The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Intel processors: information disclosure via performance measurement

Synthesis of the vulnerability 

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Vulnerable systems: XenServer, Debian, Avamar, NetWorker, Fedora, FortiAnalyzer, FortiGate, FortiManager, FortiOS, FreeBSD, HP ProLiant, QRadar SIEM, Junos Space, Linux, McAfee Email Gateway, McAfee NSM, McAfee NSP, McAfee NTBA, McAfee Web Gateway, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 2019, Windows 7, Windows 8, Windows RT, OpenBSD, openSUSE Leap, PAN-OS, pfSense, RHEL, SIMATIC, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, ESXi, vCenter Server, VMware vSphere Hypervisor, Xen.
Severity of this threat: 1/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 15/05/2019.
Revision date: 15/05/2019.
Références of this weakness: 1074268, 1103481, CERTFR-2019-AVI-209, CERTFR-2019-AVI-211, CERTFR-2019-AVI-212, CERTFR-2019-AVI-213, CERTFR-2019-AVI-215, CERTFR-2019-AVI-217, CERTFR-2019-AVI-229, CERTFR-2019-AVI-230, CERTFR-2019-AVI-233, CERTFR-2019-AVI-311, CERTFR-2019-AVI-458, CERTFR-2019-AVI-489, CTX251995, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, DLA-1787-1, DLA-1789-1, DLA-1789-2, DLA-1799-1, DLA-1799-2, DSA-2019-199, DSA-2019-201, DSA-4444-1, DSA-4447-1, DSA-4447-2, DSA-4602-1, FEDORA-2019-0731828893, FEDORA-2019-1f5832fc0e, FEDORA-2019-640f8d8dd1, FEDORA-2019-6458474bf2, FEDORA-2019-c36afa818c, FEDORA-2019-e6bf55e821, FEDORA-2019-eb08fb0c5f, FG-IR-18-002, FreeBSD-SA-19:07.mds, FreeBSD-SA-19:26.mcu, HPESBHF03933, INTEL-SA-00233, JSA10993, openSUSE-SU-2019:1402-1, openSUSE-SU-2019:1403-1, openSUSE-SU-2019:1404-1, openSUSE-SU-2019:1405-1, openSUSE-SU-2019:1407-1, openSUSE-SU-2019:1408-1, openSUSE-SU-2019:1419-1, openSUSE-SU-2019:1420-1, openSUSE-SU-2019:1468-1, openSUSE-SU-2019:1505-1, openSUSE-SU-2019:1805-1, openSUSE-SU-2019:1806-1, PAN-SA-2019-0012, RHSA-2019:1155-01, RHSA-2019:1167-01, RHSA-2019:1168-01, RHSA-2019:1169-01, RHSA-2019:1170-01, RHSA-2019:1171-01, RHSA-2019:1172-01, RHSA-2019:1174-01, RHSA-2019:1175-01, RHSA-2019:1176-01, RHSA-2019:1177-01, RHSA-2019:1178-01, RHSA-2019:1180-01, RHSA-2019:1181-01, RHSA-2019:1182-01, RHSA-2019:1183-01, RHSA-2019:1184-01, RHSA-2019:1185-01, RHSA-2019:1186-01, RHSA-2019:1187-01, RHSA-2019:1188-01, RHSA-2019:1189-01, RHSA-2019:1190-01, RHSA-2019:1193-01, RHSA-2019:1194-01, RHSA-2019:1195-01, RHSA-2019:1196-01, RHSA-2019:1197-01, RHSA-2019:1198-01, SB10292, SSA-608355, SSA-616472, SSB-439005, SUSE-SU-2019:1235-1, SUSE-SU-2019:1236-1, SUSE-SU-2019:1238-1, SUSE-SU-2019:1239-1, SUSE-SU-2019:1240-1, SUSE-SU-2019:1241-1, SUSE-SU-2019:1242-1, SUSE-SU-2019:1243-1, SUSE-SU-2019:1244-1, SUSE-SU-2019:1245-1, SUSE-SU-2019:1248-1, SUSE-SU-2019:1268-1, SUSE-SU-2019:1269-1, SUSE-SU-2019:1272-1, SUSE-SU-2019:1287-1, SUSE-SU-2019:1289-1, SUSE-SU-2019:1296-1, SUSE-SU-2019:1313-1, SUSE-SU-2019:1347-1, SUSE-SU-2019:1348-1, SUSE-SU-2019:1349-1, SUSE-SU-2019:1356-1, SUSE-SU-2019:1371-1, SUSE-SU-2019:14048-1, SUSE-SU-2019:14051-1, SUSE-SU-2019:14052-1, SUSE-SU-2019:14063-1, SUSE-SU-2019:14133-1, SUSE-SU-2019:1423-1, SUSE-SU-2019:1438-1, SUSE-SU-2019:1452-1, SUSE-SU-2019:1490-1, SUSE-SU-2019:1547-1, SUSE-SU-2019:1550-1, SUSE-SU-2019:1909-1, SUSE-SU-2019:1910-1, SUSE-SU-2019:1954-1, SUSE-SU-2019:2430-1, Synology-SA-19:24, USN-3977-1, USN-3977-2, USN-3977-3, USN-3978-1, USN-3979-1, USN-3980-1, USN-3981-1, USN-3981-2, USN-3982-1, USN-3982-2, USN-3983-1, USN-3983-2, USN-3984-1, USN-3985-1, USN-3985-2, VIGILANCE-VUL-29300, VMSA-2019-0008, XSA-297, ZombieLoad.

