98 matches found
New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data
A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading...
GLSA-201810-06 : Xen: Multiple vulnerabilities (Foreshadow) (Meltdown) (Spectre)
The remote host is affected by the vulnerability described in GLSA-201810-06 Xen: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Impact : A local attacker could cause a Denial of Service condition or disclos...
Security Bulletin: IBM API Connect is affected by Foreshadow Spectre Variant vulnerability (CVE-2018-3646 CVE-2018-3615 CVE-2018-3620)
Summary API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-3646 DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting...
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2344-2) (Foreshadow)
The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache...
SUSE SLES12 Security Update : xen (SUSE-SU-2018:2410-2) (Foreshadow)
This update for xen fixes the following security issues : CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS...
Security Bulletin: PowerKVM has released fixes in response to the vulnerabilities known as Foreshadow
Summary PowerKVM is affected by vulnerabilities in the Linux kernel. IBM has now addressed these vulnerabilities. Note that, although the CVE descriptions do not reference POWER, POWER CPUs are afftected. Vulnerability Details CVEID: CVE-2018-3620 DESCRIPTION: Multiple Intel CPU''s could allow a...
Debian DLA-1506-1 : intel-microcode security update (Foreshadow) (Spectre)
Security researchers identified speculative execution side-channel methods which have the potential to improperly gather sensitive data from multiple types of computing devices with different vendors processors and operating systems. This update requires an update to the intel-microcode package,...
OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0254) (Foreshadow)
The remote OracleVM system is missing necessary patches to address critical security updates : Oracle VM Security Advisory OVMSA-2018-0254 The following updated rpms for Oracle VM 3.4 have been uploaded to the Unbreakable Linux Network : x8664: kernel-uek-4.1.12-124.19.1.el6uek.x8664.rpm...
Fedora 27 : xen (2018-915602df63) (Foreshadow)
L1 Terminal Fault speculative side channel patch bundle XSA-273, CVE-2018-3620, CVE-2018-3646 drop patches also in the bundle, which also includes Use of v2 grant tables may cause crash on ARM XSA-268 1616081 x86: Incorrect MSRDEBUGCTL handling lets guests enable BTS XSA-269 1616077 oxenstored do...
Slackware 14.2 : Slackware 14.2 kernel (SSA:2018-240-01) (Foreshadow)
New kernel packages are available for Slackware 14.2 to mitigate security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-240-01. The text itself is copyright C Slackware Linux, Inc...
Debian DLA-1481-1 : linux-4.9 security update (Foreshadow)
Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults. This flaw could allow an attacker controlling an unprivileged process to read memory from arbitrary...
[slackware-security] Slackware 14.2 kernel
New kernel packages are available for Slackware 14.2 to mitigate security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/linux-4.4.153/: Upgraded. This kernel update enables mitigations for L1 Terminal Fault aka Foreshadow and Foreshadow-NG vulnerabilities. Thank...
Xen Project Speculative Execution Side Channel Vulnerability (XSA-273) (Foreshadow)
According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a speculative execution side channel attack known as L1 Terminal Fault L1TF. An attacker who successfully exploited L1TF may be able to read privileged data across trust boundaries. Note...
SUSE SLES11 Security Update : xen (SUSE-SU-2018:2528-1) (Foreshadow) (Meltdown) (Spectre)
This update for xen fixes the following issues: These security issue were fixed : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local...
Security Updates for Windows 10 / Windows Server 2016 (August 2018) (Spectre) (Meltdown) (Foreshadow)
The remote Windows host is missing a security update. It is, therefore, missing microcode updates to address Rogue System Register Read RSRE, Speculative Store Bypass SSB, L1 Terminal Fault L1TF, and Branch Target Injection vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if...
SUSE SLES12 Security Update : xen (SUSE-SU-2018:2483-1) (Foreshadow)
This update for xen fixes the following issues: This security issue was fixed : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local us...
SUSE SLES12 Security Update : xen (SUSE-SU-2018:2480-1) (Foreshadow)
This update for xen fixes the following security issue : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS...
SUSE SLES11 Security Update : xen (SUSE-SU-2018:2482-1) (Foreshadow)
This update for xen fixes the following issues: This security issue was fixed : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local us...
openSUSE Security Update : ucode-intel (openSUSE-2018-887) (Foreshadow) (Spectre)
ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 Spectre v3a and is part of the mitigations for CVE-2018-3639 Spectre v4 and CVE-2018-3646 L1 Terminal fault. bsc1104134 bsc1087082 bsc1087083 bsc1089343 Processor Identifier Version Products Mode...
RHEL 7 : rhvm-appliance (RHSA-2018:2402)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:2402 advisory. The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is availab...