Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js for IBM Cloud. IBM SDK for Node.js for IBM Cloud has addressed the applicable CVEs. Node.js vulnerabilities were disclosed by the Node.js foundation. Node.js is used by IBM SDK for Node.j...

EulerOS 2.0 SP3 : openssl110f (EulerOS-SA-2018-1434)

According to the version of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A microprocessor side-channel vulnerability was found on SMT e.g, Hyper-Threading architectures. An attacker running a malicious process on th...

[slackware-security] openssl

New openssl packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/openssl-1.0.2q-i586-1slack14.2.txz: Upgraded. This update fixes a timing side-channel flaw on processors which implement...

New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading...

New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading...

Microsoft Guidance to mitigate L1TF variant

Executive Summary On January 3, 2018, Microsoft released an advisory and security updates for a new class of hardware vulnerabilities involving speculative execution side channels known as Spectre and Meltdown. Microsoft is aware of a new speculative execution side channel vulnerability known as ...

HPSBHF03590 rev. 2 - L1 Terminal Fault (L1TF)

Potential Security Impact Unauthorized exposure of privileged data from memory. Source: HP, HP Product Security Response Team PSRT, Intel Reported By: Intel VULNERABILITY SUMMARY A new speculative execution side channel variant has been discovered called L1 Terminal Fault L1TF. There are no repor...

OpenBSD Disables Intel Hyper-Threading to Prevent Spectre-Class Attacks

Security-oriented BSD operating system OpenBSD has decided to disable support for Intel's hyper-threading performance-boosting feature, citing security concerns over Spectre-style timing attacks. Introduced in 2002, Hyper-threading is Intel's implementation of Simultaneous Multi-Threading SMT tha...

OpenBSD Disables Intel Hyper-Threading to Prevent Spectre-Class Attacks

Security-oriented BSD operating system OpenBSD has decided to disable support for Intel's hyper-threading performance-boosting feature, citing security concerns over Spectre-style timing attacks. Introduced in 2002, Hyper-threading is Intel's implementation of Simultaneous Multi-Threading SMT tha...

KB4073065: Surface guidance to protect against silicon-based microarchitectural and speculative execution side-channel vulnerabilities

None None...

FreeBSD Security Advisory (FreeBSD-SA-05:09.htt.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-05:09.htt.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

FreeBSD Security Advisory (FreeBSD-SA-05:09.htt.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-05:09.htt.asc ADV FreeBSD-SA-05:09.htt.asc OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

security flaw

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic key...

security flaw

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic key...

Mandrake Linux Security Advisory : kernel (MDKSA-2005:110)

Multiple vulnerabilities in the Linux kernel have been discovered and fixed in this update. The following CVE names have been fixed in the LE2005 kernel : Colin Percival discovered a vulnerability in Intel's Hyper-Threading technology could allow a local user to use a malicious thread to create...

Multiple hardware platforms hyper threading technology systems information leak

Unprivileged thread can read data from privileged thread memory from CPU cache memory...

[SA15559] Sun Solaris Hyper-Threading Support Information Disclosure

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

security flaw

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic key...

Simultaneous multithreading processors may leak information through cache eviction analysis techniques

Overview Operating systems on hardware platforms supporting simultaneous multi-threading Hyper-Threading technology in particular are potentially vulnerable to information leakage to local users. Proof of concept papers and code demonstrating successful attacks against cryptographic keys are in...

OpenServer 5.0.7 UnixWare 7.1.4 UnixWare 7.1.3 : Hyper-Threading information leakage

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SCO Security Advisory Subject: OpenServer 5.0.7 UnixWare 7.1.4 UnixWare 7.1.3 : Hyper-Threading information leakage Advisory number: SCOSA-2005.24 Issue date: 2005 May 13 Cross reference: sr893223 fz531468 erg712804 sr893224 fz531469 erg712805...