-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.2371
                      Security update to ucode-intel
                              16 August 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           ucode-intel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Access Privileged Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-3646 CVE-2018-3640 CVE-2018-3639

Reference:         ASB-2018.0121
                   ESB-2018.2352
                   ESB-2018.2280
                   ESB-2018.2262

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2018/suse-su-20182331-1.html

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update to ucode-intel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2331-1
Rating:             important
References:         #1087082 #1087083 #1089343 #1104134 
Cross-References:   CVE-2018-3639 CVE-2018-3640 CVE-2018-3646
                   
Affected Products:
                    SUSE OpenStack Cloud 7
                    SUSE Linux Enterprise Server for SAP 12-SP2
                    SUSE Linux Enterprise Server for SAP 12-SP1
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Server 12-SP2-LTSS
                    SUSE Linux Enterprise Server 12-SP1-LTSS
                    SUSE Linux Enterprise Server 12-LTSS
                    SUSE Linux Enterprise Desktop 12-SP3
                    SUSE Enterprise Storage 4
                    SUSE CaaS Platform 3.0
______________________________________________________________________________

   An update that solves three vulnerabilities and has one
   errata is now available.

Description:


   ucode-intel was updated to the 20180807 release.

   For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is
   part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646
   (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343)

    Processor             Identifier     Version       Products

    Model        Stepping F-MO-S/PI      Old->New

    ---- new platforms ---------------------------------------- WSM-EP/WS
     U1       6-2c-2/03           0000001f Xeon E/L/X56xx, W36xx NHM-EX
     D0       6-2e-6/04           0000000d Xeon E/L/X65xx/75xx BXT
     C0       6-5c-2/01           00000014 Atom T5500/5700 APL
     E0       6-5c-a/03           0000000c Atom x5-E39xx DVN
     B0       6-5f-1/01           00000024 Atom C3xxx
    ---- updated platforms ------------------------------------ NHM-EP/WS
     D0       6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM
     B1       6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426,
     X24xx WSM          B1       6-25-2/12 0000000e->00000011 Core i7-6xx,
     i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406
     WSM          K0       6-25-5/92 00000004->00000007 Core i7-6xx,
     i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron
     P4xxx/U3xxx SNB          D2       6-2a-7/12 0000002d->0000002e Core
     Gen2; Xeon E3 WSM-EX       A2       6-2f-2/05 00000037->0000003b Xeon E7
     IVB          E2       6-3a-9/12 0000001f->00000020 Core Gen3 Mobile
     HSW-H/S/E3   Cx/Dx    6-3c-3/32 00000024->00000025 Core Gen4 Desktop;
     Xeon E3 v3 BDW-U/Y      E/F      6-3d-4/c0 0000002a->0000002b Core Gen5
     Mobile HSW-ULT      Cx/Dx    6-45-1/72 00000023->00000024 Core Gen4
     Mobile and derived Pentium/Celeron HSW-H        Cx       6-46-1/32
     00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3     E/G      6-47-1/22
     0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4
     SKL-U/Y      D0       6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile
     BDX-DE       V1       6-56-2/10 00000015->00000017 Xeon D-1520/40
     BDX-DE       V2/3     6-56-3/10 07000012->07000013 Xeon
     D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
     BDX-DE       Y0       6-56-4/10 0f000011->0f000012 Xeon
     D-1557/59/67/71/77/81/87 APL          D0       6-5c-9/03
     0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
     SKL-H/S/E3   R0       6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 7:

      zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1573=1

   - SUSE Linux Enterprise Server for SAP 12-SP2:

      zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1573=1

   - SUSE Linux Enterprise Server for SAP 12-SP1:

      zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1573=1

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1573=1

   - SUSE Linux Enterprise Server 12-SP2-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1573=1

   - SUSE Linux Enterprise Server 12-SP1-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1573=1

   - SUSE Linux Enterprise Server 12-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-2018-1573=1

   - SUSE Linux Enterprise Desktop 12-SP3:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1573=1

   - SUSE Enterprise Storage 4:

      zypper in -t patch SUSE-Storage-4-2018-1573=1

   - SUSE CaaS Platform 3.0:

      To install this update, use the SUSE CaaS Platform Velum dashboard.
      It will inform you if it detects new updates and let you then trigger
      updating of the complete cluster in a controlled way.



