| Summary: | Update request: kernel-linus-4.14.65-1.mga6 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | High | CC: | linux, sysadmin-bugs, tarazed25 |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | mga6-64-ok, mga6-32-ok | ||
| Source RPM: | kernel-linus | CVE: | |
| Status comment: | |||
| Bug Depends on: | 23457 | ||
| Bug Blocks: | |||
|
Description
Thomas Backlund
2018-08-17 18:39:15 CEST
This also wants the microcode update released before or at the same time as this update Priority:
Normal =>
High
Advisory, added to svn:
type: security
subject: Updated kernel-linus packages fix security vulnerabilities
CVE:
- CVE-2018-3615
- CVE-2018-3620
- CVE-2018-3646
src:
6:
core:
- kernel-linus-4.14.64-1.mga6
description: |
This kernel-linus update is based on the upstream 4.14.64 and adds fixes
and mitigations for the now publically known security issue affecting
Intel processors called L1 Terminal Fault (L1TF):
Systems with microprocessors utilizing speculative execution and Intel
Software Guard Extensions (Intel SGX) may allow unauthorized disclosure
of information residing in the L1 data cache from an enclave to an
attacker with local user access via side-channel analysis (CVE-2018-3615).
Systems with microprocessors utilizing speculative execution and address
translations may allow unauthorized disclosure of information residing in
the L1 data cache to an attacker with local user access via a terminal
page fault and side-channel analysis (CVE-2018-3620).
Systems with microprocessors utilizing speculative execution and address
translations may allow unauthorized disclosure of information residing in
the L1 data cache to an attacker with local user access with guest OS
privilege via a terminal page fault and side-channel analysis
(CVE-2018-3646).
The impact of the L1TF security issues:
* Malicious applications may be able to infer the values of data in the
operating system memory, or data from other applications.
* A malicious guest virtual machine (VM) may be able to infer the values
of data in the VMM’s memory, or values of data in the memory of other
guest VMs.
* Malicious software running outside of SMM may be able to infer values
of data in SMM memory.
* Malicious software running outside of an Intel® SGX enclave or within an
enclave may be able to infer data from within another Intel SGX enclave.
NOTE! You also need to install the the 0.20180807-1.mga6.nonfree microcode
update (mga#23457) or a bios update from your hardware vendor containing
the updated microcodes to get all current set of fixes and mitigations
for L1TF.
For other upstream fixes in this update, see the referenced changelogs.
references:
- https://bugs.mageia.org/show_bug.cgi?id=23460
- https://bugs.mageia.org/show_bug.cgi?id=23457
- https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.63
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.64Keywords:
(none) =>
advisory There is a new hotfix kernel upstream - Kernel 4.14.65 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.65 CC:
(none) =>
linux An of course one beoken thing with l1tf fixes was found upstream, so a 4.14.65 was released... :/ So I'm re-spinning all kernels to pick it up... Whiteboard:
(none) =>
feedback 4.14.65 is mirroring out... (and the only change compared to 4.14.64 is the l1tf fix) so rpms to test: SRPMS: kernel-linus-4.14.65-1.mga6.src.rpm i586: kernel-linus-4.14.65-1.mga6-1-1.mga6.i586.rpm kernel-linus-devel-4.14.65-1.mga6-1-1.mga6.i586.rpm kernel-linus-devel-latest-4.14.65-1.mga6.i586.rpm kernel-linus-doc-4.14.65-1.mga6.noarch.rpm kernel-linus-latest-4.14.65-1.mga6.i586.rpm kernel-linus-source-4.14.65-1.mga6-1-1.mga6.noarch.rpm kernel-linus-source-latest-4.14.65-1.mga6.noarch.rpm x86_64: kernel-linus-4.14.65-1.mga6-1-1.mga6.x86_64.rpm kernel-linus-devel-4.14.65-1.mga6-1-1.mga6.x86_64.rpm kernel-linus-devel-latest-4.14.65-1.mga6.x86_64.rpm kernel-linus-doc-4.14.65-1.mga6.noarch.rpm kernel-linus-latest-4.14.65-1.mga6.x86_64.rpm kernel-linus-source-4.14.65-1.mga6-1-1.mga6.noarch.rpm kernel-linus-source-latest-4.14.65-1.mga6.noarch.rpm Summary:
Update request: kernel-linus-4.14.64-1.mga6 =>
Update request: kernel-linus-4.14.65-1.mga6 Rebooted to Mate. No issues so far. Doing my morning chores with it. Stress tests terminated OK. $ uname -r 4.14.65-1.mga6 Intel Core i7-4790, NVIDIA GeForce GTX 970, Mobo: MSI model: Z97-G43 CC:
(none) =>
tarazed25 Enough tests... Validating and flushing out due to the severity Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0347.html Status:
NEW =>
RESOLVED |