Vulnerabilities > CVE-2018-3639 - Information Exposure Through Discrepancy vulnerability in multiple products

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE

Summary

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Vulnerable Configurations

Part Description Count
Hardware
Intel
500
Hardware
Arm
3
Hardware
Siemens
38
Hardware
Microsoft
8
Application
Redhat
10
Application
Oracle
3
Application
Mitel
8
Application
Sonicwall
5
Application
Schneider-Electric
6
Application
Nvidia
4
OS
Redhat
27
OS
Debian
2
OS
Canonical
5
OS
Siemens
61
OS
Oracle
1
OS
Sonicwall
1
OS
Microsoft
15

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionAMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass. CVE-2018-3639. Dos exploit for Hardware platform
fileexploits/hardware/dos/44695.c
idEDB-ID:44695
last seen2018-05-24
modified2018-05-22
platformhardware
port
published2018-05-22
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/44695/
titleAMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
typedos

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0049-1.NASL
    descriptionThis update for java-1_7_0-openjdk to version 7u201 fixes the following issues : Security issues fixed : CVE-2018-3136: Manifest better support (bsc#1112142) CVE-2018-3139: Better HTTP Redirection (bsc#1112143) CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) CVE-2018-3169: Improve field accesses (bsc#1112146) CVE-2018-3180: Improve TLS connections stability (bsc#1112147) CVE-2018-3214: Better RIFF reading support (bsc#1112152) CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile CVE-2018-2938: Support Derby connections (bsc#1101644) CVE-2018-2940: Better stack walking (bsc#1101645) CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651) CVE-2018-2973: Improve LDAP support (bsc#1101656) CVE-2018-3639 cpu speculative store bypass mitigation Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-10
    plugin id121059
    published2019-01-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121059
    titleSUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:0049-1) (Spectre)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:0049-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(121059);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/26");
    
      script_cve_id("CVE-2018-13785", "CVE-2018-16435", "CVE-2018-2938", "CVE-2018-2940", "CVE-2018-2952", "CVE-2018-2973", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3214", "CVE-2018-3639");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:0049-1) (Spectre)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for java-1_7_0-openjdk to version 7u201 fixes the
    following issues :
    
    Security issues fixed :
    
    CVE-2018-3136: Manifest better support (bsc#1112142)
    
    CVE-2018-3139: Better HTTP Redirection (bsc#1112143)
    
    CVE-2018-3149: Enhance JNDI lookups (bsc#1112144)
    
    CVE-2018-3169: Improve field accesses (bsc#1112146)
    
    CVE-2018-3180: Improve TLS connections stability (bsc#1112147)
    
    CVE-2018-3214: Better RIFF reading support (bsc#1112152)
    
    CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153)
    
    CVE-2018-16435: heap-based buffer overflow in SetData function in
    cmsIT8LoadFromFile
    
    CVE-2018-2938: Support Derby connections (bsc#1101644)
    
    CVE-2018-2940: Better stack walking (bsc#1101645)
    
    CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651)
    
    CVE-2018-2973: Improve LDAP support (bsc#1101656)
    
    CVE-2018-3639 cpu speculative store bypass mitigation
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1101644"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1101645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1101651"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1101656"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112142"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112143"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112144"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112146"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112147"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112152"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112153"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-13785/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16435/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-2938/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-2940/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-2952/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-2973/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-3136/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-3139/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-3149/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-3169/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-3180/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-3214/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-3639/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20190049-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d2073f85"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE OpenStack Cloud 7:zypper in -t patch
    SUSE-OpenStack-Cloud-7-2019-49=1
    
    SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch
    SUSE-SLE-SAP-12-SP2-2019-49=1
    
    SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
    SUSE-SLE-SERVER-12-SP4-2019-49=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2019-49=1
    
    SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2019-49=1
    
    SUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-BCL-2019-49=1
    
    SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2019-49=1
    
    SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-2019-49=1
    
    SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP4-2019-49=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2019-49=1
    
    SUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-49=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-3180");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/01/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/10");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0|1|2|3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1/2/3/4", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3/4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-demo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-devel-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-headless-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-demo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-devel-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-headless-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-demo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-devel-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-headless-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-demo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-devel-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-headless-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-demo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-devel-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-demo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-devel-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-headless-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-1.7.0.201-43.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_0-openjdk");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0238.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - qemu-kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018 -3639.patch - qemu-kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-i t-CVE.patch - qemu-kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit -CVE-.patch - Resolves: bz#1574074 (CVE-2018-3639 qemu-kvm: hw: cpu: speculative store bypass [rhel-6.10.z]) - kvm-vga-add-share_surface-flag.patch [bz#1553674] - kvm-vga-add-sanity-checks.patch [bz#1553674] - Resolves: bz#1553674 (CVE-2018-7858 qemu-kvm: Qemu: cirrus: OOB access when updating vga display [rhel-6]) - kvm-target-i386-add-support-for-SPEC_CTRL-MSR.patch [bz#1525939 bz#1528024] - kvm-target-i386-cpu-add-new-CPUID-bits-for-indirect-bran .patch - kvm-target-i386-cpu-add-new-CPU-models-for-indirect-bran .patch - kvm-cirrus-fix-oob-access-in-mode4and5-write-functions.p atch [bz#1501298] - kvm-vga-stop-passing-pointers-to-vga_draw_line-functions .patch - kvm-vga-check-the-validation-of-memory-addr-when-draw-te .patch - Resolves: bz#1486641 (CVE-2017-13672 qemu-kvm-rhev: Qemu: vga: OOB read access during display update [rhel-6.10]) - Resolves: bz#1501298 (CVE-2017-15289 qemu-kvm: Qemu: cirrus: OOB access issue in mode4and5 write functions [rhel-6.10]) - Resolves: bz#1525939 (CVE-2017-5715 qemu-kvm: hw: cpu: speculative execution branch target injection [rhel-6.10]) - Resolves: bz#1528024 (CVE-2017-5715 qemu-kvm-rhev: hw: cpu: speculative execution branch target injection [rhel-6.10]) - Resolves: bz#1534692 (CVE-2018-5683 qemu-kvm: Qemu: Out-of-bounds read in vga_draw_text routine [rhel-6.10]) - Resolves: bz#1549152 (qemu-kvm-rhev: remove unused patch file [rhel-6.10]) - kvm-vns-tls-don-t-use-depricated-gnutls-functions.patch [bz#1428750] - kvm-vnc-apply-display-size-limits.patch [bz#1430616 bz#1430617] - kvm-fix-cirrus_vga-fix-OOB-read-case-qemu-Segmentation-f .patch - kvm-cirrus-vnc-zap-bitblit-support-from-console-code.pat ch [bz#1443448 bz#1443450 bz#1447542 bz#1447545] - kvm-cirrus-avoid-write-only-variables.patch [bz#1444378 bz#1444380] - kvm-cirrus-stop-passing-around-dst-pointers-in-the-blitt .patch - kvm-cirrus-stop-passing-around-src-pointers-in-the-blitt .patch - kvm-cirrus-fix-off-by-one-in-cirrus_bitblt_rop_bkwd_tran .patch - kvm-cirrus-fix-PUTPIXEL-macro.patch [bz#1444378 bz#1444380] - Resolves: bz#1428750 (Fails to build in brew) - Resolves: bz#1430616 (CVE-2017-2633 qemu-kvm: Qemu: VNC: memory corruption due to unchecked resolution limit [rhel-6.10]) - Resolves: bz#1430617 (CVE-2017-2633 qemu-kvm-rhev: Qemu: VNC: memory corruption due to unchecked resolution limit [rhel-6.10]) - Resolves: bz#1443448 (CVE-2017-7718 qemu-kvm: Qemu: display: cirrus: OOB read access issue [rhel-6.10]) - Resolves: bz#1443450 (CVE-2017-7718 qemu-kvm-rhev: Qemu: display: cirrus: OOB read access issue [rhel-6.10]) - Resolves: bz#1444378 (CVE-2017-7980 qemu-kvm: Qemu: display: cirrus: OOB r/w access issues in bitblt routines [rhel-6.10]) - Resolves: bz#1444380 (CVE-2017-7980 qemu-kvm-rhev: Qemu: display: cirrus: OOB r/w access issues in bitblt routines [rhel-6.10]) - Resolves: bz#1447542 (CVE-2016-9603 qemu-kvm: Qemu: cirrus: heap buffer overflow via vnc connection [rhel-6.10]) - Resolves: bz#1447545 (CVE-2016-9603 qemu-kvm-rhev: Qemu: cirrus: heap buffer overflow via vnc connection [rhel-6.10])
    last seen2020-06-01
    modified2020-06-02
    plugin id111023
    published2018-07-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111023
    titleOracleVM 3.4 : qemu-kvm (OVMSA-2018-0238) (Spectre)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2018-0238.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111023);
      script_version("1.8");
      script_cvs_date("Date: 2019/09/27 13:00:35");
    
      script_cve_id("CVE-2016-9603", "CVE-2017-13672", "CVE-2017-15289", "CVE-2017-2633", "CVE-2017-5715", "CVE-2017-7718", "CVE-2017-7980", "CVE-2018-3639", "CVE-2018-5683", "CVE-2018-7858");
    
      script_name(english:"OracleVM 3.4 : qemu-kvm (OVMSA-2018-0238) (Spectre)");
      script_summary(english:"Checks the RPM output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      -
        qemu-kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018
        -3639.patch 
    
      -
        qemu-kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-i
        t-CVE.patch 
    
      -
        qemu-kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit
        -CVE-.patch 
    
      - Resolves: bz#1574074 (CVE-2018-3639 qemu-kvm: hw: cpu:
        speculative store bypass [rhel-6.10.z])
    
      - kvm-vga-add-share_surface-flag.patch [bz#1553674]
    
      - kvm-vga-add-sanity-checks.patch [bz#1553674]
    
      - Resolves: bz#1553674 (CVE-2018-7858 qemu-kvm: Qemu:
        cirrus: OOB access when updating vga display [rhel-6])
    
      - kvm-target-i386-add-support-for-SPEC_CTRL-MSR.patch
        [bz#1525939 bz#1528024]
    
      -
        kvm-target-i386-cpu-add-new-CPUID-bits-for-indirect-bran
        .patch 
    
      -
        kvm-target-i386-cpu-add-new-CPU-models-for-indirect-bran
        .patch 
    
      -
        kvm-cirrus-fix-oob-access-in-mode4and5-write-functions.p
        atch [bz#1501298]
    
      -
        kvm-vga-stop-passing-pointers-to-vga_draw_line-functions
        .patch 
    
      -
        kvm-vga-check-the-validation-of-memory-addr-when-draw-te
        .patch 
    
      - Resolves: bz#1486641 (CVE-2017-13672 qemu-kvm-rhev:
        Qemu: vga: OOB read access during display update
        [rhel-6.10])
    
      - Resolves: bz#1501298 (CVE-2017-15289 qemu-kvm: Qemu:
        cirrus: OOB access issue in mode4and5 write functions
        [rhel-6.10])
    
      - Resolves: bz#1525939 (CVE-2017-5715 qemu-kvm: hw: cpu:
        speculative execution branch target injection
        [rhel-6.10])
    
      - Resolves: bz#1528024 (CVE-2017-5715 qemu-kvm-rhev: hw:
        cpu: speculative execution branch target injection
        [rhel-6.10])
    
      - Resolves: bz#1534692 (CVE-2018-5683 qemu-kvm: Qemu:
        Out-of-bounds read in vga_draw_text routine [rhel-6.10])
    
      - Resolves: bz#1549152 (qemu-kvm-rhev: remove unused patch
        file [rhel-6.10])
    
      - kvm-vns-tls-don-t-use-depricated-gnutls-functions.patch
        [bz#1428750]
    
      - kvm-vnc-apply-display-size-limits.patch [bz#1430616
        bz#1430617]
    
      -
        kvm-fix-cirrus_vga-fix-OOB-read-case-qemu-Segmentation-f
        .patch 
    
      -
        kvm-cirrus-vnc-zap-bitblit-support-from-console-code.pat
        ch [bz#1443448 bz#1443450 bz#1447542 bz#1447545]
    
      - kvm-cirrus-avoid-write-only-variables.patch [bz#1444378
        bz#1444380]
    
      -
        kvm-cirrus-stop-passing-around-dst-pointers-in-the-blitt
        .patch 
    
      -
        kvm-cirrus-stop-passing-around-src-pointers-in-the-blitt
        .patch 
    
      -
        kvm-cirrus-fix-off-by-one-in-cirrus_bitblt_rop_bkwd_tran
        .patch 
    
      - kvm-cirrus-fix-PUTPIXEL-macro.patch [bz#1444378
        bz#1444380]
    
      - Resolves: bz#1428750 (Fails to build in brew)
    
      - Resolves: bz#1430616 (CVE-2017-2633 qemu-kvm: Qemu: VNC:
        memory corruption due to unchecked resolution limit
        [rhel-6.10])
    
      - Resolves: bz#1430617 (CVE-2017-2633 qemu-kvm-rhev: Qemu:
        VNC: memory corruption due to unchecked resolution limit
        [rhel-6.10])
    
      - Resolves: bz#1443448 (CVE-2017-7718 qemu-kvm: Qemu:
        display: cirrus: OOB read access issue [rhel-6.10])
    
      - Resolves: bz#1443450 (CVE-2017-7718 qemu-kvm-rhev: Qemu:
        display: cirrus: OOB read access issue [rhel-6.10])
    
      - Resolves: bz#1444378 (CVE-2017-7980 qemu-kvm: Qemu:
        display: cirrus: OOB r/w access issues in bitblt
        routines [rhel-6.10])
    
      - Resolves: bz#1444380 (CVE-2017-7980 qemu-kvm-rhev: Qemu:
        display: cirrus: OOB r/w access issues in bitblt
        routines [rhel-6.10])
    
      - Resolves: bz#1447542 (CVE-2016-9603 qemu-kvm: Qemu:
        cirrus: heap buffer overflow via vnc connection
        [rhel-6.10])
    
