Mageia: Security Advisory (MGASA-2019-0185)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0179)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0174)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0173)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks

It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete mitigations and countermeasures. Sharing its...

Security Bulletin: Microarchitectural Data Sampling (MDS) Vulnerabilites affect OS Image for RedHat Linux for IBM Cloud Pak System

Summary Microarchitectural Data Sampling MDS Vulnerabilities affect OS Image for RedHat Linux for IBM Cloud Pak System formerly known as IBM PureApplication System. OS image for Red Hat Linux Systems for Cloud Pak System based deployments have addressed the vulnerabilities. Vulnerability Details...

GLSA-202003-56 : Xen: Multiple vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

The remote host is affected by the vulnerability described in GLSA-202003-56 Xen: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Impact : A local attacker could potentially gain privileges on the host system...

Intel Is Patching the Patch for the Patch for Its ‘Zombieload’ Flaw

Intel's made two attempts to fix the microprocessor vulnerability it was warned about 18 months ago. Third time’s the charm?...

Debian DSA-4602-1 : xen - security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks. In addition this update provides mitigations for the 'TSX Asynchronous Abort'speculative side channel attack. For additional...

New ZombieLoad v2 Attack Affects Intel's Latest Cascade Lake CPUs

Zombieload is back. This time a new variant v2 of the data-leaking side-channel vulnerability also affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown, Foreshadow and other MDS variants RIDL and Fallout. Initially...

Security Bulletin: Vulnerabilities in Intel CPUs affect IBM Integrated Analytics System

Summary Potential security vulnerabilities in CPUs may allow information disclosure. Intel released Microcode Updates MCU updates to mitigate this potential vulnerability. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-11091 DESCRIPTION:...

Security Bulletin: IBM Netezza Host Management is affected by the vulnerabilities known as Intel Microarchitectural Data Sampling (MDS) and other Kernel vulnerabilities

Summary IBM Netezza Host Management is affected by the vulnerabilities known as Intel Microarchitectural Data Sampling MDS. There are Microarchitectural hardware implementation issues that could allow an unprivileged local attacker to bypass conventional memory security restrictions in order to...

openSUSE Security Update : ucode-intel (openSUSE-2019-1806) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

This update for ucode-intel fixes the following issues : This update contains the Intel QSR 2019.1 Microcode release bsc1111331 Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSB...

SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2019:1910-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

This update for ucode-intel fixes the following issues : This update contains the Intel QSR 2019.1 Microcode release bsc1111331 Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS...

SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2019:1909-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

This update for ucode-intel fixes the following issues : This update contains the Intel QSR 2019.1 Microcode release bsc1111331 Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS...

Oracle Linux 7 : libvirt (ELSA-2019-4714)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4714 advisory. - api: disallow virDomainSaveImageGetXMLDesc on read-only connections Jan Tomko Orabug: 29955742 CVE-2019-10161 - api: disallow...

Oracle Linux 7 : qemu (ELSA-2019-4713)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4713 advisory. - Document CVEs as fixed: CVE-2017-9524, CVE-2017-6058, CVE-2017-5931 Mark Kanda Orabug: 29886908 CVE-2017-5931 CVE-2017-6058 CVE-2017-9524 - pvrdma:...

USN-3977-3: Intel Microcode update (AKA ZombieLoad Attack) | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Description USN-3977-1 and USN-3977-2 provided mitigations for Microarchitectural Data Sampling MDS vulnerabilities in Intel Microcode for a large number of Intel processor families. This update...

Linux Kernel Detection of MDS vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

According to the remote Linux kernel, this system is vulnerable to the following information disclosure vulnerabilities: - MSBDS leaks Store Buffer Entries which can be speculatively forwarded to a dependent load store-to-load forwarding as an optimization. The forward can also happen to a faulti...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1550-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-12819: The function mdiobusregister called putdevice, which triggered a fixedmdiobusinit use-after-free. This would cause a denial of service. bsc1138291...