The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Processors: information disclosure via Speculative Store

Synthesis of the vulnerability 

A local attacker can read a memory fragment via Speculative Store of some processors, in order to obtain sensitive information.
Impacted systems: Mac OS X, Cisco ASR, Nexus by Cisco, NX-OS, Cisco UCS, XenServer, Debian, Avamar, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiGate, FortiManager, FortiOS, HP ProLiant, AIX, IBM i, QRadar SIEM, Junos Space, Linux, Windows (platform) ~ not comprehensive, MiVoice 5000, OpenBSD, openSUSE Leap, Solaris, oVirt, RealPresence Collaboration Server, RealPresence Distributed Media Application, RealPresence Resource Manager, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, vCenter Server, VMware vSphere Hypervisor, VMware Workstation, Xen.
Severity of this alert: 1/4.
Creation date: 22/05/2018.
Références of this alert: 1528, 18-0006, 525441, ADV180012, CERTFR-2018-AVI-248, CERTFR-2018-AVI-250, CERTFR-2018-AVI-256, CERTFR-2018-AVI-258, CERTFR-2018-AVI-259, CERTFR-2018-AVI-280, CERTFR-2018-AVI-306, CERTFR-2018-AVI-308, CERTFR-2018-AVI-319, CERTFR-2018-AVI-330, CERTFR-2018-AVI-346, CERTFR-2018-AVI-357, CERTFR-2018-AVI-386, CERTFR-2018-AVI-429, CERTFR-2019-AVI-036, CERTFR-2019-AVI-052, CERTFR-2019-AVI-489, cisco-sa-20180521-cpusidechannel, cpujan2019, CTX235225, CVE-2018-3639, DLA-1423-1, DLA-1424-1, DLA-1434-1, DLA-1446-1, DLA-1506-1, DLA-1529-1, DLA-1731-1, DLA-1731-2, DSA-2018-175, DSA-2019-030, DSA-4210-1, DSA-4273-1, DSA-4273-2, FEDORA-2018-5521156807, FEDORA-2018-6367a17aa3, FEDORA-2018-aec846c0ef, FEDORA-2018-db0d3e157e, FG-IR-18-002, HPESBHF03850, HT209139, HT209193, ibm10796076, JSA10917, K29146534, K54252492, N1022433, nas8N1022433, openSUSE-SU-2018:1380-1, openSUSE-SU-2018:1418-1, openSUSE-SU-2018:1420-1, openSUSE-SU-2018:1487-1, openSUSE-SU-2018:1621-1, openSUSE-SU-2018:1623-1, openSUSE-SU-2018:1628-1, openSUSE-SU-2018:1773-1, openSUSE-SU-2018:1904-1, openSUSE-SU-2018:2306-1, openSUSE-SU-2018:2399-1, openSUSE-SU-2018:2402-1, openSUSE-SU-2018:3103-1, openSUSE-SU-2018:3709-1, openSUSE-SU-2019:0042-1, openSUSE-SU-2019:1438-1, openSUSE-SU-2019:1439-1, RHSA-2018:1629-01, RHSA-2018:1630-01, RHSA-2018:1632-01, RHSA-2018:1633-01, RHSA-2018:1635-01, RHSA-2018:1636-01, RHSA-2018:1637-01, RHSA-2018:1638-01, RHSA-2018:1639-01, RHSA-2018:1640-01, RHSA-2018:1641-01, RHSA-2018:1642-01, RHSA-2018:1647-01, RHSA-2018:1648-01, RHSA-2018:1649-01, RHSA-2018:1650-01, RHSA-2018:1651-01, RHSA-2018:1652-01, RHSA-2018:1653-01, RHSA-2018:1656-01, RHSA-2018:1657-01, RHSA-2018:1658-01, RHSA-2018:1659-01, RHSA-2018:1660-01, RHSA-2018:1661-01, RHSA-2018:1662-01, RHSA-2018:1663-01, RHSA-2018:1664-01, RHSA-2018:1665-01, RHSA-2018:1666-01, RHSA-2018:1667-01, RHSA-2018:1668-01, RHSA-2018:1669-01, RHSA-2018:1737-01, RHSA-2018:1738-01, RHSA-2018:1826-01, RHSA-2018:1965-01, RHSA-2018:1967-01, RHSA-2018:1997-01, RHSA-2018:2001-01, RHSA-2018:2003-01, RHSA-2018:2006-01, RHSA-2018:2161-01, RHSA-2018:2162-01, RHSA-2018:2164-01, RHSA-2018:2171-01, RHSA-2018:2172-01, RHSA-2018:2216-01, RHSA-2018:2250-01, RHSA-2018:2309-01, RHSA-2018:2384-01, RHSA-2018:2387-01, RHSA-2018:2390-01, RHSA-2018:2394-01, RHSA-2018:2395-01, RHSA-2018:2396-01, RHSA-2018:2948-01, RHSA-2018:3396-01, RHSA-2018:3397-01, RHSA-2018:3398-01, RHSA-2018:3399-01, RHSA-2018:3400-01, RHSA-2018:3401-01, RHSA-2018:3402-01, RHSA-2018:3407-01, RHSA-2018:3423-01, RHSA-2018:3424-01, RHSA-2018:3425-01, spectre_meltdown_advisory, SSA:2018-208-01, SSA-268644, SSA-505225, SSA-608355, SUSE-SU-2018:1362-1, SUSE-SU-2018:1363-1, SUSE-SU-2018:1366-1, SUSE-SU-2018:1368-1, SUSE-SU-2018:1374-1, SUSE-SU-2018:1375-1, SUSE-SU-2018:1376-1, SUSE-SU-2018:1377-1, SUSE-SU-2018:1378-1, SUSE-SU-2018:1386-1, SUSE-SU-2018:1389-1, SUSE-SU-2018:1452-1, SUSE-SU-2018:1456-1, SUSE-SU-2018:1475-1, SUSE-SU-2018:1479-1, SUSE-SU-2018:1482-1, SUSE-SU-2018:1582-1, SUSE-SU-2018:1603-1, SUSE-SU-2018:1614-1, SUSE-SU-2018:1658-1, SUSE-SU-2018:1699-1, SUSE-SU-2018:1816-1, SUSE-SU-2018:1846-1, SUSE-SU-2018:1926-1, SUSE-SU-2018:1935-1, SUSE-SU-2018:2076-1, SUSE-SU-2018:2082-1, SUSE-SU-2018:2141-1, SUSE-SU-2018:2304-1, SUSE-SU-2018:2331-1, SUSE-SU-2018:2335-1, SUSE-SU-2018:2338-1, SUSE-SU-2018:2340-1, SUSE-SU-2018:2528-1, SUSE-SU-2018:2556-1, SUSE-SU-2018:2565-1, SUSE-SU-2018:2615-1, SUSE-SU-2018:2650-1, SUSE-SU-2018:2973-1, SUSE-SU-2018:3064-1, SUSE-SU-2018:3064-3, SUSE-SU-2018:3555-1, SUSE-SU-2019:0049-1, SUSE-SU-2019:0148-1, SUSE-SU-2019:1211-2, SUSE-SU-2019:2028-1, TA18-141A, USN-3651-1, USN-3652-1, USN-3653-1, USN-3653-2, USN-3654-1, USN-3654-2, USN-3655-1, USN-3655-2, USN-3679-1, USN-3680-1, USN-3756-1, VIGILANCE-VUL-26183, VMSA-2018-0012, VMSA-2018-0012.1, VU#180049, XSA-263.