      - Resolves: bz#1447545 (CVE-2016-9603 qemu-kvm-rhev: Qemu:
        cirrus: heap buffer overflow via vnc connection
        [rhel-6.10])"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/oraclevm-errata/2018-July/000873.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected qemu-img package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:qemu-img");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/07/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/12");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.4", reference:"qemu-img-0.12.1.2-2.506.el6_10.1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu-img");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1935-1.NASL
    descriptionThe Intel CPU microcode bundle was updated to the 20180703 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083). More information on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microc ode-D ata-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx - Add a new style supplements for the recent kernels. (bsc#1096141) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111051
    published2018-07-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111051
    titleSUSE SLED12 / SLES12 Security Update : Recommended update for ucode-intel (SUSE-SU-2018:1935-1) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-620.NASL
    descriptionThis update for qemu to version 2.11.2 fixes the following issues : Security issue fixed : - CVE-2018-11806: Fix heap buffer overflow issue that can happen while reassembling fragmented datagrams (bsc#1096223). - CVE-2018-3639: Mitigation functionality for Speculative Store Bypass issue in x86 (bsc#1087082). - CVE-2018-7550: Fix out of bounds read and write memory access, potentially leading to code execution (bsc#1083291) Bug fixes : - bsc#1091695: SEV guest will not lauchh with qemu-system-x86_64 version 2.11.1. - bsc#1094898: qemu-guest-agent service doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id123271
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123271
    titleopenSUSE Security Update : qemu (openSUSE-2019-620) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2331-1.NASL
    descriptionucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111781
    published2018-08-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111781
    titleSUSE SLED12 / SLES12 Security Update : Security update to ucode-intel (SUSE-SU-2018:2331-1) (Foreshadow) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-4126.NASL
    descriptionDescription of changes: [4.1.12-124.15.4.el7uek] - x86/bugs/IBRS: Keep SSBD mitigation in effect if spectre_v2=ibrs is selected (Mihai Carabas) - fs/pstore: update the backend parameter in pstore module (Wang Long) [Orabug: 27994372] - kvm: vmx: Reinstate support for CPUs without virtual NMI (Paolo Bonzini) [Orabug: 28041210] - dm crypt: add big-endian variant of plain64 IV (Milan Broz) [Orabug: 28043932] - x86/bugs: Rename SSBD_NO to SSB_NO (Konrad Rzeszutek Wilk) [Orabug: 28063992] {CVE-2018-3639} - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD (Tom Lendacky) [Orabug: 28063992] [Orabug: 28069548] {CVE-2018-3639} - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/bugs: Rework spec_ctrl base and mask logic (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/bugs: Expose x86_spec_ctrl_base directly (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} (Borislav Petkov) [Orabug: 28063992] {CVE-2018-3639} - x86/speculation: Rework speculative_store_bypass_update() (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/speculation: Add virtualized speculative store bypass disable support (Tom Lendacky) [Orabug: 28063992] {CVE-2018-3639} - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/speculation: Handle HT correctly on AMD (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/cpufeatures: Add FEATURE_ZEN (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/cpu/AMD: Fix erratum 1076 (CPB bit) (Borislav Petkov) [Orabug: 28063992] {CVE-2018-3639} [4.1.12-124.15.3.el7uek] - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947602] {CVE-2018-1000199} - Revert
    last seen2020-06-01
    modified2020-06-02
    plugin id110404
    published2018-06-08
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110404
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4126) (Spectre)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1039.NASL
    descriptionAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110462
    published2018-06-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110462
    titleAmazon Linux AMI : java-1.8.0-openjdk (ALAS-2018-1039) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1652.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110003
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110003
    titleRHEL 7 : libvirt (RHSA-2018:1652) (Spectre)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180522_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-18
    modified2018-05-23
    plugin id110025
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110025
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20180522) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1647.NASL
    descriptionFrom Red Hat Security Advisory 2018:1647 : An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109980
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109980
    titleOracle Linux 6 : java-1.7.0-openjdk (ELSA-2018-1647) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2387.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111728
    published2018-08-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111728
    titleRHEL 7 : kernel (RHSA-2018:2387) (Foreshadow) (Spectre)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180522_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-18
    modified2018-05-23
    plugin id110022
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110022
    titleScientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20180522) (Spectre)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-DB0D3E157E.NASL
    descriptionThe v4.16.11 kernel includes important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120842
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120842
    titleFedora 28 : kernel (2018-db0d3e157e) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-2164.NASL
    descriptionFrom Red Hat Security Advisory 2018:2164 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110996
    published2018-07-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110996
    titleOracle Linux 6 : kernel (ELSA-2018-2164) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1633.NASL
    descriptionFrom Red Hat Security Advisory 2018:1633 : An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109979
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109979
    titleOracle Linux 7 : qemu-kvm (ELSA-2018-1633) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1689.NASL
    descriptionAn update for rhevm-setup-plugins is now available for RHEV Manager version 3.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The rhevm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. The following packages have been upgraded to a later upstream version: rhevm-setup-plugins (3.6.7). (BZ#1579010) Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110080
    published2018-05-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110080
    titleRHEL 6 : Virtualization (RHSA-2018:1689) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1633.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109995
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109995
    titleRHEL 7 : qemu-kvm (RHSA-2018:1633) (Spectre)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1039.NASL
    descriptionAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110456
    published2018-06-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110456
    titleAmazon Linux 2 : java-1.8.0-openjdk (ALAS-2018-1039) (Spectre)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD_10_13_6_2018-002.NASL
    descriptionThe remote host is running macOS 10.13.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - fpserver - AppleGraphicsControl - APR - ATS - CFNetwork - CoreAnimation - CoreCrypto - CoreFoundation - CUPS - Dictionary - dyld - EFI - Foundation - Grand Central Dispatch - Heimdal - Hypervisor - ICU - Intel Graphics Driver - IOGraphics - IOHIDFamily - IOKit - IOUserEthernet - IPSec - Kernel - Login Window - mDNSOffloadUserClient - MediaRemote - Microcode - NetworkExtension - Security - Spotlight - Symptom Framework - WiFi
    last seen2020-03-18
    modified2018-10-31
    plugin id118575
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118575
    titlemacOS 10.13.6 Multiple Vulnerabilities (Security Update 2018-002)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2028-1.NASL
    descriptionThis update for java-1_7_0-openjdk to version 7u231 fixes the following issues : Security issues fixed : CVE_2019-2426: Improve web server connections (bsc#1134297). CVE-2019-2745: Improved ECC Implementation (bsc#1141784). CVE-2019-2762: Exceptional throw cases (bsc#1141782). CVE-2019-2766: Improve file protocol handling (bsc#1141789). CVE-2019-2769: Better copies of CopiesList (bsc#1141783). CVE-2019-2786: More limited privilege usage (bsc#1141787). CVE-2019-2816: Normalize normalization (bsc#1141785). CVE-2019-2842: Extended AES support (bsc#1141786). CVE-2019-7317: Improve PNG support (bsc#1141780). CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE (bsc#1087082). Certificate validation improvements Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127758
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127758
    titleSUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:2028-1) (Spectre)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3777-3.NASL
    descriptionUSN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 %LTS. This update provides the corresponding updates for the Linux kernel for Azure Cloud systems. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-17182) It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. (CVE-2018-15594) It was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. (CVE-2018-15572) Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) It was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2018-14633) Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) It was discovered that a memory leak existed in the IRDA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2018-6554) It was discovered that a use-after-free vulnerability existed in the IRDA implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118322
    published2018-10-23
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118322
    titleUbuntu 16.04 LTS / 18.04 LTS : linux-azure vulnerabilities (USN-3777-3) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1362-1.NASL
    descriptionThis update for qemu fixes several issues. This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named
    last seen2020-06-01
    modified2020-06-02
    plugin id110029
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110029
    titleSUSE SLES12 Security Update : qemu (SUSE-SU-2018:1362-1) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2216.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111148
    published2018-07-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111148
    titleRHEL 7 : kernel (RHSA-2018:2216) (Spectre)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4210.NASL
    descriptionThis update provides mitigations for the Spectre v4 variant in x86-based micro processors. On Intel CPUs this requires updated microcode which is currently not released publicly (but your hardware vendor may have issued an update). For servers with AMD CPUs no microcode update is needed, please refer to https://xenbits.xen.org/xsa/advisory-263.html for further information.
    last seen2020-06-01
    modified2020-06-02
    plugin id110102
    published2018-05-25
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110102
    titleDebian DSA-4210-1 : xen - security update (Spectre)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IJ05820.NASL
    descriptionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
    last seen2020-06-01
    modified2020-06-02
    plugin id109952
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109952
    titleAIX 7.2 TL 1 : variant4 (IJ05820) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1640.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110218
    published2018-05-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110218
    titleRHEL 6 : kernel (RHSA-2018:1640) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2246.NASL
    descriptionAn update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 6 and RHEV 3.X Hypervisor and Agents Extended Lifecycle Support for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111342
    published2018-07-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111342
    titleRHEL 6 / 7 : Virtualization (RHSA-2018:2246) (Spectre)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180522_KERNEL_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-18
    modified2018-05-23
    plugin id110024
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110024
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180522) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3407.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id118554
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118554
    titleRHEL 7 : libvirt (RHSA-2018:3407) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-514.NASL
    descriptionThe openSUSE Leap 42.3 kernel was updated to 4.4.132 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Information leaks using
    last seen2020-06-05
    modified2018-05-25
    plugin id110104
    published2018-05-25
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110104
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2018-514) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1650.NASL
    descriptionFrom Red Hat Security Advisory 2018:1650 : An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109983
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109983
    titleOracle Linux 6 : java-1.8.0-openjdk (ELSA-2018-1650) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3064-1.NASL
    descriptionThis update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues : These security issues were fixed : CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117992
    published2018-10-09
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117992
    titleSUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:3064-1) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1654.NASL
    descriptionAn update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 7 Extended Life Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110074
    published2018-05-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110074
    titleRHEL 7 : Virtualization (RHSA-2018:1654) (Spectre)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1034.NASL
    descriptionAn out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation.(CVE-2017-13672) A memory leakage issue was found in the I/O channels websockets implementation of the Quick Emulator (QEMU). It could occur while sending screen updates to a client, which is slow to read and process them further. A privileged guest user could use this flaw to cause a denial of service on the host and/or potentially crash the QEMU process instance on the host.(CVE-2017-15268) A use-after-free issue was found in the Slirp networking implementation of the Quick emulator (QEMU). It occurs when a Socket referenced from multiple packets is freed while responding to a message. A user/process could use this flaw to crash the QEMU process on the host resulting in denial of service.(CVE-2017-13711 ) Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.(CVE-2018-7858) VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.(CVE-2017-15124) An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110457
    published2018-06-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110457
    titleAmazon Linux AMI : qemu-kvm (ALAS-2018-1034) (Spectre)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS19_JAN_4480970.NASL
    descriptionThe remote Windows host is missing security update 4480960 or cumulative update 4480970. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2019-0569) - An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross- origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application. The security update addresses the vulnerability by enforcing CORS configuration to prevent its bypass. (CVE-2019-0545) - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584) - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2019-0541) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554) - An elevation of privilege vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way Windows handles authentication requests. (CVE-2019-0543)
    last seen2020-06-01
    modified2020-06-02
    plugin id121017
    published2019-01-08
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121017
    titleKB4480960: Windows 7 and Windows Server 2008 R2 January 2019 Security Update
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0049_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121947
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121947
    titlePhoton OS 2.0: Linux PHSA-2018-2.0-0049
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_10_14.NASL
    descriptionThe remote host is running a version of Mac OS X that is prior to 10.13.6 or is not macOS 10.14. It is, therefore, affected by multiple vulnerabilities in the following components : - afpserver - AppleGraphicsControl - Application Firewall - App Store - APR - ATS - Auto Unlock - Bluetooth - CFNetwork - CoreFoundation - CoreText - Crash Reporter - CUPS - Dictionary - Grand Central Dispatch - Heimdal - Hypervisor - iBooks - Intel Graphics Driver - IOHIDFamily - IOKit - IOUserEthernet - Kernel - LibreSSL - Login Window - mDNSOffloadUserClient - MediaRemote - Microcode - Security - Spotlight - Symptom Framework - Text - Wi-Fi Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id118178
    published2018-10-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118178
    titlemacOS < 10.14 Multiple Vulnerabilities
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0143_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities: - A flaw was found in the Linux kernel
    last seen2020-03-18
    modified2019-08-12
    plugin id127408
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127408
    titleNewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0143)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1377-2.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed : CVE-2018-3639: Information leaks using
    last seen2020-06-01
    modified2020-06-02
    plugin id118256
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118256
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:1377-2) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1362-2.NASL
    descriptionThis update for qemu fixes several issues. This security issue was fixed : CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named
    last seen2020-06-01
    modified2020-06-02
    plugin id118255
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118255
    titleSUSE SLES12 Security Update : qemu (SUSE-SU-2018:1362-2) (Spectre)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1446.NASL
    descriptionSecurity researchers identified two software analysis methods that, if used for malicious purposes, have the potential to improperly gather sensitive data from multiple types of computing devices with different vendors&rsquo; processors and operating systems. This update requires an update to the intel-microcode package, which is non-free. Users who have already installed the version from jessie-backports-sloppy do not need to upgrade. CVE-2018-3639 &ndash; Speculative Store Bypass (SSB) &ndash; also known as Variant 4 Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CVE-2018-3640 &ndash; Rogue System Register Read (RSRE) &ndash; also known as Variant 3a Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id111359
    published2018-07-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111359
    titleDebian DLA-1446-1 : intel-microcode security update (Spectre)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IJ05822.NASL
    descriptionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
    last seen2020-06-01
    modified2020-06-02
    plugin id109954
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109954
    titleAIX 7.1 TL 5 : variant4 (IJ05822) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1639.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110217
    published2018-05-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110217
    titleRHEL 6 : kernel (RHSA-2018:1639) (Spectre)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180522_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-18
    modified2018-05-23
    plugin id110023
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110023
    titleScientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20180522) (Spectre)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1338.NASL
    descriptionAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id130234
    published2019-10-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130234
    titleAmazon Linux 2 : java-11-openjdk (ALAS-2019-1338) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1641.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110219
    published2018-05-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110219
    titleRHEL 6 : kernel (RHSA-2018:1641) (Spectre)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180710_KERNEL_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-18
    modified2018-07-11
    plugin id111002
    published2018-07-11
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111002
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180710) (Spectre)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3653-2.NASL
    descriptionUSN-3653-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449) Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203) It was discovered that an infinite loop could occur in the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110047
    published2018-05-23
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110047
    titleUbuntu 16.04 LTS : linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities (USN-3653-2) (Spectre)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2018-037.NASL
    descriptionAccording to the versions of the anaconda / anaconda-core / anaconda-dracut / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id110234
    published2018-05-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110234
    titleVirtuozzo 7 : anaconda / anaconda-core / anaconda-dracut / etc (VZA-2018-037)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3756-1.NASL
    descriptionIt was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) Zdenek Sojka, Rudolf Marek, Alex Zuepke, and Innokentiy Sennovskiy discovered that microprocessors that perform speculative reads of system registers may allow unauthorized disclosure of system parameters via a sidechannel attack. This vulnerability is also known as Rogue System Register Read (RSRE). An attacker could use this to expose sensitive information. (CVE-2018-3640). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id112151
    published2018-08-28
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112151
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : intel-microcode vulnerabilities (USN-3756-1) (Foreshadow) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-599.NASL
    descriptionThis update for xen to version 4.10.1 fixes several issues (bsc#1027519). These security issues were fixed : - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). This non-security issue was fixed : - Always call qemus xen-save-devices-state in suspend/resume to fix migration with qcow2 images (bsc#1079730)
    last seen2020-06-05
    modified2018-06-11
    plugin id110438
    published2018-06-11
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110438
    titleopenSUSE Security Update : xen (openSUSE-2018-599) (Meltdown) (Spectre)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180521_QEMU_KVM_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-18
    modified2018-05-23
    plugin id110020
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110020
    titleScientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20180521) (Spectre)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-5521156807.NASL
    descriptionSpeculative Store Bypass [XSA-263, CVE-2018-3639] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120435
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120435
    titleFedora 28 : xen (2018-5521156807) (Spectre)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1538.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The walk_hugetlb_range() function in
    last seen2020-03-19
    modified2019-05-14
    plugin id124991
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124991
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1538)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1738.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110221
    published2018-05-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110221
    titleRHEL 7 : kernel (RHSA-2018:1738) (Spectre)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1033.NASL
    descriptionAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110450
    published2018-06-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110450
    titleAmazon Linux 2 : libvirt (ALAS-2018-1033) (Spectre)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1201.NASL
    descriptionAccording to the versions of the qemu-kvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.(CVE-2017-13672) - Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.(CVE-2017-13711) - VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.(CVE-2017-15124) - Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.(CVE-2017-15268) - The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.(CVE-2018-5683) - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load i1/4+ Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-05-06
    modified2018-07-03
    plugin id110865
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110865
    titleEulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2018-1201)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-547.NASL
    descriptionThis update for xen fixes the following issues : Security issues fixed : - CVE-2018-3639: Spectre V4 &ndash; Speculative Store Bypass aka
    last seen2020-06-05
    modified2018-06-04
    plugin id110309
    published2018-06-04
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110309
    titleopenSUSE Security Update : xen (openSUSE-2018-547) (Spectre)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0044_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver [firewire-net] in a fragment handling code in the Linux kernel. The vulnerability exists since firewire supported IPv4, i.e. since version 2.6.31 (year 2009) till version v4.9-rc4. A maliciously formed fragment with a respectively large datagram offset would cause a memcpy() past the datagram buffer, which would cause a system panic or possible arbitrary code execution. The flaw requires [firewire-net] module to be loaded and is remotely exploitable from connected firewire devices, but not over a local network. (CVE-2016-8633) - A bug in the 32-bit compatibility layer of the ioctl handling code of the v4l2 video driver in the Linux kernel has been found. A memory protection mechanism ensuring that user-provided buffers always point to a userspace memory were disabled, allowing destination address to be in a kernel space. This flaw could be exploited by an attacker to overwrite a kernel memory from an unprivileged userspace process, leading to privilege escalation. (CVE-2017-13166) - The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id127222
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127222
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0044)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1049.NASL
    descriptionAn incomplete fix for CVE-2018-5748 that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent.(CVE-2018-1064) qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.(CVE-2018-5748) An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111336
    published2018-07-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111336
    titleAmazon Linux 2 : libvirt (ALAS-2018-1049) (Spectre)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1195.NASL
    descriptionAccording to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass.(CVE-2018-2814) - OpenJDK: unrestricted deserialization of data from JCEKS key stores.(CVE-2018-2794) - OpenJDK: insufficient consistency checks in deserialization of multiple classes.(CVE-2018-2795) - OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue.(CVE-2018-2796) - OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport. (CVE-2018-2797) - OpenJDK: unbounded memory allocation during deserialization in Container.(CVE-2018-2798) - OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl.(CVE-2018-2799) - OpenJDK: RMI HTTP transport enabled by default.(CVE-2018-2800) - OpenJDK: unbounded memory allocation during deserialization in StubIORImpl.(CVE-2018-2815) - OpenJDK: incorrect merging of sections in the JAR manifest.(CVE-2018-2790) - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load i1/4+ Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-05-06
    modified2018-07-03
    plugin id110859
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110859
    titleEulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2018-1195)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1650.NASL
    descriptionAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110001
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110001
    titleRHEL 6 : java-1.8.0-openjdk (RHSA-2018:1650) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1377-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed : - CVE-2018-3639: Information leaks using
    last seen2020-06-01
    modified2020-06-02
    plugin id110042
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110042
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:1377-1) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1669.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110018
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110018
    titleRHEL 6 : libvirt (RHSA-2018:1669) (Spectre)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-6367A17AA3.NASL
    descriptionThe v4.16.11 kernel includes important fixes across the tree ---- The v4.16.9 stable update contains critical fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-05-30
    plugin id110209
    published2018-05-30
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110209
    titleFedora 26 : kernel (2018-6367a17aa3) (Spectre)
  • NASL familyMisc.
    NASL idCITRIX_XENSERVER_CTX235225.NASL
    descriptionThe version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by a local memory disclosure vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id110265
    published2018-05-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110265
    titleCitrix XenServer Local Memory Disclosure Vulnerability (CTX235225)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1193.NASL
    descriptionAccording to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass.(CVE-2018-2814) - OpenJDK: unrestricted deserialization of data from JCEKS key stores.(CVE-2018-2794) - OpenJDK: insufficient consistency checks in deserialization of multiple classes.(CVE-2018-2795) - OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue.(CVE-2018-2796) - OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport. (CVE-2018-2797) - OpenJDK: unbounded memory allocation during deserialization in Container.(CVE-2018-2798) - OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl.(CVE-2018-2799) - OpenJDK: RMI HTTP transport enabled by default.(CVE-2018-2800) - OpenJDK: unbounded memory allocation during deserialization in StubIORImpl.(CVE-2018-2815) - OpenJDK: incorrect merging of sections in the JAR manifest.(CVE-2018-2790) - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load i1/4+ Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-05-06
    modified2018-07-03
    plugin id110857
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110857
    titleEulerOS 2.0 SP3 : java-1.7.0-openjdk (EulerOS-SA-2018-1193)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1375-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Information leaks using
    last seen2020-06-01
    modified2020-06-02
    plugin id110040
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110040
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:1375-1) (Spectre)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1423.NASL
    descriptionLinux 4.9 has been packaged for Debian 8 as linux-4.9. This provides a supported upgrade path for systems that currently use kernel packages from the
    last seen2020-06-01
    modified2020-06-02
    plugin id111165
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111165
    titleDebian DLA-1423-1 : linux-4.9 new package (Spectre)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180522_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-18
    modified2018-05-23
    plugin id110021
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110021
    titleScientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20180522) (Spectre)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1647.NASL
    descriptionAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109961
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109961
    titleCentOS 6 : java-1.7.0-openjdk (CESA-2018:1647) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1668.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110017
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110017
    titleRHEL 7 : libvirt (RHSA-2018:1668) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2304-1.NASL
    descriptionThis update for libvirt fixes the following issues: Security issue fixed : - CVE-2018-3639: Add support for
    last seen2020-06-01
    modified2020-06-02
    plugin id111664
    published2018-08-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111664
    titleSUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2018:2304-1) (Spectre)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-527698A904.NASL
    descriptionAdd new CPU features for speculative store bypass (CVE-2018-3639) On Intel x86 hosts, the
    last seen2020-06-05
    modified2019-01-03
    plugin id120426
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120426
    titleFedora 28 : libvirt (2018-527698a904) (Spectre)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1649.NASL
    descriptionAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109963
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109963
    titleCentOS 7 : java-1.8.0-openjdk (CESA-2018:1649) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1046.NASL
    descriptionAn update for rhvm-setup-plugins is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The rhvm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. (CVE-2017-5754) Bug Fix(es) : * [CVE-2017-5754] Variant3: POWER {qemu-kvm-rhev} Add machine type variants (BZ#1559948) * add POWER 9 to the 4.2 cluster level (BZ#1574494)
    last seen2020-06-01
    modified2020-06-02
    plugin id124839
    published2019-05-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124839
    titleRHEL 7 : Virtualization Manager (RHSA-2019:1046) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1926-1.NASL
    descriptionThis update for ucode-intel fixes the following issues: The microcode bundles was updated to the 20180703 release For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083). More information on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microc ode-D ata-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-21
    modified2019-01-02
    plugin id120040
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120040
    titleSUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2018:1926-1) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3064-2.NASL
    descriptionThis update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues : These security issues were fixed : CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118300
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118300
    titleSUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:3064-2) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3555-1.NASL
    descriptionThis update for qemu fixes the following issues : These security issues were fixed : CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735). CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223). With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). This feature was added: Add support for block resize support for disks through the monitor (bsc#1094725). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118502
    published2018-10-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118502
    titleSUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2018:3555-1) (Spectre)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1965.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110905
    published2018-07-05
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110905
    titleCentOS 7 : kernel (CESA-2018:1965) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1366-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.131 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Information leaks using
    last seen2020-06-01
    modified2020-06-02
    plugin id110033
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110033
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:1366-1) (Spectre)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1034.NASL
    descriptionAn out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation.(CVE-2017-13672) A memory leakage issue was found in the I/O channels websockets implementation of the Quick Emulator (QEMU). It could occur while sending screen updates to a client, which is slow to read and process them further. A privileged guest user could use this flaw to cause a denial of service on the host and/or potentially crash the QEMU process instance on the host.(CVE-2017-15268) A use-after-free issue was found in the Slirp networking implementation of the Quick emulator (QEMU). It occurs when a Socket referenced from multiple packets is freed while responding to a message. A user/process could use this flaw to crash the QEMU process on the host resulting in denial of service.(CVE-2017-13711 ) Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.(CVE-2018-7858) VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.(CVE-2017-15124) An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110451
    published2018-06-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110451
    titleAmazon Linux 2 : qemu-kvm (ALAS-2018-1034) (Spectre)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3654-1.NASL
    descriptionJann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the F2FS implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18193) It was discovered that a buffer overflow existed in the Hisilicon HNS Ethernet Device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18222) It was discovered that the netfilter subsystem in the Linux kernel did not validate that rules containing jumps contained user-defined chains. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1065) It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) It was discovered that a NULL pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130) It was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803) It was discovered that a double free error existed in the block layer subsystem of the Linux kernel when setting up a request queue. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7480) It was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757) It was discovered that a race condition existed in the x86 machine check handler in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7995) Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110048
    published2018-05-23
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110048
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-kvm, vulnerabilities (USN-3654-1) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1603-1.NASL
    descriptionThis update for xen fixes several issues. These security issues were fixed : - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). bsc#1027519 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110444
    published2018-06-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110444
    titleSUSE SLES11 Security Update : xen (SUSE-SU-2018:1603-1) (Meltdown) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1699-2.NASL
    descriptionThis update for xen fixes several issues. This feature was added : Added support for qemu monitor command These security issues were fixed: CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118266
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118266
    titleSUSE SLES12 Security Update : xen (SUSE-SU-2018:1699-2) (Meltdown) (Spectre)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0032_JAVA-1.7.0-OPENJDK.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has java-1.7.0-openjdk packages installed that are affected by multiple vulnerabilities: - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id127199
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127199
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0032)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1660.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109966
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109966
    titleCentOS 6 : qemu-kvm (CESA-2018:1660) (Spectre)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-AEC846C0EF.NASL
    descriptionSpeculative Store Bypass [XSA-263, CVE-2018-3639] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-06-08
    plugin id110402
    published2018-06-08
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110402
    titleFedora 27 : xen (2018-aec846c0ef) (Spectre)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1629.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109958
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109958
    titleCentOS 7 : kernel (CESA-2018:1629) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1452-1.NASL
    descriptionThis update for libvirt fixes the following issues : - CVE-2018-3639: cpu: add support for
    last seen2020-06-01
    modified2020-06-02
    plugin id110189
    published2018-05-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110189
    titleSUSE SLES11 Security Update : libvirt (SUSE-SU-2018:1452-1) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1648.NASL
    descriptionFrom Red Hat Security Advisory 2018:1648 : An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109981
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109981
    titleOracle Linux 7 : java-1.7.0-openjdk (ELSA-2018-1648) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1651.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110002
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110002
    titleRHEL 6 : kernel (RHSA-2018:1651) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1651.NASL
    descriptionFrom Red Hat Security Advisory 2018:1651 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109984
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109984
    titleOracle Linux 6 : kernel (ELSA-2018-1651) (Spectre)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2019-0007.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (Tom Lendacky) [Orabug: 28870524] (CVE-2018-3639) - x86/bugs: Add AMD
    last seen2020-06-01
    modified2020-06-02
    plugin id122087
    published2019-02-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122087
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0007) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3397.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id118546
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118546
    titleRHEL 6 : qemu-kvm (RHSA-2018:3397) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2528-1.NASL
    descriptionThis update for xen fixes the following issues: These security issue were fixed : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - CVE-2018-12617: An integer overflow that could cause a segmentation fault in qmp_guest_file_read() with g_malloc() in qemu-guest-agent was fixed (bsc#1098744) - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. (bsc#1095242) - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. (bsc#1092631) - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (bsc#1074562) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (bsc#1074562) - CVE-2017-5754: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. (bsc#1074562) - CVE-2018-12891: Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. (bsc#1097521) - CVE-2018-12893: One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users. (bsc#1097522) - CVE-2018-11806: m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. (bsc#1096224) - CVE-2018-10982: An issue was discovered in Xen allowed x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. (bsc#1090822) - CVE-2018-10981: An issue was discovered in Xen that allowed x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. (bsc#1090823) Following bugs were fixed : - After updating to kernel 3.0.101-0.47.106.32-xen system crashes in check_bugs() (bsc#1097206) - bsc#1079730 - in xen-kmp, unplug emulated devices after migration This is required since xen-4.10 and/or qemu-2.10 because the state of unplug is not propagated from one dom0 to another. Without this unplug qemu
