Preisgabe von Informationen in intel-microcode (Aktualisierung)
ID: | USN-3531-3 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.10 |
Datum: | Do, 29. März 2018, 22:29 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 |
Applikationen: | intel-microcode |
Update von: | Preisgabe von Informationen in intel-microcode |
Originalnachricht |
|
--===============9010745721583698817== Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-btgsp/UNaEZcsYSN/KqN" --=-btgsp/UNaEZcsYSN/KqN Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-3531-3 March 29, 2018 intel-microcode update ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: The system could be made to expose sensitive information. Software Description: - intel-microcode: Processor microcode for Intel CPUs Details: Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) This update provides the corrected microcode updates required for the corresponding Linux kernel updates. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: intel-microcode 3.20180312.0~ubuntu17.10.1 Ubuntu 16.04 LTS: intel-microcode 3.20180312.0~ubuntu16.04.1 Ubuntu 14.04 LTS: intel-microcode 3.20180312.0~ubuntu14.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3531-3 https://usn.ubuntu.com/usn/usn-3531-1 CVE-2017-5715 Package Information: https://launchpad.net/ubuntu/+source/intel-microcode/3.20180312.0~ubuntu17.10.1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20180312.0~ubuntu16.04.1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20180312.0~ubuntu14.04.1 --=-btgsp/UNaEZcsYSN/KqN Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCAAGBQJavQp6AAoJEEK++w9AZDrpsl8P/3we0l9iy7pZJXHKRmw+YlPu 5k5rgfeaVZaeO8/ta3vf6Qos/qhkM0wgPM5JNYqLYHnhvm6MU/h72WOFnFOH64yI pZNg6CDrxfurkAOY3tKT6JwYK/B8cyI6A101cqlZvwtrjY/Moyq1qM286qQTr7/+ 7/QYOcyg6jWuYvE8osSumICxElg6cMwhQeqrDnzj1zJ9IY7QKoSl3HOSosiwKBen Z7ASdk54VG9ZZ0tqDIc/KWfWkL8QMMsGcxMCJaJjPJp21NT8xmElxtgr7wA3oXda aQXVfBLsYYPyjdmdcqYEkpc/NLT/007DwStqbPYCDSZyCwuSKnymOOu8m23o4LXo xCHytN46MUobB6a5FjYazB9s+knVyi2jI5hS9UafWP/CyfpakeFom0eTAUtSyonm 7lpLfqn0RwvYoTkO2LlEncj2VFJJJ3MgoyL18H2knLaS2uTDLO7e7ZnjpNQPcLfM zj+6wj6YYZCkLu7G8LT1piXY5YtbJAhBtgoG+C88CXw+Huz7ypxZ3XrIz/u6TZ2v lH4Emd/oZybTtMEKFN8ei6bnpb6XFSGx7S8iaqVqzBaliJOupS92/RLpFt9d+KoI AlvsVN9Y2w+UKMnioMTTuk1Ym9sugMP8QCp0SqPEXsy1BtG7Rvdh574UCom+EH1T shBnEybGOtb0iQvCOjLl =r//D -----END PGP SIGNATURE----- --=-btgsp/UNaEZcsYSN/KqN-- --===============9010745721583698817== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK --===============9010745721583698817==-- |