Lucene search

K
suseSuseOPENSUSE-SU-2019:1805-1
HistoryJul 24, 2019 - 12:00 a.m.

Security update for ucode-intel (important)

2019-07-2400:00:00
lists.opensuse.org
513

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

24.0%

An update that fixes four vulnerabilities is now available.

Description:

This update for ucode-intel fixes the following issues:

This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331)

Four new speculative execution information leak issues have been
identified in Intel CPUs. (bsc#1111331)

  • CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
  • CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
  • CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
  • CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory
    (MDSUM)

These updates contain the CPU Microcode adjustments for the software
mitigations.

For more information on this set of vulnerabilities, check out
https://www.suse.com/support/kb/doc/?id=7023736

Release notes:

---- updated platforms ------------------------------------ SNB-E/EN/EP
C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP
C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.0:

    zypper in -t patch openSUSE-2019-1805=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.0x86_64< - openSUSE Leap 15.0 (x86_64):- openSUSE Leap 15.0 (x86_64):.x86_64.rpm

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

24.0%