199 matches found
A week in security (October 22 – 28)
Last week on Malwarebytes Labs, we took a look at some new Mac malware, gave you a roundup of 2018 exploit kits, and dispensed some advice on sextortion scams. We also looked at the Cathay Pacific breach, groaned at the revival of an old browser trick, and explained how voting machines and...
openSUSE: Security Advisory for xen (openSUSE-SU-2018:2436-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLES12 Security Update : xen (SUSE-SU-2018:2410-2) (Foreshadow)
This update for xen fixes the following security issues : CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS...
SUSE-SU-2018:2410-2 Security update for xen
This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS...
New Ninth-Gen Intel CPUs Shield Against Some Spectre, Meltdown Variants
Intel’s new ninth-generation CPUs come packed with hardware-based protections against two variants of the infamous Meltdown and Spectre speculative execution attacks. The ninth-generation desktop Core processors are dubbed Coffee Lake, and became available for preorder on Tuesday. they’re built t...
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4215)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-4215 advisory. - x86/speculation/l1tf: Fix overflow in l1tfpfnlimit on 32bit Vlastimil Babka Orabug: 28505476 CVE-2018-3620 - x86/speculation/l1tf: Protect PAE swap entrie...
SUSE SLES11 Security Update : xen (SUSE-SU-2018:2482-1) (Foreshadow)
This update for xen fixes the following issues: This security issue was fixed : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local us...
SUSE SLES12 Security Update : xen (SUSE-SU-2018:2480-1) (Foreshadow)
This update for xen fixes the following security issue : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS...
openSUSE Security Update : xen (openSUSE-2018-911) (Foreshadow)
This update for xen fixes the following security issues : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest O...
SUSE SLES12 Security Update : xen (SUSE-SU-2018:2410-1) (Foreshadow)
This update for xen fixes the following security issues : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest O...
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:2401-1) (Foreshadow)
This update for xen fixes the following security issues : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest O...
openSUSE Security Update : xen (openSUSE-2018-910) (Foreshadow)
This update for xen fixes the following security issues : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest O...
openSUSE: Security Advisory for xen (openSUSE-SU-2018:2434-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for xen (important)
This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS...
Security update for xen (important)
This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS...
Security update for the Linux Kernel (important)
The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-10853: A flaw was found in KVM in which certain instructions such as sgdt/sidt call segmentedwritestd doesn't propagate access correctly. As such, during userspac...
openSUSE Security Update : the Linux Kernel (openSUSE-2018-886) (Foreshadow)
The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-10853: A flaw was found in KVM in which certain instructions such as sgdt/sidt call segmentedwritestd doesn't propagate access correctly. As such, during userspa...
Foreshadow- L1 Terminal Fault: OS/SMM
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. CVE: CVE-2018-3620 Last updated: Aug. 1...
CVE-2018-3615
Systems with microprocessors utilizing speculative execution and Intel software guard extensions Intel SGX may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis...
Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2018-4195)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4195 advisory. - ipv4: frags: handle possible skb truesize change Eric Dumazet Orabug: 28481663 CVE-2018-5391 - inet: frag: enforce memory limits earlier Eric Dumazet...