Operating System:

[SUSE]

Published:

17 August 2018

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.2394
                      Security update to ucode-intel
                              17 August 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           ucode-intel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Access Privileged Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-3646 CVE-2018-3640 CVE-2018-3639

Reference:         ASB-2018.0121
                   ESB-2018.2380
                   ESB-2018.2369
                   ESB-2018.2348.2

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2018/suse-su-20182338-1.html
   https://www.suse.com/support/update/announcement/2018/suse-su-20182335-1.html

Comment: This bulletin contains two (2) SUSE security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update to ucode-intel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2335-1
Rating:             important
References:         #1087082 #1087083 #1089343 #1104134 
Cross-References:   CVE-2018-3639 CVE-2018-3640 CVE-2018-3646
                   
Affected Products:
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Server 11-SP3-LTSS
                    SUSE Linux Enterprise Point of Sale 11-SP3
______________________________________________________________________________

   An update that solves three vulnerabilities and has one
   errata is now available.

Description:


   ucode-intel was updated to the 20180807 release.

   For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a), and is
   part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646
   (L1 Terminal Fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343)

    Processor             Identifier     Version       Products

    Model        Stepping F-MO-S/PI      Old->New

    ---- new platforms ---------------------------------------- WSM-EP/WS
     U1       6-2c-2/03           0000001f Xeon E/L/X56xx, W36xx NHM-EX
     D0       6-2e-6/04           0000000d Xeon E/L/X65xx/75xx BXT
     C0       6-5c-2/01           00000014 Atom T5500/5700 APL
     E0       6-5c-a/03           0000000c Atom x5-E39xx DVN
     B0       6-5f-1/01           00000024 Atom C3xxx
    ---- updated platforms ------------------------------------ NHM-EP/WS
     D0       6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM
     B1       6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426,
     X24xx WSM          B1       6-25-2/12 0000000e->00000011 Core i7-6xx,
     i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406
     WSM          K0       6-25-5/92 00000004->00000007 Core i7-6xx,
     i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron
     P4xxx/U3xxx SNB          D2       6-2a-7/12 0000002d->0000002e Core
     Gen2; Xeon E3 WSM-EX       A2       6-2f-2/05 00000037->0000003b Xeon E7
     IVB          E2       6-3a-9/12 0000001f->00000020 Core Gen3 Mobile
     HSW-H/S/E3   Cx/Dx    6-3c-3/32 00000024->00000025 Core Gen4 Desktop;
     Xeon E3 v3 BDW-U/Y      E/F      6-3d-4/c0 0000002a->0000002b Core Gen5
     Mobile HSW-ULT      Cx/Dx    6-45-1/72 00000023->00000024 Core Gen4
     Mobile and derived Pentium/Celeron HSW-H        Cx       6-46-1/32
     00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3     E/G      6-47-1/22
     0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4
     SKL-U/Y      D0       6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile
     BDX-DE       V1       6-56-2/10 00000015->00000017 Xeon D-1520/40
     BDX-DE       V2/3     6-56-3/10 07000012->07000013 Xeon
     D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
     BDX-DE       Y0       6-56-4/10 0f000011->0f000012 Xeon
     D-1557/59/67/71/77/81/87 APL          D0       6-5c-9/03
     0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
     SKL-H/S/E3   R0       6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-microcode_ctl-13730=1

   - SUSE Linux Enterprise Server 11-SP3-LTSS:

      zypper in -t patch slessp3-microcode_ctl-13730=1

   - SUSE Linux Enterprise Point of Sale 11-SP3:

      zypper in -t patch sleposp3-microcode_ctl-13730=1



Package List:

   - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

      microcode_ctl-1.17-102.83.27.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):

      microcode_ctl-1.17-102.83.27.1

   - SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

      microcode_ctl-1.17-102.83.27.1


References:

   https://www.suse.com/security/cve/CVE-2018-3639.html
   https://www.suse.com/security/cve/CVE-2018-3640.html
   https://www.suse.com/security/cve/CVE-2018-3646.html
   https://bugzilla.suse.com/1087082
   https://bugzilla.suse.com/1087083
   https://bugzilla.suse.com/1089343
   https://bugzilla.suse.com/1104134

_______________________________________________

=============================================================================

   SUSE Security Update: Security update to ucode-intel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2338-1
Rating:             important
References:         #1087082 #1087083 #1089343 #1104134 
Cross-References:   CVE-2018-3639 CVE-2018-3640 CVE-2018-3646
                   
Affected Products:
                    SUSE Linux Enterprise Module for Basesystem 15
______________________________________________________________________________

   An update that solves three vulnerabilities and has one
   errata is now available.

