Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2018-887.NASL
HistoryAug 21, 2018 - 12:00 a.m.

openSUSE Security Update : ucode-intel (openSUSE-2018-887) (Foreshadow) (Spectre)

2018-08-2100:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30
JSON

ucode-intel was updated to the 20180807 release.

For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343)

Processor Identifier Version Products

Model Stepping F-MO-S/PI Old->New

---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx

---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx;
Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ;
Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5

This update was imported from the SUSE:SLE-15:Update update project.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-887.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(112031);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2018-3639", "CVE-2018-3640", "CVE-2018-3646");

  script_name(english:"openSUSE Security Update : ucode-intel (openSUSE-2018-887) (Foreshadow) (Spectre)");
  script_summary(english:"Check for the openSUSE-2018-887 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"ucode-intel was updated to the 20180807 release.

For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and
is part of the mitigations for CVE-2018-3639 (Spectre v4) and
CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082
bsc#1087083 bsc#1089343)

Processor Identifier Version Products

Model Stepping F-MO-S/PI Old->New

---- new platforms ----------------------------------------
WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX
D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01
00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom
x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx

---- updated platforms ------------------------------------
NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx
NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx;
Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core
i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon
P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core
i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium
G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12
0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05
00000037->0000003b Xeon E7 IVB E2 6-3a-9/12
0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx
6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3
BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile
HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile
and derived Pentium/Celeron HSW-H Cx 6-46-1/32
00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G
6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ;
Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6
Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40
BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon
D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon
D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032
Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3
R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5

This update was imported from the SUSE:SLE-15:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087082"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087083"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089343"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104134"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected ucode-intel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ucode-intel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ucode-intel-blob");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ucode-intel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ucode-intel-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/17");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0 / 42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"ucode-intel-20180807-lp150.2.7.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ucode-intel-20180807-28.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ucode-intel-blob-20180807-28.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ucode-intel-debuginfo-20180807-28.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ucode-intel-debugsource-20180807-28.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ucode-intel / ucode-intel-blob / ucode-intel-debuginfo / etc");
}
VendorProductVersionCPE
novellopensuseucode-intelp-cpe:/a:novell:opensuse:ucode-intel
novellopensuseucode-intel-blobp-cpe:/a:novell:opensuse:ucode-intel-blob
novellopensuseucode-intel-debuginfop-cpe:/a:novell:opensuse:ucode-intel-debuginfo
novellopensuseucode-intel-debugsourcep-cpe:/a:novell:opensuse:ucode-intel-debugsource
novellopensuse15.0cpe:/o:novell:opensuse:15.0
novellopensuse42.3cpe:/o:novell:opensuse:42.3