Description of the vulnerability 

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity weakness impacts software or systems such as XenServer, Debian, Avamar, NetWorker, Fedora, FortiAnalyzer, FortiGate, FortiManager, FortiOS, FreeBSD, HP ProLiant, QRadar SIEM, Junos Space, Linux, McAfee Email Gateway, McAfee NSM, McAfee NSP, McAfee NTBA, McAfee Web Gateway, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 2019, Windows 7, Windows 8, Windows RT, OpenBSD, openSUSE Leap, PAN-OS, pfSense, RHEL, SIMATIC, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, ESXi, vCenter Server, VMware vSphere Hypervisor, Xen.

Our Vigil@nce team determined that the severity of this security vulnerability is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

This bulletin is about 4 vulnerabilities.

An attacker with a expert ability can exploit this vulnerability bulletin.

Solutions for this threat 

A10 ACOS: fixed versions for Intel.
Fixed versions are indicated in information sources.

Citrix Hypervisor: patch for MDS.
A patch is available:
  Citrix Hypervisor 8.0: https://support.citrix.com/article/CTX250041
  Citrix XenServer 7.6:https://support.citrix.com/article/CTX250040
  Citrix XenServer 7.1 LTSR CU2: https://support.citrix.com/article/CTX250039
  Citrix XenServer 7.0: https://support.citrix.com/article/CTX250038

Debian 8: new intel-microcode packages.
New packages are available:
  Debian 8: intel-microcode 3.20190618~deb8u1

Debian 8: new linux-4.9 packages.
New packages are available:
  Debian 8: linux-4.9 4.9.168-1+deb9u2~deb8u1

Debian 8: new linux packages.
New packages are available:
  Debian 8: linux 3.16.68-1

Debian 9/10: new xen packages.
New packages are available:
  Debian 9: xen 4.8.5.final+shim4.10.4-1+deb9u12
  Debian 10: xen 4.11.3+24-g14b62ab3e5-1~deb10u1

Debian 9: new intel-microcode packages.
New packages are available:
  Debian 9: intel-microcode 3.20190618.1~deb9u1

Debian 9: new linux packages.
New packages are available:
  Debian 9: linux 4.9.168-1+deb9u2

Debian: new intel-microcode packages.
New packages are available:
  Debian 9: intel-microcode 3.20190514.1~deb9u1
  Debian 8: intel-microcode 3.20190514.1~deb8u1

Dell EMC Avamar Data Store Gen4: patch for Intel.
A patch is indicated in information sources.

Dell EMC Avamar, NetWorker: solution.
The solution is indicated in information sources.

Fedora 29: new kernel packages.
New packages are available:
  Fedora 29: kernel 5.0.16-200.fc29, kernel-headers 5.0.16-200.fc29

Fedora 30: new kernel packages.
New packages are available:
  Fedora 30: kernel 5.0.16-300.fc30

Fedora: new kernel-headers packages.
New packages are available:
  Fedora 30: kernel-headers 5.0.16-300.fc30
  Fedora 28: kernel-headers 5.0.16-100.fc28

Fedora: new microcode_ctl packages.
New packages are available:
  Fedora 30: microcode_ctl 2.1-29.fc30
  Fedora 29: microcode_ctl 2.1-29.fc29

Fedora: new xen packages.
New packages are available:
  Fedora 30: xen 4.11.1-5.fc30
  Fedora 29: xen 4.11.1-5.fc29

Fortinet: solution for Meltdown/Spectre.
Fixed versions are indicated in information sources.

FreeBSD: patch for MDS.
A patch is available:
  FreeBSD 12.0-STABLE: https://security.FreeBSD.org/patches/SA-19:07/mds.12-stable.patch
  FreeBSD 12.0-RELEASE: https://security.freebsd.org/patches/SA-19:07/mds.12.0.p4p5.patch
  FreeBSD 11.3-PRERELEASE: https://security.FreeBSD.org/patches/SA-19:07/mds.11-stable.patch
  FreeBSD 11.2-RELEASE: https://security.FreeBSD.org/patches/SA-19:07/mds.11.2.patch

FreeBSD: solution for Intel CPU Microcode.
The solution is indicated in information sources.

HPE ProLiant: solution for Intel.
The solution is indicated in information sources.

IBM QRadar SIEM: fixed versions for MDS.
Fixed versions are indicated in information sources.

IBM QRadar SIEM: patch for Linux.
A patch is available:
  IBM Security QRadar Packet Capture 7.2.0 - 7.2.8 Patch 4: https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+QRadar+Network+Packet+Capture+Appliance&release=All&platform=All&function=fixId&fixids=7.2.8-QRadar-NETPCAP-Upgrade-60&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp
  IBM Security QRadar Packet Capture 7.3.0 - 7.3.2 Patch 1: https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+QRadar+Network+Packet+Capture+Appliance&release=All&platform=All&function=fixId&fixids=7.3.2-QRadar-NETPCAP-Upgrade-5019&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp

Junos Space: version 19.4R1.
The version 19.4R1 is fixed:
  https://www.juniper.net/support/downloads/

Linux kernel: version 3.16.68.
The version 3.16.68 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v3.x/linux-3.16.68.tar.xz

Linux kernel: version 4.14.119.
The version 4.14.119 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.14.119.tar.xz

Linux kernel: version 4.19.43.
The version 4.19.43 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.19.43.tar.xz

Linux kernel: version 4.4.180.
The version 4.4.180 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.4.180.tar.xz

Linux kernel: version 4.9.176.
The version 4.9.176 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.9.176.tar.xz

Linux kernel: version 5.0.16.
The version 5.0.16 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.0.16.tar.xz

Linux kernel: version 5.1.2.
The version 5.1.2 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.1.2.tar.xz

McAfee: solution for ZombieLoad.
The solution is indicated in information sources.

OpenBSD: patch for MDS.
A patch is indicated in information sources.

openSUSE Leap 15.0: new kernel packages.
New packages are available:
  openSUSE Leap 15.0: kernel 4.12.14-lp150.12.61.1

openSUSE Leap 15.0: new libvirt packages.
New packages are available:
  openSUSE Leap 15.0: libvirt 4.0.0-lp150.7.14.1

openSUSE Leap 15.0: new qemu packages.
New packages are available:
  openSUSE Leap 15.0: qemu 2.11.2-lp150.7.22.1

openSUSE Leap 15: new ucode-intel packages.
New packages are available:
  openSUSE Leap 15.0: ucode-intel 20190618-lp150.2.24.1
  openSUSE Leap 15.1: ucode-intel 20190618-lp151.2.3.1

openSUSE Leap 42.3: new kernel packages.
New packages are available:
  openSUSE Leap 42.3: kernel 4.4.179-99.1

openSUSE Leap 42.3: new qemu packages.
New packages are available:
  openSUSE Leap 42.3: qemu 2.9.1-62.1

openSUSE Leap 42.3: new xen packages.
New packages are available:
  openSUSE Leap 42.3: xen 4.9.4_04-40.1

openSUSE Leap: new ucode-intel packages.
New packages are available:
  openSUSE Leap 15.0: ucode-intel 20190507-lp150.2.18.1
  openSUSE Leap 42.3: ucode-intel 20190514-32.1
  openSUSE Leap 15.0: ucode-intel 20190514-lp150.2.21.1

openSUSE Leap: new xen packages.
New packages are available:
  openSUSE Leap 15.0: xen 4.10.3_04-lp150.2.19.1

PAN-OS: solution for Intel.
The solution is indicated in information sources.

pfSense: version 2.4.4-p3.
The version 2.4.4-p3 is fixed.

