csaf_suse - suse-su-2021:2862-1

suse-su-2021:2862-1

Vulnerability from csaf_suse

Published

2021-08-27 12:41

Modified

2021-08-27 12:41

Summary

Security update for spectre-meltdown-checker

Notes

Title of the patch

Security update for spectre-meltdown-checker

Description of the patch

This update for spectre-meltdown-checker fixes the following issues: spectre-meltdown-checker was updated to version 0.44 (bsc#1189477) - feat: add support for SRBDS related vulnerabilities - feat: add zstd kernel decompression (#370) - enh: arm: add experimental support for binary arm images - enh: rsb filling: no longer need the 'strings' tool to check for kernel support in live mode - fix: fwdb: remove Intel extract tempdir on exit - fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes #278) - fix: fwdb: use the commit date as the intel fwdb version - fix: fwdb: update Intel's repository URL - fix: arm64: CVE-2017-5753: kernels 4.19+ use a different nospec macro - fix: on CPU parse info under FreeBSD - chore: github: add check run on pull requests - chore: fwdb: update to v165.20201021+i20200616

Patchnames

SUSE-2021-2862,SUSE-SLE-SERVER-12-SP5-2021-2862

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for spectre-meltdown-checker",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for spectre-meltdown-checker fixes the following issues:\n\nspectre-meltdown-checker was updated to version 0.44 (bsc#1189477)\n\n- feat: add support for SRBDS related vulnerabilities\n- feat: add zstd kernel decompression (#370)\n- enh: arm: add experimental support for binary arm images\n- enh: rsb filling: no longer need the \u0027strings\u0027 tool to check for kernel support in live mode\n- fix: fwdb: remove Intel extract tempdir on exit\n- fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes #278)\n- fix: fwdb: use the commit date as the intel fwdb version\n- fix: fwdb: update Intel\u0027s repository URL\n- fix: arm64: CVE-2017-5753: kernels 4.19+ use a different nospec macro\n- fix: on CPU parse info under FreeBSD\n- chore: github: add check run on pull requests\n- chore: fwdb: update to v165.20201021+i20200616\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2021-2862,SUSE-SLE-SERVER-12-SP5-2021-2862",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_2862-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2021:2862-1",
        "url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212862-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2021:2862-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009367.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1189477",
        "url": "https://bugzilla.suse.com/1189477"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5753 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5753/"
      }
    ],
    "title": "Security update for spectre-meltdown-checker",
    "tracking": {
      "current_release_date": "2021-08-27T12:41:34Z",
      "generator": {
        "date": "2021-08-27T12:41:34Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2021:2862-1",
      "initial_release_date": "2021-08-27T12:41:34Z",
      "revision_history": [
        {
          "date": "2021-08-27T12:41:34Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "spectre-meltdown-checker-0.44-3.6.1.i586",
                "product": {
                  "name": "spectre-meltdown-checker-0.44-3.6.1.i586",
                  "product_id": "spectre-meltdown-checker-0.44-3.6.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "spectre-meltdown-checker-0.44-3.6.1.x86_64",
                "product": {
                  "name": "spectre-meltdown-checker-0.44-3.6.1.x86_64",
                  "product_id": "spectre-meltdown-checker-0.44-3.6.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spectre-meltdown-checker-0.44-3.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:spectre-meltdown-checker-0.44-3.6.1.x86_64"
        },
        "product_reference": "spectre-meltdown-checker-0.44-3.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spectre-meltdown-checker-0.44-3.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:spectre-meltdown-checker-0.44-3.6.1.x86_64"
        },
        "product_reference": "spectre-meltdown-checker-0.44-3.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-5753",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5753"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:spectre-meltdown-checker-0.44-3.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:spectre-meltdown-checker-0.44-3.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5753",
          "url": "https://www.suse.com/security/cve/CVE-2017-5753"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1068032 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1068032"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074562 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1074562"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074578 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1074578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074701 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1074701"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075006 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1075006"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075419 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1075419"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075748 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1075748"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1080039 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1080039"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087084 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1087084"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087939 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1087939"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1089055 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1089055"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1136865 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1136865"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1201877"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209547 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1209547"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:spectre-meltdown-checker-0.44-3.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:spectre-meltdown-checker-0.44-3.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:spectre-meltdown-checker-0.44-3.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:spectre-meltdown-checker-0.44-3.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-08-27T12:41:34Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-5753"
    }
  ]
}

