SUSE-SU-2019:3091-1

Опубликовано: 28 нояб. 2019

Источник: suse-cvrf

Описание

Security update for ucode-intel

This update for ucode-intel to version fixes the following issues:

Updated to 20191115 official security release (bsc#1157004 and bsc#1155988)
Includes security fixes for:
- CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073)
- CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035)

Список пакетов

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

ucode-intel-20191115-3.3.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

ucode-intel-20191115-3.3.1

SUSE Linux Enterprise Server 12 SP5

ucode-intel-20191115-3.3.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

ucode-intel-20191115-3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20193091-1/
Link for SUSE-SU-2019:3091-1
https://lists.suse.com/pipermail/sle-security-updates/2019-November/006195.html
E-Mail link for SUSE-SU-2019:3091-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1139073
SUSE Bug 1139073
https://bugzilla.suse.com/1141035
SUSE Bug 1141035
https://bugzilla.suse.com/1155988
SUSE Bug 1155988
https://bugzilla.suse.com/1157004
SUSE Bug 1157004
https://www.suse.com/security/cve/CVE-2019-11135/
SUSE CVE CVE-2019-11135 page
https://www.suse.com/security/cve/CVE-2019-11139/
SUSE CVE CVE-2019-11139 page

Описание

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

Затронутые продукты

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:ucode-intel-20191115-3.3.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:ucode-intel-20191115-3.3.1

SUSE Linux Enterprise Server 12 SP5:ucode-intel-20191115-3.3.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20191115-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-11135.html
CVE-2019-11135
https://bugzilla.suse.com/1139073
SUSE Bug 1139073
https://bugzilla.suse.com/1152497
SUSE Bug 1152497
https://bugzilla.suse.com/1152505
SUSE Bug 1152505
https://bugzilla.suse.com/1152506
SUSE Bug 1152506
https://bugzilla.suse.com/1160120
SUSE Bug 1160120
https://bugzilla.suse.com/1201877
SUSE Bug 1201877

Описание

Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.

Затронутые продукты

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:ucode-intel-20191115-3.3.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:ucode-intel-20191115-3.3.1

SUSE Linux Enterprise Server 12 SP5:ucode-intel-20191115-3.3.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20191115-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-11139.html
CVE-2019-11139
https://bugzilla.suse.com/1141035
SUSE Bug 1141035

SUSE-SU-2019:3091-1

Описание

Список пакетов

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

Ссылки

Уязвимость: CVE-2019-11135

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-11139

Описание

Затронутые продукты

Ссылки