Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.2394
Security update to ucode-intel
17 August 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ucode-intel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Access Privileged Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2018-3646 CVE-2018-3640 CVE-2018-3639
Reference: ASB-2018.0121
ESB-2018.2380
ESB-2018.2369
ESB-2018.2348.2
Original Bulletin:
https://www.suse.com/support/update/announcement/2018/suse-su-20182338-1.html
https://www.suse.com/support/update/announcement/2018/suse-su-20182335-1.html
Comment: This bulletin contains two (2) SUSE security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update to ucode-intel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:2335-1
Rating: important
References: #1087082 #1087083 #1089343 #1104134
Cross-References: CVE-2018-3639 CVE-2018-3640 CVE-2018-3646
Affected Products:
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
______________________________________________________________________________
An update that solves three vulnerabilities and has one
errata is now available.
Description:
ucode-intel was updated to the 20180807 release.
For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a), and is
part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646
(L1 Terminal Fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343)
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ---------------------------------------- WSM-EP/WS
U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX
D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT
C0 6-5c-2/01 00000014 Atom T5500/5700 APL
E0 6-5c-a/03 0000000c Atom x5-E39xx DVN
B0 6-5f-1/01 00000024 Atom C3xxx
---- updated platforms ------------------------------------ NHM-EP/WS
D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM
B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426,
X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx,
i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406
WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx,
i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron
P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core
Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7
IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile
HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop;
Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5
Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4
Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32
00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22
0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4
SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile
BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40
BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon
D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon
D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03
0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-microcode_ctl-13730=1
- SUSE Linux Enterprise Server 11-SP3-LTSS:
zypper in -t patch slessp3-microcode_ctl-13730=1
- SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-microcode_ctl-13730=1
Package List:
- SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):
microcode_ctl-1.17-102.83.27.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):
microcode_ctl-1.17-102.83.27.1
- SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
microcode_ctl-1.17-102.83.27.1
References:
https://www.suse.com/security/cve/CVE-2018-3639.html
https://www.suse.com/security/cve/CVE-2018-3640.html
https://www.suse.com/security/cve/CVE-2018-3646.html
https://bugzilla.suse.com/1087082
https://bugzilla.suse.com/1087083
https://bugzilla.suse.com/1089343
https://bugzilla.suse.com/1104134
_______________________________________________
=============================================================================
SUSE Security Update: Security update to ucode-intel
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:2338-1
Rating: important
References: #1087082 #1087083 #1089343 #1104134
Cross-References: CVE-2018-3639 CVE-2018-3640 CVE-2018-3646
Affected Products:
SUSE Linux Enterprise Module for Basesystem 15
______________________________________________________________________________
An update that solves three vulnerabilities and has one
errata is now available.
Description:
ucode-intel was updated to the 20180807 release.
For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is
part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646
(L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343)
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ---------------------------------------- WSM-EP/WS
U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX
D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT
C0 6-5c-2/01 00000014 Atom T5500/5700 APL
E0 6-5c-a/03 0000000c Atom x5-E39xx DVN
B0 6-5f-1/01 00000024 Atom C3xxx
---- updated platforms ------------------------------------ NHM-EP/WS
D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM
B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426,
X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx,
i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406
WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx,
i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron
P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core
Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7
IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile
HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop;
Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5
Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4
Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32
00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22
0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4
SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile
BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40
BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon
D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon
D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03
0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Basesystem 15:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1580=1
Package List:
- SUSE Linux Enterprise Module for Basesystem 15 (x86_64):
ucode-intel-20180807-3.6.1
References:
https://www.suse.com/security/cve/CVE-2018-3639.html
https://www.suse.com/security/cve/CVE-2018-3640.html
https://www.suse.com/security/cve/CVE-2018-3646.html
https://bugzilla.suse.com/1087082
https://bugzilla.suse.com/1087083
https://bugzilla.suse.com/1089343
https://bugzilla.suse.com/1104134
_______________________________________________
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW3YcKWaOgq3Tt24GAQhYkg//dT3HAFDs/9lPoX4OiHHq6tcsJOr7walf
K3wv8d0cCbKlTe1F+9SejApAN3i8/cJP2YfS6uA8icUNaF1ayyPnI6siGm4QrNgI
Ianw+yVDdYi+ajuzuY7uHq/2vv67CsmOYqSmaIOHWIvbkhhlzw3y202bC9VSMhfn
Rj6NKmQdSs7m+8AVQVetDYfeClh57YGnmb6Leq7lnpMOqNLmnXNEk1r2ir+DhESr
LOmUCen6ipYuDtc6Iqb0jtkK6gXNjJFJvMrDuipgDz/W5VYrcAYrxHHLr1ISm4th
KctiIwiBFkEKaL0pqMNXB9fab+WZVA+a4vOZQK0LNKDcvDp7a1WEwNnSptqGHNM1
eM3ZFZbvPVLFmQDx3pNZGq6uXotOxndZLZhcnJUMGFWypYjK2AlQOFwc4lLU8a1Y
xnYAd3smKLoHZ0yVLGlwXE/c/OQkyR8VY1eVLQgNOzj1AuyrNfs6+9ZgRk5I00Fq
Eg9YXyfCJk46l2U0ZBOovgYP+LyndAKio6+5G6ontv6nNcOaiHIsl8nEiykmu5kr
J7dOgb+zq+dTEVprIg+g6Krisrlt3ziA9kWgz3F97XT9elbQloqZD9fz98XalQtC
RT3zKhDXwbmrA/1wMcNxNkuBBfO1EuaogWO31odVbl90zdoVPjGnrlDZMR/N1uvj
T2jAI8K2vjQ=
=cHdL
-----END PGP SIGNATURE-----