2019-05-22
ALT-BU-2019-3669-1
Branch c8.1 update bulletin.
Package kernel-image-std-4.9 updated to version 4.9.176-alt0.M80C.1 for branch c8.1 in task 229404.
Closed vulnerabilities
Published: 2019-03-06
BDU:2019-01957
Уязвимость процессоров Intel, связанная с микроархитектурной выборкой данных некэшируемой памяти (MDSUM), позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.6)
Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2019-03-06
BDU:2019-01958
Уязвимость порта загрузки MLPDS микропрограммного обеспечения Intel, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (5.6)
Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2019-03-06
BDU:2019-01959
Уязвимость процессоров Intel, связанная с восстановлением содержимого буферов заполнения (MFBDS), позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.6)
Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2019-03-06
BDU:2019-01960
Уязвимость буфера данных MSBDS микропрограммного обеспечения Intel, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (5.1)
Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2012-06-22
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2011-1079
The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.
Severity: MEDIUM (5.4)
References:
- http://downloads.avaya.com/css/P8/documents/100145416
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=43629f8f5ea32a998d06d1bb41eefa0e821ff573
- http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html
- RHSA-2011:0833
- [oss-security] 20110301 Re: CVE request: kernel: two bluetooth and one ebtables infoleaks/DoSes
- https://bugzilla.redhat.com/show_bug.cgi?id=681260
- https://github.com/torvalds/linux/commit/43629f8f5ea32a998d06d1bb41eefa0e821ff573
- http://downloads.avaya.com/css/P8/documents/100145416
- https://github.com/torvalds/linux/commit/43629f8f5ea32a998d06d1bb41eefa0e821ff573
- https://bugzilla.redhat.com/show_bug.cgi?id=681260
- [oss-security] 20110301 Re: CVE request: kernel: two bluetooth and one ebtables infoleaks/DoSes
- RHSA-2011:0833
- http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=43629f8f5ea32a998d06d1bb41eefa0e821ff573
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
Published: 2019-05-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-12126
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (5.6)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- openSUSE-SU-2019:1805
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- RHSA-2019:1455
- RHSA-2019:1455
- RHSA-2019:2553
- RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- FEDORA-2019-1f5832fc0e
- FEDORA-2019-1f5832fc0e
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- FreeBSD-SA-19:26
- FreeBSD-SA-19:26
- GLSA-202003-56
- GLSA-202003-56
- USN-3977-3
- USN-3977-3
- DSA-4602
- DSA-4602
- FreeBSD-SA-19:07
- FreeBSD-SA-19:07
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- https://www.synology.com/security/advisory/Synology_SA_19_24
Published: 2019-05-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-12127
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (5.6)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- openSUSE-SU-2019:1805
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- RHSA-2019:1455
- RHSA-2019:1455
- RHSA-2019:2553
- RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- FEDORA-2019-1f5832fc0e
- FEDORA-2019-1f5832fc0e
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- FreeBSD-SA-19:26
- FreeBSD-SA-19:26
- GLSA-202003-56
- GLSA-202003-56
- USN-3977-3
- USN-3977-3
- DSA-4602
- DSA-4602
- FreeBSD-SA-19:07
- FreeBSD-SA-19:07
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- https://www.synology.com/security/advisory/Synology_SA_19_24
Published: 2019-05-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-12130
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (5.6)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- openSUSE-SU-2019:1805
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- RHSA-2019:1455
- RHSA-2019:1455
- RHSA-2019:2553
- RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- FEDORA-2019-1f5832fc0e
- FEDORA-2019-1f5832fc0e
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- FreeBSD-SA-19:26
- FreeBSD-SA-19:26
- GLSA-202003-56
- GLSA-202003-56
- USN-3977-3
- USN-3977-3
- DSA-4602
- DSA-4602
- FreeBSD-SA-19:07
- FreeBSD-SA-19:07
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- https://www.synology.com/security/advisory/Synology_SA_19_24
Published: 2019-05-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-11091
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (5.6)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- openSUSE-SU-2019:1805
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- RHSA-2019:1455
- RHSA-2019:1455
- RHSA-2019:2553
- RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- FEDORA-2019-1f5832fc0e
- FEDORA-2019-1f5832fc0e
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- GLSA-202003-56
- GLSA-202003-56
- USN-3977-3
- USN-3977-3
- DSA-4602
- DSA-4602
- FreeBSD-SA-19:07
- FreeBSD-SA-19:07
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- https://www.synology.com/security/advisory/Synology_SA_19_24