Related

ubuntu 1
nessus 74
cloudfoundry 1
openvas 38
suse 5
debian 5
huawei 1
ibm 9
hp 1
vmware 2
mscve 3
intel 1
threatpost 2
cisco 1
osv 4
qualysblog 1
mageia 2
f5 4
redhat 13
redhatcve 2
cve 2
cvelist 2
prion 2
ubuntucve 2
debiancve 3
lenovo 3
cert 1
veracode 1
oraclelinux 4
fedora 3
virtuozzo 1
centos 4
citrix 1
ubuntu
ubuntu
Intel Microcode vulnerabilities
2018-08-27 00:00:00
nessus
nessus
SUSE SLES11 Security Update : Security update to ucode-intel (SUSE-SU-2018:2335-1) (Foreshadow) (Spectre)
2018-08-16 00:00:00
SUSE SLED12 / SLES12 Security Update : Security update to ucode-intel (SUSE-SU-2018:2331-1) (Foreshadow) (Spectre)
2018-08-16 00:00:00
SUSE SLED15 / SLES15 Security Update : Security update to ucode-intel (SUSE-SU-2018:2338-1) (Foreshadow) (Spectre)
2019-01-02 00:00:00
cloudfoundry
cloudfoundry
USN-3756-1: Intel Microcode vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:2335-1)
2021-06-09 00:00:00
Ubuntu: Security Advisory (USN-3756-1)
2018-08-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2338-1)
2021-06-09 00:00:00
suse
suse
Security update to ucode-intel (important)
2018-08-17 12:10:34
Security update for ucode-intel (important)
2018-07-06 21:08:25
Security update for xen (important)
2018-08-19 15:09:36
debian
debian
[SECURITY] [DSA 4273-2] intel-microcode security update
2018-09-16 20:44:10
[SECURITY] [DLA 1446-1] intel-microcode security update
2018-07-27 05:08:33
[SECURITY] [DSA 4273-1] intel-microcode security update
2018-08-16 20:43:49
huawei
huawei
Security Advisory - Side-Channel Vulnerability Variants 3a and 4
2018-06-15 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640)
2019-01-24 12:55:01
Security Bulletin: IBM Cloud Private Cloud Foundry is vulnerable to a security vulnerability
2018-09-19 18:30:02
Security Bulletin: IBM QRadar SIEM is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640)
2019-01-24 12:55:01
hp
hp
HPSBHF03584 rev. 8 - Derivative Side-Channel Analysis Method
2018-05-04 00:00:00
vmware
vmware
VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue.
2018-05-21 00:00:00
VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM vulnerability.
2018-08-14 00:00:00
mscve
mscve
Microsoft Guidance for Rogue System Register Read
2018-05-21 07:00:00
Microsoft Guidance for Speculative Store Bypass
2018-05-21 07:00:00
Microsoft Guidance to mitigate L1TF variant
2018-08-14 07:00:00
intel
intel
Q2 2018 Speculative Execution Side Channel Update
2021-05-11 00:00:00
threatpost
threatpost
Intel Responds to Spectre-Like Flaw In CPUs
2018-05-22 14:03:08
New Ninth-Gen Intel CPUs Shield Against Some Spectre, Meltdown Variants
2018-10-09 19:37:35
cisco
cisco
CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
2018-05-22 01:00:00
osv
osv
intel-microcode - security update
2018-08-16 00:00:00
intel-microcode - security update
2018-09-16 00:00:00
intel-microcode - security update
2018-07-27 00:00:00
qualysblog
qualysblog
All Hands Memo to Owners of Home / Small Office Routers: Reboot Them!
2018-05-30 14:33:42
mageia
mageia
Updated microcode packages fix security vulnerability
2018-07-25 11:24:17
Updated libvirt packages fix security vulnerability
2018-05-31 23:34:08
f5
f5
K58304450 : Multiple Intel Processor vulnerabilities: Spectre-NG
2018-05-30 00:00:00
K51801290 : RSRE Variant 3a vulnerability CVE-2018-3640
2018-07-03 00:00:00
Virtual Machine Manager L1 Terminal Fault vulnerability CVE-2018-3646
2018-10-04 15:26:00
redhat
redhat
(RHSA-2018:2396) Important: kernel-rt security and bug fix update
2018-08-14 19:27:26
(RHSA-2018:2387) Important: kernel security and bug fix update
2018-08-14 18:50:34
(RHSA-2018:2394) Important: kernel security update
2018-08-14 19:27:17
redhatcve
redhatcve
CVE-2018-3620
2021-03-20 21:41:50
CVE-2018-3640
2018-05-21 21:19:45
cve
cve
CVE-2018-3640
2018-05-22 12:29:00
CVE-2018-3646
2018-08-14 19:29:00
cvelist
cvelist
CVE-2018-3640
2018-05-21 00:00:00
CVE-2018-3646
2018-08-14 00:00:00
prion
prion
Design/Logic Flaw
2018-05-22 12:29:00
Information disclosure
2018-08-14 19:29:00
ubuntucve
ubuntucve
CVE-2018-3640
2018-05-21 00:00:00
CVE-2018-3646
2018-08-14 00:00:00
debiancve
debiancve
CVE-2018-3640
2018-05-22 12:29:00
CVE-2018-3646
2018-08-14 19:29:00
CVE-2018-3639
2018-05-22 12:29:00
lenovo
lenovo
Intel Software Guard Extensions (SGX) Vulnerabilities - US
2018-08-22 18:58:00
Speculative Execution Side Channel Variants 4 and 3a - US
2018-09-13 11:41:00
Intel Software Guard Extensions (SGX) Vulnerabilities - Lenovo Support US
2018-10-16 12:02:18
cert
cert
CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks
2018-05-21 00:00:00
veracode
veracode
Information Disclosure
2019-05-16 03:11:25
oraclelinux
oraclelinux
libvirt security update
2018-05-22 00:00:00
qemu-kvm security update
2018-05-22 00:00:00
libvirt security update
2018-05-22 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: java-1.8.0-openjdk-1.8.0.212.b04-0.fc29
2019-05-03 03:43:22
[SECURITY] Fedora 29 Update: java-1.8.0-openjdk-1.8.0.201.b09-2.fc29
2019-02-11 01:57:50
[SECURITY] Fedora 28 Update: java-1.8.0-openjdk-1.8.0.201.b09-2.fc28
2019-02-25 01:34:09
virtuozzo
virtuozzo
Important kernel security update: CVE-2018-3639; new kernel 2.6.32-042stab130.1; Virtuozzo 6.0 Update 12 Hotfix 25 (6.0.12-3705)
2018-05-23 00:00:00
centos
centos
java security update
2018-05-22 15:32:03
java security update
2018-05-22 15:30:51
qemu security update
2018-07-03 18:54:02
citrix
citrix
CVE-2018-3639 - Citrix XenServer Security Update
2018-05-22 04:00:00
JSON
Related for OPENSUSE-2018-887.NASL
ubuntu1nessus74cloudfoundry1openvas38suse5debian5huawei1ibm9hp1vmware2mscve3intel1threatpost2cisco1osv4qualysblog1mageia2f54redhat13redhatcve2cve2cvelist2prion2ubuntucve2debiancve3lenovo3cert1veracode1oraclelinux4fedora3virtuozzo1centos4citrix1