You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa amd64-microcode

Sigurnosni nedostatak programskog paketa amd64-microcode

by Marina Dimic Vugec - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3690-1
June 20, 2018

amd64-microcode update
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

The system could be made to expose sensitive information.

Software Description:
– amd64-microcode: Processor microcode firmware for AMD CPUs

Details:

Jann Horn discovered that microprocessors utilizing speculative execution
and branch prediction may allow unauthorized memory reads via sidechannel
attacks. This flaw is known as Spectre. A local attacker could use this to
expose sensitive information, including kernel memory.

This update provides the microcode updates for AMD 17H family
processors required for the corresponding Linux kernel updates.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
amd64-microcode 3.20180524.1~ubuntu0.18.04.1

Ubuntu 17.10:
amd64-microcode 3.20180524.1~ubuntu0.17.10.1

Ubuntu 16.04 LTS:
amd64-microcode 3.20180524.1~ubuntu0.16.04.1

Ubuntu 14.04 LTS:
amd64-microcode 3.20180524.1~ubuntu0.14.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3690-1
CVE-2017-5715

Package Information:
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20180524.1~ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20180524.1~ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20180524.1~ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20180524.1~ubuntu0.14.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAlsq07oACgkQLwmejQBe
gfTAWBAAgRDMZ2yppqi8CAv5NSATXQe0amOKs55cWLeR+ytHIE1SC3AZ86Lrmd+Y
+gQ1YjyxWD1wnEGfisOk7J83Pgu9CTcTc8CVgaD/8Q077nEDFn4h264FofJMUZw6
d7YX79lJKuc7r2uGWru60tMeu3Ip6peSiigCa5fsR/Op2f8Ac72BZ8Ap/0eLZkrC
gX/AkIn/dKPeaQOWYKHCEAdw5HT+UnxyKHPXZOhgNV8dXzDHhoD9kHF5rf6AFs4P
QVmqsZCxlGOgMjf9n+Jm4POBSTCvP974/z0TNg62rnlHWUQnBCVyS75xVX6pbwA5
taiVeCovMJeL78PD3kHpVQbWm8ljChydh4bD+3A7A9KEkGOPiIbysZptBW1vHiJn
UYakNIdq+D6kon46lLx1b+ikOt+QVQrbdJa/PiiJj1r1ysWQqqbQ4TTjDoLN0Dgt
ZhCbiMfhqmNX3E/I6/FPX2qcSdLaoQutCXoZ8UASarVJSJ/jSzZLHQNLcbV2OjX+
eyKbxtHN8gn18zgW/sb3AsFyHO1Sx2v/729DPNAa6cgW+SkU7Ysp3kxjmFsWrmDZ
zqKfhdzhYDBBYobWpsrbtFLdt4oWW0hEQx5W0DgyN0FDDV4rf1/qlT7scXL74VSI
7iQtrJ/CwipOlX3eEQEGfNWcKqBGo2nbjY2nPjTYCucmCQ0i234=
=Yowe
—–END PGP SIGNATURE—–

AutorZvonimir Bosnjak
Cert idNCERT-REF-2018-06-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Marina Dimic Vugec
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa git

Otkriven je sigurnosni nedostatak u programskom paketu git za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog...

Close