exploitDog

SUSE-SU-2018:0008-1

Опубликовано: 03 янв. 2018

Источник: suse-cvrf

Описание

Security update for kernel-firmware

This update for kernel-firmware fixes the following issues:

Add microcode_amd_fam17h.bin (bsc#1068032 CVE-2017-5715)

This new firmware disables branch prediction on AMD family 17h processor to mitigate a attack on the branch predictor that could lead to information disclosure from e.g. kernel memory (bsc#1068032 CVE-2017-5715).

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2

kernel-firmware-20170530-21.16.1

ucode-amd-20170530-21.16.1

SUSE Linux Enterprise Desktop 12 SP3

kernel-firmware-20170530-21.16.1

ucode-amd-20170530-21.16.1

SUSE Linux Enterprise Server 12 SP2

kernel-firmware-20170530-21.16.1

ucode-amd-20170530-21.16.1

SUSE Linux Enterprise Server 12 SP3

kernel-firmware-20170530-21.16.1

ucode-amd-20170530-21.16.1

SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

kernel-firmware-20170530-21.16.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

kernel-firmware-20170530-21.16.1

ucode-amd-20170530-21.16.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

kernel-firmware-20170530-21.16.1

ucode-amd-20170530-21.16.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20180008-1/
Link for SUSE-SU-2018:0008-1
https://lists.suse.com/pipermail/sle-security-updates/2018-January/003562.html
E-Mail link for SUSE-SU-2018:0008-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1068032
SUSE Bug 1068032
https://www.suse.com/security/cve/CVE-2017-5715/
SUSE CVE CVE-2017-5715 page

Описание

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP2:kernel-firmware-20170530-21.16.1

SUSE Linux Enterprise Desktop 12 SP2:ucode-amd-20170530-21.16.1

SUSE Linux Enterprise Desktop 12 SP3:kernel-firmware-20170530-21.16.1

SUSE Linux Enterprise Desktop 12 SP3:ucode-amd-20170530-21.16.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-5715.html
CVE-2017-5715
https://bugzilla.suse.com/1068032
SUSE Bug 1068032
https://bugzilla.suse.com/1074562
SUSE Bug 1074562
https://bugzilla.suse.com/1074578
SUSE Bug 1074578
https://bugzilla.suse.com/1074701
SUSE Bug 1074701
https://bugzilla.suse.com/1074741
SUSE Bug 1074741
https://bugzilla.suse.com/1074919
SUSE Bug 1074919
https://bugzilla.suse.com/1075006
SUSE Bug 1075006
https://bugzilla.suse.com/1075007
SUSE Bug 1075007
https://bugzilla.suse.com/1075262
SUSE Bug 1075262
https://bugzilla.suse.com/1075419
SUSE Bug 1075419
https://bugzilla.suse.com/1076115
SUSE Bug 1076115
https://bugzilla.suse.com/1076372
SUSE Bug 1076372
https://bugzilla.suse.com/1076606
SUSE Bug 1076606
https://bugzilla.suse.com/1078353
SUSE Bug 1078353
https://bugzilla.suse.com/1080039
SUSE Bug 1080039
https://bugzilla.suse.com/1087887
SUSE Bug 1087887
https://bugzilla.suse.com/1087939
SUSE Bug 1087939
https://bugzilla.suse.com/1088147
SUSE Bug 1088147
https://bugzilla.suse.com/1089055
SUSE Bug 1089055