Package List:

   - SUSE OpenStack Cloud 7 (x86_64):

      ucode-intel-20180807-13.29.1
      ucode-intel-debuginfo-20180807-13.29.1
      ucode-intel-debugsource-20180807-13.29.1

   - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64):

      ucode-intel-20180807-13.29.1
      ucode-intel-debuginfo-20180807-13.29.1
      ucode-intel-debugsource-20180807-13.29.1

   - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):

      ucode-intel-20180807-13.29.1
      ucode-intel-debuginfo-20180807-13.29.1
      ucode-intel-debugsource-20180807-13.29.1

   - SUSE Linux Enterprise Server 12-SP3 (x86_64):

      ucode-intel-20180807-13.29.1
      ucode-intel-debuginfo-20180807-13.29.1
      ucode-intel-debugsource-20180807-13.29.1

   - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64):

      ucode-intel-20180807-13.29.1
      ucode-intel-debuginfo-20180807-13.29.1
      ucode-intel-debugsource-20180807-13.29.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):

      ucode-intel-20180807-13.29.1
      ucode-intel-debuginfo-20180807-13.29.1
      ucode-intel-debugsource-20180807-13.29.1

   - SUSE Linux Enterprise Server 12-LTSS (x86_64):

      ucode-intel-20180807-13.29.1
      ucode-intel-debuginfo-20180807-13.29.1
      ucode-intel-debugsource-20180807-13.29.1

   - SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

      ucode-intel-20180807-13.29.1
      ucode-intel-debuginfo-20180807-13.29.1
      ucode-intel-debugsource-20180807-13.29.1

   - SUSE Enterprise Storage 4 (x86_64):

      ucode-intel-20180807-13.29.1
      ucode-intel-debuginfo-20180807-13.29.1
      ucode-intel-debugsource-20180807-13.29.1

   - SUSE CaaS Platform 3.0 (x86_64):

      ucode-intel-20180807-13.29.1
      ucode-intel-debuginfo-20180807-13.29.1
      ucode-intel-debugsource-20180807-13.29.1


References:

   https://www.suse.com/security/cve/CVE-2018-3639.html
   https://www.suse.com/security/cve/CVE-2018-3640.html
   https://www.suse.com/security/cve/CVE-2018-3646.html
   https://bugzilla.suse.com/1087082
   https://bugzilla.suse.com/1087083
   https://bugzilla.suse.com/1089343
   https://bugzilla.suse.com/1104134

_______________________________________________

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW3UUkmaOgq3Tt24GAQjulhAApv/6HpvJaDltMcAxW5DC+2Ogqk5IlZM0
aMZQsx7EdxS12i5ienDt8DthWjtNELTQat7A9fwt3EEiqcZUoec6OJLkDM0ZOAsg
Mw/wQoWtk6sTjZe+AQQp0d2yr11p2J5qzKDw7IGmcwhJsCtgAW9A4MjJ8AhgJJ8H
wGpkCEwyNM5ngHJdLsAX56c0zHENB2ZJ1ETMKmheVur7vfg8TYwhv0f7bJKsKGLI
aYceLNe8sPAK13XbjexDOZs60T7kK0Co5xsTLRBUca+Da7k61Ax1tXVtKh+k3n1F
FgN4fKa1AXMquw3HEqt2PgkWwb0m7sxmwxDTVDsJfaHxDrlKZP+PXV+QwzE6xGEH
7naH5VBlY2ABKlRHHANLElveObU42Eh0HZgXY8SPop9HcMcHcbapjE9DQgPYdiAv
YcaH8idSMX0Q1iijJJvVbx2zIktFLeBxSdCylZDQ+xPmXw4QKNdyqCkxkyxT7T8m
8fYVn3ekQ4FuvXTdri2nfhY+eBPWlwmJxQiorMLAo2u4t/9SjPZwBxuhLQdKxTCK
R86wdJD9MVcH8/6XuInTi38jZNPNun1iefdHZt3Rj62Xv6gShBjMTJa5IS0iUIvX
Be1Y5WqpuBDNPebAWEM5ZsunwuTaR+ho8AfoLOTaKOYg0wLlAHwWki0TBmSUALZQ
0ou94EuoAGA=
=1lcb
-----END PGP SIGNATURE-----