ALT-PU-2019-2061-1
Package kernel-image-std-debug updated to version 4.19.49-alt1 for branch p9 in task 231770.
Closed vulnerabilities
Published: 2019-03-06
BDU:2019-01957
Уязвимость процессоров Intel, связанная с микроархитектурной выборкой данных некэшируемой памяти (MDSUM), позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.6)
Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2019-03-06
BDU:2019-01958
Уязвимость порта загрузки MLPDS микропрограммного обеспечения Intel, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (5.6)
Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2019-03-06
BDU:2019-01959
Уязвимость процессоров Intel, связанная с восстановлением содержимого буферов заполнения (MFBDS), позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.6)
Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2019-03-06
BDU:2019-01960
Уязвимость буфера данных MSBDS микропрограммного обеспечения Intel, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (5.1)
Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2019-05-10
BDU:2019-02780
Уязвимость файла fs/ext4/extents.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.5)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2019-05-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-12126
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (5.6)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- openSUSE-SU-2019:1805
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- RHSA-2019:1455
- RHSA-2019:1455
- RHSA-2019:2553
- RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- FEDORA-2019-1f5832fc0e
- FEDORA-2019-1f5832fc0e
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- FreeBSD-SA-19:26
- FreeBSD-SA-19:26
- GLSA-202003-56
- GLSA-202003-56
- USN-3977-3
- USN-3977-3
- DSA-4602
- DSA-4602
- FreeBSD-SA-19:07
- FreeBSD-SA-19:07
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- https://www.synology.com/security/advisory/Synology_SA_19_24
Published: 2019-05-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-12127
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (5.6)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- openSUSE-SU-2019:1805
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- RHSA-2019:1455
- RHSA-2019:1455
- RHSA-2019:2553
- RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- FEDORA-2019-1f5832fc0e
- FEDORA-2019-1f5832fc0e
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- FreeBSD-SA-19:26
- FreeBSD-SA-19:26
- GLSA-202003-56
- GLSA-202003-56
- USN-3977-3
- USN-3977-3
- DSA-4602
- DSA-4602
- FreeBSD-SA-19:07
- FreeBSD-SA-19:07
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- https://www.synology.com/security/advisory/Synology_SA_19_24
Published: 2019-05-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-12130
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (5.6)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- openSUSE-SU-2019:1805
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- RHSA-2019:1455
- RHSA-2019:1455
- RHSA-2019:2553
- RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- FEDORA-2019-1f5832fc0e
- FEDORA-2019-1f5832fc0e
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- FreeBSD-SA-19:26
- FreeBSD-SA-19:26
- GLSA-202003-56
- GLSA-202003-56
- USN-3977-3
- USN-3977-3
- DSA-4602
- DSA-4602
- FreeBSD-SA-19:07
- FreeBSD-SA-19:07
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- https://www.synology.com/security/advisory/Synology_SA_19_24
Published: 2019-05-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-11091
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (5.6)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1505
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- openSUSE-SU-2019:1805
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- RHSA-2019:1455
- RHSA-2019:1455
- RHSA-2019:2553
- RHSA-2019:2553
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- FEDORA-2019-1f5832fc0e
- FEDORA-2019-1f5832fc0e
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- GLSA-202003-56
- GLSA-202003-56
- USN-3977-3
- USN-3977-3
- DSA-4602
- DSA-4602
- FreeBSD-SA-19:07
- FreeBSD-SA-19:07
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- https://www.synology.com/security/advisory/Synology_SA_19_24
Published: 2019-05-15
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-11833
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
- openSUSE-SU-2019:1479
- openSUSE-SU-2019:1479
- openSUSE-SU-2019:1570
- openSUSE-SU-2019:1570
- openSUSE-SU-2019:1579
- openSUSE-SU-2019:1579
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- 108372
- 108372
- RHSA-2019:2029
- RHSA-2019:2029
- RHSA-2019:2043
- RHSA-2019:2043
- RHSA-2019:3309
- RHSA-2019:3309
- RHSA-2019:3517
- RHSA-2019:3517
- https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64
- https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64
- [debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
- [debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
- [debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update
- [debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update
- FEDORA-2019-48b34fc991
- FEDORA-2019-48b34fc991
- 20190618 [SECURITY] [DSA 4465-1] linux security update
- 20190618 [SECURITY] [DSA 4465-1] linux security update
- USN-4068-1
- USN-4068-1
- USN-4068-2
- USN-4068-2
- USN-4069-1
- USN-4069-1
- USN-4069-2
- USN-4069-2
- USN-4076-1
- USN-4076-1
- USN-4095-2
- USN-4095-2
- USN-4118-1
- USN-4118-1
- DSA-4465
- DSA-4465