    last seen2020-06-01
    modified2020-06-02
    plugin id112147
    published2018-08-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112147
    titleSUSE SLES11 Security Update : xen (SUSE-SU-2018:2528-1) (Foreshadow) (Meltdown) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-42.NASL
    descriptionThis update for java-1_7_0-openjdk to version 7u201 fixes the following issues : Security issues fixed : - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile - CVE-2018-2938: Support Derby connections (bsc#1101644) - CVE-2018-2940: Better stack walking (bsc#1101645) - CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651) - CVE-2018-2973: Improve LDAP support (bsc#1101656) - CVE-2018-3639 cpu speculative store bypass mitigation This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-03-18
    modified2019-01-14
    plugin id121151
    published2019-01-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121151
    titleopenSUSE Security Update : java-1_7_0-openjdk (openSUSE-2019-42) (Spectre)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0049.NASL
    descriptionAn update of {'linux-esx', 'linux', 'patch', 'linux-aws', 'linux- secure'} packages of Photon OS has been released. This kernel update mitigates vulnerability CVE-2018-3639 which is referred to as Speculative Store Bypass issue
    last seen2019-02-21
    modified2019-02-07
    plugin id111304
    published2018-07-24
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111304
    titlePhoton OS 2.0 : linux-esx / linux / patch / linux-aws / linux-secure (PhotonOS-PHSA-2018-2.0-0049) (deprecated)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1515.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found where the kernel truncated the value used to indicate the size of a buffer which it would later become zero using an untruncated value. This can corrupt memory outside of the original allocation.(CVE-2017-9725) - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id124836
    published2019-05-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124836
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1515)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2335-1.NASL
    descriptionucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a), and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal Fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111783
    published2018-08-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111783
    titleSUSE SLES11 Security Update : Security update to ucode-intel (SUSE-SU-2018:2335-1) (Foreshadow) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2141-1.NASL
    descriptionThis update for libvirt fixes the following issues: Security issues fixed : - CVE-2018-3639: Add support for
    last seen2020-06-01
    modified2020-06-02
    plugin id111503
    published2018-08-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111503
    titleSUSE SLES12 Security Update : libvirt (SUSE-SU-2018:2141-1) (Spectre)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0137_JAVA-1.8.0-OPENJDK.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has java-1.8.0-openjdk packages installed that are affected by multiple vulnerabilities: - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id127397
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127397
    titleNewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0137)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1153.NASL
    descriptionAccording to the version of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load i1/4+ Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-05-06
    modified2018-06-20
    plugin id110617
    published2018-06-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110617
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1153)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2060.NASL
    descriptionAn update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110795
    published2018-06-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110795
    titleRHEL 7 : qemu-kvm-rhev (RHSA-2018:2060) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2076-1.NASL
    descriptionThis update for microcode_ctl fixes the following issues: The Intel CPU Microcode bundle was updated to the 20180703 release For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083) More details can be found on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microc ode-D ata-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111373
    published2018-07-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111373
    titleSUSE SLES11 Security Update : microcode_ctl (SUSE-SU-2018:2076-1) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1674.NASL
    descriptionAn update for rhvm-setup-plugins is now available for Red Hat Virtualization Engine 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The rhvm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. The following packages have been upgraded to a later upstream version: rhvm-setup-plugins (4.2.9). (BZ#1579326) Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110076
    published2018-05-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110076
    titleRHEL 7 : Virtualization Manager (RHSA-2018:1674) (Spectre)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1632.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109959
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109959
    titleCentOS 7 : libvirt (CESA-2018:1632) (Spectre)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IJ05821.NASL
    descriptionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
    last seen2020-06-01
    modified2020-06-02
    plugin id109953
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109953
    titleAIX 7.2 TL 0 : variant4 (IJ05821) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1656.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110005
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110005
    titleRHEL 6 : qemu-kvm (RHSA-2018:1656) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1690.NASL
    descriptionAn update for vdsm is now available for RHEV 3.X Hypervisor and Agents Extended Lifecycle Support for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host
    last seen2020-06-01
    modified2020-06-02
    plugin id110081
    published2018-05-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110081
    titleRHEL 7 : Virtualization (RHSA-2018:1690) (Spectre)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1271.NASL
    descriptionAccording to the version of the kvm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load i1/4+ Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-19
    modified2018-09-18
    plugin id117580
    published2018-09-18
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117580
    titleEulerOS Virtualization 2.5.0 : kvm (EulerOS-SA-2018-1271)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IJ05818.NASL
    descriptionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
    last seen2020-06-01
    modified2020-06-02
    plugin id109951
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109951
    titleAIX 7.2 TL 2 : variant4 (IJ05818) (Spectre)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180521_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-18
    modified2018-05-23
    plugin id110019
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110019
    titleScientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20180521) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3424.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id118559
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118559
    titleRHEL 6 : qemu-kvm (RHSA-2018:3424) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1479-1.NASL
    descriptionThis update for kvm fixes one security issues. This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named
    last seen2020-06-01
    modified2020-06-02
    plugin id110261
    published2018-05-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110261
    titleSUSE SLES11 Security Update : kvm (SUSE-SU-2018:1479-1) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2650-1.NASL
    descriptionThis update for kvm fixes the following security issues : CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117386
    published2018-09-10
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117386
    titleSUSE SLES11 Security Update : kvm (SUSE-SU-2018:2650-1) (Spectre)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180710_QEMU_KVM_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-18
    modified2018-07-11
    plugin id111003
    published2018-07-11
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111003
    titleScientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20180710) (Spectre)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1450.NASL
    descriptionAccording to the versions of the kvm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call.(CVE-2016-3713) - Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.(CVE-2016-8630) - Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest.(CVE-2017-2583) - arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.(CVE-2017-2584) - A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (i1/4z1024) index value.(CVE-2017-1000252) - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor
    last seen2020-03-19
    modified2019-05-14
    plugin id124953
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124953
    titleEulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS_JAN2019_SRU11_4_3_5_0.NASL
    descriptionThis Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. (CVE-2019-2437) - Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data. (CVE-2018-3646) - Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data. (CVE-2018-3639)
    last seen2020-03-18
    modified2019-01-17
    plugin id121223
    published2019-01-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121223
    titleOracle Solaris Critical Patch Update : jan2019_SRU11_4_3_5_0 (Foreshadow) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1439.NASL
    descriptionThis update for java-1_8_0-openjdk to version 8u212 fixes the following issues : Security issues fixed : - CVE-2019-2602: Better String parsing (bsc#1132728). - CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). - CVE-2019-2422: Better FileChannel (bsc#1122293). - CVE-2018-11212: Improve JPEG (bsc#1122299). Non-Security issue fixed : - Disable LTO (bsc#1133135). - Added Japanese new era name. This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id125451
    published2019-05-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125451
    titleopenSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-1439) (Spectre)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2018-034.NASL
    descriptionAccording to the versions of the cpupools / cpupools-features / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id110157
    published2018-05-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110157
    titleVirtuozzo 6 : cpupools / cpupools-features / etc (VZA-2018-034)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS19_FEB_OOB_MICROCODE.NASL
    descriptionThe remote Windows host is missing a security update. It is, therefore, missing microcode updates to address the following vulnerabilities: - Spectre Variant 3a (CVE-2018-3640: Rogue System Register Read (RSRE)). - Spectre Variant 4 (CVE-2018-3639: Speculative Store Bypass (SSB)) - L1TF (CVE-2018-3620, CVE-2018-3646: L1 Terminal Fault) Note that Nessus did not actually test for these flaws nor checked the target processor architecture but instead, has relied on the version of mcupdate_GenuineIntel.dll to be latest for supported Windows release.
    last seen2020-06-01
    modified2020-06-02
    plugin id122974
    published2019-03-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122974
    titleSecurity Updates for Windows 10 / Windows Server 2019 (February 2019) (Spectre) (Meltdown) (Foreshadow)
  • NASL familyMisc.
    NASL idVMWARE_ESXI_VMSA-2018-0012.NASL
    descriptionThe remote VMware ESXi host is version 5.5, 6.0, 6.5, or 6.7 and is missing a security patch. It is, therefore, vulnerable to an information disclosure vulnerability. The vulnerability exists in the speculative execution control mechanism. An unauthenticated, local attacker can exploit this, via side-channel analysis, to disclose potentially sensitive information.
    last seen2020-03-27
    modified2020-03-24
    plugin id134877
    published2020-03-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134877
    titleVMware ESXi 5.5 / 6.0 / 6.5 / 6.7 Information Disclosure (VMSA-2018-0012) (Spectre) (remote check)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1376-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Information leaks using
    last seen2020-06-01
    modified2020-06-02
    plugin id110041
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110041
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2018:1376-1) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1659.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110008
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110008
    titleRHEL 6 : qemu-kvm (RHSA-2018:1659) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1663.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110012
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110012
    titleRHEL 7 : qemu-kvm (RHSA-2018:1663) (Spectre)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1997.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110907
    published2018-07-05
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110907
    titleCentOS 7 : libvirt (CESA-2018:1997) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1374-1.NASL
    descriptionThe SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive several security fixes. The following security bugs were fixed : - CVE-2018-3639: Information leaks using
    last seen2020-06-01
    modified2020-06-02
    plugin id110039
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110039
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:1374-1) (Spectre)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1200.NASL
    descriptionAccording to the version of the qemu-kvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load i1/4+ Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-05-06
    modified2018-07-03
    plugin id110864
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110864
    titleEulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2018-1200)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-860.NASL
    descriptionThis update for libvirt fixes the following issues : Security issue fixed : - CVE-2018-3639: Add support for
    last seen2020-06-05
    modified2018-08-13
    plugin id111661
    published2018-08-13
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111661
    titleopenSUSE Security Update : libvirt (openSUSE-2018-860) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2006.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110714
    published2018-06-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110714
    titleRHEL 7 : libvirt (RHSA-2018:2006) (Spectre)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180626_QEMU_KVM_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-18
    modified2018-06-27
    plugin id110720
    published2018-06-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110720
    titleScientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20180626) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1614-2.NASL
    descriptionThis update for libvirt fixes the following issues : CVE-2018-3639: cpu: add support for
    last seen2020-06-01
    modified2020-06-02
    plugin id118261
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118261
    titleSUSE SLES12 Security Update : libvirt (SUSE-SU-2018:1614-2) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-602.NASL
    descriptionThis update for libvirt fixes the following issues : This update fixes the following security issue : - Added support for
    last seen2020-06-05
    modified2018-06-11
    plugin id110441
    published2018-06-11
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110441
    titleopenSUSE Security Update : libvirt (openSUSE-2018-602) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2162.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111000
    published2018-07-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111000
    titleRHEL 6 : qemu-kvm (RHSA-2018:2162) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0148-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel for Azure was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic was uninitialized (bnc#1116841). CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bnc#1087082). CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process
    last seen2020-03-18
    modified2019-01-24
    plugin id121344
    published2019-01-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121344
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:0148-1) (Spectre)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1265.NASL
    descriptionAccording to the versions of the kvm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load i1/4+ Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-19
    modified2018-09-18
    plugin id117574
    published2018-09-18
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117574
    titleEulerOS Virtualization 2.5.1 : kvm (EulerOS-SA-2018-1265)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1196.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the Linux kernel
    last seen2020-05-06
    modified2018-07-03
    plugin id110860
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110860
    titleEulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1196)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1737.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110220
    published2018-05-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110220
    titleRHEL 7 : kernel (RHSA-2018:1737) (Spectre)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1715.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18249 A race condition was discovered in the disk space allocator of F2FS. A user with access to an F2FS volume could use this to cause a denial of service or other security impact. CVE-2018-1128, CVE-2018-1129 The cephx authentication protocol used by Ceph was susceptible to replay attacks, and calculated signatures incorrectly. These vulnerabilities in the server required changes to authentication that are incompatible with existing clients. The kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id122879
    published2019-03-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122879
    titleDebian DLA-1715-1 : linux-4.9 security update (Spectre)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-2164.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111077
    published2018-07-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111077
    titleCentOS 6 : kernel (CESA-2018:2164) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2164.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111001
    published2018-07-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111001
    titleRHEL 6 : kernel (RHSA-2018:2164) (Spectre)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2018-0012.NASL
    descriptionvCenter Server, ESXi, Workstation, and Fusion update speculative execution control mechanism for Virtual Machines (VMs). As a result, a patched Guest Operating System (GOS) can remediate the Speculative Store bypass issue (CVE-2018-3639) using the Speculative-Store- Bypass-Disable (SSBD) control bit. This issue may allow for information disclosure in applications and/or execution runtimes which rely on managed code security mechanisms. Based on current evaluations, we do not believe that CVE-2018-3639 could allow for VM to VM or Hypervisor to VM Information disclosure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-3639 to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id110901
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110901
    titleVMSA-2018-0012 : VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2396.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111775
    published2018-08-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111775
    titleRHEL 6 : MRG (RHSA-2018:2396) (Foreshadow) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2973-2.NASL
    descriptionThis update for qemu fixes the following security issues : CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118297
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118297
    titleSUSE SLES12 Security Update : qemu (SUSE-SU-2018:2973-2) (Spectre)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3679-1.NASL
    descriptionKen Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by AMD microcode updates to guests on amd64 and i386. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110514
    published2018-06-13
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110514
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : qemu update (USN-3679-1) (Spectre)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS18_AUG_MICROCODE.NASL
    descriptionThe remote Windows host is missing a security update. It is, therefore, missing microcode updates to address Rogue System Register Read (RSRE), Speculative Store Bypass (SSB), L1 Terminal Fault (L1TF), and Branch Target Injection vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id112116
    published2018-08-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112116
    titleSecurity Updates for Windows 10 / Windows Server 2016 (August 2018) (Spectre) (Meltdown) (Foreshadow)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1389-1.NASL
    descriptionThis update for kvm fixes the following issues: This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named
    last seen2020-06-01
    modified2020-06-02
    plugin id110091
    published2018-05-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110091
    titleSUSE SLES11 Security Update : kvm (SUSE-SU-2018:1389-1) (Spectre)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2018-033.NASL
    descriptionAccording to the version of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110100
    published2018-05-25
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110100
    titleVirtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-033)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1658-1.NASL
    descriptionThis update for xen fixes several issues. These security issues were fixed : - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110509
    published2018-06-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110509
    titleSUSE SLES12 Security Update : xen (SUSE-SU-2018:1658-1) (Meltdown) (Spectre)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IJ05824.NASL
    descriptionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
    last seen2020-06-01
    modified2020-06-02
    plugin id109956
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109956
    titleAIX 6.1 TL 9 : variant4 (IJ05824) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-418.NASL
    descriptionThis update for xen to version 4.10.1 fixes several issues (bsc#1027519). These security issues were fixed : - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). This non-security issue was fixed : - Always call qemus xen-save-devices-state in suspend/resume to fix migration with qcow2 images (bsc#1079730)
    last seen2020-06-01
    modified2020-06-02
    plugin id123180
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123180
    titleopenSUSE Security Update : xen (openSUSE-2019-418) (Meltdown) (Spectre)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1651.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109965
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109965
    titleCentOS 6 : kernel (CESA-2018:1651) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1582-1.NASL
    descriptionThis update for xen fixes one issue. This security issue was fixed : - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110412
    published2018-06-08
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110412
    titleSUSE SLES12 Security Update : xen (SUSE-SU-2018:1582-1) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1699-1.NASL
    descriptionThis update for xen fixes several issues. This feature was added : - Added support for qemu monitor command These security issues were fixed : - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110596
    published2018-06-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110596
    titleSUSE SLES12 Security Update : xen (SUSE-SU-2018:1699-1) (Meltdown) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1363-1.NASL
    descriptionThis update for qemu fixes several issues. This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named
    last seen2020-06-01
    modified2020-06-02
    plugin id110030
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110030
    titleSUSE SLES12 Security Update : qemu (SUSE-SU-2018:1363-1) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2338-1.NASL
    descriptionucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-01-02
    plugin id120080
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120080
    titleSUSE SLED15 / SLES15 Security Update : Security update to ucode-intel (SUSE-SU-2018:2338-1) (Foreshadow) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-510.NASL
    descriptionThis update for ucode-intel fixes the following issues : The microcode bundles was updated to the 20180703 release For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083). More information on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microc ode-Data-File Following chipsets are fixed in this round : Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx
    last seen2020-05-31
    modified2019-03-27
    plugin id123215
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123215
    titleopenSUSE Security Update : ucode-intel (openSUSE-2019-510) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1211-2.NASL
    descriptionThis update for java-1_8_0-openjdk to version 8u212 fixes the following issues : Security issues fixed : CVE-2019-2602: Better String parsing (bsc#1132728). CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE Non-Security issue fixed: Disable LTO (bsc#1133135). Added Japanese new era name. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126440
    published2019-07-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126440
    titleSUSE SLED15 / SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:1211-2) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3400.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id118549
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118549
    titleRHEL 6 : libvirt (RHSA-2018:3400) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1675.NASL
    descriptionAn update for vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host
    last seen2020-06-01
    modified2020-06-02
    plugin id110077
    published2018-05-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110077
    titleRHEL 7 : Virtualization (RHSA-2018:1675) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1637.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110215
    published2018-05-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110215
    titleRHEL 7 : kernel (RHSA-2018:1637) (Spectre)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0272.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0272 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id118963
    published2018-11-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118963
    titleOracleVM 3.2 : xen (OVMSA-2018-0272) (Foreshadow) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2556-1.NASL
    descriptionThis update for qemu fixes the following security issues : CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id112201
    published2018-08-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112201
    titleSUSE SLES12 Security Update : qemu (SUSE-SU-2018:2556-1) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1696.NASL
    descriptionAn update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host
    last seen2020-06-01
    modified2020-06-02
    plugin id110111
    published2018-05-25
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110111
    titleRHEL 7 : Virtualization (RHSA-2018:1696) (Spectre)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0151.NASL
    descriptionAn update of {'linux', 'linux-esx'} packages of Photon OS has been released. This kernel update mitigates vulnerability CVE-2018-3639 which is referred to as Speculative Store Bypass issue
    last seen2019-02-21
    modified2019-02-07
    plugin id111277
    published2018-07-24
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111277
    titlePhoton OS 1.0 : linux / linux-esx (PhotonOS-PHSA-2018-1.0-0151) (Spectre) (deprecated)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1731.NASL
    descriptionThe linux update issued as DLA-1731-1 caused a regression in the vmxnet3 (VMware virtual network adapter) driver. This update corrects that regression, and an earlier regression in the CIFS network filesystem implementation introduced in DLA-1422-1. For reference the original advisory text follows. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2016-10741 A race condition was discovered in XFS that would result in a crash (BUG). A local user permitted to write to an XFS volume could use this for denial of service. CVE-2017-5753 Further instances of code that was vulnerable to Spectre variant 1 (bounds-check bypass) have been mitigated. CVE-2017-13305 A memory over-read was discovered in the keys subsystem
    last seen2020-06-01
    modified2020-06-02
    plugin id123420
    published2019-03-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123420
    titleDebian DLA-1731-2 : linux regression update (Spectre)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0219.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - qemu-kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018 -3639.patch - Resolves: bz#1574067 (EMBARGOED CVE-2018-3639 qemu-kvm: Kernel: omega-4 [rhel-6.9.z])
    last seen2020-06-01
    modified2020-06-02
    plugin id109988
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109988
    titleOracleVM 3.4 : qemu-kvm (OVMSA-2018-0219) (Spectre)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1038.NASL
    descriptionAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110455
    published2018-06-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110455
    titleAmazon Linux 2 : kernel (ALAS-2018-1038) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-622.NASL
    descriptionucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-05-31
    modified2019-03-28
    plugin id123443
    published2019-03-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123443
    titleopenSUSE Security Update : ucode-intel (openSUSE-2019-622) (Foreshadow) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3396.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id118545
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118545
    titleRHEL 6 : libvirt (RHSA-2018:3396) (Spectre)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1037.NASL
    descriptionAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110460
    published2018-06-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110460
    titleAmazon Linux AMI : java-1.7.0-openjdk (ALAS-2018-1037) (Spectre)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1633.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109960
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109960
    titleCentOS 7 : qemu-kvm (CESA-2018:1633) (Spectre)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0282.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0282 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id119277
    published2018-11-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119277
    titleOracleVM 3.4 : xen (OVMSA-2018-0282) (Foreshadow) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1655.NASL
    descriptionAn update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110075
    published2018-05-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110075
    titleRHEL 7 : Virtualization (RHSA-2018:1655) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1658.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110007
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110007
    titleRHEL 6 : qemu-kvm (RHSA-2018:1658) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1648.NASL
    descriptionAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109999
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109999
    titleRHEL 7 : java-1.7.0-openjdk (RHSA-2018:1648) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1711.NASL
    descriptionAn update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and Agents Extended Lifecycle Support for Red Hat Enterprise Linux 6 and RHEV 3.X Hypervisor and Agents Extended Lifecycle Support for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110113
    published2018-05-25
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110113
    titleRHEL 6 / 7 : Virtualization (RHSA-2018:1711) (Spectre)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-208-01.NASL
    descriptionNew kernel packages are available for Slackware 14.2 to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111413
    published2018-07-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111413
    titleSlackware 14.2 : Slackware 14.2 kernel (SSA:2018-208-01) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1997.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110711
    published2018-06-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110711
    titleRHEL 7 : libvirt (RHSA-2018:1997) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3402.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id118551
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118551
    titleRHEL 6 : libvirt (RHSA-2018:3402) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1386-1.NASL
    descriptionThis update for qemu fixes several issues. This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named
    last seen2020-06-01
    modified2020-06-02
    plugin id110090
    published2018-05-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110090
    titleSUSE SLES12 Security Update : qemu (SUSE-SU-2018:1386-1) (Spectre)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0248.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0248 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id111992
    published2018-08-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111992
    titleOracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2394.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111735
    published2018-08-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111735
    titleRHEL 6 : kernel (RHSA-2018:2394) (Foreshadow) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1935-2.NASL
    descriptionThe Intel CPU microcode bundle was updated to the 20180703 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083). More information on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microc ode-D ata-File Following chipsets are fixed in this round : Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx Add a new style supplements for the recent kernels. (bsc#1096141) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118274
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118274
    titleSUSE SLES12 Security Update : Recommended update for ucode-intel (SUSE-SU-2018:1935-2) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1438.NASL
    descriptionThis update for java-1_8_0-openjdk to version 8u212 fixes the following issues : Security issues fixed : - CVE-2019-2602: Better String parsing (bsc#1132728). - CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). - CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE Non-Security issue fixed : - Disable LTO (bsc#1133135). - Added Japanese new era name. This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id125450
    published2019-05-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125450
    titleopenSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-1438) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1211-1.NASL
    descriptionThis update for java-1_8_0-openjdk to version 8u212 fixes the following issues : Security issues fixed : CVE-2019-2602: Better String parsing (bsc#1132728). CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE Non-Security issue fixed: Disable LTO (bsc#1133135). Added Japanese new era name. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124857
    published2019-05-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124857
    titleSUSE SLED15 / SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:1211-1) (Spectre)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4469.NASL
    descriptionTwo vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API. Additionally the libvirt
    last seen2020-06-01
    modified2020-06-02
    plugin id126128
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126128
    titleDebian DSA-4469-1 : libvirt - security update
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0027_JAVA-1.8.0-OPENJDK.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has java-1.8.0-openjdk packages installed that are affected by multiple vulnerabilities: - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id127190
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127190
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0027)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-489.NASL
    descriptionThis update for qemu fixes several issues. This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named
    last seen2020-06-05
    modified2018-05-24
    plugin id110063
    published2018-05-24
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110063
    titleopenSUSE Security Update : qemu (openSUSE-2018-489) (Spectre)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1194.NASL
    descriptionAccording to the version of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load i1/4+ Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-05-06
    modified2018-07-03
    plugin id110858
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110858
    titleEulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2018-1194)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-424.NASL
    descriptionThis update for libvirt fixes the following issues : This update fixes the following security issue : - Added support for
    last seen2020-06-01
    modified2020-06-02
    plugin id123185
    published2019-03-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123185
    titleopenSUSE Security Update : libvirt (openSUSE-2019-424) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1826.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110506
    published2018-06-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110506
    titleRHEL 6 : kernel (RHSA-2018:1826) (Spectre)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-2001.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110908
    published2018-07-05
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110908
    titleCentOS 7 : qemu-kvm (CESA-2018:2001) (Spectre)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1037.NASL
    descriptionAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110454
    published2018-06-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110454
    titleAmazon Linux 2 : java-1.7.0-openjdk (ALAS-2018-1037) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-603.NASL
    descriptionThis update for qemu fixes the following issues : This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named
    last seen2020-06-05
    modified2018-06-11
    plugin id110442
    published2018-06-11
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110442
    titleopenSUSE Security Update : qemu (openSUSE-2018-603) (Spectre)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-44F8A7454D.NASL
    descriptionNew CPU features for speculative store bypass (CVE-2018-3639) On Intel x86 hosts, the
    last seen2020-06-05
    modified2019-01-03
    plugin id120385
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120385
    titleFedora 28 : 2:qemu (2018-44f8a7454d) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1636.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109997
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109997
    titleRHEL 7 : kernel (RHSA-2018:1636) (Spectre)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180626_LIBVIRT_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-18
    modified2018-06-27
    plugin id110718
    published2018-06-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110718
    titleScientific Linux Security Update : libvirt on SL7.x x86_64 (20180626) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1143.NASL
    descriptionThis update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues : These security issues were fixed : - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) These non-security issues were fixed : - Improve desktop file usage - Better Internet address support - speculative traps break when classes are redefined - sun/security/pkcs11/ec/ReadCertificates.java fails intermittently - Clean up code that saves the previous versions of redefined classes - Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links - RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid - NMT is not enabled if NMT option is specified after class path specifiers - EndEntityChecker should not process custom extensions after PKIX validation - SupportedDSAParamGen.java failed with timeout - Montgomery multiply intrinsic should use correct name - When determining the ciphersuite lists, there is no debug output for disabled suites. - sun/security/mscapi/SignedObjectChain.java fails on Windows - On Windows Swing changes keyboard layout on a window activation - IfNode::range_check_trap_proj() should handler dying subgraph with single if proj - Even better Internet address support - Newlines in JAXB string values of SOAP-requests are escaped to
    last seen2020-06-05
    modified2018-10-15
    plugin id118109
    published2018-10-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118109
    titleopenSUSE Security Update : java-1_8_0-openjdk (openSUSE-2018-1143) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3399.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id118548
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118548
    titleRHEL 6 : libvirt (RHSA-2018:3399) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-515.NASL
    descriptionThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1087082). A new boot commandline option was introduced,
    last seen2020-06-05
    modified2018-05-25
    plugin id110105
    published2018-05-25
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110105
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2018-515) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2615-1.NASL
    descriptionThis update for kvm fixes the following security issues : CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id112287
    published2018-09-05
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112287
    titleSUSE SLES11 Security Update : kvm (SUSE-SU-2018:2615-1) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2340-1.NASL
    descriptionThis update for qemu to version 2.11.2 fixes the following issues: Security issue fixed : - CVE-2018-11806: Fix heap buffer overflow issue that can happen while reassembling fragmented datagrams (bsc#1096223). - CVE-2018-3639: Mitigation functionality for Speculative Store Bypass issue in x86 (bsc#1087082). - CVE-2018-7550: Fix out of bounds read and write memory access, potentially leading to code execution (bsc#1083291) Bug fixes : - bsc#1091695: SEV guest will not lauchh with qemu-system-x86_64 version 2.11.1. - bsc#1094898: qemu-guest-agent service doesn
    last seen2020-03-19
    modified2019-01-02
    plugin id120081
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120081
    titleSUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2018:2340-1) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1854.NASL
    descriptionFrom Red Hat Security Advisory 2018:1854 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110701
    published2018-06-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110701
    titleOracle Linux 6 : kernel (ELSA-2018-1854) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2003.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110713
    published2018-06-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110713
    titleRHEL 7 : kernel-rt (RHSA-2018:2003) (Spectre)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0228.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - netlink: add a start callback for starting a netlink dump (Tom Herbert) [Orabug: 27169581] (CVE-2017-16939) - ipsec: Fix aborted xfrm policy dump crash (Herbert Xu) [Orabug: 27169581] (CVE-2017-16939) - net/rds: prevent RDS connections using stale ARP entries (Wei Lin Guay) [Orabug: 28149101] - net/rds: Avoid stalled connection due to CM REQ retries (Wei Lin Guay) [Orabug: 28068627] - net/rds: use one sided reconnection during a race (Wei Lin Guay) - Revert
    last seen2020-06-01
    modified2020-06-02
    plugin id110526
    published2018-06-14
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110526
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0228) (Spectre)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180619_KERNEL_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-18
    modified2018-07-03
    plugin id110887
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110887
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180619) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2161.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110999
