Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2371 Security update to ucode-intel 16 August 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ucode-intel Publisher: SUSE Operating System: SUSE Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-3646 CVE-2018-3640 CVE-2018-3639 Reference: ASB-2018.0121 ESB-2018.2352 ESB-2018.2280 ESB-2018.2262 Original Bulletin: https://www.suse.com/support/update/announcement/2018/suse-su-20182331-1.html - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update to ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2331-1 Rating: important References: #1087082 #1087083 #1089343 #1104134 Cross-References: CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1573=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1573=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1573=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1573=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1573=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1573=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1573=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1573=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1573=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 - SUSE Enterprise Storage 4 (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 - SUSE CaaS Platform 3.0 (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-3640.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087083 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1104134 _______________________________________________ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW3UUkmaOgq3Tt24GAQjulhAApv/6HpvJaDltMcAxW5DC+2Ogqk5IlZM0 aMZQsx7EdxS12i5ienDt8DthWjtNELTQat7A9fwt3EEiqcZUoec6OJLkDM0ZOAsg Mw/wQoWtk6sTjZe+AQQp0d2yr11p2J5qzKDw7IGmcwhJsCtgAW9A4MjJ8AhgJJ8H wGpkCEwyNM5ngHJdLsAX56c0zHENB2ZJ1ETMKmheVur7vfg8TYwhv0f7bJKsKGLI aYceLNe8sPAK13XbjexDOZs60T7kK0Co5xsTLRBUca+Da7k61Ax1tXVtKh+k3n1F FgN4fKa1AXMquw3HEqt2PgkWwb0m7sxmwxDTVDsJfaHxDrlKZP+PXV+QwzE6xGEH 7naH5VBlY2ABKlRHHANLElveObU42Eh0HZgXY8SPop9HcMcHcbapjE9DQgPYdiAv YcaH8idSMX0Q1iijJJvVbx2zIktFLeBxSdCylZDQ+xPmXw4QKNdyqCkxkyxT7T8m 8fYVn3ekQ4FuvXTdri2nfhY+eBPWlwmJxQiorMLAo2u4t/9SjPZwBxuhLQdKxTCK R86wdJD9MVcH8/6XuInTi38jZNPNun1iefdHZt3Rj62Xv6gShBjMTJa5IS0iUIvX Be1Y5WqpuBDNPebAWEM5ZsunwuTaR+ho8AfoLOTaKOYg0wLlAHwWki0TBmSUALZQ 0ou94EuoAGA= =1lcb -----END PGP SIGNATURE-----