K21344224: Lazy FP state restore vulnerability CVE-2018-3665

Security Advisory Description System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. CVE-2018-3665 A Floating-Point FP state...

Vulnerability Remediation: It’s Not Just Patching

Vulnerability does not equal a patch, as such remediating a detected vulnerability requires deploying the right patches and, in some cases, making the right configuration changes. Using multiple tools to detect, map and deploy the right remediation actions is time consuming and will result in les...

Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks

It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete mitigations and countermeasures. Sharing its...

September 11, 2018—KB4458010 (Monthly Rollup)

September 11, 2018—KB4458010 Monthly Rollup Improvements and fixes This security update addresses the following issues: Provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault L1TF that affects Intel® Core® processors and Intel® Xeon®...

Photon OS 1.0: Linux PHSA-2018-1.0-0097 (deprecated)

An update of linux packages for PhotonOS has been released. This kernel update fixes vulnerability CVE-2017-5754 which is commonly known as Meltdown vulnerability. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2/7/2019 The descriptive text and package checks in this plugin were...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 7 : kernel-alt (RHSA-2018:1374)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1374 advisory. The kernel-alt packages provide the Linux kernel version 4.x. Security Fixes: kernel: ptrace incorrect error handling leads to corruption an...

Meltdown and Spectre update for WildFire-500 Appliance

Palo Alto Networks has determined that the WildFire-500 WF-500 appliance is affected by the vulnerability disclosures known as Meltdown and Spectre, and has completed an update to address these issues. The WF-500 software update is now available to customers that use the WF-500 appliance for...

Important: Red Hat Security Advisory: kernel-alt security and bug fix update

An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

x86: PV guest may crash Xen with XPTI

ISSUE DESCRIPTION The workaround for the Meltdown vulnerability XSA-254 failed to deal with an error code path connecting the INT 80 handling with general exception handling. This results in an unconditional write attempt of the value zero to an address near 2^64, in cases where a PV guest has no...

Bad Microsoft Meltdown Patch Made Some Windows Systems Less Secure

UPDATE Researcher Ulf Frisk has created a proof-of-concept exploit demonstrating that Microsoft’s January Patch Tuesday update made security matters worse when it comes to memory vulnerabilities associated with Intel’s CPU bug Meltdown. Frisk, a Swedish IT security expert, reported on Tuesday tha...

SUSE-SU-2018:0638-1 Security update for xen

This update for xen fixes several issues. This new feature was included: - add script and sysv service to watch for vcpu online/offline events in a HVM domU These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative...

MGASA-2018-0134 Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 4.14.20 and adds KPTI mitigation for Meltdown CVE-2017-5754 on 32bit x86. Arm platorm has now also addedmitigations for Meltdown CVE-2017-5754 and Spectre, variant 2 CVE-2017-5715. For other fixes in this update, read the referenced changelogs...

SUSE-SU-2018:0472-1 Security update for xen

This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks bsc1074562, bsc1068032 - CVE-2017-15595: x86 PV guest OS users were...

Intel Releases New Spectre Patch Update for Skylake Processors

After leaving million of devices at risk of hacking and then rolling out broken patches, Intel has now released a new batch of security patches only for its Skylake processors to address one of the Spectre vulnerabilities Variant 2. For those unaware, Spectre Variant 1, Variant 2 and Meltdown...

USN-3541-2 linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities

USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and branch...

USN-3540-1 linux, linux-aws, linux-euclid vulnerabilities

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provide...

Fedora 27 : kernel (2018-22d5fa8a90)

The 4.14.11 stable kernel update contains a number of important fixes across the tree. This also includes the KPTI patches to mitigate the Meltdown vulnerability for x86 architectures. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...

MGASA-2018-0078 Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update provided the upstream 4.14.13 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...

Ubuntu: Security Advisory (USN-3522-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...