    published2018-07-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110999
    titleRHEL 7 : kernel (RHSA-2018:2161) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1635.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109996
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109996
    titleRHEL 7 : kernel (RHSA-2018:1635) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1649.NASL
    descriptionAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110000
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110000
    titleRHEL 7 : java-1.8.0-openjdk (RHSA-2018:1649) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1649.NASL
    descriptionFrom Red Hat Security Advisory 2018:1649 : An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109982
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109982
    titleOracle Linux 7 : java-1.8.0-openjdk (ELSA-2018-1649) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1647.NASL
    descriptionAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109998
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109998
    titleRHEL 6 : java-1.7.0-openjdk (RHSA-2018:1647) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3401.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id118550
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118550
    titleRHEL 6 : qemu-kvm (RHSA-2018:3401) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-656.NASL
    descriptionThe openSUSE Leap 42.3 was updated to 4.4.138 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1085308 bsc#1087082) This update improves the previous Spectre Variant 4 fixes and also mitigates them on the ARM architecture. - CVE-2018-3665: The FPU state and registers of x86 CPUs were saved and restored in a lazy fashion, which opened its disclosure by speculative side channel attacks. This has been fixed by replacing the lazy save/restore by eager saving and restoring (bnc#1087086) - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the
    last seen2020-06-05
    modified2018-06-22
    plugin id110658
    published2018-06-22
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110658
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2018-656) (Spectre)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IJ05823.NASL
    descriptionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
    last seen2020-06-01
    modified2020-06-02
    plugin id109955
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109955
    titleAIX 7.1 TL 4 : variant4 (IJ05823) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1632.NASL
    descriptionFrom Red Hat Security Advisory 2018:1632 : An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109978
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109978
    titleOracle Linux 7 : libvirt (ELSA-2018-1632) (Spectre)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180522_LIBVIRT_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-18
    modified2018-05-23
    plugin id110026
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110026
    titleScientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20180522) (Spectre)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0133_QEMU-KVM.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has qemu-kvm packages installed that are affected by multiple vulnerabilities: - An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation. (CVE-2017-13672) - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id127389
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127389
    titleNewStart CGSL MAIN 4.05 : qemu-kvm Multiple Vulnerabilities (NS-SA-2019-0133)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-93C2E74446.NASL
    descriptionThe v4.16.11 kernel includes important fixes across the tree ---- The v4.16.10 update contains important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-05-29
    plugin id110170
    published2018-05-29
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110170
    titleFedora 27 : kernel (2018-93c2e74446) (Spectre)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2468.NASL
    descriptionAccording to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/docu ments/corporate-information/SA00233-microcode-update-gu idance_05132019.pdf(CVE-2018-12126) - Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/docu ments/corporate-information/SA00233-microcode-update-gu idance_05132019.pdf(CVE-2019-11091) - Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/docu ments/corporate-information/SA00233-microcode-update-gu idance_05132019.pdf(CVE-2018-12130) - Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/docu ments/corporate-information/SA00233-microcode-update-gu idance_05132019.pdf(CVE-2018-12127) - An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.(CVE-2019-3886) - libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.(CVE-2018-1064) - qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.(CVE-2018-5748) - Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.(CVE-2018-3639) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-04
    plugin id131621
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131621
    titleEulerOS 2.0 SP2 : libvirt (EulerOS-SA-2019-2468)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2092-1.NASL
    descriptionThe SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following new feature was added : - NVDIMM memory error notification (ACPI 6.2) The following security bugs were fixed : - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could have result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1100418) - CVE-2018-13053: The alarm_timer_nsleep function had an integer overflow via a large relative timeout because ktime_add_safe was not used (bnc#1099924) - CVE-2018-9385: Prevent overread of the
    last seen2020-03-21
    modified2019-01-02
    plugin id120067
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120067
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2092-1) (Spectre)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1854.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110645
    published2018-06-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110645
    titleCentOS 6 : kernel (CESA-2018:1854) (Spectre)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2018-048.NASL
    descriptionAccording to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - [x86 AMD] An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-10
    modified2018-07-18
    plugin id111151
    published2018-07-18
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111151
    titleVirtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-048)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1038.NASL
    descriptionAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110461
    published2018-06-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110461
    titleAmazon Linux AMI : kernel (ALAS-2018-1038) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-700.NASL
    descriptionThis update for ucode-intel fixes the following issues : The microcode bundles was updated to the 20180703 release For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083). More information on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microc ode-Data-File Following chipsets are fixed in this round : Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx
    last seen2020-06-05
    modified2018-07-09
    plugin id110958
    published2018-07-09
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110958
    titleopenSUSE Security Update : ucode-intel (openSUSE-2018-700) (Spectre)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0132_LIBVIRT.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has libvirt packages installed that are affected by multiple vulnerabilities: - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id127387
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127387
    titleNewStart CGSL MAIN 4.05 : libvirt Multiple Vulnerabilities (NS-SA-2019-0132)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-4114.NASL
    descriptionDescription of changes: [4.1.12-124.15.2.el7uek] - KVM: SVM: Move spec control call after restore of GS (Thomas Gleixner) {CVE-2018-3639} - x86/bugs: Fix the parameters alignment and missing void (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Make cpu_show_common() static (Jiri Kosina) {CVE-2018-3639} - x86/bugs: Fix __ssb_select_mitigation() return type (Jiri Kosina) {CVE-2018-3639} - Documentation/spec_ctrl: Do some minor cleanups (Borislav Petkov) {CVE-2018-3639} - proc: Use underscores for SSBD in
    last seen2020-06-01
    modified2020-06-02
    plugin id110071
    published2018-05-24
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110071
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4114) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2973-1.NASL
    descriptionThis update for qemu fixes the following security issues : CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117900
    published2018-10-03
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117900
    titleSUSE SLES12 Security Update : qemu (SUSE-SU-2018:2973-1) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2082-1.NASL
    descriptionThis update for libvirt fixes the following issues: Security issues fixed : - CVE-2017-5715: Fixes for speculative side channel attacks aka
    last seen2020-06-01
    modified2020-06-02
    plugin id111434
    published2018-07-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111434
    titleSUSE SLES12 Security Update : libvirt (SUSE-SU-2018:2082-1) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1475-1.NASL
    descriptionThis update for libvirt fixes the following issues : - CVE-2018-3639: cpu: Added support for
    last seen2020-06-01
    modified2020-06-02
    plugin id110259
    published2018-05-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110259
    titleSUSE SLES11 Security Update : libvirt (SUSE-SU-2018:1475-1) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1378-1.NASL
    descriptionThis update for qemu fixes several issues. This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named
    last seen2020-06-01
    modified2020-06-02
    plugin id110043
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110043
    titleSUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2018:1378-1) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1660.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110009
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110009
    titleRHEL 6 : qemu-kvm (RHSA-2018:1660) (Spectre)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1270.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load i1/4+ Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-19
    modified2018-09-18
    plugin id117579
    published2018-09-18
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117579
    titleEulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1270)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_SPACE_JSA10917_183R1.NASL
    descriptionAccording to its self-reported version number, the remote Junos Space version is prior to 18.3R1. It is, therefore, affected by multiple vulnerabilities: - A use after free vulnerability exists in the do_get_mempolicy function. An local attacker can exploit this to cause a denial of service condition. (CVE-2018-10675) - A malicious authenticated user may be able to delete a device from the Junos Space database without the privileges through crafted Ajax interactions from another legitimate delete action performed by an administrative user. (CVE-2019-0016) - A flaw in validity checking of image files uploaded to Junos Space could allow an attacker to upload malicious scripts or images. (CVE-2019-0017) Additionally, Junos Space is affected by several other vulnerabilities exist as noted in the vendor advisory. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id121067
    published2019-01-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121067
    titleJuniper Junos Space < 18.3R1 Multiple Vulnerabilities (JSA10917)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4273.NASL
    descriptionThis update ships updated CPU microcode for some types of Intel CPUs and provides SSBD support (needed to address
    last seen2020-06-01
    modified2020-06-02
    plugin id111796
    published2018-08-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111796
    titleDebian DSA-4273-1 : intel-microcode - security update (Spectre)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0233.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: xen commit=67e64eec4bfe342ca6c2ff0858ae7f5c39041013 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - x86/HVM: Restart ioreq processing state machine (Boris Ostrovsky) - BUILDINFO: xen commit=7e4f43226d60a48df300b32ce60ecff75ce2612d - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - svm: fix incorrect TSC scaling (Haozhong Zhang) [Orabug: 28189188] - BUILDINFO: xen commit=ba8e4ae04e3594470f9ce1663135fbe8c25106af - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - x86/spec-ctrl: Mitigations for LazyFPU (Ross Philipson) [Orabug: 28135217] (CVE-2018-3665) - x86: Support fully eager FPU context switching (Andrew Cooper) [Orabug: 28135217] (CVE-2018-3665) - BUILDINFO: xen commit=312880584fe084de632a6667254a5cc1c846179e - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - [xenmicrocode] Fix error reporting on successful return from tool (Ross Philipson) [Orabug: 28128506] - x86: correct default_xen_spec_ctrl calculation (Jan Beulich) [Orabug: 28034172] - x86/msr: Virtualise MSR_SPEC_CTRL.SSBD for guests to use (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/Intel: Mitigations for GPZ SP4 - Speculative Store Bypass (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/AMD: Mitigations for GPZ SP4 - Speculative Store Bypass (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Introduce a new `spec-ctrl=` command line argument to replace `bti=` (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/cpuid: Improvements to guest policies for speculative sidechannel features (Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639) - x86/spec_ctrl: Explicitly set Xen
    last seen2020-06-01
    modified2020-06-02
    plugin id110792
    published2018-06-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110792
    titleOracleVM 3.4 : xen (OVMSA-2018-0233) (Spectre)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS19_MAR_OOB_MICROCODE.NASL
    descriptionThe remote Windows host is missing a security update. It is, therefore, missing microcode updates to address the following vulnerabilities: - Spectre Variant 3a (CVE-2018-3640: Rogue System Register Read (RSRE)). - Spectre Variant 4 (CVE-2018-3639: Speculative Store Bypass (SSB)) - L1TF (CVE-2018-3620, CVE-2018-3646: L1 Terminal Fault) Note that Nessus did not actually test for these flaws nor checked the target processor architecture but instead, has relied on the version of mcupdate_GenuineIntel.dll to be latest for supported Windows release.
    last seen2020-06-01
    modified2020-06-02
    plugin id122975
    published2019-03-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122975
    titleSecurity Updates for Windows 10 / Windows Server 2016 / Windows Server 2019 (March 2019) (Spectre) (Meltdown) (Foreshadow)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-9F02E5ED7B.NASL
    descriptionAdd new CPU features for CVE-2017-5715 and CVE-2018-3639 On Intel x86 hosts, the
    last seen2020-06-05
    modified2018-07-09
    plugin id110951
    published2018-07-09
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110951
    titleFedora 27 : 2:qemu (2018-9f02e5ed7b) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2331-2.NASL
    descriptionucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118281
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118281
    titleSUSE SLES12 Security Update : Security update to ucode-intel (SUSE-SU-2018:2331-2) (Foreshadow) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1854.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110600
    published2018-06-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110600
    titleRHEL 6 : kernel (RHSA-2018:1854) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1368-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Information leaks using
    last seen2020-06-01
    modified2020-06-02
    plugin id110035
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110035
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2018:1368-1) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1642.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110073
    published2018-05-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110073
    titleRHEL 6 : MRG (RHSA-2018:1642) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1662.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110011
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110011
    titleRHEL 7 : qemu-kvm (RHSA-2018:1662) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2250.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111321
    published2018-07-25
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111321
    titleRHEL 6 : kernel (RHSA-2018:2250) (Spectre)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0223.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - KVM: SVM: Move spec control call after restore of GS (Thomas Gleixner) (CVE-2018-3639) - x86/bugs: Fix the parameters alignment and missing void (Konrad Rzeszutek Wilk) (CVE-2018-3639) - x86/bugs: Make cpu_show_common static (Jiri Kosina) (CVE-2018-3639) - x86/bugs: Fix __ssb_select_mitigation return type (Jiri Kosina) (CVE-2018-3639) - Documentation/spec_ctrl: Do some minor cleanups (Borislav Petkov) (CVE-2018-3639) - proc: Use underscores for SSBD in
    last seen2020-06-01
    modified2020-06-02
    plugin id110072
    published2018-05-24
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110072
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0223) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1667.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110016
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110016
    titleRHEL 6 : libvirt (RHSA-2018:1667) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1629.NASL
    descriptionFrom Red Hat Security Advisory 2018:1629 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109977
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109977
    titleOracle Linux 7 : kernel (ELSA-2018-1629) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2948.NASL
    descriptionAn update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id118513
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118513
    titleRHEL 7 : kernel-alt (RHSA-2018:2948) (Spectre)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3654-2.NASL
    descriptionUSN-3654-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the F2FS implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18193) It was discovered that a buffer overflow existed in the Hisilicon HNS Ethernet Device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18222) It was discovered that the netfilter subsystem in the Linux kernel did not validate that rules containing jumps contained user-defined chains. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1065) It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) It was discovered that a NULL pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130) It was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803) It was discovered that a double free error existed in the block layer subsystem of the Linux kernel when setting up a request queue. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7480) It was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757) It was discovered that a race condition existed in the x86 machine check handler in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7995) Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110049
    published2018-05-23
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110049
    titleUbuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3654-2) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1456-1.NASL
    descriptionThis update for xen fixes the following issues: Security issues fixed : - CVE-2018-3639: Spectre V4 &Atilde;&cent;&Acirc;&#128;&Acirc;&#147; Speculative Store Bypass aka
    last seen2020-06-01
    modified2020-06-02
    plugin id110222
    published2018-05-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110222
    titleSUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:1456-1) (Spectre)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3653-1.NASL
    descriptionJann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449) Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203) It was discovered that an infinite loop could occur in the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110046
    published2018-05-23
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110046
    titleUbuntu 17.10 : linux vulnerabilities (USN-3653-1) (Spectre)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0232.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=b059d1de3b211fe5582c63f64b4822b9f85eafd2 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - xend: fix memory leak of XendConfig.XendConfig object (Manjunath Patil) [Orabug: 28165871] - x86/HVM: Restart ioreq processing state machine (Boris Ostrovsky) - x86/spec-ctrl: Mitigations for LazyFPU (Andrew Cooper) [Orabug: 28135175] (CVE-2018-3665) - x86: Support fully eager FPU context switching (Andrew Cooper) [Orabug: 28135175] (CVE-2018-3665) - svm: fix incorrect TSC scaling (Haozhong Zhang) [Orabug: 27182906] - x86/AMD-ucode: correct multiple container handling (Jan Beulich) - x86, amd_ucode: fix coverity issues found in cpu_request_microcode (Aravind Gopalakrishnan) [Orabug: 28157269] - [xenmicrocode] Fix error reporting on successful return from tool (Ross Philipson) [Orabug: 28128754] - x86: correct default_xen_spec_ctrl calculation (Jan Beulich) [Orabug: 28035001] - x86/msr: Virtualise MSR_SPEC_CTRL.SSBD for guests to use (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/Intel: Mitigations for GPZ SP4 - Speculative Store Bypass (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/AMD: Mitigations for GPZ SP4 - Speculative Store Bypass (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Introduce a new `spec-ctrl=` command line argument to replace `bti=` (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/cpuid: Improvements to guest policies for speculative sidechannel features (Andrew Cooper) [Orabug: 28035001] (CVE-2018-3639) - x86/spec_ctrl: Explicitly set Xen
    last seen2020-06-01
    modified2020-06-02
    plugin id110791
    published2018-06-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110791
    titleOracleVM 3.4 : xen (OVMSA-2018-0232) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1965.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110708
    published2018-06-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110708
    titleRHEL 7 : kernel (RHSA-2018:1965) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1967.NASL
    descriptionAn update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110709
    published2018-06-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110709
    titleRHEL 7 : kernel-alt (RHSA-2018:1967) (Spectre)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0131_JAVA-1.7.0-OPENJDK.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has java-1.7.0-openjdk packages installed that are affected by multiple vulnerabilities: - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id127385
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127385
    titleNewStart CGSL MAIN 4.05 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0131)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1688.NASL
    descriptionAn update for org.ovirt.engine-root is now available for RHEV Manager version 3.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The org.ovirt.engine-root is a core component of oVirt. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110079
    published2018-05-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110079
    titleRHEL 6 : Virtualization (RHSA-2018:1688) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-2001.NASL
    descriptionFrom Red Hat Security Advisory 2018:2001 : An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110752
    published2018-06-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110752
    titleOracle Linux 7 : qemu-kvm (ELSA-2018-2001) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1997.NASL
    descriptionFrom Red Hat Security Advisory 2018:1997 : An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110751
    published2018-06-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110751
    titleOracle Linux 7 : libvirt (ELSA-2018-1997) (Spectre)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1192.NASL
    descriptionAccording to the version of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load i1/4+ Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-05-06
    modified2018-07-03
    plugin id110856
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110856
    titleEulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2018-1192)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1653.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110004
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110004
    titleRHEL 7 : libvirt (RHSA-2018:1653) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1657.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110006
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110006
    titleRHEL 6 : qemu-kvm (RHSA-2018:1657) (Spectre)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1669.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110203
    published2018-05-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110203
    titleCentOS 6 : libvirt (CESA-2018:1669) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1661.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110010
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110010
    titleRHEL 7 : qemu-kvm (RHSA-2018:1661) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1614-1.NASL
    descriptionThis update for libvirt fixes the following issues : - CVE-2018-3639: cpu: add support for
    last seen2020-06-01
    modified2020-06-02
    plugin id110445
    published2018-06-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110445
    titleSUSE SLES12 Security Update : libvirt (SUSE-SU-2018:1614-1) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1666.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110015
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110015
    titleRHEL 6 : libvirt (RHSA-2018:1666) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-2162.NASL
    descriptionFrom Red Hat Security Advisory 2018:2162 : An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110995
    published2018-07-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110995
    titleOracle Linux 6 : qemu-kvm (ELSA-2018-2162) (Spectre)
  • NASL familyMisc.
    NASL idRANCHEROS_1_4_1.NASL
    descriptionThe remote host is running a version of RancherOS prior to v1.4.1, hence is exposed to multiple side-channel vulnerabilities: - Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. (CVE-2018-3620) - Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. (CVE-2018-3639)
    last seen2020-06-01
    modified2020-06-02
    plugin id132253
    published2019-12-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132253
    titleSecurity Updates for RancherOS Information Disclosure Vulnerabily
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1364.NASL
    descriptionThis update for qemu fixes the following issues : These security issues were fixed : - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735). - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223). With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). This feature was added : - Add support for block resize support for disks through the monitor (bsc#1094725). This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen2020-06-05
    modified2018-11-11
    plugin id118870
    published2018-11-11
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118870
    titleopenSUSE Security Update : qemu (openSUSE-2018-1364) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-887.NASL
    descriptionucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-08-21
    plugin id112031
    published2018-08-21
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112031
    titleopenSUSE Security Update : ucode-intel (openSUSE-2018-887) (Foreshadow) (Spectre)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1197.NASL
    descriptionAccording to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load i1/4+ Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-05-06
    modified2018-07-03
    plugin id110861
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110861
    titleEulerOS 2.0 SP3 : libvirt (EulerOS-SA-2018-1197)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2565-1.NASL
    descriptionThis update for qemu fixes the following issues : These security issues were fixed : CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). This non-security was fixed: Fix VirtQueue error for virtio-balloon during live migration (bsc#1020928). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id112204
    published2018-08-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112204
    titleSUSE SLES12 Security Update : qemu (SUSE-SU-2018:2565-1) (Spectre)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-2162.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111076
    published2018-07-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111076
    titleCentOS 6 : qemu-kvm (CESA-2018:2162) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1669.NASL
    descriptionFrom Red Hat Security Advisory 2018:1669 : An update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109986
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109986
    titleOracle Linux 6 : libvirt (ELSA-2018-1669) (Spectre)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1648.NASL
    descriptionAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109962
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109962
    titleCentOS 7 : java-1.7.0-openjdk (CESA-2018:1648) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2001.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110712
    published2018-06-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110712
    titleRHEL 7 : qemu-kvm (RHSA-2018:2001) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-426.NASL
    descriptionThis update for qemu fixes the following issues : This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named
    last seen2020-06-01
    modified2020-06-02
    plugin id123186
    published2019-03-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123186
    titleopenSUSE Security Update : qemu (openSUSE-2019-426) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1676.NASL
    descriptionAn update for org.ovirt.engine-root is now available for Red Hat Virtualization Engine 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The org.ovirt.engine-root is a core component of oVirt. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110078
    published2018-05-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110078
    titleRHEL 7 : Virtualization Manager (RHSA-2018:1676) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2309.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111493
    published2018-08-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111493
    titleRHEL 6 : kernel (RHSA-2018:2309) (Spectre)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1650.NASL
    descriptionAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109964
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109964
    titleCentOS 6 : java-1.8.0-openjdk (CESA-2018:1650) (Spectre)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3652-1.NASL
    descriptionJann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110045
    published2018-05-23
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110045
    titleUbuntu 18.04 LTS : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem vulnerability (USN-3652-1) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-894.NASL
    descriptionThis update for qemu to version 2.11.2 fixes the following issues : Security issue fixed : - CVE-2018-11806: Fix heap buffer overflow issue that can happen while reassembling fragmented datagrams (bsc#1096223). - CVE-2018-3639: Mitigation functionality for Speculative Store Bypass issue in x86 (bsc#1087082). - CVE-2018-7550: Fix out of bounds read and write memory access, potentially leading to code execution (bsc#1083291) Bug fixes : - bsc#1091695: SEV guest will not lauchh with qemu-system-x86_64 version 2.11.1. - bsc#1094898: qemu-guest-agent service doesn
    last seen2020-06-05
    modified2018-08-20
    plugin id112003
    published2018-08-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112003
    titleopenSUSE Security Update : qemu (openSUSE-2018-894) (Spectre)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3680-1.NASL
    descriptionKen Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows libvirt to expose new CPU features added by microcode updates to guests. (CVE-2018-3639) Daniel P. Berrange discovered that libvirt incorrectly handled the QEMU guest agent. An attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2018-1064). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110515
    published2018-06-13
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110515
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : libvirt vulnerability and update (USN-3680-1) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1965.NASL
    descriptionFrom Red Hat Security Advisory 2018:1965 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110749
    published2018-06-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110749
    titleOracle Linux 7 : kernel (ELSA-2018-1965) (Spectre)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180626_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-18
    modified2018-06-27
    plugin id110717
    published2018-06-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110717
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20180626) (Spectre)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3655-1.NASL
    descriptionJann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) Jan H. Schonherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service (host crash) or possibly gain administrative privileges in the host. (CVE-2017-12134) It was discovered that the Bluetooth HIP Protocol implementation in the Linux kernel did not properly validate HID connection setup information. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-13220) It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2017-13305) It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449) It was discovered that a race condition existed in the i8042 serial device driver implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18079) It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203) It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204) It was discovered that an infinite loop could occur in the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208) Kefeng Wang discovered that a race condition existed in the memory locking implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18221) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110050
    published2018-05-23
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110050
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-3655-1) (Spectre)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0049_KERNEL-RT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver [firewire-net] in a fragment handling code in the Linux kernel. The vulnerability exists since firewire supported IPv4, i.e. since version 2.6.31 (year 2009) till version v4.9-rc4. A maliciously formed fragment with a respectively large datagram offset would cause a memcpy() past the datagram buffer, which would cause a system panic or possible arbitrary code execution. The flaw requires [firewire-net] module to be loaded and is remotely exploitable from connected firewire devices, but not over a local network. (CVE-2016-8633) - The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIMIT_INFINITY, but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. (CVE-2017-1000365) - A bug in the 32-bit compatibility layer of the ioctl handling code of the v4l2 video driver in the Linux kernel has been found. A memory protection mechanism ensuring that user-provided buffers always point to a userspace memory were disabled, allowing destination address to be in a kernel space. This flaw could be exploited by an attacker to overwrite a kernel memory from an unprivileged userspace process, leading to privilege escalation. (CVE-2017-13166) - The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id127233
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127233
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0049)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2328.NASL
    descriptionAn update for rhvm-setup-plugins is now available for Red Hat Virtualization Engine 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The rhvm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. The following packages have been upgraded to a later upstream version: rhvm-setup-plugins (4.2.10). (BZ#1596152) Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111516
    published2018-08-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111516
    titleRHEL 7 : Virtualization Manager (RHSA-2018:2328) (Spectre)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IJ05826.NASL
    descriptionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
    last seen2020-06-01
    modified2020-06-02
    plugin id109957
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109957
    titleAIX 5.3 TL 12 : variant4 (IJ05826) (Spectre)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180522_LIBVIRT_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-18
    modified2018-05-23
    plugin id110027
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110027
    titleScientific Linux Security Update : libvirt on SL7.x x86_64 (20180522) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-398.NASL
    descriptionThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1087082). A new boot commandline option was introduced,
    last seen2020-06-01
    modified2020-06-02
    plugin id123175
    published2019-03-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123175
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-398) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1664.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110013
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110013
    titleRHEL 6 : libvirt (RHSA-2018:1664) (Spectre)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180522_QEMU_KVM_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-18
    modified2018-05-23
    plugin id110028
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110028
    titleScientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20180522) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1638.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110216
    published2018-05-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110216
    titleRHEL 6 : kernel (RHSA-2018:1638) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3423.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id118558
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118558
    titleRHEL 7 : qemu-kvm (RHSA-2018:3423) (Spectre)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0151_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121851
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121851
    titlePhoton OS 1.0: Linux PHSA-2018-1.0-0151
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3425.NASL
    descriptionAn update for qemu-kvm is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id118560
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118560
    titleRHEL 6 : qemu-kvm (RHSA-2018:3425) (Spectre)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS19_JAN_4480963.NASL
    descriptionThe remote Windows host is missing security update 4480964 or cumulative update 4480963. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554) - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584) - An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross- origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application. The security update addresses the vulnerability by enforcing CORS configuration to prevent its bypass. (CVE-2019-0545) - An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox. The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running. The security update addresses the vulnerability by modifying how the Microsoft XmlDocument class enforces sandboxing. (CVE-2019-0555) - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory. (CVE-2019-0570) - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2019-0541) - An elevation of privilege exists in Windows COM Desktop Broker. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-0552) - An elevation of privilege vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way Windows handles authentication requests. (CVE-2019-0543) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2019-0569)
    last seen2020-06-01
    modified2020-06-02
    plugin id121014
    published2019-01-08
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121014
    titleKB4480964: Windows 8.1 and Windows Server 2012 R2 January 2019 Security Update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1219-1.NASL
    descriptionThis update for java-1_8_0-openjdk to version 8u212 fixes the following issues : Security issues fixed : CVE-2019-2602: Better String parsing (bsc#1132728). CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). CVE-2019-2422: Better FileChannel (bsc#1122293). CVE-2018-11212: Improve JPEG (bsc#1122299). Non-Security issue fixed: Disable LTO (bsc#1133135). Added Japanese new era name. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125023
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125023
    titleSUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:1219-1) (Spectre)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1506.NASL
    descriptionSecurity researchers identified speculative execution side-channel methods which have the potential to improperly gather sensitive data from multiple types of computing devices with different vendors&rsquo; processors and operating systems. This update requires an update to the intel-microcode package, which is non-free. It is related to DLA-1446-1 and adds more mitigations for additional types of Intel processors. For more information please also read the official Intel security advisories at : https://www.intel.com/content/www/us/en/security-center/advisory/intel -s a-00088.html https://www.intel.com/content/www/us/en/security-center/advisory/intel -s a-00115.html https://www.intel.com/content/www/us/en/security-center/advisory/intel -s a-00161.html For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id117502
    published2018-09-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117502
    titleDebian DLA-1506-1 : intel-microcode security update (Foreshadow) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1710.NASL
    descriptionAn update for redhat-virtualization-host is now available for RHEV 3.X Hypervisor and Agents Extended Lifecycle Support for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host
    last seen2020-06-01
    modified2020-06-02
    plugin id110112
    published2018-05-25
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110112
    titleRHEL 7 : Virtualization (RHSA-2018:1710) (Spectre)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0271.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0271 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id118962
    published2018-11-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118962
    titleOracleVM 3.3 : xen (OVMSA-2018-0271) (Foreshadow) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1665.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110014
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110014
    titleRHEL 6 : libvirt (RHSA-2018:1665) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1632.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109994
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109994
    titleRHEL 7 : libvirt (RHSA-2018:1632) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1630.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109993
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109993
    titleRHEL 7 : kernel-rt (RHSA-2018:1630) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1660.NASL
    descriptionFrom Red Hat Security Advisory 2018:1660 : An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109985
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109985
    titleOracle Linux 6 : qemu-kvm (ELSA-2018-1660) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3398.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id118547
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118547
    titleRHEL 7 : libvirt (RHSA-2018:3398) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1629.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id109992
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109992
    titleRHEL 7 : kernel (RHSA-2018:1629) (Spectre)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1267.NASL
    descriptionAccording to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load i1/4+ Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-19
    modified2018-09-18
    plugin id117576
    published2018-09-18
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117576
    titleEulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2018-1267)

