The 'intel-microcode' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 19.04, and Ubuntu 19.10 are missing an update announced via the USN-4182-1 advisory. Please install the updated package(s)
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
![]() | [SECURITY] [DLA 2051-1] intel-microcode security update | 30 Dec 201922:33 | – | debian |
![]() | [SECURITY] [DSA 4565-1] intel-microcode security update | 13 Nov 201906:05 | – | debian |
![]() | [SECURITY] [DSA 4565-1] intel-microcode security update | 13 Nov 201906:05 | – | debian |
![]() | [SECURITY] [DSA 4565-2] intel-microcode security update | 13 Dec 201920:15 | – | debian |
![]() | [SECURITY] [DSA 4565-2] intel-microcode security update | 13 Dec 201920:15 | – | debian |
![]() | Debian DSA-4565-1 : intel-microcode - security update | 14 Nov 201900:00 | – | nessus |
![]() | SUSE SLES11 Security Update : microcode_ctl (SUSE-SU-2019:14220-1) | 10 Jun 202100:00 | – | nessus |
![]() | SUSE SLED12 / SLES12 Security Update : ucode-intel (SUSE-SU-2019:2988-1) | 18 Nov 201900:00 | – | nessus |
![]() | Ubuntu 16.04 LTS / 18.04 LTS : Intel Microcode update (USN-4182-1) | 13 Nov 201900:00 | – | nessus |
![]() | SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2019:2986-1) | 18 Nov 201900:00 | – | nessus |
# SPDX-FileCopyrightText: 2019 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.844229");
script_cve_id("CVE-2019-11135", "CVE-2019-11139");
script_tag(name:"creation_date", value:"2019-11-13 03:00:51 +0000 (Wed, 13 Nov 2019)");
script_version("2024-02-02T05:06:07+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:07 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"2.1");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:N/I:N/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-11-20 18:02:32 +0000 (Wed, 20 Nov 2019)");
script_name("Ubuntu: Security Advisory (USN-4182-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2019 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(16\.04\ LTS|18\.04\ LTS|19\.04|19\.10)");
script_xref(name:"Advisory-ID", value:"USN-4182-1");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-4182-1");
script_xref(name:"URL", value:"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915");
script_tag(name:"summary", value:"The remote host is missing an update for the 'intel-microcode' package(s) announced via the USN-4182-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo,
Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz
Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel
processors using Transactional Synchronization Extensions (TSX) could
expose memory contents previously stored in microarchitectural buffers to a
malicious process that is executing on the same CPU core. A local attacker
could use this to expose sensitive information. (CVE-2019-11135)
It was discovered that certain Intel Xeon processors did not properly
restrict access to a voltage modulation interface. A local privileged
attacker could use this to cause a denial of service (system crash).
(CVE-2019-11139)");
script_tag(name:"affected", value:"'intel-microcode' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 19.04, Ubuntu 19.10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU16.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"intel-microcode", ver:"3.20191112-0ubuntu0.16.04.2", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU18.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"intel-microcode", ver:"3.20191112-0ubuntu0.18.04.2", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU19.04") {
if(!isnull(res = isdpkgvuln(pkg:"intel-microcode", ver:"3.20191112-0ubuntu0.19.04.2", rls:"UBUNTU19.04"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU19.10") {
if(!isnull(res = isdpkgvuln(pkg:"intel-microcode", ver:"3.20191112-0ubuntu0.19.10.2", rls:"UBUNTU19.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo