2018-02-03
ALT-BU-2018-3042-1
Branch c7.1 update bulletin.
Package rabbitmq-server updated to version 3.6.14-alt3.M70C.1 for branch c7.1 in task 198740.
Closed vulnerabilities
Published: 2016-12-29
Modified: 2025-04-02
Modified: 2025-04-02
CVE-2016-9877
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- DSA-3761
- DSA-3761
- 95065
- 95065
- https://pivotal.io/security/cve-2016-9877
- https://pivotal.io/security/cve-2016-9877
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us
Package kernel-image-un-def updated to version 4.9.79-alt0.M70C.1 for branch c7.1 in task 198821.
Closed vulnerabilities
Published: 2018-01-07
BDU:2018-00003
Уязвимость процессоров Intel, ARM и AMD, связанная с особенностями функционирования модуля прогнозирования ветвлений, позволяющая нарушителю получить доступ к защищенной памяти из программы
Severity: MEDIUM (5.6)
Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2018-02-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-16911
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.
Severity: MEDIUM (4.7)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
- 102156
- 102156
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=2f2d0088eb93db5c649d2a5e34a3800a8a935fc5
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=2f2d0088eb93db5c649d2a5e34a3800a8a935fc5
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- https://secuniaresearch.flexerasoftware.com/advisories/80454/
- https://secuniaresearch.flexerasoftware.com/advisories/80454/
- https://secuniaresearch.flexerasoftware.com/secunia_research/2017-20/
- https://secuniaresearch.flexerasoftware.com/secunia_research/2017-20/
- USN-3619-1
- USN-3619-1
- USN-3619-2
- USN-3619-2
- USN-3754-1
- USN-3754-1
- DSA-4187
- DSA-4187
- https://www.spinics.net/lists/linux-usb/msg163480.html
- https://www.spinics.net/lists/linux-usb/msg163480.html
Published: 2018-01-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-5715
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Severity: MEDIUM (5.6)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- SUSE-SU-2018:0006
- SUSE-SU-2018:0006
- SUSE-SU-2018:0007
- SUSE-SU-2018:0007
- SUSE-SU-2018:0008
- SUSE-SU-2018:0008
- SUSE-SU-2018:0009
- SUSE-SU-2018:0009
- SUSE-SU-2018:0010
- SUSE-SU-2018:0010
- SUSE-SU-2018:0011
- SUSE-SU-2018:0011
- SUSE-SU-2018:0012
- SUSE-SU-2018:0012
- openSUSE-SU-2018:0013
- openSUSE-SU-2018:0013
- SUSE-SU-2018:0019
- SUSE-SU-2018:0019
- SUSE-SU-2018:0020
- SUSE-SU-2018:0020
- openSUSE-SU-2018:0022
- openSUSE-SU-2018:0022
- openSUSE-SU-2018:0023
- openSUSE-SU-2018:0023
- http://nvidia.custhelp.com/app/answers/detail/a_id/4609
- http://nvidia.custhelp.com/app/answers/detail/a_id/4609
- http://nvidia.custhelp.com/app/answers/detail/a_id/4611
- http://nvidia.custhelp.com/app/answers/detail/a_id/4611
- http://nvidia.custhelp.com/app/answers/detail/a_id/4613
- http://nvidia.custhelp.com/app/answers/detail/a_id/4613
- http://nvidia.custhelp.com/app/answers/detail/a_id/4614
- http://nvidia.custhelp.com/app/answers/detail/a_id/4614
- http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- VU#584653
- VU#584653
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- 102376
- 102376
- 1040071
- 1040071
- http://xenbits.xen.org/xsa/advisory-254.html
- http://xenbits.xen.org/xsa/advisory-254.html
- RHSA-2018:0292
- RHSA-2018:0292
- https://access.redhat.com/security/vulnerabilities/speculativeexecution
- https://access.redhat.com/security/vulnerabilities/speculativeexecution
- https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
- https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
- https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
- https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
- https://cert.vde.com/en-us/advisories/vde-2018-002
- https://cert.vde.com/en-us/advisories/vde-2018-002
- https://cert.vde.com/en-us/advisories/vde-2018-003
- https://cert.vde.com/en-us/advisories/vde-2018-003
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
- [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- [debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update
- [debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update
- [debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update
- [debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- FreeBSD-SA-18:03
- FreeBSD-SA-18:03
- FreeBSD-SA-19:26
- FreeBSD-SA-19:26
- GLSA-201810-06
- GLSA-201810-06
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
- https://security.netapp.com/advisory/ntap-20180104-0001/
- https://security.netapp.com/advisory/ntap-20180104-0001/
- https://security.paloaltonetworks.com/CVE-2017-5715
- https://security.paloaltonetworks.com/CVE-2017-5715
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
- https://spectreattack.com/
- https://spectreattack.com/
- https://support.citrix.com/article/CTX231399
- https://support.citrix.com/article/CTX231399
- https://support.f5.com/csp/article/K91229003
- https://support.f5.com/csp/article/K91229003
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
- https://support.lenovo.com/us/en/solutions/LEN-18282
- https://support.lenovo.com/us/en/solutions/LEN-18282
- 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
- 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
- USN-3531-1
- USN-3531-1
- USN-3531-3
- USN-3531-3
- USN-3540-2
- USN-3540-2
- USN-3541-2
- USN-3541-2
- USN-3542-2
- USN-3542-2
- USN-3549-1
- USN-3549-1
- USN-3560-1
- USN-3560-1
- USN-3561-1
- USN-3561-1
- USN-3580-1
- USN-3580-1
- USN-3581-1
- USN-3581-1
- USN-3581-2
- USN-3581-2
- USN-3582-1
- USN-3582-1
- USN-3582-2
- USN-3582-2
- USN-3594-1
- USN-3594-1
- USN-3597-1
- USN-3597-1
- USN-3597-2
- USN-3597-2
- USN-3620-2
- USN-3620-2
- USN-3690-1
- USN-3690-1
- USN-3777-3
- USN-3777-3
- USN-3516-1
- USN-3516-1
- DSA-4120
- DSA-4120
- DSA-4187
- DSA-4187
- DSA-4188
- DSA-4188
- DSA-4213
- DSA-4213
- 43427
- 43427
- VU#180049
- VU#180049
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
- https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
- https://www.synology.com/support/security/Synology_SA_18_01
- https://www.synology.com/support/security/Synology_SA_18_01
- https://www.vmware.com/security/advisories/VMSA-2018-0007.html
- https://www.vmware.com/security/advisories/VMSA-2018-0007.html
- https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
- https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
- https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html
- https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html