Redhat

advisories
  • bugzilla
    id1566890
    titleCVE-2018-3639 hw: cpu: speculative store bypass
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • commentkernel earlier than 0:3.10.0-862.3.2.el7 is currently running
          ovaloval:com.redhat.rhsa:tst:20181629031
        • commentkernel earlier than 0:3.10.0-862.3.2.el7 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20181629032
      • OR
        • AND
          • commentkernel-tools-libs-devel is earlier than 0:3.10.0-862.3.2.el7
            ovaloval:com.redhat.rhsa:tst:20181629001
          • commentkernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678022
        • AND
          • commentkernel-abi-whitelists is earlier than 0:3.10.0-862.3.2.el7
            ovaloval:com.redhat.rhsa:tst:20181629003
          • commentkernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131645022
        • AND
          • commentkernel-doc is earlier than 0:3.10.0-862.3.2.el7
            ovaloval:com.redhat.rhsa:tst:20181629005
          • commentkernel-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842002
        • AND
          • commentkernel-tools-libs is earlier than 0:3.10.0-862.3.2.el7
            ovaloval:com.redhat.rhsa:tst:20181629007
          • commentkernel-tools-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678016
        • AND
          • commentkernel-headers is earlier than 0:3.10.0-862.3.2.el7
            ovaloval:com.redhat.rhsa:tst:20181629009
          • commentkernel-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842010
        • AND
          • commentkernel-tools is earlier than 0:3.10.0-862.3.2.el7
            ovaloval:com.redhat.rhsa:tst:20181629011
          • commentkernel-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678012
        • AND
          • commentperf is earlier than 0:3.10.0-862.3.2.el7
            ovaloval:com.redhat.rhsa:tst:20181629013
          • commentperf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842006
        • AND
          • commentkernel is earlier than 0:3.10.0-862.3.2.el7
            ovaloval:com.redhat.rhsa:tst:20181629015
          • commentkernel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842012
        • AND
          • commentpython-perf is earlier than 0:3.10.0-862.3.2.el7
            ovaloval:com.redhat.rhsa:tst:20181629017
          • commentpython-perf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111530024
        • AND
          • commentkernel-devel is earlier than 0:3.10.0-862.3.2.el7
            ovaloval:com.redhat.rhsa:tst:20181629019
          • commentkernel-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842016
        • AND
          • commentkernel-debug is earlier than 0:3.10.0-862.3.2.el7
            ovaloval:com.redhat.rhsa:tst:20181629021
          • commentkernel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842014
        • AND
          • commentkernel-debug-devel is earlier than 0:3.10.0-862.3.2.el7
            ovaloval:com.redhat.rhsa:tst:20181629023
          • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842008
        • AND
          • commentkernel-bootwrapper is earlier than 0:3.10.0-862.3.2.el7
            ovaloval:com.redhat.rhsa:tst:20181629025
          • commentkernel-bootwrapper is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842018
        • AND
          • commentkernel-kdump-devel is earlier than 0:3.10.0-862.3.2.el7
            ovaloval:com.redhat.rhsa:tst:20181629027
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842022
        • AND
          • commentkernel-kdump is earlier than 0:3.10.0-862.3.2.el7
            ovaloval:com.redhat.rhsa:tst:20181629029
          • commentkernel-kdump is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842020
    rhsa
    idRHSA-2018:1629
    released2018-05-22
    severityImportant
    titleRHSA-2018:1629: kernel security update (Important)
  • bugzilla
    id1566890
    titleCVE-2018-3639 hw: cpu: speculative store bypass
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentkernel-rt-doc is earlier than 0:3.10.0-862.3.2.rt56.808.el7
            ovaloval:com.redhat.rhsa:tst:20181630001
          • commentkernel-rt-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727002
        • AND
          • commentkernel-rt-trace-devel is earlier than 0:3.10.0-862.3.2.rt56.808.el7
            ovaloval:com.redhat.rhsa:tst:20181630003
          • commentkernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727004
        • AND
          • commentkernel-rt-trace is earlier than 0:3.10.0-862.3.2.rt56.808.el7
            ovaloval:com.redhat.rhsa:tst:20181630005
          • commentkernel-rt-trace is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727008
        • AND
          • commentkernel-rt-debug-devel is earlier than 0:3.10.0-862.3.2.rt56.808.el7
            ovaloval:com.redhat.rhsa:tst:20181630007
          • commentkernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727010
        • AND
          • commentkernel-rt is earlier than 0:3.10.0-862.3.2.rt56.808.el7
            ovaloval:com.redhat.rhsa:tst:20181630009
          • commentkernel-rt is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727006
        • AND
          • commentkernel-rt-devel is earlier than 0:3.10.0-862.3.2.rt56.808.el7
            ovaloval:com.redhat.rhsa:tst:20181630011
          • commentkernel-rt-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727012
        • AND
          • commentkernel-rt-debug is earlier than 0:3.10.0-862.3.2.rt56.808.el7
            ovaloval:com.redhat.rhsa:tst:20181630013
          • commentkernel-rt-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727014
        • AND
          • commentkernel-rt-kvm is earlier than 0:3.10.0-862.3.2.rt56.808.el7
            ovaloval:com.redhat.rhsa:tst:20181630015
          • commentkernel-rt-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212018
        • AND
          • commentkernel-rt-debug-kvm is earlier than 0:3.10.0-862.3.2.rt56.808.el7
            ovaloval:com.redhat.rhsa:tst:20181630017
          • commentkernel-rt-debug-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212020
        • AND
          • commentkernel-rt-trace-kvm is earlier than 0:3.10.0-862.3.2.rt56.808.el7
            ovaloval:com.redhat.rhsa:tst:20181630019
          • commentkernel-rt-trace-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212016
    rhsa
    idRHSA-2018:1630
    released2018-05-21
    severityImportant
    titleRHSA-2018:1630: kernel-rt security update (Important)
  • bugzilla
    id1566890
    titleCVE-2018-3639 hw: cpu: speculative store bypass
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentlibvirt-daemon-lxc is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632001
          • commentlibvirt-daemon-lxc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914030
        • AND
          • commentlibvirt-docs is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632003
          • commentlibvirt-docs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914028
        • AND
          • commentlibvirt-lock-sanlock is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632005
          • commentlibvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581002
        • AND
          • commentlibvirt-nss is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632007
          • commentlibvirt-nss is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20162577036
        • AND
          • commentlibvirt-devel is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632009
          • commentlibvirt-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581004
        • AND
          • commentlibvirt-admin is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632011
          • commentlibvirt-admin is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029056
        • AND
          • commentlibvirt-login-shell is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632013
          • commentlibvirt-login-shell is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914034
        • AND
          • commentlibvirt-daemon-driver-lxc is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632015
          • commentlibvirt-daemon-driver-lxc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914038
        • AND
          • commentlibvirt-daemon-config-network is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632017
          • commentlibvirt-daemon-config-network is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914026
        • AND
          • commentlibvirt-daemon-driver-storage-gluster is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632019
          • commentlibvirt-daemon-driver-storage-gluster is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029048
        • AND
          • commentlibvirt-daemon-driver-interface is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632021
          • commentlibvirt-daemon-driver-interface is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914012
        • AND
          • commentlibvirt-daemon-driver-storage-disk is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632023
          • commentlibvirt-daemon-driver-storage-disk is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029008
        • AND
          • commentlibvirt-daemon is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632025
          • commentlibvirt-daemon is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914008
        • AND
          • commentlibvirt-daemon-driver-qemu is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632027
          • commentlibvirt-daemon-driver-qemu is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914016
        • AND
          • commentlibvirt-daemon-driver-nwfilter is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632029
          • commentlibvirt-daemon-driver-nwfilter is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914002
        • AND
          • commentlibvirt-daemon-driver-storage-scsi is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632031
          • commentlibvirt-daemon-driver-storage-scsi is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029028
        • AND
          • commentlibvirt-daemon-config-nwfilter is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632033
          • commentlibvirt-daemon-config-nwfilter is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914020
        • AND
          • commentlibvirt is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632035
          • commentlibvirt is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581010
        • AND
          • commentlibvirt-daemon-driver-secret is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632037
          • commentlibvirt-daemon-driver-secret is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914024
        • AND
          • commentlibvirt-daemon-driver-storage is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632039
          • commentlibvirt-daemon-driver-storage is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914040
        • AND
          • commentlibvirt-daemon-driver-nodedev is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632041
          • commentlibvirt-daemon-driver-nodedev is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914006
        • AND
          • commentlibvirt-daemon-driver-storage-core is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632043
          • commentlibvirt-daemon-driver-storage-core is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029010
        • AND
          • commentlibvirt-daemon-driver-storage-rbd is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632045
          • commentlibvirt-daemon-driver-storage-rbd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029040
        • AND
          • commentlibvirt-daemon-kvm is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632047
          • commentlibvirt-daemon-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914022
        • AND
          • commentlibvirt-daemon-driver-storage-mpath is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632049
          • commentlibvirt-daemon-driver-storage-mpath is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029026
        • AND
          • commentlibvirt-daemon-driver-network is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632051
          • commentlibvirt-daemon-driver-network is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914010
        • AND
          • commentlibvirt-daemon-driver-storage-iscsi is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632053
          • commentlibvirt-daemon-driver-storage-iscsi is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029014
        • AND
          • commentlibvirt-daemon-driver-storage-logical is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632055
          • commentlibvirt-daemon-driver-storage-logical is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029020
        • AND
          • commentlibvirt-libs is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632057
          • commentlibvirt-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029018
        • AND
          • commentlibvirt-client is earlier than 0:3.9.0-14.el7_5.5
            ovaloval:com.redhat.rhsa:tst:20181632059
          • commentlibvirt-client is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581008
    rhsa
    idRHSA-2018:1632
    released2018-05-22
    severityImportant
    titleRHSA-2018:1632: libvirt security update (Important)
  • bugzilla
    id1566890
    titleCVE-2018-3639 hw: cpu: speculative store bypass
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentqemu-img is earlier than 10:1.5.3-156.el7_5.2
            ovaloval:com.redhat.rhsa:tst:20181633001
          • commentqemu-img is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345006
        • AND
          • commentqemu-kvm-tools is earlier than 10:1.5.3-156.el7_5.2
            ovaloval:com.redhat.rhsa:tst:20181633003
          • commentqemu-kvm-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345002
        • AND
          • commentqemu-kvm-common is earlier than 10:1.5.3-156.el7_5.2
            ovaloval:com.redhat.rhsa:tst:20181633005
          • commentqemu-kvm-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140704004
        • AND
          • commentqemu-kvm is earlier than 10:1.5.3-156.el7_5.2
            ovaloval:com.redhat.rhsa:tst:20181633007
          • commentqemu-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345004
    rhsa
    idRHSA-2018:1633
    released2018-05-22
    severityImportant
    titleRHSA-2018:1633: qemu-kvm security update (Important)
  • bugzilla
    id1566890
    titleCVE-2018-3639 hw: cpu: speculative store bypass
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentjava-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.181-2.6.14.8.el6_9
            ovaloval:com.redhat.rhsa:tst:20181647001
          • commentjava-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20121009002
        • AND
          • commentjava-1.7.0-openjdk-demo is earlier than 1:1.7.0.181-2.6.14.8.el6_9
            ovaloval:com.redhat.rhsa:tst:20181647003
          • commentjava-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20121009008
        • AND
          • commentjava-1.7.0-openjdk-src is earlier than 1:1.7.0.181-2.6.14.8.el6_9
            ovaloval:com.redhat.rhsa:tst:20181647005
          • commentjava-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20121009006
        • AND
          • commentjava-1.7.0-openjdk-devel is earlier than 1:1.7.0.181-2.6.14.8.el6_9
            ovaloval:com.redhat.rhsa:tst:20181647007
          • commentjava-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20121009004
        • AND
          • commentjava-1.7.0-openjdk is earlier than 1:1.7.0.181-2.6.14.8.el6_9
            ovaloval:com.redhat.rhsa:tst:20181647009
          • commentjava-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20121009010
    rhsa
    idRHSA-2018:1647
    released2018-05-21
    severityImportant
    titleRHSA-2018:1647: java-1.7.0-openjdk security update (Important)
  • bugzilla
    id1566890
    titleCVE-2018-3639 hw: cpu: speculative store bypass
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentjava-1.7.0-openjdk-src is earlier than 1:1.7.0.181-2.6.14.8.el7_5
            ovaloval:com.redhat.rhsa:tst:20181648001
          • commentjava-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20121009006
        • AND
          • commentjava-1.7.0-openjdk-demo is earlier than 1:1.7.0.181-2.6.14.8.el7_5
            ovaloval:com.redhat.rhsa:tst:20181648003
          • commentjava-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20121009008
        • AND
          • commentjava-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.181-2.6.14.8.el7_5
            ovaloval:com.redhat.rhsa:tst:20181648005
          • commentjava-1.7.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140675010
        • AND
          • commentjava-1.7.0-openjdk-devel is earlier than 1:1.7.0.181-2.6.14.8.el7_5
            ovaloval:com.redhat.rhsa:tst:20181648007
          • commentjava-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20121009004
        • AND
          • commentjava-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.181-2.6.14.8.el7_5
            ovaloval:com.redhat.rhsa:tst:20181648009
          • commentjava-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20121009002
        • AND
          • commentjava-1.7.0-openjdk is earlier than 1:1.7.0.181-2.6.14.8.el7_5
            ovaloval:com.redhat.rhsa:tst:20181648011
          • commentjava-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20121009010
        • AND
          • commentjava-1.7.0-openjdk-headless is earlier than 1:1.7.0.181-2.6.14.8.el7_5
            ovaloval:com.redhat.rhsa:tst:20181648013
          • commentjava-1.7.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140675006
    rhsa
    idRHSA-2018:1648
    released2018-05-22
    severityImportant
    titleRHSA-2018:1648: java-1.7.0-openjdk security update (Important)
  • bugzilla
    id1566890
    titleCVE-2018-3639 hw: cpu: speculative store bypass
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentjava-1.8.0-openjdk-accessibility-debug is earlier than 1:1.8.0.171-8.b10.el7_5
            ovaloval:com.redhat.rhsa:tst:20181649001
          • commentjava-1.8.0-openjdk-accessibility-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160049002
        • AND
          • commentjava-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.171-8.b10.el7_5
            ovaloval:com.redhat.rhsa:tst:20181649003
          • commentjava-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151919016
        • AND
          • commentjava-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.171-8.b10.el7_5
            ovaloval:com.redhat.rhsa:tst:20181649005
          • commentjava-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151919020
        • AND
          • commentjava-1.8.0-openjdk-debug is earlier than 1:1.8.0.171-8.b10.el7_5
            ovaloval:com.redhat.rhsa:tst:20181649007
          • commentjava-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151919022
        • AND
          • commentjava-1.8.0-openjdk-accessibility is earlier than 1:1.8.0.171-8.b10.el7_5
            ovaloval:com.redhat.rhsa:tst:20181649009
          • commentjava-1.8.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150809019
        • AND
          • commentjava-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.171-8.b10.el7_5
            ovaloval:com.redhat.rhsa:tst:20181649011
          • commentjava-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151919024
        • AND
          • commentjava-1.8.0-openjdk-src is earlier than 1:1.8.0.171-8.b10.el7_5
            ovaloval:com.redhat.rhsa:tst:20181649013
          • commentjava-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141636004
        • AND
          • commentjava-1.8.0-openjdk-demo is earlier than 1:1.8.0.171-8.b10.el7_5
            ovaloval:com.redhat.rhsa:tst:20181649015
          • commentjava-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141636002
        • AND
          • commentjava-1.8.0-openjdk-devel is earlier than 1:1.8.0.171-8.b10.el7_5
            ovaloval:com.redhat.rhsa:tst:20181649017
          • commentjava-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141636012
        • AND
          • commentjava-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.171-8.b10.el7_5
            ovaloval:com.redhat.rhsa:tst:20181649019
          • commentjava-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151919014
        • AND
          • commentjava-1.8.0-openjdk-javadoc-zip is earlier than 1:1.8.0.171-8.b10.el7_5
            ovaloval:com.redhat.rhsa:tst:20181649021
          • commentjava-1.8.0-openjdk-javadoc-zip is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20170180031
        • AND
          • commentjava-1.8.0-openjdk-javadoc-zip-debug is earlier than 1:1.8.0.171-8.b10.el7_5
            ovaloval:com.redhat.rhsa:tst:20181649023
          • commentjava-1.8.0-openjdk-javadoc-zip-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20170180029
        • AND
          • commentjava-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.171-8.b10.el7_5
            ovaloval:com.redhat.rhsa:tst:20181649025
          • commentjava-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151919008
        • AND
          • commentjava-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.171-8.b10.el7_5
            ovaloval:com.redhat.rhsa:tst:20181649027
          • commentjava-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141636006
        • AND
          • commentjava-1.8.0-openjdk is earlier than 1:1.8.0.171-8.b10.el7_5
            ovaloval:com.redhat.rhsa:tst:20181649029
          • commentjava-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141636008
        • AND
          • commentjava-1.8.0-openjdk-headless is earlier than 1:1.8.0.171-8.b10.el7_5
            ovaloval:com.redhat.rhsa:tst:20181649031
          • commentjava-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141636010
    rhsa
    idRHSA-2018:1649
    released2018-05-22
    severityImportant
    titleRHSA-2018:1649: java-1.8.0-openjdk security update (Important)
  • bugzilla
    id1566890
    titleCVE-2018-3639 hw: cpu: speculative store bypass
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentjava-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.171-8.b10.el6_9
            ovaloval:com.redhat.rhsa:tst:20181650001
          • commentjava-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141636006
        • AND
          • commentjava-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.171-8.b10.el6_9
            ovaloval:com.redhat.rhsa:tst:20181650003
          • commentjava-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151919008
        • AND
          • commentjava-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.171-8.b10.el6_9
            ovaloval:com.redhat.rhsa:tst:20181650005
          • commentjava-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151919014
        • AND
          • commentjava-1.8.0-openjdk-src is earlier than 1:1.8.0.171-8.b10.el6_9
            ovaloval:com.redhat.rhsa:tst:20181650007
          • commentjava-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141636004
        • AND
          • commentjava-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.171-8.b10.el6_9
            ovaloval:com.redhat.rhsa:tst:20181650009
          • commentjava-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151919024
        • AND
          • commentjava-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.171-8.b10.el6_9
            ovaloval:com.redhat.rhsa:tst:20181650011
          • commentjava-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151919016
        • AND
          • commentjava-1.8.0-openjdk-demo is earlier than 1:1.8.0.171-8.b10.el6_9
            ovaloval:com.redhat.rhsa:tst:20181650013
          • commentjava-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141636002
        • AND
          • commentjava-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.171-8.b10.el6_9
            ovaloval:com.redhat.rhsa:tst:20181650015
          • commentjava-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151919020
        • AND
          • commentjava-1.8.0-openjdk-debug is earlier than 1:1.8.0.171-8.b10.el6_9
            ovaloval:com.redhat.rhsa:tst:20181650017
          • commentjava-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20151919022
        • AND
          • commentjava-1.8.0-openjdk-devel is earlier than 1:1.8.0.171-8.b10.el6_9
            ovaloval:com.redhat.rhsa:tst:20181650019
          • commentjava-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141636012
        • AND
          • commentjava-1.8.0-openjdk-headless is earlier than 1:1.8.0.171-8.b10.el6_9
            ovaloval:com.redhat.rhsa:tst:20181650021
          • commentjava-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141636010
        • AND
          • commentjava-1.8.0-openjdk is earlier than 1:1.8.0.171-8.b10.el6_9
            ovaloval:com.redhat.rhsa:tst:20181650023
          • commentjava-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141636008
    rhsa
    idRHSA-2018:1650
    released2018-05-21
    severityImportant
    titleRHSA-2018:1650: java-1.8.0-openjdk security update (Important)
  • bugzilla
    id1566890
    titleCVE-2018-3639 hw: cpu: speculative store bypass
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • commentkernel earlier than 0:2.6.32-696.30.1.el6 is currently running
          ovaloval:com.redhat.rhsa:tst:20181651027
        • commentkernel earlier than 0:2.6.32-696.30.1.el6 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20181651028
      • OR
        • AND
          • commentkernel-doc is earlier than 0:2.6.32-696.30.1.el6
            ovaloval:com.redhat.rhsa:tst:20181651001
          • commentkernel-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842002