RHEL 6.2: new kernel-rt packages.
New packages are available:
  RHEL 6: kernel-rt 3.10.0-693.47.2.rt56.641.el6rt

RHEL 7.4: new kernel packages.
New packages are available:
  RHEL 7: kernel 3.10.0-693.47.2.el7

RHEL 8: new virt-rhel modules.
New modules are available, as indicated in information sources.

RHEL: new kernel packages.
New packages are available:
  RHEL 8: kernel 4.18.0-80.1.2.el8_0
  RHEL 7.5: kernel 3.10.0-862.32.2.el7
  RHEL 7.3: kernel 3.10.0-514.64.2.el7
  RHEL 7.2: kernel 3.10.0-327.78.2.el7
  RHEL 7: kernel 3.10.0-957.12.2.el7
  RHEL 6.6: kernel 2.6.32-504.78.2.el6
  RHEL 6.5: kernel 2.6.32-431.94.2.el6
  RHEL 6: kernel 2.6.32-754.14.2.el6

RHEL: new kernel-rt packages.
New packages are available:
  RHEL 8: kernel-rt 4.18.0-80.1.2.rt9.145.el8_0
  RHEL 7: kernel-rt 3.10.0-957.12.2.rt56.929.el7
  RHEL 7: kernel-3.10.0-862.32.2.el7

RHEL: new libvirt packages.
New packages are available:
  RHEL 6: libvirt 0.10.2-64.el6_10.1
  RHEL 7: libvirt 4.5.0-10.el7_6.9

RHEL: new qemu-kvm packages.
New packages are available:
  RHEL 7.5: qemu-kvm 1.5.3-156.el7_5.7
  RHEL 7.4: qemu-kvm 1.5.3-141.el7_4.10
  RHEL 7: qemu-kvm 1.5.3-126.el7_3.17
  RHEL 7.2: qemu-kvm 1.5.3-105.el7_2.19
  RHEL 7: qemu-kvm 1.5.3-160.el7_6.2
  RHEL 6.6: qemu-kvm 0.12.1.2-2.448.el6_6.8
  RHEL 6.5: qemu-kvm 0.12.1.2-2.415.el6_5.20
  RHEL 6: qemu-kvm 0.12.1.2-2.506.el6_10.3

Siemens SIMATIC: solution for Processeurs Intel.
The solution is indicated in information sources.

SIMATIC S7-1500 CPU 1518: workaround for GNU/Linux Vulnerabilities.
A workaround is indicated in the information source.

SIMATIC WinAC RTX F 2010: workaround for Processor.
A workaround is indicated in the information source.

SUSE LE 11: new kvm packages.
New packages are available:
  SUSE LE 11 SP4: kvm 1.4.2-60.24.1

SUSE LE 11: new microcode_ctl packages (15/05/2019).
New packages are available:
  SUSE LE 11 SP4: microcode_ctl 1.17-102.83.36.1
  SUSE LE 11 SP3: microcode_ctl 1.17-102.83.36.1

SUSE LE 11: new microcode_ctl packages (23/07/2019).
New packages are available:
  SUSE LE 11 SP3: microcode_ctl 1.17-102.83.41.1
  SUSE LE 11 SP4: microcode_ctl 1.17-102.83.41.1

SUSE LE 11 SP4: new kernel packages.
New packages are available:
  SUSE LE 11 SP4: kernel 3.0.101-108.90.1

SUSE LE 12: new qemu packages.
New packages are available:
  SUSE LE 12 SP2: qemu 2.6.2-41.52.1
  SUSE LE 12 SP1: qemu 2.3.1-33.23.1
  SUSE LE 12 RTM: qemu 2.0.2-48.52.1

SUSE LE 12: new ucode-intel packages (15/05/2019).
New packages are available:
  SUSE LE 12 RTM: ucode-intel 20190514-13.44.1
  SUSE LE 12 SP1: ucode-intel 20190514-13.44.1
  SUSE LE 12 SP2: ucode-intel 20190514-13.44.1
  SUSE LE 12 SP3: ucode-intel 20190514-13.44.1
  SUSE LE 12 SP4: ucode-intel 20190514-13.44.1

