Security Bulletin: Vulnerability in IBM Java SDK affects IBM Virtualization Engine TS7700 - January 2020

Summary There is a vulnerability in IBM® SDKs Java™ Technology Edition, Versions 7 and 8, as used by IBM Virtualization Engine TS7700. This issue was disclosed as part of the IBM Java SDK updates in January 2020. IBM Virtualization Engine TS7700 has addressed the applicable CVE. Vulnerability...

MGASA-2020-0229 Updated microcode packages fix security issues

This microcode updates provides new microcode versions for the following Intel Ice Lake and Sandy Bride family processors: Processor Stepping Model Update Name - ICL-U/Y D1 6-7e-5/80 00000046-00000078 Core Gen10 Mobile - SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f-00000621 Xeon E3/E5, Core X - SNB-E/EN/...

Updated microcode packages fix security issues

This microcode updates provides new microcode versions for the following Intel Ice Lake and Sandy Bride family processors: Processor Stepping Model Update Name - ICL-U/Y D1 6-7e-5/80 00000046-00000078 Core Gen10 Mobile - SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f-00000621 Xeon E3/E5, Core X -...

gcc-toolset-9-binutils bug fix and enhancement update

An update is available for gcc-toolset-9-binutils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GCC Toolset is a compiler toolset that provides recent version...

gcc-toolset-9-binutils bug fix and enhancement update

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. For instructions on usage, see Using GCC Toolset linked from the References section. Components and specifics of this version are documente...

CVE-2020-1627

A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service DoS by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash. By continuously sending...

Design/Logic Flaw

A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service DoS by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash. By continuously sending...

CVE-2020-1627 Junos OS: vMX and MX150: Denial of Service vulnerability in packet processing

A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service DoS by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash. By continuously sending...

gcc-toolset-9-binutils bug fix update

An update is available for gcc-toolset-9-binutils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GCC Toolset is a compiler toolset that provides recent version...

ALBA-2020:1354 gcc-toolset-9-binutils bug fix update

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It...

gcc-toolset-9-binutils bug fix update

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It...

Debian DLA-2148-1 : amd64-microcode security update (Spectre)

It was discovered that systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis Spectre v2. Multiple fixes were done already in Linux kernel,...

Debian: Security Advisory (DLA-2148-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2148-1] amd64-microcode security update

Package : amd64-microcode Version : 3.20181128.1deb8u1 CVE ID : CVE-2017-5715 Debian Bug : 886382 It was discovered that systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user acce...

Escaping the Chrome Sandbox with RIDL

Guest blog post by Stephen Röttger tl;dr: Vulnerabilities that leak cross process memory can be exploited to escape the Chrome sandbox. An attacker is still required to compromise the renderer prior to mounting this attack. To protect against attacks on affected CPUs make sure your microcode is u...

Unbreakable Enterprise kernel security update

4.1.12-124.36.1 - iscsi-target: graceful disconnect on invalid mapping to iovec Imran Haider Orabug: 30459537 - x86/microcode: Issue update message only once Borislav Petkov Orabug: 30528904 - x86/microcode/intel: Issue the revision updated message only on the BSP Borislav Petkov Orabug: 30528904...

Intel Processors Side Channel Data Leakage Vulnerabilities - Lenovo Support US

Lenovo Security Advisory: LEN-30044 Potential Impact: Information Disclosure Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2020-0548, CVE-2020-0549, CVE-2020-0550 Summary Description: Intel reported potential security vulnerabilities in some Intel Processors that may allow...

Intel Processors Side Channel Data Leakage Vulnerabilities - Lenovo Support US

No description provided...

New 'CacheOut' Attack Leaks Data from Intel CPUs, VMs and SGX Enclave

Another month, another speculative execution vulnerability found in Intel processors. If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel,...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1001)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...