USN-3977-2: Intel Microcode update

USN-3977-1 provided mitigations for Microarchitectural Data Sampling MDS vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry Trail and Bay Trail processor families. Original adviso...

openSUSE Security Update : xen (openSUSE-2019-1419) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

This update for xen fixes the following issues : Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling MFBDS -...

Ubuntu 14.04 LTS : libvirt update (USN-3985-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered...

openSUSE Security Update : xen (openSUSE-2019-1403) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

This update for xen fixes the following issues : Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling MFBDS -...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4643)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4643 advisory. - x86/mds: Add empty commit for CVE-2019-11091 Konrad Rzeszutek Wilk Orabug: 29721848 CVE-2019-11091 - x86/speculation/mds: Make mdsmitigation mutable...

USN-3985-2 libvirt update

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered...

Information Disclosure

The kernel package is vulnerable to information disclosure. The attack is possible due to uncacheable memory on some microprocessors utilizing speculative execution, allowing an authenticated user to disclose information via a side channel with local access...

Oracle Linux 7 : kernel (ELSA-2019-1168)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1168 advisory. - x86 x86/speculation/mds: Add SMT warning message Waiman Long 1692597 1692598 1692599 1690335 1690348 1690358 CVE-2018-12126 CVE-2018-12127...

CentOS 6 : libvirt (CESA-2019:1180) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

An update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

qemu security update

CentOS Errata and Security Advisory CESA-2019:1178 An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

USN-3984-1: Linux kernel vulnerabilities

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4629)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4629 advisory. - x86/mds: Add empty commit for CVE-2019-11091 Konrad Rzeszutek Wilk Orabug: 29721935 CVE-2019-11091 - x86/speculation: Support 'mitigations='...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4628)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4628 advisory. - x86/mds: Add empty commit for CVE-2019-11091 Konrad Rzeszutek Wilk Orabug: 29721848 CVE-2019-11091 - x86/speculation/mds: Make mdsmitigation mutable...

Oracle Linux 6 : kernel (ELSA-2019-1169)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1169 advisory. - x86 x86/speculation/mds: Add SMT warning message Waiman Long 1692386 1692387 1692388 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 - x86...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2019-4637)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4637 advisory. - x86/speculation/mds: Make cpumatches cpuinit Patrick Colp Orabug: 29752091 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 -...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4636)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4636 advisory. - x86/speculation/mds: Make cpumatches cpuinit Patrick Colp Orabug: 29751729 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 -...

hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...

Important: Red Hat Security Advisory: rhvm-appliance security update

An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...

hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...