[SECURITY] [DLA 3524-1] linux security update

Debian LTS Advisory DLA-3524-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings August 10, 2023 https://wiki.debian.org/LTS Package : linux Version : 4.19.289-2 CVE ID : CVE-2022-40982 Daniel Moghimi discovered Gather Data Sampling GDS, a hardware vulnerability for...

Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs

Cybersecurity researchers have disclosed details of a trio of side-channel attacks that could be exploited to leak sensitive data from modern CPUs. Called Collide+Power CVE-2023-20583, Downfall CVE-2022-40982, and Inception CVE-2023-20569, the novel methods follow the disclosure of another newly...

Vulnerability fixed in Intel processors

A vulnerability has been fixed in the microcode of several Intel processors1. The vulnerability has been named "Downfall" and allows a local, authenticated malicious person to manipulate the operation of memory optimization. This allows the malicious party to gain access to memory locations...

Vulnerability fixed in AMD processors

A vulnerability has been fixed in the microcode of AMD processors. The vulnerability has been named "Inception" and enables a local, authenticated malicious person to manipulate the operation of the Predictive Algorithms, which could circumvent measures in place to prevent unauthorized instructio...

CVE-2023-20569

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure...

linux-firmware security update

20230516-999.25.git6c9e0ed5.el7 - Add missing amd-ucode/ files to nano rpm Orabug: 35642190 - Add posttrans scriptlet to reload microcode on AMD Orabug: 35636951 - Recreate initramfs for AMD systems Orabug: 35636951 20230516-999.24.git6c9e0ed5.el7 - 8a07fa49 linux-firmware: Update AMD fam19h cpu...

linux-firmware security update

20230516-999.25.git6c9e0ed5.el8 - Add missing amd-ucode/ files to nano and core rpm Orabug: 35642190 - Add posttrans scriptlet to reload microcode on AMD Orabug: 35636951 - Recreate initramfs for AMD systems Orabug: 35636951 20230516-999.24.git6c9e0ed5.el7 - 8a07fa49 linux-firmware: Update AMD...

linux-firmware security update

20230516-999.25.git6c9e0ed5.el9 - Add missing amd-ucode/ files to nano and core rpm Orabug: 35642190 - Add posttrans scriptlet to reload microcode on AMD Orabug: 35636951 - Recreate initramfs for AMD systems Orabug: 35636951 20230516-999.24.git6c9e0ed5.el7 - 8a07fa49 linux-firmware: Update AMD...

linux-firmware security update

20230516-999.25.git6c9e0ed5.el7 - Add missing amd-ucode/ files to nano rpm Orabug: 35642190 - Add posttrans scriptlet to reload microcode on AMD Orabug: 35636951 - Recreate initramfs for AMD systems Orabug: 35636951 20230516-999.24.git6c9e0ed5.el7 - 8a07fa49 linux-firmware: Update AMD fam19h cpu...

2023.3 IPU - Intel® Xeon® Scalable Processors Advisory

Summary: A potential security vulnerability in some 3rd Generation Intel® Xeon® Scalable processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-23908 Description: Improper access control in...

PT-2023-5631 · Mediatek · Mediatek Microcode

Name of the Vulnerable Software and Affected Versions: MediaTek microcode affected versions not specified Description: The issue is related to a possible use after free due to a race condition in thermal management, which could lead to local escalation of privilege. System execution privileges ar...

PT-2023-5630 · Mediatek · Mediatek Microcode

Name of the Vulnerable Software and Affected Versions: MediaTek microcode affected versions not specified Description: The issue is related to a possible use after free due to a race condition in the thermal component, which could lead to local escalation of privilege. System execution privileges...

[SECURITY] [DLA 3512-1] linux-5.10 security update

Debian LTS Advisory DLA-3512-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings August 2, 2023 https://wiki.debian.org/LTS Package : linux-5.10 Version : 5.10.179-3deb10u1 CVE ID : CVE-2023-2156 CVE-2023-3390 CVE-2023-3610 CVE-2023-20593 CVE-2023-31248 CVE-2023-35001...

Debian: Security Advisory (DLA-3511-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities due to use of IBM® SDK Java™ Technology Edition, Version 8 (CVE-2023-21967, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937)

Summary IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities due to use of IBM® SDK Java™ Technology Edition, Version 8 CVE-2023-21967, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937. The Java SDK is used by the TS7700 to provide the Management Interface, to perform cache...

[SECURITY] [DLA 3511-1] amd64-microcode security update

Debian LTS Advisory DLA-3511-1 [email protected] https://www.debian.org/lts/security/ Jochen Sprickerhof July 31, 2023 https://wiki.debian.org/LTS Package : amd64-microcode Version : 3.20230719.1+deb10u1 CVE ID : CVE-2023-20593 Debian Bug : 1041863 Tavis Ormandy discovered that under...

Debian dla-3511 : amd64-microcode - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3511 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3511-1 [email protected]...

Debian: Security Advisory (DSA-5462-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-3511-1 amd64-microcode - security update

Bulletin has no description...

Debian: Security Advisory (DSA-5461-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...