \n\n| An LPAR system reboot is required to complete the iFix installation,\n| or Live Update may be used on AIX 7.2 to avoid a reboot.\n\n| AIX and VIOS iFix Dependency:\n| The Power Firmware fix must be applied prior to the LPAR reboot\n| (or Live Update) for the fix to be active. If the Power Firmware\n| fix is applied after the patched AIX or VIOS LPAR has been rebooted\n| (or Live Update completed), the fix must be activated by either:\n\n| 1. Performing an additional reboot of the AIX or VIOS LPAR\n| or\n| 2. Performing an LPAR migration to a destination frame that already\n| has the Power Firmware fix applied.\n\n Link to the related Power Firmware Security Bulletin and fix\n information:\n http://www-01.ibm.com/support/docview.wss?uid=isg3T1026811\n\n\n If possible, it is recommended that a mksysb backup of the system \n be created. Verify it is both bootable and readable before\n proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Contact IBM Support for questions related to this announcement:\n\n http://ibm.com/support/\n https://ibm.com/support/\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS v3 Guide: http://www.first.org/cvss/user-guide\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n\n\nRELATED INFORMATION:\n\n IBM Secure Engineering Web Portal\n http://www.ibm.com/security/secure-engineering/bulletins.html\n\n IBM Product Security Incident Response Blog\n https://www.ibm.com/blogs/psirt/\n\n IBM PSIRT Blog - Potential Impact on Processors in the Power Family\n https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/\n\n Security Bulletin: IBM has released AIX and VIOS iFixes in response to the \n vulnerabilities known as Spectre and Meltdown.\n http://www-01.ibm.com/support/docview.wss?uid=isg3T1026912\n\nACKNOWLEDGEMENTS:\n\n The vulnerability was reported to IBM by Google Project Zero.\n\n\nCHANGE HISTORY:\n\n First Issued: Thu Jan 25 08:15:51 CST 2018 \n| Updated: Fri Feb 9 14:32:35 CST 2018 \n| Update: Clarified reboot requirements for the AIX and VIOS\n| iFixes, and provided a utility to verify proper iFix installation on\n| AIX and VIOS. Refer to the FIXES section for these changes.\n| Additional iFixes are now available. Additional iFixes are now available\n| for:\n| AIX 5300-12-09, 32-bit kernel version\n| AIX 6100-09-08 and 6100-09-09\n| AIX 7100-04-03 and 7100-04-04\n| AIX 7200-00-03 and 7200-00-04\n| AIX 7200-01-01 and 7200-01-02\n| VIOS 2.2.4.30 and 2.2.4.40\n| VIOS 2.2.5.10 and 2.2.5.20\n| VIOS 2.2.6.0\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n\n", "published": "2018-01-25T08:15:51", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc", "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-02-12T18:31:54"}], "debian": [{"id": "DSA-4078", "type": "debian", "title": "linux -- security update", "description": "Multiple researchers have discovered a vulnerability in Intel processors, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system.\n\nThis specific attack has been named Meltdown and is addressed in the Linux kernel for the Intel x86-64 architecture by a patch set named Kernel Page Table Isolation, enforcing a near complete separation of the kernel and userspace address maps and preventing the attack. This solution might have a performance impact, and can be disabled at boot time by passing `pti=off` to the kernel command line.\n\nWe also identified a regression for ancient userspaces using the vsyscall interface, for example chroot and containers using (e)glibc 2.13 and older, including those based on Debian 7 or RHEL/CentOS 6. This regression will be fixed in a later update.\n\nThe other vulnerabilities (named Spectre) published at the same time are not addressed in this update and will be fixed in a later update.\n\nFor the oldstable distribution (jessie), this problem will be fixed in a separate update.\n\nFor the stable distribution (stretch), this problem has been fixed in version 4.9.65-3+deb9u2.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security tracker page at: <https://security-tracker.debian.org/tracker/linux>", "published": "2018-01-04T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "http://www.debian.org/security/dsa-4078", "cvelist": ["CVE-2017-5754"], "lastseen": "2018-03-13T00:43:56"}], "qualysblog": [{"id": "QUALYSBLOG:C9F2432F760D960CF69CDC55D87263A8", "type": "qualysblog", "title": "Processor Vulnerabilities \u2013 Meltdown and Spectre", "description": "UPDATE 1/4/2018: Qualys has released several QIDs for detecting missing patches for these vulnerabilities. UPDATE 1/5/2018: Pre-built AssetView dashboards to visualize impact and remediation progress. Vulnerabilities potentially impacting all major processor vendors were disclosed today by Google Project Zero. These vulnerabilities have been named Meltdown (CVE-2017-5754) and Spectre...