SUSE-SU-2018:1567-1

Опубликовано: 07 июн. 2018

Источник: suse-cvrf

Описание

Security update for kernel-firmware

This update for kernel-firmware fixes the following issues:

CVE-2015-1142857: Add 7.13.1.0 bnx2x firmware files for ethernet flow control vulnerability in SRIOV devices (bsc#1077355)
CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1095735).

Список пакетов

SUSE Linux Enterprise Server 12-LTSS

kernel-firmware-20140807git-5.8.1

ucode-amd-20140807git-5.8.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20181567-1/
Link for SUSE-SU-2018:1567-1
https://lists.suse.com/pipermail/sle-security-updates/2018-June/004160.html
E-Mail link for SUSE-SU-2018:1567-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1077355
SUSE Bug 1077355
https://bugzilla.suse.com/1095735
SUSE Bug 1095735
https://www.suse.com/security/cve/CVE-2015-1142857/
SUSE CVE CVE-2015-1142857 page
https://www.suse.com/security/cve/CVE-2017-5715/
SUSE CVE CVE-2017-5715 page

Описание

On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected.

Затронутые продукты

SUSE Linux Enterprise Server 12-LTSS:kernel-firmware-20140807git-5.8.1

SUSE Linux Enterprise Server 12-LTSS:ucode-amd-20140807git-5.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-1142857.html
CVE-2015-1142857
https://bugzilla.suse.com/1077355
SUSE Bug 1077355
https://bugzilla.suse.com/1091815
SUSE Bug 1091815
https://bugzilla.suse.com/1105108
SUSE Bug 1105108

Описание

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Затронутые продукты

SUSE Linux Enterprise Server 12-LTSS:kernel-firmware-20140807git-5.8.1

SUSE Linux Enterprise Server 12-LTSS:ucode-amd-20140807git-5.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-5715.html
CVE-2017-5715
https://bugzilla.suse.com/1068032
SUSE Bug 1068032
https://bugzilla.suse.com/1074562
SUSE Bug 1074562
https://bugzilla.suse.com/1074578
SUSE Bug 1074578
https://bugzilla.suse.com/1074701
SUSE Bug 1074701
https://bugzilla.suse.com/1074741
SUSE Bug 1074741
https://bugzilla.suse.com/1074919
SUSE Bug 1074919
https://bugzilla.suse.com/1075006
SUSE Bug 1075006
https://bugzilla.suse.com/1075007
SUSE Bug 1075007
https://bugzilla.suse.com/1075262
SUSE Bug 1075262
https://bugzilla.suse.com/1075419
SUSE Bug 1075419
https://bugzilla.suse.com/1076115
SUSE Bug 1076115
https://bugzilla.suse.com/1076372
SUSE Bug 1076372
https://bugzilla.suse.com/1076606
SUSE Bug 1076606
https://bugzilla.suse.com/1078353
SUSE Bug 1078353
https://bugzilla.suse.com/1080039
SUSE Bug 1080039
https://bugzilla.suse.com/1087887
SUSE Bug 1087887
https://bugzilla.suse.com/1087939
SUSE Bug 1087939
https://bugzilla.suse.com/1088147
SUSE Bug 1088147
https://bugzilla.suse.com/1089055
SUSE Bug 1089055

SUSE-SU-2018:1567-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12-LTSS

Ссылки

Уязвимость: CVE-2015-1142857

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-5715

Описание

Затронутые продукты

Ссылки