Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes.
The following security bug was fixed:
- CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086)
The following non-security bugs were fixed:
- KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281).
- Xen counterparts of eager FPU implementation.
- x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140).
- x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140).
- xen/x86/CPU: Check speculation control CPUID bit (bsc#1068032).
- xen/x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).
- xen/x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091).
- xen/x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option (bsc#1065600).
- xen/x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).
- xen/x86/entry: Use IBRS on entry to kernel space (bsc#1068032).
- xen/x86/idle: Toggle IBRS when going idle (bsc#1068032).
- xen/x86/kaiser: Move feature detection up (bsc#1068032).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
kernel-default-3.0.101-0.47.106.35.1
kernel-default-base-3.0.101-0.47.106.35.1
kernel-default-devel-3.0.101-0.47.106.35.1
kernel-ec2-3.0.101-0.47.106.35.1
kernel-ec2-base-3.0.101-0.47.106.35.1
kernel-ec2-devel-3.0.101-0.47.106.35.1
kernel-pae-3.0.101-0.47.106.35.1
kernel-pae-base-3.0.101-0.47.106.35.1
kernel-pae-devel-3.0.101-0.47.106.35.1
kernel-source-3.0.101-0.47.106.35.1
kernel-syms-3.0.101-0.47.106.35.1
kernel-trace-3.0.101-0.47.106.35.1
kernel-trace-base-3.0.101-0.47.106.35.1
kernel-trace-devel-3.0.101-0.47.106.35.1
kernel-xen-3.0.101-0.47.106.35.1
kernel-xen-base-3.0.101-0.47.106.35.1
kernel-xen-devel-3.0.101-0.47.106.35.1
SUSE Linux Enterprise Server 11 SP3-LTSS
kernel-bigsmp-3.0.101-0.47.106.35.1
kernel-bigsmp-base-3.0.101-0.47.106.35.1
kernel-bigsmp-devel-3.0.101-0.47.106.35.1
kernel-default-3.0.101-0.47.106.35.1
kernel-default-base-3.0.101-0.47.106.35.1
kernel-default-devel-3.0.101-0.47.106.35.1
kernel-default-man-3.0.101-0.47.106.35.1
kernel-ec2-3.0.101-0.47.106.35.1
kernel-ec2-base-3.0.101-0.47.106.35.1
kernel-ec2-devel-3.0.101-0.47.106.35.1
kernel-pae-3.0.101-0.47.106.35.1
kernel-pae-base-3.0.101-0.47.106.35.1
kernel-pae-devel-3.0.101-0.47.106.35.1
kernel-source-3.0.101-0.47.106.35.1
kernel-syms-3.0.101-0.47.106.35.1
kernel-trace-3.0.101-0.47.106.35.1
kernel-trace-base-3.0.101-0.47.106.35.1
kernel-trace-devel-3.0.101-0.47.106.35.1
kernel-xen-3.0.101-0.47.106.35.1
kernel-xen-base-3.0.101-0.47.106.35.1
kernel-xen-devel-3.0.101-0.47.106.35.1
Ссылки
- Link for SUSE-SU-2018:1849-1
- E-Mail link for SUSE-SU-2018:1849-1
- SUSE Security Ratings
- SUSE Bug 1065600
- SUSE Bug 1068032
- SUSE Bug 1075091
- SUSE Bug 1075994
- SUSE Bug 1087086
- SUSE Bug 1087088
- SUSE Bug 1096140
- SUSE Bug 1096242
- SUSE Bug 1096281
- SUSE CVE CVE-2018-3665 page
Описание
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-3.0.101-0.47.106.35.1
SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-base-3.0.101-0.47.106.35.1
SUSE Linux Enterprise Point of Sale 11 SP3:kernel-default-devel-3.0.101-0.47.106.35.1
SUSE Linux Enterprise Point of Sale 11 SP3:kernel-ec2-3.0.101-0.47.106.35.1
Ссылки
- CVE-2018-3665
- SUSE Bug 1087078
- SUSE Bug 1087082
- SUSE Bug 1087086
- SUSE Bug 1090338
- SUSE Bug 1095241
- SUSE Bug 1095242
- SUSE Bug 1096740
- SUSE Bug 1100091
- SUSE Bug 1100555
- SUSE Bug 1178658