Description:


   ucode-intel was updated to the 20180807 release.

   For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is
   part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646
   (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343)

    Processor             Identifier     Version       Products

    Model        Stepping F-MO-S/PI      Old->New

    ---- new platforms ---------------------------------------- WSM-EP/WS
     U1       6-2c-2/03           0000001f Xeon E/L/X56xx, W36xx NHM-EX
     D0       6-2e-6/04           0000000d Xeon E/L/X65xx/75xx BXT
     C0       6-5c-2/01           00000014 Atom T5500/5700 APL
     E0       6-5c-a/03           0000000c Atom x5-E39xx DVN
     B0       6-5f-1/01           00000024 Atom C3xxx
    ---- updated platforms ------------------------------------ NHM-EP/WS
     D0       6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM
     B1       6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426,
     X24xx WSM          B1       6-25-2/12 0000000e->00000011 Core i7-6xx,
     i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406
     WSM          K0       6-25-5/92 00000004->00000007 Core i7-6xx,
     i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron
     P4xxx/U3xxx SNB          D2       6-2a-7/12 0000002d->0000002e Core
     Gen2; Xeon E3 WSM-EX       A2       6-2f-2/05 00000037->0000003b Xeon E7
     IVB          E2       6-3a-9/12 0000001f->00000020 Core Gen3 Mobile
     HSW-H/S/E3   Cx/Dx    6-3c-3/32 00000024->00000025 Core Gen4 Desktop;
     Xeon E3 v3 BDW-U/Y      E/F      6-3d-4/c0 0000002a->0000002b Core Gen5
     Mobile HSW-ULT      Cx/Dx    6-45-1/72 00000023->00000024 Core Gen4
     Mobile and derived Pentium/Celeron HSW-H        Cx       6-46-1/32
     00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3     E/G      6-47-1/22
     0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4
     SKL-U/Y      D0       6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile
     BDX-DE       V1       6-56-2/10 00000015->00000017 Xeon D-1520/40
     BDX-DE       V2/3     6-56-3/10 07000012->07000013 Xeon
     D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
     BDX-DE       Y0       6-56-4/10 0f000011->0f000012 Xeon
     D-1557/59/67/71/77/81/87 APL          D0       6-5c-9/03
     0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
     SKL-H/S/E3   R0       6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Basesystem 15:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1580=1



Package List:

   - SUSE Linux Enterprise Module for Basesystem 15 (x86_64):

      ucode-intel-20180807-3.6.1


References:

   https://www.suse.com/security/cve/CVE-2018-3639.html
   https://www.suse.com/security/cve/CVE-2018-3640.html
   https://www.suse.com/security/cve/CVE-2018-3646.html
   https://bugzilla.suse.com/1087082
   https://bugzilla.suse.com/1087083
   https://bugzilla.suse.com/1089343
   https://bugzilla.suse.com/1104134

_______________________________________________

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW3YcKWaOgq3Tt24GAQhYkg//dT3HAFDs/9lPoX4OiHHq6tcsJOr7walf
K3wv8d0cCbKlTe1F+9SejApAN3i8/cJP2YfS6uA8icUNaF1ayyPnI6siGm4QrNgI
Ianw+yVDdYi+ajuzuY7uHq/2vv67CsmOYqSmaIOHWIvbkhhlzw3y202bC9VSMhfn
Rj6NKmQdSs7m+8AVQVetDYfeClh57YGnmb6Leq7lnpMOqNLmnXNEk1r2ir+DhESr
LOmUCen6ipYuDtc6Iqb0jtkK6gXNjJFJvMrDuipgDz/W5VYrcAYrxHHLr1ISm4th
KctiIwiBFkEKaL0pqMNXB9fab+WZVA+a4vOZQK0LNKDcvDp7a1WEwNnSptqGHNM1
eM3ZFZbvPVLFmQDx3pNZGq6uXotOxndZLZhcnJUMGFWypYjK2AlQOFwc4lLU8a1Y
xnYAd3smKLoHZ0yVLGlwXE/c/OQkyR8VY1eVLQgNOzj1AuyrNfs6+9ZgRk5I00Fq
Eg9YXyfCJk46l2U0ZBOovgYP+LyndAKio6+5G6ontv6nNcOaiHIsl8nEiykmu5kr
J7dOgb+zq+dTEVprIg+g6Krisrlt3ziA9kWgz3F97XT9elbQloqZD9fz98XalQtC
RT3zKhDXwbmrA/1wMcNxNkuBBfO1EuaogWO31odVbl90zdoVPjGnrlDZMR/N1uvj
T2jAI8K2vjQ=
=cHdL
-----END PGP SIGNATURE-----