intel-microcode vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary
The system could be made to expose sensitive information.
Software Description
- intel-microcode - Processor microcode for Intel CPUs
Details
It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646)
Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639)
Zdenek Sojka, Rudolf Marek, Alex Zuepke, and Innokentiy Sennovskiy discovered that microprocessors that perform speculative reads of system registers may allow unauthorized disclosure of system parameters via a sidechannel attack. This vulnerability is also known as Rogue System Register Read (RSRE). An attacker could use this to expose sensitive information. (CVE-2018-3640)
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 18.04 LTS
- intel-microcode - 3.20180807a.0ubuntu0.18.04.1
- Ubuntu 16.04 LTS
- intel-microcode - 3.20180807a.0ubuntu0.16.04.1
- Ubuntu 14.04 LTS
- intel-microcode - 3.20180807a.0ubuntu0.14.04.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make all the necessary changes.
References
from Ubuntu Security Notices https://ift.tt/2PaDjao
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.