        • AND
          • commentkernel-firmware is earlier than 0:2.6.32-696.30.1.el6
            ovaloval:com.redhat.rhsa:tst:20181651003
          • commentkernel-firmware is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842004
        • AND
          • commentkernel-abi-whitelists is earlier than 0:2.6.32-696.30.1.el6
            ovaloval:com.redhat.rhsa:tst:20181651005
          • commentkernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131645022
        • AND
          • commentkernel-headers is earlier than 0:2.6.32-696.30.1.el6
            ovaloval:com.redhat.rhsa:tst:20181651007
          • commentkernel-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842010
        • AND
          • commentperf is earlier than 0:2.6.32-696.30.1.el6
            ovaloval:com.redhat.rhsa:tst:20181651009
          • commentperf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842006
        • AND
          • commentkernel-debug-devel is earlier than 0:2.6.32-696.30.1.el6
            ovaloval:com.redhat.rhsa:tst:20181651011
          • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842008
        • AND
          • commentkernel is earlier than 0:2.6.32-696.30.1.el6
            ovaloval:com.redhat.rhsa:tst:20181651013
          • commentkernel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842012
        • AND
          • commentkernel-devel is earlier than 0:2.6.32-696.30.1.el6
            ovaloval:com.redhat.rhsa:tst:20181651015
          • commentkernel-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842016
        • AND
          • commentkernel-debug is earlier than 0:2.6.32-696.30.1.el6
            ovaloval:com.redhat.rhsa:tst:20181651017
          • commentkernel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842014
        • AND
          • commentkernel-bootwrapper is earlier than 0:2.6.32-696.30.1.el6
            ovaloval:com.redhat.rhsa:tst:20181651019
          • commentkernel-bootwrapper is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842018
        • AND
          • commentkernel-kdump-devel is earlier than 0:2.6.32-696.30.1.el6
            ovaloval:com.redhat.rhsa:tst:20181651021
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842022
        • AND
          • commentkernel-kdump is earlier than 0:2.6.32-696.30.1.el6
            ovaloval:com.redhat.rhsa:tst:20181651023
          • commentkernel-kdump is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842020
        • AND
          • commentpython-perf is earlier than 0:2.6.32-696.30.1.el6
            ovaloval:com.redhat.rhsa:tst:20181651025
          • commentpython-perf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111530024
    rhsa
    idRHSA-2018:1651
    released2018-05-21
    severityImportant
    titleRHSA-2018:1651: kernel security and bug fix update (Important)
  • bugzilla
    id1566890
    titleCVE-2018-3639 hw: cpu: speculative store bypass
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentqemu-guest-agent is earlier than 2:0.12.1.2-2.503.el6_9.6
            ovaloval:com.redhat.rhsa:tst:20181660001
          • commentqemu-guest-agent is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20121234002
        • AND
          • commentqemu-img is earlier than 2:0.12.1.2-2.503.el6_9.6
            ovaloval:com.redhat.rhsa:tst:20181660003
          • commentqemu-img is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345006
        • AND
          • commentqemu-kvm is earlier than 2:0.12.1.2-2.503.el6_9.6
            ovaloval:com.redhat.rhsa:tst:20181660005
          • commentqemu-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345004
        • AND
          • commentqemu-kvm-tools is earlier than 2:0.12.1.2-2.503.el6_9.6
            ovaloval:com.redhat.rhsa:tst:20181660007
          • commentqemu-kvm-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345002
    rhsa
    idRHSA-2018:1660
    released2018-05-21
    severityImportant
    titleRHSA-2018:1660: qemu-kvm security update (Important)
  • bugzilla
    id1566890
    titleCVE-2018-3639 hw: cpu: speculative store bypass
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentlibvirt-lock-sanlock is earlier than 0:0.10.2-62.el6_9.2
            ovaloval:com.redhat.rhsa:tst:20181669001
          • commentlibvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581002
        • AND
          • commentlibvirt-python is earlier than 0:0.10.2-62.el6_9.2
            ovaloval:com.redhat.rhsa:tst:20181669003
          • commentlibvirt-python is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581006
        • AND
          • commentlibvirt-devel is earlier than 0:0.10.2-62.el6_9.2
            ovaloval:com.redhat.rhsa:tst:20181669005
          • commentlibvirt-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581004
        • AND
          • commentlibvirt is earlier than 0:0.10.2-62.el6_9.2
            ovaloval:com.redhat.rhsa:tst:20181669007
          • commentlibvirt is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581010
        • AND
          • commentlibvirt-client is earlier than 0:0.10.2-62.el6_9.2
            ovaloval:com.redhat.rhsa:tst:20181669009
          • commentlibvirt-client is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581008
    rhsa
    idRHSA-2018:1669
    released2018-05-22
    severityImportant
    titleRHSA-2018:1669: libvirt security update (Important)
  • bugzilla
    id1566890
    titleCVE-2018-3639 hw: cpu: speculative store bypass
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • commentkernel earlier than 0:3.10.0-862.6.3.el7 is currently running
          ovaloval:com.redhat.rhsa:tst:20181965031
        • commentkernel earlier than 0:3.10.0-862.6.3.el7 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20181965032
      • OR
        • AND
          • commentkernel-doc is earlier than 0:3.10.0-862.6.3.el7
            ovaloval:com.redhat.rhsa:tst:20181965001
          • commentkernel-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842002
        • AND
          • commentkernel-abi-whitelists is earlier than 0:3.10.0-862.6.3.el7
            ovaloval:com.redhat.rhsa:tst:20181965003
          • commentkernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131645022
        • AND
          • commentkernel-tools-libs is earlier than 0:3.10.0-862.6.3.el7
            ovaloval:com.redhat.rhsa:tst:20181965005
          • commentkernel-tools-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678016
        • AND
          • commentpython-perf is earlier than 0:3.10.0-862.6.3.el7
            ovaloval:com.redhat.rhsa:tst:20181965007
          • commentpython-perf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111530024
        • AND
          • commentkernel-devel is earlier than 0:3.10.0-862.6.3.el7
            ovaloval:com.redhat.rhsa:tst:20181965009
          • commentkernel-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842016
        • AND
          • commentkernel-debug is earlier than 0:3.10.0-862.6.3.el7
            ovaloval:com.redhat.rhsa:tst:20181965011
          • commentkernel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842014
        • AND
          • commentkernel-headers is earlier than 0:3.10.0-862.6.3.el7
            ovaloval:com.redhat.rhsa:tst:20181965013
          • commentkernel-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842010
        • AND
          • commentkernel-tools is earlier than 0:3.10.0-862.6.3.el7
            ovaloval:com.redhat.rhsa:tst:20181965015
          • commentkernel-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678012
        • AND
          • commentperf is earlier than 0:3.10.0-862.6.3.el7
            ovaloval:com.redhat.rhsa:tst:20181965017
          • commentperf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842006
        • AND
          • commentkernel is earlier than 0:3.10.0-862.6.3.el7
            ovaloval:com.redhat.rhsa:tst:20181965019
          • commentkernel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842012
        • AND
          • commentkernel-debug-devel is earlier than 0:3.10.0-862.6.3.el7
            ovaloval:com.redhat.rhsa:tst:20181965021
          • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842008
        • AND
          • commentkernel-tools-libs-devel is earlier than 0:3.10.0-862.6.3.el7
            ovaloval:com.redhat.rhsa:tst:20181965023
          • commentkernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678022
        • AND
          • commentkernel-bootwrapper is earlier than 0:3.10.0-862.6.3.el7
            ovaloval:com.redhat.rhsa:tst:20181965025
          • commentkernel-bootwrapper is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842018
        • AND
          • commentkernel-kdump-devel is earlier than 0:3.10.0-862.6.3.el7
            ovaloval:com.redhat.rhsa:tst:20181965027
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842022
        • AND
          • commentkernel-kdump is earlier than 0:3.10.0-862.6.3.el7
            ovaloval:com.redhat.rhsa:tst:20181965029
          • commentkernel-kdump is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842020
    rhsa
    idRHSA-2018:1965
    released2018-06-26
    severityImportant
    titleRHSA-2018:1965: kernel security and bug fix update (Important)
  • bugzilla
    id1582418
    titlevirsh capabilities reports invalid values for 4K pages [rhel-7.5.z]
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentlibvirt-daemon-lxc is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997001
          • commentlibvirt-daemon-lxc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914030
        • AND
          • commentlibvirt-docs is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997003
          • commentlibvirt-docs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914028
        • AND
          • commentlibvirt-lock-sanlock is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997005
          • commentlibvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581002
        • AND
          • commentlibvirt-nss is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997007
          • commentlibvirt-nss is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20162577036
        • AND
          • commentlibvirt-login-shell is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997009
          • commentlibvirt-login-shell is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914034
        • AND
          • commentlibvirt-admin is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997011
          • commentlibvirt-admin is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029056
        • AND
          • commentlibvirt-devel is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997013
          • commentlibvirt-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581004
        • AND
          • commentlibvirt-daemon-driver-lxc is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997015
          • commentlibvirt-daemon-driver-lxc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914038
        • AND
          • commentlibvirt-daemon-config-network is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997017
          • commentlibvirt-daemon-config-network is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914026
        • AND
          • commentlibvirt-daemon-driver-interface is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997019
          • commentlibvirt-daemon-driver-interface is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914012
        • AND
          • commentlibvirt-daemon-driver-storage-disk is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997021
          • commentlibvirt-daemon-driver-storage-disk is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029008
        • AND
          • commentlibvirt-daemon is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997023
          • commentlibvirt-daemon is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914008
        • AND
          • commentlibvirt-daemon-driver-storage-gluster is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997025
          • commentlibvirt-daemon-driver-storage-gluster is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029048
        • AND
          • commentlibvirt-daemon-driver-nwfilter is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997027
          • commentlibvirt-daemon-driver-nwfilter is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914002
        • AND
          • commentlibvirt-daemon-driver-storage-scsi is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997029
          • commentlibvirt-daemon-driver-storage-scsi is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029028
        • AND
          • commentlibvirt-daemon-config-nwfilter is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997031
          • commentlibvirt-daemon-config-nwfilter is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914020
        • AND
          • commentlibvirt-daemon-driver-secret is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997033
          • commentlibvirt-daemon-driver-secret is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914024
        • AND
          • commentlibvirt is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997035
          • commentlibvirt is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581010
        • AND
          • commentlibvirt-daemon-driver-storage is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997037
          • commentlibvirt-daemon-driver-storage is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914040
        • AND
          • commentlibvirt-daemon-driver-storage-core is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997039
          • commentlibvirt-daemon-driver-storage-core is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029010
        • AND
          • commentlibvirt-daemon-driver-nodedev is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997041
          • commentlibvirt-daemon-driver-nodedev is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914006
        • AND
          • commentlibvirt-daemon-driver-storage-rbd is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997043
          • commentlibvirt-daemon-driver-storage-rbd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029040
        • AND
          • commentlibvirt-daemon-kvm is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997045
          • commentlibvirt-daemon-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914022
        • AND
          • commentlibvirt-daemon-driver-storage-mpath is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997047
          • commentlibvirt-daemon-driver-storage-mpath is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029026
        • AND
          • commentlibvirt-daemon-driver-network is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997049
          • commentlibvirt-daemon-driver-network is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914010
        • AND
          • commentlibvirt-daemon-driver-storage-logical is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997051
          • commentlibvirt-daemon-driver-storage-logical is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029020
        • AND
          • commentlibvirt-daemon-driver-storage-iscsi is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997053
          • commentlibvirt-daemon-driver-storage-iscsi is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029014
        • AND
          • commentlibvirt-daemon-driver-qemu is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997055
          • commentlibvirt-daemon-driver-qemu is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914016
        • AND
          • commentlibvirt-libs is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997057
          • commentlibvirt-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029018
        • AND
          • commentlibvirt-client is earlier than 0:3.9.0-14.el7_5.6
            ovaloval:com.redhat.rhsa:tst:20181997059
          • commentlibvirt-client is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581008
    rhsa
    idRHSA-2018:1997
    released2018-06-26
    severityImportant
    titleRHSA-2018:1997: libvirt security and bug fix update (Important)
  • bugzilla
    id1566890
    titleCVE-2018-3639 hw: cpu: speculative store bypass
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentqemu-kvm-tools is earlier than 10:1.5.3-156.el7_5.3
            ovaloval:com.redhat.rhsa:tst:20182001001
          • commentqemu-kvm-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345002
        • AND
          • commentqemu-img is earlier than 10:1.5.3-156.el7_5.3
            ovaloval:com.redhat.rhsa:tst:20182001003
          • commentqemu-img is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345006
        • AND
          • commentqemu-kvm-common is earlier than 10:1.5.3-156.el7_5.3
            ovaloval:com.redhat.rhsa:tst:20182001005
          • commentqemu-kvm-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140704004
        • AND
          • commentqemu-kvm is earlier than 10:1.5.3-156.el7_5.3
            ovaloval:com.redhat.rhsa:tst:20182001007
          • commentqemu-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345004
    rhsa
    idRHSA-2018:2001
    released2018-06-26
    severityImportant
    titleRHSA-2018:2001: qemu-kvm security update (Important)
  • bugzilla
    id1576058
    titlekernel-rt: update to the RHEL7.5.z batch#2 source tree
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentkernel-rt-doc is earlier than 0:3.10.0-862.6.3.rt56.811.el7
            ovaloval:com.redhat.rhsa:tst:20182003001
          • commentkernel-rt-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727002
        • AND
          • commentkernel-rt-debug is earlier than 0:3.10.0-862.6.3.rt56.811.el7
            ovaloval:com.redhat.rhsa:tst:20182003003
          • commentkernel-rt-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727014
        • AND
          • commentkernel-rt-devel is earlier than 0:3.10.0-862.6.3.rt56.811.el7
            ovaloval:com.redhat.rhsa:tst:20182003005
          • commentkernel-rt-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727012
        • AND
          • commentkernel-rt is earlier than 0:3.10.0-862.6.3.rt56.811.el7
            ovaloval:com.redhat.rhsa:tst:20182003007
          • commentkernel-rt is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727006
        • AND
          • commentkernel-rt-trace-devel is earlier than 0:3.10.0-862.6.3.rt56.811.el7
            ovaloval:com.redhat.rhsa:tst:20182003009
          • commentkernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727004
        • AND
          • commentkernel-rt-trace is earlier than 0:3.10.0-862.6.3.rt56.811.el7
            ovaloval:com.redhat.rhsa:tst:20182003011
          • commentkernel-rt-trace is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727008
        • AND
          • commentkernel-rt-debug-devel is earlier than 0:3.10.0-862.6.3.rt56.811.el7
            ovaloval:com.redhat.rhsa:tst:20182003013
          • commentkernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727010
        • AND
          • commentkernel-rt-trace-kvm is earlier than 0:3.10.0-862.6.3.rt56.811.el7
            ovaloval:com.redhat.rhsa:tst:20182003015
          • commentkernel-rt-trace-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212016
        • AND
          • commentkernel-rt-debug-kvm is earlier than 0:3.10.0-862.6.3.rt56.811.el7
            ovaloval:com.redhat.rhsa:tst:20182003017
          • commentkernel-rt-debug-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212020
        • AND
          • commentkernel-rt-kvm is earlier than 0:3.10.0-862.6.3.rt56.811.el7
            ovaloval:com.redhat.rhsa:tst:20182003019
          • commentkernel-rt-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212018
    rhsa
    idRHSA-2018:2003
    released2018-06-26
    severityImportant
    titleRHSA-2018:2003: kernel-rt security and bug fix update (Important)
  • bugzilla
    id1566890
    titleCVE-2018-3639 hw: cpu: speculative store bypass
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • commentkernel earlier than 0:2.6.18-433.el5 is currently running
          ovaloval:com.redhat.rhsa:tst:20182172025
        • commentkernel earlier than 0:2.6.18-433.el5 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20182172026
      • OR
        • AND
          • commentkernel-doc is earlier than 0:2.6.18-433.el5
            ovaloval:com.redhat.rhsa:tst:20182172001
          • commentkernel-doc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314002
        • AND
          • commentkernel-xen-devel is earlier than 0:2.6.18-433.el5
            ovaloval:com.redhat.rhsa:tst:20182172003
          • commentkernel-xen-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314020
        • AND
          • commentkernel is earlier than 0:2.6.18-433.el5
            ovaloval:com.redhat.rhsa:tst:20182172005
          • commentkernel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314008
        • AND
          • commentkernel-debug-devel is earlier than 0:2.6.18-433.el5
            ovaloval:com.redhat.rhsa:tst:20182172007
          • commentkernel-debug-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314004
        • AND
          • commentkernel-PAE is earlier than 0:2.6.18-433.el5
            ovaloval:com.redhat.rhsa:tst:20182172009
          • commentkernel-PAE is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314024
        • AND
          • commentkernel-xen is earlier than 0:2.6.18-433.el5
            ovaloval:com.redhat.rhsa:tst:20182172011
          • commentkernel-xen is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314018
        • AND
          • commentkernel-headers is earlier than 0:2.6.18-433.el5
            ovaloval:com.redhat.rhsa:tst:20182172013
          • commentkernel-headers is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314006
        • AND
          • commentkernel-debug is earlier than 0:2.6.18-433.el5
            ovaloval:com.redhat.rhsa:tst:20182172015
          • commentkernel-debug is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314014
        • AND
          • commentkernel-PAE-devel is earlier than 0:2.6.18-433.el5
            ovaloval:com.redhat.rhsa:tst:20182172017
          • commentkernel-PAE-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314022
        • AND
          • commentkernel-devel is earlier than 0:2.6.18-433.el5
            ovaloval:com.redhat.rhsa:tst:20182172019
          • commentkernel-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314016
        • AND
          • commentkernel-kdump-devel is earlier than 0:2.6.18-433.el5
            ovaloval:com.redhat.rhsa:tst:20182172021
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314012
        • AND
          • commentkernel-kdump is earlier than 0:2.6.18-433.el5
            ovaloval:com.redhat.rhsa:tst:20182172023
          • commentkernel-kdump is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314010
    rhsa
    idRHSA-2018:2172
    released2018-07-11
    severityImportant
    titleRHSA-2018:2172: kernel security update (Important)
  • rhsa
    idRHSA-2018:1635
  • rhsa
    idRHSA-2018:1636
  • rhsa
    idRHSA-2018:1637
  • rhsa
    idRHSA-2018:1638
  • rhsa
    idRHSA-2018:1639
  • rhsa
    idRHSA-2018:1640
  • rhsa
    idRHSA-2018:1641
  • rhsa
    idRHSA-2018:1642
  • rhsa
    idRHSA-2018:1643
  • rhsa
    idRHSA-2018:1644
  • rhsa
    idRHSA-2018:1645
  • rhsa
    idRHSA-2018:1646
  • rhsa
    idRHSA-2018:1652
  • rhsa
    idRHSA-2018:1653
  • rhsa
    idRHSA-2018:1654
  • rhsa
    idRHSA-2018:1655
  • rhsa
    idRHSA-2018:1656
  • rhsa
    idRHSA-2018:1657
  • rhsa
    idRHSA-2018:1658
  • rhsa
    idRHSA-2018:1659
  • rhsa
    idRHSA-2018:1661
  • rhsa
    idRHSA-2018:1662
  • rhsa
    idRHSA-2018:1663
  • rhsa
    idRHSA-2018:1664
  • rhsa
    idRHSA-2018:1665
  • rhsa
    idRHSA-2018:1666
  • rhsa
    idRHSA-2018:1667
  • rhsa
    idRHSA-2018:1668
  • rhsa
    idRHSA-2018:1674
  • rhsa
    idRHSA-2018:1675
  • rhsa
    idRHSA-2018:1676
  • rhsa
    idRHSA-2018:1686
  • rhsa
    idRHSA-2018:1688
  • rhsa
    idRHSA-2018:1689
  • rhsa
    idRHSA-2018:1690
  • rhsa
    idRHSA-2018:1696
  • rhsa
    idRHSA-2018:1710
  • rhsa
    idRHSA-2018:1711
  • rhsa
    idRHSA-2018:1737
  • rhsa
    idRHSA-2018:1738
  • rhsa
    idRHSA-2018:1826
  • rhsa
    idRHSA-2018:1854
  • rhsa
    idRHSA-2018:1967
  • rhsa
    idRHSA-2018:2006
  • rhsa
    idRHSA-2018:2060
  • rhsa
    idRHSA-2018:2161
  • rhsa
    idRHSA-2018:2162
  • rhsa
    idRHSA-2018:2164
  • rhsa
    idRHSA-2018:2171
  • rhsa
    idRHSA-2018:2216
  • rhsa
    idRHSA-2018:2228
  • rhsa
    idRHSA-2018:2246
  • rhsa
    idRHSA-2018:2250
  • rhsa
    idRHSA-2018:2258
  • rhsa
    idRHSA-2018:2289
  • rhsa
    idRHSA-2018:2309
  • rhsa
    idRHSA-2018:2328
  • rhsa
    idRHSA-2018:2363
  • rhsa
    idRHSA-2018:2364
  • rhsa
    idRHSA-2018:2387
  • rhsa
    idRHSA-2018:2394
  • rhsa
    idRHSA-2018:2396
  • rhsa
    idRHSA-2018:2948
  • rhsa
    idRHSA-2018:3396
  • rhsa
    idRHSA-2018:3397
  • rhsa
    idRHSA-2018:3398
  • rhsa
    idRHSA-2018:3399
  • rhsa
    idRHSA-2018:3400
  • rhsa
    idRHSA-2018:3401
  • rhsa
    idRHSA-2018:3402
  • rhsa
    idRHSA-2018:3407
  • rhsa
    idRHSA-2018:3423
  • rhsa
    idRHSA-2018:3424
  • rhsa
    idRHSA-2018:3425
  • rhsa
    idRHSA-2019:0148
  • rhsa
    idRHSA-2019:1046
rpms
  • kernel-0:3.10.0-862.3.2.el7
  • kernel-abi-whitelists-0:3.10.0-862.3.2.el7
  • kernel-bootwrapper-0:3.10.0-862.3.2.el7
  • kernel-debug-0:3.10.0-862.3.2.el7
  • kernel-debug-debuginfo-0:3.10.0-862.3.2.el7
  • kernel-debug-devel-0:3.10.0-862.3.2.el7
  • kernel-debuginfo-0:3.10.0-862.3.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-862.3.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-862.3.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-862.3.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-862.3.2.el7