SUSE LE 12: new ucode-intel packages (23/07/2019).
New packages are available:
  SUSE LE 12 SP1: ucode-intel 20190618-13.47.1
  SUSE LE 12 SP2: ucode-intel 20190618-13.47.1
  SUSE LE 12 SP3: ucode-intel 20190618-13.47.1
  SUSE LE 12 SP4: ucode-intel 20190618-13.47.1
  SUSE LE 12 SP5: ucode-intel 20190618-13.47.1

SUSE LE 12 RTM: new libvirt packages.
New packages are available:
  SUSE LE 12 RTM: libvirt 1.2.5-27.16.1

SUSE LE 12 SP1: new kernel packages.
New packages are available:
  SUSE LE 12 SP1: kernel 3.12.74-60.64.110.1

SUSE LE 12 SP1: new libvirt packages.
New packages are available:
  SUSE LE 12 SP1: libvirt 1.2.18.4-22.10.1

SUSE LE 12 SP2: new kernel packages.
New packages are available:
  SUSE LE 12 SP2: kernel 4.4.121-92.109.2

SUSE LE 12 SP2: new libvirt packages.
New packages are available:
  SUSE LE 12 SP2: libvirt 2.0.0-27.54.1

SUSE LE 12 SP3: new kernel packages.
New packages are available:
  SUSE LE 12 SP3: kernel 4.4.178-94.91.2

SUSE LE 12 SP3: new libvirt packages.
New packages are available:
  SUSE LE 12 SP3: libvirt 3.3.0-5.33.2

SUSE LE 12 SP3: new qemu packages.
New packages are available:
  SUSE LE 12 SP3: qemu 2.9.1-6.34.1

SUSE LE 12 SP4: new kernel packages.
New packages are available:
  SUSE LE 12 SP4: kernel 4.12.14-95.16.1

SUSE LE 12 SP4: new qemu packages.
New packages are available:
  SUSE LE 12 SP4: qemu 2.11.2-5.13.1

SUSE LE 15: new kernel-azure packages.
New packages are available:
  SUSE LE 15 RTM: kernel-azure 4.12.14-5.27.1

SUSE LE 15: new kernel packages.
New packages are available:
  SUSE LE 15 RTM: kernel 4.12.14-150.17.1

SUSE LE 15: new qemu packages.
New packages are available:
  SUSE LE 15 RTM: qemu 2.11.2-9.25.1

SUSE LE 15: new ucode-intel packages (15/05/2019).
New packages are available:
  SUSE LE 15 RTM: ucode-intel 20190514-3.19.1

SUSE LE 15: new ucode-intel packages (22/07/2019).
New packages are available:
  SUSE LE 15 RTM: ucode-intel 20190618-3.22.1
  SUSE LE 15 SP1: ucode-intel 20190618-3.3.1

SUSE LE 15: new xen packages.
New packages are available:
  SUSE LE 15 RTM: xen 4.10.3_04-3.19.1

SUSE LE 15 SP1: new kernel packages.
New packages are available:
  SUSE LE 15 SP1: kernel 4.12.14-197.4.1

SUSE LE 15 SP1: new kernel-source-rt packages.
New packages are available:
  SUSE LE 15 SP1: kernel-source-rt 4.12.14-14.8.1

SUSE LE 15 SP1: new libvirt packages.
New packages are available:
  SUSE LE 15 SP1: libvirt 5.1.0-8.3.1

SUSE LE: new libvirt packages.
New packages are available:
  SUSE LE 12 SP4: libvirt 4.0.0-8.12.1
  SUSE LE 15 RTM: libvirt 4.0.0-9.22.1

SUSE LE: new xen packages.
New packages are available:
  SUSE LE 11 SP4: xen 4.4.4_40-61.46.2
  SUSE LE 12 RTM: xen 4.4.4_40-22.80.1
  SUSE LE 12 SP1: xen 4.5.5_28-22.61.1
  SUSE LE 12 SP2: xen 4.7.6_06-43.51.1

Ubuntu 12.04: new linux-image-generic packages.
New packages are available:
  Ubuntu 12.04 ESM: linux-image-generic 3.2.0.140.155

Ubuntu 19.04: new linux-image-5.0.0 packages.
New packages are available:
  Ubuntu 19.04: linux-image-generic 5.0.0.15.16