CVE-2017-5753 (GCVE-0-2017-5753)

Vulnerability from cvelistv5

Published

2018-01-04 13:00

Modified

2024-09-16 22:24

Severity ?

CWE

Information Disclosure

Summary

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

References

►

URL

Tags

	http://nvidia.custhelp.com/app/answers/detail/a_id/4609	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2018/dsa-4187	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3542-2/	vendor-advisory, x_refsource_UBUNTU
	https://security.gentoo.org/glsa/201810-06	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/3540-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/security/vulnerabilities/speculativeexecution	x_refsource_CONFIRM
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002	x_refsource_CONFIRM
	https://usn.ubuntu.com/3597-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://nvidia.custhelp.com/app/answers/detail/a_id/4611	x_refsource_CONFIRM
	https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html	x_refsource_MISC
	https://cert.vde.com/en-us/advisories/vde-2018-002	x_refsource_CONFIRM
	https://usn.ubuntu.com/3580-1/	vendor-advisory, x_refsource_UBUNTU
	https://support.f5.com/csp/article/K91229003	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html	vendor-advisory, x_refsource_SUSE
	https://www.debian.org/security/2018/dsa-4188	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:0292	vendor-advisory, x_refsource_REDHAT
	http://xenbits.xen.org/xsa/advisory-254.html	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20180104-0001/	x_refsource_CONFIRM
	https://www.synology.com/support/security/Synology_SA_18_01	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html	x_refsource_MISC
	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html	mailing-list, x_refsource_MLIST
	https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/584653	third-party-advisory, x_refsource_CERT-VN
	https://www.kb.cert.org/vuls/id/180049	third-party-advisory, x_refsource_CERT-VN
	https://cert.vde.com/en-us/advisories/vde-2018-003	x_refsource_CONFIRM
	https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us	x_refsource_CONFIRM
	https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us	x_refsource_CONFIRM
	https://usn.ubuntu.com/3549-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/	x_refsource_CONFIRM
	https://support.citrix.com/article/CTX231399	x_refsource_CONFIRM
	https://spectreattack.com/	x_refsource_MISC
	https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/	x_refsource_CONFIRM
	https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1040071	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/102371	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3597-2/	vendor-advisory, x_refsource_UBUNTU
	http://nvidia.custhelp.com/app/answers/detail/a_id/4614	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html	vendor-advisory, x_refsource_SUSE
	https://usn.ubuntu.com/3540-1/	vendor-advisory, x_refsource_UBUNTU
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel	vendor-advisory, x_refsource_CISCO
	https://usn.ubuntu.com/usn/usn-3516-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/43427/	exploit, x_refsource_EXPLOIT-DB
	https://usn.ubuntu.com/3541-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3541-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3542-1/	vendor-advisory, x_refsource_UBUNTU
	https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html	x_refsource_MISC
	https://support.lenovo.com/us/en/solutions/LEN-18282	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html	vendor-advisory, x_refsource_SUSE
	http://nvidia.custhelp.com/app/answers/detail/a_id/4613	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html	mailing-list, x_refsource_MLIST
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
	https://seclists.org/bugtraq/2019/Jun/36	mailing-list, x_refsource_BUGTRAQ
	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf	x_refsource_CONFIRM
	https://cdrdv2.intel.com/v1/dl/getContent/685359	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Intel Corporation	Most Modern Operating Systems	Version: All

Show details on NVD website