  • kernel-devel-0:3.10.0-862.3.2.el7
  • kernel-doc-0:3.10.0-862.3.2.el7
  • kernel-headers-0:3.10.0-862.3.2.el7
  • kernel-kdump-0:3.10.0-862.3.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-862.3.2.el7
  • kernel-kdump-devel-0:3.10.0-862.3.2.el7
  • kernel-tools-0:3.10.0-862.3.2.el7
  • kernel-tools-debuginfo-0:3.10.0-862.3.2.el7
  • kernel-tools-libs-0:3.10.0-862.3.2.el7
  • kernel-tools-libs-devel-0:3.10.0-862.3.2.el7
  • perf-0:3.10.0-862.3.2.el7
  • perf-debuginfo-0:3.10.0-862.3.2.el7
  • python-perf-0:3.10.0-862.3.2.el7
  • python-perf-debuginfo-0:3.10.0-862.3.2.el7
  • kernel-rt-0:3.10.0-862.3.2.rt56.808.el7
  • kernel-rt-debug-0:3.10.0-862.3.2.rt56.808.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-862.3.2.rt56.808.el7
  • kernel-rt-debug-devel-0:3.10.0-862.3.2.rt56.808.el7
  • kernel-rt-debug-kvm-0:3.10.0-862.3.2.rt56.808.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-862.3.2.rt56.808.el7
  • kernel-rt-debuginfo-0:3.10.0-862.3.2.rt56.808.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-862.3.2.rt56.808.el7
  • kernel-rt-devel-0:3.10.0-862.3.2.rt56.808.el7
  • kernel-rt-doc-0:3.10.0-862.3.2.rt56.808.el7
  • kernel-rt-kvm-0:3.10.0-862.3.2.rt56.808.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-862.3.2.rt56.808.el7
  • kernel-rt-trace-0:3.10.0-862.3.2.rt56.808.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-862.3.2.rt56.808.el7
  • kernel-rt-trace-devel-0:3.10.0-862.3.2.rt56.808.el7
  • kernel-rt-trace-kvm-0:3.10.0-862.3.2.rt56.808.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-862.3.2.rt56.808.el7
  • libvirt-0:3.9.0-14.el7_5.5
  • libvirt-admin-0:3.9.0-14.el7_5.5
  • libvirt-client-0:3.9.0-14.el7_5.5
  • libvirt-daemon-0:3.9.0-14.el7_5.5
  • libvirt-daemon-config-network-0:3.9.0-14.el7_5.5
  • libvirt-daemon-config-nwfilter-0:3.9.0-14.el7_5.5
  • libvirt-daemon-driver-interface-0:3.9.0-14.el7_5.5
  • libvirt-daemon-driver-lxc-0:3.9.0-14.el7_5.5
  • libvirt-daemon-driver-network-0:3.9.0-14.el7_5.5
  • libvirt-daemon-driver-nodedev-0:3.9.0-14.el7_5.5
  • libvirt-daemon-driver-nwfilter-0:3.9.0-14.el7_5.5
  • libvirt-daemon-driver-qemu-0:3.9.0-14.el7_5.5
  • libvirt-daemon-driver-secret-0:3.9.0-14.el7_5.5
  • libvirt-daemon-driver-storage-0:3.9.0-14.el7_5.5
  • libvirt-daemon-driver-storage-core-0:3.9.0-14.el7_5.5
  • libvirt-daemon-driver-storage-disk-0:3.9.0-14.el7_5.5
  • libvirt-daemon-driver-storage-gluster-0:3.9.0-14.el7_5.5
  • libvirt-daemon-driver-storage-iscsi-0:3.9.0-14.el7_5.5
  • libvirt-daemon-driver-storage-logical-0:3.9.0-14.el7_5.5
  • libvirt-daemon-driver-storage-mpath-0:3.9.0-14.el7_5.5
  • libvirt-daemon-driver-storage-rbd-0:3.9.0-14.el7_5.5
  • libvirt-daemon-driver-storage-scsi-0:3.9.0-14.el7_5.5
  • libvirt-daemon-kvm-0:3.9.0-14.el7_5.5
  • libvirt-daemon-lxc-0:3.9.0-14.el7_5.5
  • libvirt-debuginfo-0:3.9.0-14.el7_5.5
  • libvirt-devel-0:3.9.0-14.el7_5.5
  • libvirt-docs-0:3.9.0-14.el7_5.5
  • libvirt-libs-0:3.9.0-14.el7_5.5
  • libvirt-lock-sanlock-0:3.9.0-14.el7_5.5
  • libvirt-login-shell-0:3.9.0-14.el7_5.5
  • libvirt-nss-0:3.9.0-14.el7_5.5
  • qemu-img-10:1.5.3-156.el7_5.2
  • qemu-kvm-10:1.5.3-156.el7_5.2
  • qemu-kvm-common-10:1.5.3-156.el7_5.2
  • qemu-kvm-debuginfo-10:1.5.3-156.el7_5.2
  • qemu-kvm-tools-10:1.5.3-156.el7_5.2
  • kernel-0:3.10.0-693.25.7.el7
  • kernel-abi-whitelists-0:3.10.0-693.25.7.el7
  • kernel-bootwrapper-0:3.10.0-693.25.7.el7
  • kernel-debug-0:3.10.0-693.25.7.el7
  • kernel-debug-debuginfo-0:3.10.0-693.25.7.el7
  • kernel-debug-devel-0:3.10.0-693.25.7.el7
  • kernel-debuginfo-0:3.10.0-693.25.7.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-693.25.7.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-693.25.7.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-693.25.7.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-693.25.7.el7
  • kernel-devel-0:3.10.0-693.25.7.el7
  • kernel-doc-0:3.10.0-693.25.7.el7
  • kernel-headers-0:3.10.0-693.25.7.el7
  • kernel-kdump-0:3.10.0-693.25.7.el7
  • kernel-kdump-debuginfo-0:3.10.0-693.25.7.el7
  • kernel-kdump-devel-0:3.10.0-693.25.7.el7
  • kernel-tools-0:3.10.0-693.25.7.el7
  • kernel-tools-debuginfo-0:3.10.0-693.25.7.el7
  • kernel-tools-libs-0:3.10.0-693.25.7.el7
  • kernel-tools-libs-devel-0:3.10.0-693.25.7.el7
  • perf-0:3.10.0-693.25.7.el7
  • perf-debuginfo-0:3.10.0-693.25.7.el7
  • python-perf-0:3.10.0-693.25.7.el7
  • python-perf-debuginfo-0:3.10.0-693.25.7.el7
  • kernel-0:3.10.0-514.48.5.el7
  • kernel-abi-whitelists-0:3.10.0-514.48.5.el7
  • kernel-bootwrapper-0:3.10.0-514.48.5.el7
  • kernel-debug-0:3.10.0-514.48.5.el7
  • kernel-debug-debuginfo-0:3.10.0-514.48.5.el7
  • kernel-debug-devel-0:3.10.0-514.48.5.el7
  • kernel-debuginfo-0:3.10.0-514.48.5.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-514.48.5.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-514.48.5.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-514.48.5.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-514.48.5.el7
  • kernel-devel-0:3.10.0-514.48.5.el7
  • kernel-doc-0:3.10.0-514.48.5.el7
  • kernel-headers-0:3.10.0-514.48.5.el7
  • kernel-kdump-0:3.10.0-514.48.5.el7
  • kernel-kdump-debuginfo-0:3.10.0-514.48.5.el7
  • kernel-kdump-devel-0:3.10.0-514.48.5.el7
  • kernel-tools-0:3.10.0-514.48.5.el7
  • kernel-tools-debuginfo-0:3.10.0-514.48.5.el7
  • kernel-tools-libs-0:3.10.0-514.48.5.el7
  • kernel-tools-libs-devel-0:3.10.0-514.48.5.el7
  • perf-0:3.10.0-514.48.5.el7
  • perf-debuginfo-0:3.10.0-514.48.5.el7
  • python-perf-0:3.10.0-514.48.5.el7
  • python-perf-debuginfo-0:3.10.0-514.48.5.el7
  • kernel-0:3.10.0-327.66.5.el7
  • kernel-abi-whitelists-0:3.10.0-327.66.5.el7
  • kernel-bootwrapper-0:3.10.0-327.66.5.el7
  • kernel-debug-0:3.10.0-327.66.5.el7
  • kernel-debug-debuginfo-0:3.10.0-327.66.5.el7
  • kernel-debug-devel-0:3.10.0-327.66.5.el7
  • kernel-debuginfo-0:3.10.0-327.66.5.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-327.66.5.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-327.66.5.el7
  • kernel-devel-0:3.10.0-327.66.5.el7
  • kernel-doc-0:3.10.0-327.66.5.el7
  • kernel-headers-0:3.10.0-327.66.5.el7
  • kernel-tools-0:3.10.0-327.66.5.el7
  • kernel-tools-debuginfo-0:3.10.0-327.66.5.el7
  • kernel-tools-libs-0:3.10.0-327.66.5.el7
  • kernel-tools-libs-devel-0:3.10.0-327.66.5.el7
  • perf-0:3.10.0-327.66.5.el7
  • perf-debuginfo-0:3.10.0-327.66.5.el7
  • python-perf-0:3.10.0-327.66.5.el7
  • python-perf-debuginfo-0:3.10.0-327.66.5.el7
  • kernel-0:2.6.32-573.55.4.el6
  • kernel-abi-whitelists-0:2.6.32-573.55.4.el6
  • kernel-bootwrapper-0:2.6.32-573.55.4.el6
  • kernel-debug-0:2.6.32-573.55.4.el6
  • kernel-debug-debuginfo-0:2.6.32-573.55.4.el6
  • kernel-debug-devel-0:2.6.32-573.55.4.el6
  • kernel-debuginfo-0:2.6.32-573.55.4.el6
  • kernel-debuginfo-common-i686-0:2.6.32-573.55.4.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-573.55.4.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-573.55.4.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-573.55.4.el6
  • kernel-devel-0:2.6.32-573.55.4.el6
  • kernel-doc-0:2.6.32-573.55.4.el6
  • kernel-firmware-0:2.6.32-573.55.4.el6
  • kernel-headers-0:2.6.32-573.55.4.el6
  • kernel-kdump-0:2.6.32-573.55.4.el6
  • kernel-kdump-debuginfo-0:2.6.32-573.55.4.el6
  • kernel-kdump-devel-0:2.6.32-573.55.4.el6
  • perf-0:2.6.32-573.55.4.el6
  • perf-debuginfo-0:2.6.32-573.55.4.el6
  • python-perf-0:2.6.32-573.55.4.el6
  • python-perf-debuginfo-0:2.6.32-573.55.4.el6
  • kernel-0:2.6.32-504.69.3.el6
  • kernel-abi-whitelists-0:2.6.32-504.69.3.el6
  • kernel-debug-0:2.6.32-504.69.3.el6
  • kernel-debug-debuginfo-0:2.6.32-504.69.3.el6
  • kernel-debug-devel-0:2.6.32-504.69.3.el6
  • kernel-debuginfo-0:2.6.32-504.69.3.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-504.69.3.el6
  • kernel-devel-0:2.6.32-504.69.3.el6
  • kernel-doc-0:2.6.32-504.69.3.el6
  • kernel-firmware-0:2.6.32-504.69.3.el6
  • kernel-headers-0:2.6.32-504.69.3.el6
  • perf-0:2.6.32-504.69.3.el6
  • perf-debuginfo-0:2.6.32-504.69.3.el6
  • python-perf-0:2.6.32-504.69.3.el6
  • python-perf-debuginfo-0:2.6.32-504.69.3.el6
  • kernel-0:2.6.32-431.89.4.el6
  • kernel-abi-whitelists-0:2.6.32-431.89.4.el6
  • kernel-debug-0:2.6.32-431.89.4.el6
  • kernel-debug-debuginfo-0:2.6.32-431.89.4.el6
  • kernel-debug-devel-0:2.6.32-431.89.4.el6
  • kernel-debuginfo-0:2.6.32-431.89.4.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-431.89.4.el6
  • kernel-devel-0:2.6.32-431.89.4.el6
  • kernel-doc-0:2.6.32-431.89.4.el6
  • kernel-firmware-0:2.6.32-431.89.4.el6
  • kernel-headers-0:2.6.32-431.89.4.el6
  • perf-0:2.6.32-431.89.4.el6
  • perf-debuginfo-0:2.6.32-431.89.4.el6
  • python-perf-0:2.6.32-431.89.4.el6
  • python-perf-debuginfo-0:2.6.32-431.89.4.el6
  • kernel-0:2.6.32-358.88.4.el6
  • kernel-debug-0:2.6.32-358.88.4.el6
  • kernel-debug-debuginfo-0:2.6.32-358.88.4.el6
  • kernel-debug-devel-0:2.6.32-358.88.4.el6
  • kernel-debuginfo-0:2.6.32-358.88.4.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-358.88.4.el6
  • kernel-devel-0:2.6.32-358.88.4.el6
  • kernel-doc-0:2.6.32-358.88.4.el6
  • kernel-firmware-0:2.6.32-358.88.4.el6
  • kernel-headers-0:2.6.32-358.88.4.el6
  • perf-0:2.6.32-358.88.4.el6
  • perf-debuginfo-0:2.6.32-358.88.4.el6
  • python-perf-0:2.6.32-358.88.4.el6
  • python-perf-debuginfo-0:2.6.32-358.88.4.el6
  • kernel-rt-1:3.10.0-693.25.7.rt56.615.el6rt
  • kernel-rt-debug-1:3.10.0-693.25.7.rt56.615.el6rt
  • kernel-rt-debug-debuginfo-1:3.10.0-693.25.7.rt56.615.el6rt
  • kernel-rt-debug-devel-1:3.10.0-693.25.7.rt56.615.el6rt
  • kernel-rt-debuginfo-1:3.10.0-693.25.7.rt56.615.el6rt
  • kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.7.rt56.615.el6rt
  • kernel-rt-devel-1:3.10.0-693.25.7.rt56.615.el6rt
  • kernel-rt-doc-1:3.10.0-693.25.7.rt56.615.el6rt
  • kernel-rt-firmware-1:3.10.0-693.25.7.rt56.615.el6rt
  • kernel-rt-trace-1:3.10.0-693.25.7.rt56.615.el6rt
  • kernel-rt-trace-debuginfo-1:3.10.0-693.25.7.rt56.615.el6rt
  • kernel-rt-trace-devel-1:3.10.0-693.25.7.rt56.615.el6rt
  • kernel-rt-vanilla-1:3.10.0-693.25.7.rt56.615.el6rt
  • kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.7.rt56.615.el6rt
  • kernel-rt-vanilla-devel-1:3.10.0-693.25.7.rt56.615.el6rt
  • qemu-img-rhev-10:2.10.0-21.el7_5.3
  • qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3
  • qemu-kvm-rhev-10:2.10.0-21.el7_5.3
  • qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3
  • qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3
  • qemu-img-rhev-10:2.10.0-21.el7_5.3
  • qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3
  • qemu-kvm-rhev-10:2.10.0-21.el7_5.3
  • qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3
  • qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3
  • qemu-img-rhev-10:2.10.0-21.el7_5.3
  • qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3
  • qemu-kvm-rhev-10:2.10.0-21.el7_5.3
  • qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3
  • qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3
  • qemu-img-rhev-10:2.10.0-21.el7_5.3
  • qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3
  • qemu-kvm-rhev-10:2.10.0-21.el7_5.3
  • qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3
  • qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3
  • java-1.7.0-openjdk-1:1.7.0.181-2.6.14.8.el6_9
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.181-2.6.14.8.el6_9
  • java-1.7.0-openjdk-demo-1:1.7.0.181-2.6.14.8.el6_9
  • java-1.7.0-openjdk-devel-1:1.7.0.181-2.6.14.8.el6_9
  • java-1.7.0-openjdk-javadoc-1:1.7.0.181-2.6.14.8.el6_9
  • java-1.7.0-openjdk-src-1:1.7.0.181-2.6.14.8.el6_9
  • java-1.7.0-openjdk-1:1.7.0.181-2.6.14.8.el7_5
  • java-1.7.0-openjdk-accessibility-1:1.7.0.181-2.6.14.8.el7_5
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.181-2.6.14.8.el7_5
  • java-1.7.0-openjdk-demo-1:1.7.0.181-2.6.14.8.el7_5
  • java-1.7.0-openjdk-devel-1:1.7.0.181-2.6.14.8.el7_5
  • java-1.7.0-openjdk-headless-1:1.7.0.181-2.6.14.8.el7_5
  • java-1.7.0-openjdk-javadoc-1:1.7.0.181-2.6.14.8.el7_5
  • java-1.7.0-openjdk-src-1:1.7.0.181-2.6.14.8.el7_5
  • java-1.8.0-openjdk-1:1.8.0.171-8.b10.el7_5
  • java-1.8.0-openjdk-accessibility-1:1.8.0.171-8.b10.el7_5
  • java-1.8.0-openjdk-accessibility-debug-1:1.8.0.171-8.b10.el7_5
  • java-1.8.0-openjdk-debug-1:1.8.0.171-8.b10.el7_5
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.171-8.b10.el7_5
  • java-1.8.0-openjdk-demo-1:1.8.0.171-8.b10.el7_5
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.171-8.b10.el7_5
  • java-1.8.0-openjdk-devel-1:1.8.0.171-8.b10.el7_5
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.171-8.b10.el7_5
  • java-1.8.0-openjdk-headless-1:1.8.0.171-8.b10.el7_5
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.171-8.b10.el7_5
  • java-1.8.0-openjdk-javadoc-1:1.8.0.171-8.b10.el7_5
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.171-8.b10.el7_5
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.171-8.b10.el7_5
  • java-1.8.0-openjdk-javadoc-zip-debug-1:1.8.0.171-8.b10.el7_5
  • java-1.8.0-openjdk-src-1:1.8.0.171-8.b10.el7_5
  • java-1.8.0-openjdk-src-debug-1:1.8.0.171-8.b10.el7_5
  • java-1.8.0-openjdk-1:1.8.0.171-8.b10.el6_9
  • java-1.8.0-openjdk-debug-1:1.8.0.171-8.b10.el6_9
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.171-8.b10.el6_9
  • java-1.8.0-openjdk-demo-1:1.8.0.171-8.b10.el6_9
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.171-8.b10.el6_9
  • java-1.8.0-openjdk-devel-1:1.8.0.171-8.b10.el6_9
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.171-8.b10.el6_9
  • java-1.8.0-openjdk-headless-1:1.8.0.171-8.b10.el6_9
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.171-8.b10.el6_9
  • java-1.8.0-openjdk-javadoc-1:1.8.0.171-8.b10.el6_9
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.171-8.b10.el6_9
  • java-1.8.0-openjdk-src-1:1.8.0.171-8.b10.el6_9
  • java-1.8.0-openjdk-src-debug-1:1.8.0.171-8.b10.el6_9
  • kernel-0:2.6.32-696.30.1.el6
  • kernel-abi-whitelists-0:2.6.32-696.30.1.el6
  • kernel-bootwrapper-0:2.6.32-696.30.1.el6
  • kernel-debug-0:2.6.32-696.30.1.el6
  • kernel-debug-debuginfo-0:2.6.32-696.30.1.el6
  • kernel-debug-devel-0:2.6.32-696.30.1.el6
  • kernel-debuginfo-0:2.6.32-696.30.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-696.30.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-696.30.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-696.30.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-696.30.1.el6
  • kernel-devel-0:2.6.32-696.30.1.el6
  • kernel-doc-0:2.6.32-696.30.1.el6
  • kernel-firmware-0:2.6.32-696.30.1.el6
  • kernel-headers-0:2.6.32-696.30.1.el6
  • kernel-kdump-0:2.6.32-696.30.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-696.30.1.el6
  • kernel-kdump-devel-0:2.6.32-696.30.1.el6
  • perf-0:2.6.32-696.30.1.el6
  • perf-debuginfo-0:2.6.32-696.30.1.el6
  • python-perf-0:2.6.32-696.30.1.el6
  • python-perf-debuginfo-0:2.6.32-696.30.1.el6
  • libvirt-0:3.2.0-14.el7_4.10
  • libvirt-admin-0:3.2.0-14.el7_4.10
  • libvirt-client-0:3.2.0-14.el7_4.10
  • libvirt-daemon-0:3.2.0-14.el7_4.10
  • libvirt-daemon-config-network-0:3.2.0-14.el7_4.10
  • libvirt-daemon-config-nwfilter-0:3.2.0-14.el7_4.10
  • libvirt-daemon-driver-interface-0:3.2.0-14.el7_4.10
  • libvirt-daemon-driver-lxc-0:3.2.0-14.el7_4.10
  • libvirt-daemon-driver-network-0:3.2.0-14.el7_4.10
  • libvirt-daemon-driver-nodedev-0:3.2.0-14.el7_4.10
  • libvirt-daemon-driver-nwfilter-0:3.2.0-14.el7_4.10
  • libvirt-daemon-driver-qemu-0:3.2.0-14.el7_4.10
  • libvirt-daemon-driver-secret-0:3.2.0-14.el7_4.10
  • libvirt-daemon-driver-storage-0:3.2.0-14.el7_4.10
  • libvirt-daemon-driver-storage-core-0:3.2.0-14.el7_4.10
  • libvirt-daemon-driver-storage-disk-0:3.2.0-14.el7_4.10
  • libvirt-daemon-driver-storage-gluster-0:3.2.0-14.el7_4.10
  • libvirt-daemon-driver-storage-iscsi-0:3.2.0-14.el7_4.10
  • libvirt-daemon-driver-storage-logical-0:3.2.0-14.el7_4.10
  • libvirt-daemon-driver-storage-mpath-0:3.2.0-14.el7_4.10
  • libvirt-daemon-driver-storage-rbd-0:3.2.0-14.el7_4.10
  • libvirt-daemon-driver-storage-scsi-0:3.2.0-14.el7_4.10
  • libvirt-daemon-kvm-0:3.2.0-14.el7_4.10
  • libvirt-daemon-lxc-0:3.2.0-14.el7_4.10
  • libvirt-debuginfo-0:3.2.0-14.el7_4.10
  • libvirt-devel-0:3.2.0-14.el7_4.10
  • libvirt-docs-0:3.2.0-14.el7_4.10
  • libvirt-libs-0:3.2.0-14.el7_4.10
  • libvirt-lock-sanlock-0:3.2.0-14.el7_4.10
  • libvirt-login-shell-0:3.2.0-14.el7_4.10
  • libvirt-nss-0:3.2.0-14.el7_4.10
  • libvirt-0:2.0.0-10.el7_3.12
  • libvirt-client-0:2.0.0-10.el7_3.12
  • libvirt-daemon-0:2.0.0-10.el7_3.12
  • libvirt-daemon-config-network-0:2.0.0-10.el7_3.12
  • libvirt-daemon-config-nwfilter-0:2.0.0-10.el7_3.12
  • libvirt-daemon-driver-interface-0:2.0.0-10.el7_3.12
  • libvirt-daemon-driver-lxc-0:2.0.0-10.el7_3.12
  • libvirt-daemon-driver-network-0:2.0.0-10.el7_3.12
  • libvirt-daemon-driver-nodedev-0:2.0.0-10.el7_3.12
  • libvirt-daemon-driver-nwfilter-0:2.0.0-10.el7_3.12
  • libvirt-daemon-driver-qemu-0:2.0.0-10.el7_3.12
  • libvirt-daemon-driver-secret-0:2.0.0-10.el7_3.12
  • libvirt-daemon-driver-storage-0:2.0.0-10.el7_3.12
  • libvirt-daemon-kvm-0:2.0.0-10.el7_3.12
  • libvirt-daemon-lxc-0:2.0.0-10.el7_3.12
  • libvirt-debuginfo-0:2.0.0-10.el7_3.12
  • libvirt-devel-0:2.0.0-10.el7_3.12
  • libvirt-docs-0:2.0.0-10.el7_3.12
  • libvirt-lock-sanlock-0:2.0.0-10.el7_3.12
  • libvirt-login-shell-0:2.0.0-10.el7_3.12
  • libvirt-nss-0:2.0.0-10.el7_3.12
  • qemu-img-rhev-10:2.6.0-28.el7_3.17
  • qemu-kvm-common-rhev-10:2.6.0-28.el7_3.17
  • qemu-kvm-rhev-10:2.6.0-28.el7_3.17
  • qemu-kvm-rhev-debuginfo-10:2.6.0-28.el7_3.17
  • qemu-kvm-tools-rhev-10:2.6.0-28.el7_3.17
  • qemu-img-rhev-10:2.10.0-21.el7_5.3
  • qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3
  • qemu-kvm-rhev-10:2.10.0-21.el7_5.3
  • qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3
  • qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3
  • qemu-guest-agent-2:0.12.1.2-2.355.el6_4.11
  • qemu-guest-agent-win32-2:0.12.1.2-2.355.el6_4.11
  • qemu-img-2:0.12.1.2-2.355.el6_4.11
  • qemu-kvm-2:0.12.1.2-2.355.el6_4.11
  • qemu-kvm-debuginfo-2:0.12.1.2-2.355.el6_4.11
  • qemu-kvm-tools-2:0.12.1.2-2.355.el6_4.11
  • qemu-guest-agent-2:0.12.1.2-2.415.el6_5.18
  • qemu-img-2:0.12.1.2-2.415.el6_5.18
  • qemu-kvm-2:0.12.1.2-2.415.el6_5.18
  • qemu-kvm-debuginfo-2:0.12.1.2-2.415.el6_5.18
  • qemu-kvm-tools-2:0.12.1.2-2.415.el6_5.18
  • qemu-guest-agent-2:0.12.1.2-2.448.el6_6.6
  • qemu-img-2:0.12.1.2-2.448.el6_6.6
  • qemu-kvm-2:0.12.1.2-2.448.el6_6.6
  • qemu-kvm-debuginfo-2:0.12.1.2-2.448.el6_6.6
  • qemu-kvm-tools-2:0.12.1.2-2.448.el6_6.6
  • qemu-guest-agent-2:0.12.1.2-2.479.el6_7.7
  • qemu-img-2:0.12.1.2-2.479.el6_7.7
  • qemu-kvm-2:0.12.1.2-2.479.el6_7.7
  • qemu-kvm-debuginfo-2:0.12.1.2-2.479.el6_7.7
  • qemu-kvm-tools-2:0.12.1.2-2.479.el6_7.7
  • qemu-guest-agent-2:0.12.1.2-2.503.el6_9.6
  • qemu-img-2:0.12.1.2-2.503.el6_9.6
  • qemu-kvm-2:0.12.1.2-2.503.el6_9.6
  • qemu-kvm-debuginfo-2:0.12.1.2-2.503.el6_9.6
  • qemu-kvm-tools-2:0.12.1.2-2.503.el6_9.6
  • libcacard-10:1.5.3-105.el7_2.17
  • libcacard-devel-10:1.5.3-105.el7_2.17
  • libcacard-tools-10:1.5.3-105.el7_2.17
  • qemu-img-10:1.5.3-105.el7_2.17
  • qemu-kvm-10:1.5.3-105.el7_2.17
  • qemu-kvm-common-10:1.5.3-105.el7_2.17
  • qemu-kvm-debuginfo-10:1.5.3-105.el7_2.17
  • qemu-kvm-tools-10:1.5.3-105.el7_2.17
  • qemu-img-10:1.5.3-126.el7_3.14
  • qemu-kvm-10:1.5.3-126.el7_3.14
  • qemu-kvm-common-10:1.5.3-126.el7_3.14
  • qemu-kvm-debuginfo-10:1.5.3-126.el7_3.14
  • qemu-kvm-tools-10:1.5.3-126.el7_3.14
  • qemu-img-10:1.5.3-141.el7_4.7
  • qemu-kvm-10:1.5.3-141.el7_4.7
  • qemu-kvm-common-10:1.5.3-141.el7_4.7
  • qemu-kvm-debuginfo-10:1.5.3-141.el7_4.7
  • qemu-kvm-tools-10:1.5.3-141.el7_4.7
  • libvirt-0:0.10.2-18.el6_4.17
  • libvirt-client-0:0.10.2-18.el6_4.17
  • libvirt-debuginfo-0:0.10.2-18.el6_4.17
  • libvirt-devel-0:0.10.2-18.el6_4.17
  • libvirt-lock-sanlock-0:0.10.2-18.el6_4.17
  • libvirt-python-0:0.10.2-18.el6_4.17
  • libvirt-0:0.10.2-29.el6_5.16
  • libvirt-client-0:0.10.2-29.el6_5.16
  • libvirt-debuginfo-0:0.10.2-29.el6_5.16
  • libvirt-devel-0:0.10.2-29.el6_5.16
  • libvirt-lock-sanlock-0:0.10.2-29.el6_5.16
  • libvirt-python-0:0.10.2-29.el6_5.16
  • libvirt-0:0.10.2-46.el6_6.8
  • libvirt-client-0:0.10.2-46.el6_6.8
  • libvirt-debuginfo-0:0.10.2-46.el6_6.8
  • libvirt-devel-0:0.10.2-46.el6_6.8
  • libvirt-lock-sanlock-0:0.10.2-46.el6_6.8
  • libvirt-python-0:0.10.2-46.el6_6.8
  • libvirt-0:0.10.2-54.el6_7.8
  • libvirt-client-0:0.10.2-54.el6_7.8
  • libvirt-debuginfo-0:0.10.2-54.el6_7.8
  • libvirt-devel-0:0.10.2-54.el6_7.8
  • libvirt-lock-sanlock-0:0.10.2-54.el6_7.8
  • libvirt-python-0:0.10.2-54.el6_7.8
  • libvirt-0:1.2.17-13.el7_2.8
  • libvirt-client-0:1.2.17-13.el7_2.8
  • libvirt-daemon-0:1.2.17-13.el7_2.8
  • libvirt-daemon-config-network-0:1.2.17-13.el7_2.8
  • libvirt-daemon-config-nwfilter-0:1.2.17-13.el7_2.8
  • libvirt-daemon-driver-interface-0:1.2.17-13.el7_2.8
  • libvirt-daemon-driver-lxc-0:1.2.17-13.el7_2.8
  • libvirt-daemon-driver-network-0:1.2.17-13.el7_2.8
  • libvirt-daemon-driver-nodedev-0:1.2.17-13.el7_2.8
  • libvirt-daemon-driver-nwfilter-0:1.2.17-13.el7_2.8
  • libvirt-daemon-driver-qemu-0:1.2.17-13.el7_2.8
  • libvirt-daemon-driver-secret-0:1.2.17-13.el7_2.8
  • libvirt-daemon-driver-storage-0:1.2.17-13.el7_2.8
  • libvirt-daemon-kvm-0:1.2.17-13.el7_2.8
  • libvirt-daemon-lxc-0:1.2.17-13.el7_2.8
  • libvirt-debuginfo-0:1.2.17-13.el7_2.8
  • libvirt-devel-0:1.2.17-13.el7_2.8
  • libvirt-docs-0:1.2.17-13.el7_2.8
  • libvirt-lock-sanlock-0:1.2.17-13.el7_2.8
  • libvirt-login-shell-0:1.2.17-13.el7_2.8
  • libvirt-0:0.10.2-62.el6_9.2
  • libvirt-client-0:0.10.2-62.el6_9.2
  • libvirt-debuginfo-0:0.10.2-62.el6_9.2
  • libvirt-devel-0:0.10.2-62.el6_9.2
  • libvirt-lock-sanlock-0:0.10.2-62.el6_9.2
  • libvirt-python-0:0.10.2-62.el6_9.2
  • rhvm-setup-plugins-0:4.2.9-1.el7ev
  • vdsm-0:4.20.27.2-1.el7ev
  • vdsm-api-0:4.20.27.2-1.el7ev
  • vdsm-client-0:4.20.27.2-1.el7ev
  • vdsm-common-0:4.20.27.2-1.el7ev
  • vdsm-hook-checkips-0:4.20.27.2-1.el7ev
  • vdsm-hook-cpuflags-0:4.20.27.2-1.el7ev
  • vdsm-hook-ethtool-options-0:4.20.27.2-1.el7ev
  • vdsm-hook-extra-ipv4-addrs-0:4.20.27.2-1.el7ev
  • vdsm-hook-fcoe-0:4.20.27.2-1.el7ev
  • vdsm-hook-localdisk-0:4.20.27.2-1.el7ev
  • vdsm-hook-macspoof-0:4.20.27.2-1.el7ev
  • vdsm-hook-nestedvt-0:4.20.27.2-1.el7ev
  • vdsm-hook-openstacknet-0:4.20.27.2-1.el7ev
  • vdsm-hook-vfio-mdev-0:4.20.27.2-1.el7ev
  • vdsm-hook-vhostmd-0:4.20.27.2-1.el7ev
  • vdsm-hook-vmfex-dev-0:4.20.27.2-1.el7ev
  • vdsm-http-0:4.20.27.2-1.el7ev
  • vdsm-jsonrpc-0:4.20.27.2-1.el7ev
  • vdsm-network-0:4.20.27.2-1.el7ev
  • vdsm-python-0:4.20.27.2-1.el7ev
  • vdsm-yajsonrpc-0:4.20.27.2-1.el7ev
  • ovirt-engine-0:4.2.3.6-0.1.el7
  • ovirt-engine-backend-0:4.2.3.6-0.1.el7
  • ovirt-engine-dbscripts-0:4.2.3.6-0.1.el7
  • ovirt-engine-extensions-api-impl-0:4.2.3.6-0.1.el7
  • ovirt-engine-extensions-api-impl-javadoc-0:4.2.3.6-0.1.el7
  • ovirt-engine-health-check-bundler-0:4.2.3.6-0.1.el7
  • ovirt-engine-lib-0:4.2.3.6-0.1.el7
  • ovirt-engine-restapi-0:4.2.3.6-0.1.el7
  • ovirt-engine-setup-0:4.2.3.6-0.1.el7
  • ovirt-engine-setup-base-0:4.2.3.6-0.1.el7
  • ovirt-engine-setup-plugin-ovirt-engine-0:4.2.3.6-0.1.el7
  • ovirt-engine-setup-plugin-ovirt-engine-common-0:4.2.3.6-0.1.el7
  • ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.2.3.6-0.1.el7
  • ovirt-engine-setup-plugin-websocket-proxy-0:4.2.3.6-0.1.el7
  • ovirt-engine-tools-0:4.2.3.6-0.1.el7
  • ovirt-engine-tools-backup-0:4.2.3.6-0.1.el7
  • ovirt-engine-vmconsole-proxy-helper-0:4.2.3.6-0.1.el7
  • ovirt-engine-webadmin-portal-0:4.2.3.6-0.1.el7
  • ovirt-engine-websocket-proxy-0:4.2.3.6-0.1.el7
  • rhvm-0:4.2.3.6-0.1.el7
  • qemu-img-rhev-10:2.9.0-16.el7_4.17
  • qemu-kvm-common-rhev-10:2.9.0-16.el7_4.17
  • qemu-kvm-rhev-10:2.9.0-16.el7_4.17
  • qemu-kvm-rhev-debuginfo-10:2.9.0-16.el7_4.17
  • qemu-kvm-tools-rhev-10:2.9.0-16.el7_4.17
  • rhevm-0:3.6.13.2-0.1.el6
  • rhevm-backend-0:3.6.13.2-0.1.el6
  • rhevm-dbscripts-0:3.6.13.2-0.1.el6
  • rhevm-extensions-api-impl-0:3.6.13.2-0.1.el6
  • rhevm-extensions-api-impl-javadoc-0:3.6.13.2-0.1.el6
  • rhevm-lib-0:3.6.13.2-0.1.el6
  • rhevm-restapi-0:3.6.13.2-0.1.el6
  • rhevm-setup-0:3.6.13.2-0.1.el6
  • rhevm-setup-base-0:3.6.13.2-0.1.el6
  • rhevm-setup-plugin-ovirt-engine-0:3.6.13.2-0.1.el6
  • rhevm-setup-plugin-ovirt-engine-common-0:3.6.13.2-0.1.el6
  • rhevm-setup-plugin-vmconsole-proxy-helper-0:3.6.13.2-0.1.el6
  • rhevm-setup-plugin-websocket-proxy-0:3.6.13.2-0.1.el6
  • rhevm-tools-0:3.6.13.2-0.1.el6
  • rhevm-tools-backup-0:3.6.13.2-0.1.el6
  • rhevm-userportal-0:3.6.13.2-0.1.el6
  • rhevm-userportal-debuginfo-0:3.6.13.2-0.1.el6
  • rhevm-vmconsole-proxy-helper-0:3.6.13.2-0.1.el6
  • rhevm-webadmin-portal-0:3.6.13.2-0.1.el6
  • rhevm-webadmin-portal-debuginfo-0:3.6.13.2-0.1.el6
  • rhevm-websocket-proxy-0:3.6.13.2-0.1.el6
  • rhevm-setup-plugins-0:3.6.7-1.el6ev
  • vdsm-0:4.17.45-1.el7ev
  • vdsm-cli-0:4.17.45-1.el7ev
  • vdsm-debug-plugin-0:4.17.45-1.el7ev
  • vdsm-hook-ethtool-options-0:4.17.45-1.el7ev
  • vdsm-hook-fcoe-0:4.17.45-1.el7ev
  • vdsm-hook-macspoof-0:4.17.45-1.el7ev
  • vdsm-hook-openstacknet-0:4.17.45-1.el7ev
  • vdsm-hook-vhostmd-0:4.17.45-1.el7ev
  • vdsm-hook-vmfex-dev-0:4.17.45-1.el7ev
  • vdsm-infra-0:4.17.45-1.el7ev
  • vdsm-jsonrpc-0:4.17.45-1.el7ev
  • vdsm-python-0:4.17.45-1.el7ev
  • vdsm-xmlrpc-0:4.17.45-1.el7ev
  • vdsm-yajsonrpc-0:4.17.45-1.el7ev
  • redhat-virtualization-host-image-update-0:4.2-20180518.2.el7_5
  • redhat-virtualization-host-image-update-0:3.6-20180521.0.el7_3
  • rhev-hypervisor7-0:7.3-20180521.1.el6ev
  • rhev-hypervisor7-0:7.3-20180521.1.el7ev
  • kernel-0:3.10.0-514.51.1.el7
  • kernel-abi-whitelists-0:3.10.0-514.51.1.el7
  • kernel-bootwrapper-0:3.10.0-514.51.1.el7
  • kernel-debug-0:3.10.0-514.51.1.el7
  • kernel-debug-debuginfo-0:3.10.0-514.51.1.el7
  • kernel-debug-devel-0:3.10.0-514.51.1.el7
  • kernel-debuginfo-0:3.10.0-514.51.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-514.51.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-514.51.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-514.51.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-514.51.1.el7