\n\n[Source](<https://blog.qualys.com/securitylabs/2018/01/03/processor-vulnerabilities-meltdown-and-spectre>)", "published": "2018-01-04T02:17:43", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://blog.qualys.com/securitylabs/2018/01/03/processor-vulnerabilities-meltdown-and-spectre", "cvelist": ["CVE-2017-5754"], "lastseen": "2018-01-06T19:54:02"}], "amazon": [{"id": "ALAS-2018-939", "type": "amazon", "title": "Critical: kernel", "description": "**Issue Overview:**\n\nAn updated kernel for Amazon Linux is available within the Amazon Linux repositories. EC2 instances launched with the default Amazon Linux configuration on or after January 8th, 2018 will automatically include the updated package, which addresses KPTI bugs of our initial release and improves mitigations for [CVE-2017-5754 __](<https://access.redhat.com/security/cve/CVE-2017-5754>)[BD1] . The previous kernel and associated Amazon Linux AMI are deprecated and customer must upgrade to the latest Amazon Linux kernel or AMI to effectively mitigate [CVE-2017-5754 __](<https://access.redhat.com/security/cve/CVE-2017-5754>) within their instance. We will continue to provide Amazon Linux improvements and updated Amazon Linux AMIs; incorporating open source Linux community contributions that address this issue as they become available. \n \nCustomers with existing Amazon Linux AMI instances should run the following command to ensure they receive the updated package: \n \n_sudo yum update kernel_ \n \nAs is standard per any update of the Linux kernel, after the yum update is complete, a reboot is required for updates to take effect.\n\nPlease refer to https://aws.amazon.com/security/security-bulletins/AWS-2018-013/ for additional information regarding [CVE-2017-5754 __](<https://access.redhat.com/security/cve/CVE-2017-5754>).\n\nUpdated on 2018-01-06: Additional KPTI improvements. \nUpdated on 2018-01-09: Updated details\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. You will need to reboot your system in order for the new kernel to be running. \n\n \n**New Packages:**\n \n \n i686: \n kernel-headers-4.9.75-25.55.amzn1.i686 \n kernel-debuginfo-4.9.75-25.55.amzn1.i686 \n kernel-tools-devel-4.9.75-25.55.amzn1.i686 \n perf-debuginfo-4.9.75-25.55.amzn1.i686 \n perf-4.9.75-25.55.amzn1.i686 \n kernel-tools-debuginfo-4.9.75-25.55.amzn1.i686 \n kernel-tools-4.9.75-25.55.amzn1.i686 \n kernel-devel-4.9.75-25.55.amzn1.i686 \n kernel-4.9.75-25.55.amzn1.i686 \n kernel-debuginfo-common-i686-4.9.75-25.55.amzn1.i686 \n \n noarch: \n kernel-doc-4.9.75-25.55.amzn1.noarch \n \n src: \n kernel-4.9.75-25.55.amzn1.src \n \n x86_64: \n kernel-4.9.75-25.55.amzn1.x86_64 \n kernel-debuginfo-4.9.75-25.55.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.9.75-25.55.amzn1.x86_64 \n kernel-tools-devel-4.9.75-25.55.amzn1.x86_64 \n kernel-devel-4.9.75-25.55.amzn1.x86_64 \n kernel-headers-4.9.75-25.55.amzn1.x86_64 \n kernel-tools-debuginfo-4.9.75-25.55.amzn1.x86_64 \n perf-4.9.75-25.55.amzn1.x86_64 \n kernel-tools-4.9.75-25.55.amzn1.x86_64 \n perf-debuginfo-4.9.75-25.55.amzn1.x86_64 \n \n \n", "published": "2018-01-03T19:27:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://alas.aws.amazon.com/ALAS-2018-939.html", "cvelist": ["CVE-2017-5754"], "lastseen": "2018-01-16T08:52:56"}], "freebsd": [{"id": "74DAA370-2797-11E8-95EC-A4BADB2F4699", "type": "freebsd", "title": "FreeBSD -- Speculative Execution Vulnerabilities", "description": "\nProblem Description:\nA number of issues relating to speculative execution\n\twere found last year and publicly announced January 3rd.\n\tTwo of these, known as Meltdown and Spectre V2, are addressed\n\there.\nCVE-2017-5754 (Meltdown) - ------------------------\nThis issue relies on an affected CPU speculatively\n\texecuting instructions beyond a faulting instruction. When\n\tthis happens, changes to architectural state are not\n\tcommitted, but observable changes may be left in micro-\n\tarchitectural state (for example, cache). This may be used\n\tto infer privileged data.\nCVE-2017-5715 (Spectre V2) - --------------------------\nSpectre V2 uses branch target injection to speculatively\n\texecute kernel code at an address under the control of an\n\tattacker.\nImpact:\nAn attacker may be able to read secret data from the\n\tkernel or from a process when executing untrusted code (for\n\texample, in a web browser).\n", "published": "2018-03-14T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://vuxml.freebsd.org/freebsd/74daa370-2797-11e8-95ec-a4badb2f4699.html", "cvelist": ["CVE-2017-5754", "CVE-2017-5715"], "lastseen": "2018-03-14T18:37:12"}]}}