drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in intel-microcode
Name: |
Zwei Probleme in intel-microcode |
|
ID: |
USN-4182-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 19.04, Ubuntu 19.10 |
|
Datum: |
Di, 12. November 2019, 23:56 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11139 |
|
Applikationen: |
intel-microcode |
|
Originalnachricht |
--===============3062873044501699460== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="2iBwrppp/7QCDedR" Content-Disposition: inline
--2iBwrppp/7QCDedR Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inlin Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-4182-1 November 12, 2019
intel-microcode update ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10 - Ubuntu 19.04 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Intel Microcode.
Software Description: - intel-microcode: Processor microcode for Intel CPUs
Details:
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135)
It was discovered that certain Intel Xeon processors did not properly restrict access to a voltage modulation interface. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2019-11139)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.10: intel-microcode 3.20191112-0ubuntu0.19.10.2
Ubuntu 19.04: intel-microcode 3.20191112-0ubuntu0.19.04.2
Ubuntu 18.04 LTS: intel-microcode 3.20191112-0ubuntu0.18.04.2
Ubuntu 16.04 LTS: intel-microcode 3.20191112-0ubuntu0.16.04.2
After a standard system update you need to reboot your computer. Please note that in order to fully mitigate CVE-2019-11139, a warm reboot is required *after* applying the microcode update; so in effect a second reboot.
References: https://usn.ubuntu.com/4182-1 CVE-2019-11135, CVE-2019-11139, https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915
Package Information: https://launchpad.net/ubuntu/+source/intel-microcode/3.20191112-0ubuntu0.19.10.2 https://launchpad.net/ubuntu/+source/intel-microcode/3.20191112-0ubuntu0.19.04.2 https://launchpad.net/ubuntu/+source/intel-microcode/3.20191112-0ubuntu0.18.04.2 https://launchpad.net/ubuntu/+source/intel-microcode/3.20191112-0ubuntu0.16.04.2
--2iBwrppp/7QCDedR Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl3LLe0ACgkQLwmejQBe gfTVshAAjUguqb7PZjQb8YBwdLkuJmdsg+I8/BxjIy0jMi/vvtTy+wTgN7Hbt5lG rfakgtb9m4//0L5IYYeTYLBT7JXLPieBLAK/MTvmXrDGKC9U7vNDRTNSh75M45O2 maeQe7vmA17sqgmsU/rlTa7ZgPObCXC9WVP7dulACikEhFpJF0pBvSLk2Plet4UQ gd18IDa69HImYW0QNv/G/9qrxebqHnvOOd8hLBWa/55k0rnl/Wl23yBiopWNKduh 6iH6FqL2vHr7kq9HpGgGLlhDVfav3o0HgEHURljmX3Ck33vzkW+gFrQNkj+JzDm6 DoHZOXnxU/nr0unsAOyb6F2mSadMQWvTayPvt4sJVAPM9aILYj3k7OWMJcBLkx6Y R1CXGU8kAW8YeQXG3C8OFSJr2G8g/3SFLDBCD+1esElzn/k4fImCF4n6ACZ0ijpG hHSeZJwDa4S72qKs5xiv8XaaQq08FFyqh7ipTjkpj36n0qTXkbMwWbwTPR02Lfok kVz/4O0wXECzzhp2EAWGhNhbYi6IWYfpD7RoK2X0OrDmgh42b4QsJyK5aQ82rBmR 9YXomVxyLnvoeBIXAVvskCp/MCUsuK1ODIAlE22HRu43Krh+u6Z5mkxxGnpNZfcl UWXU5CX8QoPBzQ73q/oEeY0fpx+N356XP39oEPtAC9mcZRLMdRI= =vXg5 -----END PGP SIGNATURE-----
--2iBwrppp/7QCDedR--
--===============3062873044501699460== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============3062873044501699460==--
|
|
|
|