  • kernel-devel-0:3.10.0-514.51.1.el7
  • kernel-doc-0:3.10.0-514.51.1.el7
  • kernel-headers-0:3.10.0-514.51.1.el7
  • kernel-kdump-0:3.10.0-514.51.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-514.51.1.el7
  • kernel-kdump-devel-0:3.10.0-514.51.1.el7
  • kernel-tools-0:3.10.0-514.51.1.el7
  • kernel-tools-debuginfo-0:3.10.0-514.51.1.el7
  • kernel-tools-libs-0:3.10.0-514.51.1.el7
  • kernel-tools-libs-devel-0:3.10.0-514.51.1.el7
  • perf-0:3.10.0-514.51.1.el7
  • perf-debuginfo-0:3.10.0-514.51.1.el7
  • python-perf-0:3.10.0-514.51.1.el7
  • python-perf-debuginfo-0:3.10.0-514.51.1.el7
  • kernel-0:3.10.0-693.33.1.el7
  • kernel-abi-whitelists-0:3.10.0-693.33.1.el7
  • kernel-bootwrapper-0:3.10.0-693.33.1.el7
  • kernel-debug-0:3.10.0-693.33.1.el7
  • kernel-debug-debuginfo-0:3.10.0-693.33.1.el7
  • kernel-debug-devel-0:3.10.0-693.33.1.el7
  • kernel-debuginfo-0:3.10.0-693.33.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-693.33.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-693.33.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-693.33.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-693.33.1.el7
  • kernel-devel-0:3.10.0-693.33.1.el7
  • kernel-doc-0:3.10.0-693.33.1.el7
  • kernel-headers-0:3.10.0-693.33.1.el7
  • kernel-kdump-0:3.10.0-693.33.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-693.33.1.el7
  • kernel-kdump-devel-0:3.10.0-693.33.1.el7
  • kernel-tools-0:3.10.0-693.33.1.el7
  • kernel-tools-debuginfo-0:3.10.0-693.33.1.el7
  • kernel-tools-libs-0:3.10.0-693.33.1.el7
  • kernel-tools-libs-devel-0:3.10.0-693.33.1.el7
  • perf-0:3.10.0-693.33.1.el7
  • perf-debuginfo-0:3.10.0-693.33.1.el7
  • python-perf-0:3.10.0-693.33.1.el7
  • python-perf-debuginfo-0:3.10.0-693.33.1.el7
  • kernel-0:2.6.32-573.59.1.el6
  • kernel-abi-whitelists-0:2.6.32-573.59.1.el6
  • kernel-bootwrapper-0:2.6.32-573.59.1.el6
  • kernel-debug-0:2.6.32-573.59.1.el6
  • kernel-debug-debuginfo-0:2.6.32-573.59.1.el6
  • kernel-debug-devel-0:2.6.32-573.59.1.el6
  • kernel-debuginfo-0:2.6.32-573.59.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-573.59.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-573.59.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-573.59.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-573.59.1.el6
  • kernel-devel-0:2.6.32-573.59.1.el6
  • kernel-doc-0:2.6.32-573.59.1.el6
  • kernel-firmware-0:2.6.32-573.59.1.el6
  • kernel-headers-0:2.6.32-573.59.1.el6
  • kernel-kdump-0:2.6.32-573.59.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-573.59.1.el6
  • kernel-kdump-devel-0:2.6.32-573.59.1.el6
  • perf-0:2.6.32-573.59.1.el6
  • perf-debuginfo-0:2.6.32-573.59.1.el6
  • python-perf-0:2.6.32-573.59.1.el6
  • python-perf-debuginfo-0:2.6.32-573.59.1.el6
  • kernel-0:2.6.32-754.el6
  • kernel-abi-whitelists-0:2.6.32-754.el6
  • kernel-bootwrapper-0:2.6.32-754.el6
  • kernel-debug-0:2.6.32-754.el6
  • kernel-debug-debuginfo-0:2.6.32-754.el6
  • kernel-debug-devel-0:2.6.32-754.el6
  • kernel-debuginfo-0:2.6.32-754.el6
  • kernel-debuginfo-common-i686-0:2.6.32-754.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-754.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-754.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-754.el6
  • kernel-devel-0:2.6.32-754.el6
  • kernel-doc-0:2.6.32-754.el6
  • kernel-firmware-0:2.6.32-754.el6
  • kernel-headers-0:2.6.32-754.el6
  • kernel-kdump-0:2.6.32-754.el6
  • kernel-kdump-debuginfo-0:2.6.32-754.el6
  • kernel-kdump-devel-0:2.6.32-754.el6
  • perf-0:2.6.32-754.el6
  • perf-debuginfo-0:2.6.32-754.el6
  • python-perf-0:2.6.32-754.el6
  • python-perf-debuginfo-0:2.6.32-754.el6
  • kernel-0:3.10.0-862.6.3.el7
  • kernel-abi-whitelists-0:3.10.0-862.6.3.el7
  • kernel-bootwrapper-0:3.10.0-862.6.3.el7
  • kernel-debug-0:3.10.0-862.6.3.el7
  • kernel-debug-debuginfo-0:3.10.0-862.6.3.el7
  • kernel-debug-devel-0:3.10.0-862.6.3.el7
  • kernel-debuginfo-0:3.10.0-862.6.3.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-862.6.3.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-862.6.3.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-862.6.3.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-862.6.3.el7
  • kernel-devel-0:3.10.0-862.6.3.el7
  • kernel-doc-0:3.10.0-862.6.3.el7
  • kernel-headers-0:3.10.0-862.6.3.el7
  • kernel-kdump-0:3.10.0-862.6.3.el7
  • kernel-kdump-debuginfo-0:3.10.0-862.6.3.el7
  • kernel-kdump-devel-0:3.10.0-862.6.3.el7
  • kernel-tools-0:3.10.0-862.6.3.el7
  • kernel-tools-debuginfo-0:3.10.0-862.6.3.el7
  • kernel-tools-libs-0:3.10.0-862.6.3.el7
  • kernel-tools-libs-devel-0:3.10.0-862.6.3.el7
  • perf-0:3.10.0-862.6.3.el7
  • perf-debuginfo-0:3.10.0-862.6.3.el7
  • python-perf-0:3.10.0-862.6.3.el7
  • python-perf-debuginfo-0:3.10.0-862.6.3.el7
  • kernel-0:4.14.0-49.8.1.el7a
  • kernel-abi-whitelists-0:4.14.0-49.8.1.el7a
  • kernel-bootwrapper-0:4.14.0-49.8.1.el7a
  • kernel-debug-0:4.14.0-49.8.1.el7a
  • kernel-debug-debuginfo-0:4.14.0-49.8.1.el7a
  • kernel-debug-devel-0:4.14.0-49.8.1.el7a
  • kernel-debuginfo-0:4.14.0-49.8.1.el7a
  • kernel-debuginfo-common-aarch64-0:4.14.0-49.8.1.el7a
  • kernel-debuginfo-common-ppc64le-0:4.14.0-49.8.1.el7a
  • kernel-debuginfo-common-s390x-0:4.14.0-49.8.1.el7a
  • kernel-devel-0:4.14.0-49.8.1.el7a
  • kernel-doc-0:4.14.0-49.8.1.el7a
  • kernel-headers-0:4.14.0-49.8.1.el7a
  • kernel-kdump-0:4.14.0-49.8.1.el7a
  • kernel-kdump-debuginfo-0:4.14.0-49.8.1.el7a
  • kernel-kdump-devel-0:4.14.0-49.8.1.el7a
  • kernel-tools-0:4.14.0-49.8.1.el7a
  • kernel-tools-debuginfo-0:4.14.0-49.8.1.el7a
  • kernel-tools-libs-0:4.14.0-49.8.1.el7a
  • kernel-tools-libs-devel-0:4.14.0-49.8.1.el7a
  • perf-0:4.14.0-49.8.1.el7a
  • perf-debuginfo-0:4.14.0-49.8.1.el7a
  • python-perf-0:4.14.0-49.8.1.el7a
  • python-perf-debuginfo-0:4.14.0-49.8.1.el7a
  • libvirt-0:3.9.0-14.el7_5.6
  • libvirt-admin-0:3.9.0-14.el7_5.6
  • libvirt-client-0:3.9.0-14.el7_5.6
  • libvirt-daemon-0:3.9.0-14.el7_5.6
  • libvirt-daemon-config-network-0:3.9.0-14.el7_5.6
  • libvirt-daemon-config-nwfilter-0:3.9.0-14.el7_5.6
  • libvirt-daemon-driver-interface-0:3.9.0-14.el7_5.6
  • libvirt-daemon-driver-lxc-0:3.9.0-14.el7_5.6
  • libvirt-daemon-driver-network-0:3.9.0-14.el7_5.6
  • libvirt-daemon-driver-nodedev-0:3.9.0-14.el7_5.6
  • libvirt-daemon-driver-nwfilter-0:3.9.0-14.el7_5.6
  • libvirt-daemon-driver-qemu-0:3.9.0-14.el7_5.6
  • libvirt-daemon-driver-secret-0:3.9.0-14.el7_5.6
  • libvirt-daemon-driver-storage-0:3.9.0-14.el7_5.6
  • libvirt-daemon-driver-storage-core-0:3.9.0-14.el7_5.6
  • libvirt-daemon-driver-storage-disk-0:3.9.0-14.el7_5.6
  • libvirt-daemon-driver-storage-gluster-0:3.9.0-14.el7_5.6
  • libvirt-daemon-driver-storage-iscsi-0:3.9.0-14.el7_5.6
  • libvirt-daemon-driver-storage-logical-0:3.9.0-14.el7_5.6
  • libvirt-daemon-driver-storage-mpath-0:3.9.0-14.el7_5.6
  • libvirt-daemon-driver-storage-rbd-0:3.9.0-14.el7_5.6
  • libvirt-daemon-driver-storage-scsi-0:3.9.0-14.el7_5.6
  • libvirt-daemon-kvm-0:3.9.0-14.el7_5.6
  • libvirt-daemon-lxc-0:3.9.0-14.el7_5.6
  • libvirt-debuginfo-0:3.9.0-14.el7_5.6
  • libvirt-devel-0:3.9.0-14.el7_5.6
  • libvirt-docs-0:3.9.0-14.el7_5.6
  • libvirt-libs-0:3.9.0-14.el7_5.6
  • libvirt-lock-sanlock-0:3.9.0-14.el7_5.6
  • libvirt-login-shell-0:3.9.0-14.el7_5.6
  • libvirt-nss-0:3.9.0-14.el7_5.6
  • qemu-img-10:1.5.3-156.el7_5.3
  • qemu-kvm-10:1.5.3-156.el7_5.3
  • qemu-kvm-common-10:1.5.3-156.el7_5.3
  • qemu-kvm-debuginfo-10:1.5.3-156.el7_5.3
  • qemu-kvm-tools-10:1.5.3-156.el7_5.3
  • kernel-rt-0:3.10.0-862.6.3.rt56.811.el7
  • kernel-rt-debug-0:3.10.0-862.6.3.rt56.811.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-862.6.3.rt56.811.el7
  • kernel-rt-debug-devel-0:3.10.0-862.6.3.rt56.811.el7
  • kernel-rt-debug-kvm-0:3.10.0-862.6.3.rt56.811.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-862.6.3.rt56.811.el7
  • kernel-rt-debuginfo-0:3.10.0-862.6.3.rt56.811.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-862.6.3.rt56.811.el7
  • kernel-rt-devel-0:3.10.0-862.6.3.rt56.811.el7
  • kernel-rt-doc-0:3.10.0-862.6.3.rt56.811.el7
  • kernel-rt-kvm-0:3.10.0-862.6.3.rt56.811.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-862.6.3.rt56.811.el7
  • kernel-rt-trace-0:3.10.0-862.6.3.rt56.811.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-862.6.3.rt56.811.el7
  • kernel-rt-trace-devel-0:3.10.0-862.6.3.rt56.811.el7
  • kernel-rt-trace-kvm-0:3.10.0-862.6.3.rt56.811.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-862.6.3.rt56.811.el7
  • libvirt-0:3.2.0-14.el7_4.11
  • libvirt-admin-0:3.2.0-14.el7_4.11
  • libvirt-client-0:3.2.0-14.el7_4.11
  • libvirt-daemon-0:3.2.0-14.el7_4.11
  • libvirt-daemon-config-network-0:3.2.0-14.el7_4.11
  • libvirt-daemon-config-nwfilter-0:3.2.0-14.el7_4.11
  • libvirt-daemon-driver-interface-0:3.2.0-14.el7_4.11
  • libvirt-daemon-driver-lxc-0:3.2.0-14.el7_4.11
  • libvirt-daemon-driver-network-0:3.2.0-14.el7_4.11
  • libvirt-daemon-driver-nodedev-0:3.2.0-14.el7_4.11
  • libvirt-daemon-driver-nwfilter-0:3.2.0-14.el7_4.11
  • libvirt-daemon-driver-qemu-0:3.2.0-14.el7_4.11
  • libvirt-daemon-driver-secret-0:3.2.0-14.el7_4.11
  • libvirt-daemon-driver-storage-0:3.2.0-14.el7_4.11
  • libvirt-daemon-driver-storage-core-0:3.2.0-14.el7_4.11
  • libvirt-daemon-driver-storage-disk-0:3.2.0-14.el7_4.11
  • libvirt-daemon-driver-storage-gluster-0:3.2.0-14.el7_4.11
  • libvirt-daemon-driver-storage-iscsi-0:3.2.0-14.el7_4.11
  • libvirt-daemon-driver-storage-logical-0:3.2.0-14.el7_4.11
  • libvirt-daemon-driver-storage-mpath-0:3.2.0-14.el7_4.11
  • libvirt-daemon-driver-storage-rbd-0:3.2.0-14.el7_4.11
  • libvirt-daemon-driver-storage-scsi-0:3.2.0-14.el7_4.11
  • libvirt-daemon-kvm-0:3.2.0-14.el7_4.11
  • libvirt-daemon-lxc-0:3.2.0-14.el7_4.11
  • libvirt-debuginfo-0:3.2.0-14.el7_4.11
  • libvirt-devel-0:3.2.0-14.el7_4.11
  • libvirt-docs-0:3.2.0-14.el7_4.11
  • libvirt-libs-0:3.2.0-14.el7_4.11
  • libvirt-lock-sanlock-0:3.2.0-14.el7_4.11
  • libvirt-login-shell-0:3.2.0-14.el7_4.11
  • libvirt-nss-0:3.2.0-14.el7_4.11
  • qemu-img-rhev-10:2.10.0-21.el7_5.4
  • qemu-kvm-common-rhev-10:2.10.0-21.el7_5.4
  • qemu-kvm-rhev-10:2.10.0-21.el7_5.4
  • qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.4
  • qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.4
  • kernel-0:3.10.0-514.53.1.el7
  • kernel-abi-whitelists-0:3.10.0-514.53.1.el7
  • kernel-bootwrapper-0:3.10.0-514.53.1.el7
  • kernel-debug-0:3.10.0-514.53.1.el7
  • kernel-debug-debuginfo-0:3.10.0-514.53.1.el7
  • kernel-debug-devel-0:3.10.0-514.53.1.el7
  • kernel-debuginfo-0:3.10.0-514.53.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-514.53.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-514.53.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-514.53.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-514.53.1.el7
  • kernel-devel-0:3.10.0-514.53.1.el7
  • kernel-doc-0:3.10.0-514.53.1.el7
  • kernel-headers-0:3.10.0-514.53.1.el7
  • kernel-kdump-0:3.10.0-514.53.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-514.53.1.el7
  • kernel-kdump-devel-0:3.10.0-514.53.1.el7
  • kernel-tools-0:3.10.0-514.53.1.el7
  • kernel-tools-debuginfo-0:3.10.0-514.53.1.el7
  • kernel-tools-libs-0:3.10.0-514.53.1.el7
  • kernel-tools-libs-devel-0:3.10.0-514.53.1.el7
  • perf-0:3.10.0-514.53.1.el7
  • perf-debuginfo-0:3.10.0-514.53.1.el7
  • python-perf-0:3.10.0-514.53.1.el7
  • python-perf-debuginfo-0:3.10.0-514.53.1.el7
  • qemu-guest-agent-2:0.12.1.2-2.506.el6_10.1
  • qemu-img-2:0.12.1.2-2.506.el6_10.1
  • qemu-kvm-2:0.12.1.2-2.506.el6_10.1
  • qemu-kvm-debuginfo-2:0.12.1.2-2.506.el6_10.1
  • qemu-kvm-tools-2:0.12.1.2-2.506.el6_10.1
  • kernel-0:2.6.32-754.2.1.el6
  • kernel-abi-whitelists-0:2.6.32-754.2.1.el6
  • kernel-bootwrapper-0:2.6.32-754.2.1.el6
  • kernel-debug-0:2.6.32-754.2.1.el6
  • kernel-debug-debuginfo-0:2.6.32-754.2.1.el6
  • kernel-debug-devel-0:2.6.32-754.2.1.el6
  • kernel-debuginfo-0:2.6.32-754.2.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-754.2.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-754.2.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-754.2.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-754.2.1.el6
  • kernel-devel-0:2.6.32-754.2.1.el6
  • kernel-doc-0:2.6.32-754.2.1.el6
  • kernel-firmware-0:2.6.32-754.2.1.el6
  • kernel-headers-0:2.6.32-754.2.1.el6
  • kernel-kdump-0:2.6.32-754.2.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-754.2.1.el6
  • kernel-kdump-devel-0:2.6.32-754.2.1.el6
  • perf-0:2.6.32-754.2.1.el6
  • perf-debuginfo-0:2.6.32-754.2.1.el6
  • python-perf-0:2.6.32-754.2.1.el6
  • python-perf-debuginfo-0:2.6.32-754.2.1.el6
  • kernel-0:2.6.18-348.40.1.el5
  • kernel-PAE-0:2.6.18-348.40.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-348.40.1.el5
  • kernel-PAE-devel-0:2.6.18-348.40.1.el5
  • kernel-debug-0:2.6.18-348.40.1.el5
  • kernel-debug-debuginfo-0:2.6.18-348.40.1.el5
  • kernel-debug-devel-0:2.6.18-348.40.1.el5
  • kernel-debuginfo-0:2.6.18-348.40.1.el5
  • kernel-debuginfo-common-0:2.6.18-348.40.1.el5
  • kernel-devel-0:2.6.18-348.40.1.el5
  • kernel-doc-0:2.6.18-348.40.1.el5
  • kernel-headers-0:2.6.18-348.40.1.el5
  • kernel-xen-0:2.6.18-348.40.1.el5
  • kernel-xen-debuginfo-0:2.6.18-348.40.1.el5
  • kernel-xen-devel-0:2.6.18-348.40.1.el5
  • kernel-0:2.6.18-433.el5
  • kernel-PAE-0:2.6.18-433.el5
  • kernel-PAE-debuginfo-0:2.6.18-433.el5
  • kernel-PAE-devel-0:2.6.18-433.el5
  • kernel-debug-0:2.6.18-433.el5
  • kernel-debug-debuginfo-0:2.6.18-433.el5
  • kernel-debug-devel-0:2.6.18-433.el5
  • kernel-debuginfo-0:2.6.18-433.el5
  • kernel-debuginfo-common-0:2.6.18-433.el5
  • kernel-devel-0:2.6.18-433.el5
  • kernel-doc-0:2.6.18-433.el5
  • kernel-headers-0:2.6.18-433.el5
  • kernel-kdump-0:2.6.18-433.el5
  • kernel-kdump-debuginfo-0:2.6.18-433.el5
  • kernel-kdump-devel-0:2.6.18-433.el5
  • kernel-xen-0:2.6.18-433.el5
  • kernel-xen-debuginfo-0:2.6.18-433.el5
  • kernel-xen-devel-0:2.6.18-433.el5
  • kernel-0:3.10.0-327.71.1.el7
  • kernel-abi-whitelists-0:3.10.0-327.71.1.el7
  • kernel-bootwrapper-0:3.10.0-327.71.1.el7
  • kernel-debug-0:3.10.0-327.71.1.el7
  • kernel-debug-debuginfo-0:3.10.0-327.71.1.el7
  • kernel-debug-devel-0:3.10.0-327.71.1.el7
  • kernel-debuginfo-0:3.10.0-327.71.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-327.71.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-327.71.1.el7
  • kernel-devel-0:3.10.0-327.71.1.el7
  • kernel-doc-0:3.10.0-327.71.1.el7
  • kernel-headers-0:3.10.0-327.71.1.el7
  • kernel-tools-0:3.10.0-327.71.1.el7
  • kernel-tools-debuginfo-0:3.10.0-327.71.1.el7
  • kernel-tools-libs-0:3.10.0-327.71.1.el7
  • kernel-tools-libs-devel-0:3.10.0-327.71.1.el7
  • perf-0:3.10.0-327.71.1.el7
  • perf-debuginfo-0:3.10.0-327.71.1.el7
  • python-perf-0:3.10.0-327.71.1.el7
  • python-perf-debuginfo-0:3.10.0-327.71.1.el7
  • qemu-img-rhev-10:2.10.0-21.el7_5.4
  • qemu-kvm-common-rhev-10:2.10.0-21.el7_5.4
  • qemu-kvm-rhev-10:2.10.0-21.el7_5.4
  • qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.4
  • qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.4
  • rhev-hypervisor7-0:7.3-20180710.1.el6ev
  • rhev-hypervisor7-0:7.3-20180710.1.el7ev
  • kernel-0:2.6.32-573.60.1.el6
  • kernel-abi-whitelists-0:2.6.32-573.60.1.el6
  • kernel-bootwrapper-0:2.6.32-573.60.1.el6
  • kernel-debug-0:2.6.32-573.60.1.el6
  • kernel-debug-debuginfo-0:2.6.32-573.60.1.el6
  • kernel-debug-devel-0:2.6.32-573.60.1.el6
  • kernel-debuginfo-0:2.6.32-573.60.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-573.60.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-573.60.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-573.60.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-573.60.1.el6
  • kernel-devel-0:2.6.32-573.60.1.el6
  • kernel-doc-0:2.6.32-573.60.1.el6
  • kernel-firmware-0:2.6.32-573.60.1.el6
  • kernel-headers-0:2.6.32-573.60.1.el6
  • kernel-kdump-0:2.6.32-573.60.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-573.60.1.el6
  • kernel-kdump-devel-0:2.6.32-573.60.1.el6
  • perf-0:2.6.32-573.60.1.el6
  • perf-debuginfo-0:2.6.32-573.60.1.el6
  • python-perf-0:2.6.32-573.60.1.el6
  • python-perf-debuginfo-0:2.6.32-573.60.1.el6
  • qemu-img-rhev-10:2.10.0-21.el7_5.4
  • qemu-kvm-common-rhev-10:2.10.0-21.el7_5.4
  • qemu-kvm-rhev-10:2.10.0-21.el7_5.4
  • qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.4
  • qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.4
  • qemu-img-rhev-10:2.10.0-21.el7_5.4
  • qemu-kvm-common-rhev-10:2.10.0-21.el7_5.4
  • qemu-kvm-rhev-10:2.10.0-21.el7_5.4
  • qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.4
  • qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.4
  • kernel-0:2.6.32-504.72.1.el6
  • kernel-abi-whitelists-0:2.6.32-504.72.1.el6
  • kernel-debug-0:2.6.32-504.72.1.el6
  • kernel-debug-debuginfo-0:2.6.32-504.72.1.el6
  • kernel-debug-devel-0:2.6.32-504.72.1.el6
  • kernel-debuginfo-0:2.6.32-504.72.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-504.72.1.el6
  • kernel-devel-0:2.6.32-504.72.1.el6
  • kernel-doc-0:2.6.32-504.72.1.el6
  • kernel-firmware-0:2.6.32-504.72.1.el6
  • kernel-headers-0:2.6.32-504.72.1.el6
  • perf-0:2.6.32-504.72.1.el6
  • perf-debuginfo-0:2.6.32-504.72.1.el6
  • python-perf-0:2.6.32-504.72.1.el6
  • python-perf-debuginfo-0:2.6.32-504.72.1.el6
  • rhvm-setup-plugins-0:4.2.10-1.el7ev
  • qemu-img-rhev-10:2.10.0-21.el7_5.4
  • qemu-kvm-common-rhev-10:2.10.0-21.el7_5.4
  • qemu-kvm-rhev-10:2.10.0-21.el7_5.4
  • qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.4
  • qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.4
  • qemu-img-rhev-10:2.10.0-21.el7_5.4
  • qemu-kvm-common-rhev-10:2.10.0-21.el7_5.4
  • qemu-kvm-rhev-10:2.10.0-21.el7_5.4
  • qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.4
  • qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.4
  • kernel-0:3.10.0-693.37.4.el7
  • kernel-abi-whitelists-0:3.10.0-693.37.4.el7
  • kernel-bootwrapper-0:3.10.0-693.37.4.el7
  • kernel-debug-0:3.10.0-693.37.4.el7
  • kernel-debug-debuginfo-0:3.10.0-693.37.4.el7
  • kernel-debug-devel-0:3.10.0-693.37.4.el7
  • kernel-debuginfo-0:3.10.0-693.37.4.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-693.37.4.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-693.37.4.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-693.37.4.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-693.37.4.el7
  • kernel-devel-0:3.10.0-693.37.4.el7
  • kernel-doc-0:3.10.0-693.37.4.el7
  • kernel-headers-0:3.10.0-693.37.4.el7
  • kernel-kdump-0:3.10.0-693.37.4.el7
  • kernel-kdump-debuginfo-0:3.10.0-693.37.4.el7
  • kernel-kdump-devel-0:3.10.0-693.37.4.el7
  • kernel-tools-0:3.10.0-693.37.4.el7
  • kernel-tools-debuginfo-0:3.10.0-693.37.4.el7
  • kernel-tools-libs-0:3.10.0-693.37.4.el7
  • kernel-tools-libs-devel-0:3.10.0-693.37.4.el7
  • perf-0:3.10.0-693.37.4.el7
  • perf-debuginfo-0:3.10.0-693.37.4.el7
  • python-perf-0:3.10.0-693.37.4.el7
  • python-perf-debuginfo-0:3.10.0-693.37.4.el7
  • kernel-0:2.6.32-358.91.4.el6
  • kernel-debug-0:2.6.32-358.91.4.el6
  • kernel-debug-debuginfo-0:2.6.32-358.91.4.el6
  • kernel-debug-devel-0:2.6.32-358.91.4.el6
  • kernel-debuginfo-0:2.6.32-358.91.4.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-358.91.4.el6
  • kernel-devel-0:2.6.32-358.91.4.el6
  • kernel-doc-0:2.6.32-358.91.4.el6
  • kernel-firmware-0:2.6.32-358.91.4.el6
  • kernel-headers-0:2.6.32-358.91.4.el6
  • perf-0:2.6.32-358.91.4.el6
  • perf-debuginfo-0:2.6.32-358.91.4.el6
  • python-perf-0:2.6.32-358.91.4.el6
  • python-perf-debuginfo-0:2.6.32-358.91.4.el6
  • kernel-rt-1:3.10.0-693.37.4.rt56.629.el6rt
  • kernel-rt-debug-1:3.10.0-693.37.4.rt56.629.el6rt
  • kernel-rt-debug-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt
  • kernel-rt-debug-devel-1:3.10.0-693.37.4.rt56.629.el6rt
  • kernel-rt-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt
  • kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.37.4.rt56.629.el6rt
  • kernel-rt-devel-1:3.10.0-693.37.4.rt56.629.el6rt
  • kernel-rt-doc-1:3.10.0-693.37.4.rt56.629.el6rt
  • kernel-rt-firmware-1:3.10.0-693.37.4.rt56.629.el6rt
  • kernel-rt-trace-1:3.10.0-693.37.4.rt56.629.el6rt
  • kernel-rt-trace-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt
  • kernel-rt-trace-devel-1:3.10.0-693.37.4.rt56.629.el6rt
  • kernel-rt-vanilla-1:3.10.0-693.37.4.rt56.629.el6rt
  • kernel-rt-vanilla-debuginfo-1:3.10.0-693.37.4.rt56.629.el6rt
  • kernel-rt-vanilla-devel-1:3.10.0-693.37.4.rt56.629.el6rt
  • kernel-0:4.14.0-115.el7a
  • kernel-abi-whitelists-0:4.14.0-115.el7a
  • kernel-bootwrapper-0:4.14.0-115.el7a
  • kernel-debug-0:4.14.0-115.el7a
  • kernel-debug-debuginfo-0:4.14.0-115.el7a
  • kernel-debug-devel-0:4.14.0-115.el7a
  • kernel-debuginfo-0:4.14.0-115.el7a
  • kernel-debuginfo-common-aarch64-0:4.14.0-115.el7a
  • kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a
  • kernel-debuginfo-common-s390x-0:4.14.0-115.el7a
  • kernel-devel-0:4.14.0-115.el7a
  • kernel-doc-0:4.14.0-115.el7a
  • kernel-headers-0:4.14.0-115.el7a
  • kernel-kdump-0:4.14.0-115.el7a
  • kernel-kdump-debuginfo-0:4.14.0-115.el7a
  • kernel-kdump-devel-0:4.14.0-115.el7a
  • kernel-tools-0:4.14.0-115.el7a
  • kernel-tools-debuginfo-0:4.14.0-115.el7a
  • kernel-tools-libs-0:4.14.0-115.el7a
  • kernel-tools-libs-devel-0:4.14.0-115.el7a
  • perf-0:4.14.0-115.el7a
  • perf-debuginfo-0:4.14.0-115.el7a
  • python-perf-0:4.14.0-115.el7a
  • python-perf-debuginfo-0:4.14.0-115.el7a
  • libvirt-0:0.10.2-29.el6_5.17
  • libvirt-client-0:0.10.2-29.el6_5.17
  • libvirt-debuginfo-0:0.10.2-29.el6_5.17
  • libvirt-devel-0:0.10.2-29.el6_5.17
  • libvirt-lock-sanlock-0:0.10.2-29.el6_5.17
  • libvirt-python-0:0.10.2-29.el6_5.17
  • qemu-guest-agent-2:0.12.1.2-2.415.el6_5.19
  • qemu-img-2:0.12.1.2-2.415.el6_5.19
  • qemu-kvm-2:0.12.1.2-2.415.el6_5.19
  • qemu-kvm-debuginfo-2:0.12.1.2-2.415.el6_5.19
  • qemu-kvm-tools-2:0.12.1.2-2.415.el6_5.19
  • libvirt-0:2.0.0-10.el7_3.13
  • libvirt-client-0:2.0.0-10.el7_3.13
  • libvirt-daemon-0:2.0.0-10.el7_3.13
  • libvirt-daemon-config-network-0:2.0.0-10.el7_3.13
  • libvirt-daemon-config-nwfilter-0:2.0.0-10.el7_3.13
  • libvirt-daemon-driver-interface-0:2.0.0-10.el7_3.13
  • libvirt-daemon-driver-lxc-0:2.0.0-10.el7_3.13
  • libvirt-daemon-driver-network-0:2.0.0-10.el7_3.13
  • libvirt-daemon-driver-nodedev-0:2.0.0-10.el7_3.13
  • libvirt-daemon-driver-nwfilter-0:2.0.0-10.el7_3.13
  • libvirt-daemon-driver-qemu-0:2.0.0-10.el7_3.13
  • libvirt-daemon-driver-secret-0:2.0.0-10.el7_3.13
  • libvirt-daemon-driver-storage-0:2.0.0-10.el7_3.13
  • libvirt-daemon-kvm-0:2.0.0-10.el7_3.13
  • libvirt-daemon-lxc-0:2.0.0-10.el7_3.13
  • libvirt-debuginfo-0:2.0.0-10.el7_3.13
  • libvirt-devel-0:2.0.0-10.el7_3.13
  • libvirt-docs-0:2.0.0-10.el7_3.13
  • libvirt-lock-sanlock-0:2.0.0-10.el7_3.13
  • libvirt-login-shell-0:2.0.0-10.el7_3.13
  • libvirt-nss-0:2.0.0-10.el7_3.13
  • libvirt-0:0.10.2-18.el6_4.18
  • libvirt-client-0:0.10.2-18.el6_4.18
  • libvirt-debuginfo-0:0.10.2-18.el6_4.18
  • libvirt-devel-0:0.10.2-18.el6_4.18
  • libvirt-lock-sanlock-0:0.10.2-18.el6_4.18
  • libvirt-python-0:0.10.2-18.el6_4.18
  • libvirt-0:0.10.2-46.el6_6.9
  • libvirt-client-0:0.10.2-46.el6_6.9
  • libvirt-debuginfo-0:0.10.2-46.el6_6.9
  • libvirt-devel-0:0.10.2-46.el6_6.9
  • libvirt-lock-sanlock-0:0.10.2-46.el6_6.9
  • libvirt-python-0:0.10.2-46.el6_6.9
  • qemu-guest-agent-2:0.12.1.2-2.355.el6_4.12
  • qemu-guest-agent-win32-2:0.12.1.2-2.355.el6_4.12
  • qemu-img-2:0.12.1.2-2.355.el6_4.12
  • qemu-kvm-2:0.12.1.2-2.355.el6_4.12
  • qemu-kvm-debuginfo-2:0.12.1.2-2.355.el6_4.12
  • qemu-kvm-tools-2:0.12.1.2-2.355.el6_4.12
  • libvirt-0:0.10.2-54.el6_7.9
  • libvirt-client-0:0.10.2-54.el6_7.9
  • libvirt-debuginfo-0:0.10.2-54.el6_7.9
  • libvirt-devel-0:0.10.2-54.el6_7.9
  • libvirt-lock-sanlock-0:0.10.2-54.el6_7.9
  • libvirt-python-0:0.10.2-54.el6_7.9
  • libvirt-0:1.2.17-13.el7_2.9
  • libvirt-client-0:1.2.17-13.el7_2.9
  • libvirt-daemon-0:1.2.17-13.el7_2.9
  • libvirt-daemon-config-network-0:1.2.17-13.el7_2.9
  • libvirt-daemon-config-nwfilter-0:1.2.17-13.el7_2.9
  • libvirt-daemon-driver-interface-0:1.2.17-13.el7_2.9
  • libvirt-daemon-driver-lxc-0:1.2.17-13.el7_2.9
  • libvirt-daemon-driver-network-0:1.2.17-13.el7_2.9
  • libvirt-daemon-driver-nodedev-0:1.2.17-13.el7_2.9
  • libvirt-daemon-driver-nwfilter-0:1.2.17-13.el7_2.9
  • libvirt-daemon-driver-qemu-0:1.2.17-13.el7_2.9
  • libvirt-daemon-driver-secret-0:1.2.17-13.el7_2.9
  • libvirt-daemon-driver-storage-0:1.2.17-13.el7_2.9
  • libvirt-daemon-kvm-0:1.2.17-13.el7_2.9
  • libvirt-daemon-lxc-0:1.2.17-13.el7_2.9
  • libvirt-debuginfo-0:1.2.17-13.el7_2.9
  • libvirt-devel-0:1.2.17-13.el7_2.9
  • libvirt-docs-0:1.2.17-13.el7_2.9
  • libvirt-lock-sanlock-0:1.2.17-13.el7_2.9
  • libvirt-login-shell-0:1.2.17-13.el7_2.9
  • libcacard-10:1.5.3-105.el7_2.18
  • libcacard-devel-10:1.5.3-105.el7_2.18
  • libcacard-tools-10:1.5.3-105.el7_2.18
  • qemu-img-10:1.5.3-105.el7_2.18
  • qemu-kvm-10:1.5.3-105.el7_2.18
  • qemu-kvm-common-10:1.5.3-105.el7_2.18
  • qemu-kvm-debuginfo-10:1.5.3-105.el7_2.18
  • qemu-kvm-tools-10:1.5.3-105.el7_2.18
  • qemu-guest-agent-2:0.12.1.2-2.479.el6_7.8
  • qemu-img-2:0.12.1.2-2.479.el6_7.8
  • qemu-kvm-2:0.12.1.2-2.479.el6_7.8
  • qemu-kvm-debuginfo-2:0.12.1.2-2.479.el6_7.8
  • qemu-kvm-tools-2:0.12.1.2-2.479.el6_7.8
  • qemu-guest-agent-2:0.12.1.2-2.448.el6_6.7
  • qemu-img-2:0.12.1.2-2.448.el6_6.7
  • qemu-kvm-2:0.12.1.2-2.448.el6_6.7
  • qemu-kvm-debuginfo-2:0.12.1.2-2.448.el6_6.7
  • qemu-kvm-tools-2:0.12.1.2-2.448.el6_6.7
  • qemu-img-rhev-10:2.9.0-16.el7_4.18
  • qemu-kvm-common-rhev-10:2.9.0-16.el7_4.18
  • qemu-kvm-rhev-10:2.9.0-16.el7_4.18
  • qemu-kvm-rhev-debuginfo-10:2.9.0-16.el7_4.18
  • qemu-kvm-tools-rhev-10:2.9.0-16.el7_4.18
  • rhvm-setup-plugins-0:4.3.0-1.el7ev

The Hacker News

idTHN:C4C9BC61AD42FB9F46B30ECA56F71393
last seen2018-05-22
modified2018-05-22
published2018-05-22
reporterSwati Khandelwal
sourcehttps://thehackernews.com/2018/05/fourth-critical-spectre-cpu-flaw.html
titleNew Spectre (Variant 4) CPU Flaw Discovered—Intel, ARM, AMD Affected

References