Ubuntu: new intel-microcode packages.
New packages are available:
  Ubuntu 19.04: intel-microcode 3.20190618.0ubuntu0.19.04.1
  Ubuntu 18.10: intel-microcode 3.20190618.0ubuntu0.18.10.1
  Ubuntu 18.04 LTS: intel-microcode 3.20190618.0ubuntu0.18.04.1
  Ubuntu 16.04 LTS: intel-microcode 3.20190618.0ubuntu0.16.04.1
  Ubuntu 14.04 ESM: intel-microcode 3.20190618.0ubuntu0.14.04.1

Ubuntu: new libvirt packages.
New packages are available:
  Ubuntu 19.04: libvirt0 5.0.0-1ubuntu2.1
  Ubuntu 18.10: libvirt0 4.6.0-2ubuntu3.5
  Ubuntu 18.04 LTS: libvirt0 4.0.0-1ubuntu8.10
  Ubuntu 16.04 LTS: libvirt0 1.3.1-1ubuntu10.26
  Ubuntu 14.04 ESM: libvirt0 1.2.2-0ubuntu13.1.28

Ubuntu: new linux-image-3.13.0 packages.
New packages are available:
  Ubuntu 12.04 ESM: linux-image-generic-lts-trusty 3.13.0.170.158
  Ubuntu 14.04 ESM: linux-image-generic 3.13.0.170.181

Ubuntu: new linux-image-4.15.0 packages.
New packages are available:
  Ubuntu 16.04 LTS: linux-image-generic-hwe-16.04 4.15.0.50.71
  Ubuntu 18.04 LTS: linux-image-generic 4.15.0.50.52

Ubuntu: new linux-image-4.18.0 packages.
New packages are available:
  Ubuntu 18.04 LTS: linux-image-generic-hwe-18.04 4.18.0.20.70
  Ubuntu 18.10: linux-image-generic 4.18.0.20.21

Ubuntu: new linux-image-4.4.0 packages.
New packages are available:
  Ubuntu 14.04 ESM: linux-image-generic-lts-xenial 4.4.0.148.130
  Ubuntu 16.04 LTS: linux-image-generic 4.4.0.148.156

Ubuntu: new qemu packages.
New packages are available:
  Ubuntu 19.04: qemu 1:3.1+dfsg-2ubuntu3.1
  Ubuntu 18.10: qemu 1:2.12+dfsg-3ubuntu8.7
  Ubuntu 18.04 LTS: qemu 1:2.11+dfsg-1ubuntu7.13
  Ubuntu 16.04 LTS: qemu 1:2.5+dfsg-5ubuntu10.38
  Ubuntu 14.04 ESM: qemu 2.0.0+dfsg-2ubuntu1.46

VMware ESXi: patch for MDS.
A patch is indicated in information sources.

VMware vCenter Server: versions 6.7 U2a, 6.5 U2g and 6.0 U3i.
Versions 6.7 U2a, 6.5 U2g and 6.0 U3i are fixed.

Windows: patch of May 2019.
A patch is indicated in information sources.

Wind River Linux: patch for Microarchitectural Data Sampling.
A patch is available:
  https://support2.windriver.com/index.php?page=serve&file=12100&objid=6621&type=content

Wind River Linux: version 10.18.44.9.
The version 10.18.44.9 is fixed:
  https://support2.windriver.com/

Xen: patch for Microarchitectural Data Sampling.
A patch is available:
  http://xenbits.xen.org/xsa/advisory-297.txt
  http://xenbits.xen.org/xsa/xsa297.meta
  http://xenbits.xen.org/xsa/xsa297/xsa297-unstable-1.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-unstable-2.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-unstable-3.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-unstable-4.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.7-1.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.7-2.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.7-3.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.7-4.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.7-5.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.7-6.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.7-7.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.7-8.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.8-1.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.8-2.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.8-3.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.8-4.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.8-5.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.8-6.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.8-7.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.8-8.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.9-1.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.9-2.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.9-3.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.9-4.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.9-5.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.9-6.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.9-7.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.9-8.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.10-1.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.10-2.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.10-3.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.10-4.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.10-5.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.10-6.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.10-7.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.11-1.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.11-2.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.11-3.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.11-4.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.11-5.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.11-6.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.11-7.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.12-1.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.12-2.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.12-3.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.12-4.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.12-5.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.12-6.patch
  http://xenbits.xen.org/xsa/xsa297/xsa297-4.12-7.patch
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities patch. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.