Description of the vulnerability 

A local attacker can read a memory fragment via Speculative Store of some processors, in order to obtain sensitive information.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness alert impacts software or systems such as Mac OS X, Cisco ASR, Nexus by Cisco, NX-OS, Cisco UCS, XenServer, Debian, Avamar, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiGate, FortiManager, FortiOS, HP ProLiant, AIX, IBM i, QRadar SIEM, Junos Space, Linux, Windows (platform) ~ not comprehensive, MiVoice 5000, OpenBSD, openSUSE Leap, Solaris, oVirt, RealPresence Collaboration Server, RealPresence Distributed Media Application, RealPresence Resource Manager, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, vCenter Server, VMware vSphere Hypervisor, VMware Workstation, Xen.

Our Vigil@nce team determined that the severity of this weakness note is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this weakness bulletin.

Solutions for this threat 

AIX: patch for Speculative Store.
A patch is indicated in information sources.

Apple macOS: version 10.14.
The version 10.14 is fixed:
  https://support.apple.com/

Apple macOS: version 10.14.1.
The version 10.14.1 is fixed:
  https://support.apple.com/

Cisco: solution for Speculative Store.
The solution is indicated in information sources.

Citrix XenServer: patch for Speculative Store.
A patch is indicated in information sources.

Debian 8: new intel-microcode packages (17/09/2018).
New packages are available:
  Debian 8: intel-microcode 3.20180807a.1~deb8u1

Debian 8: new intel-microcode packages (27/07/2018).
New packages are available:
  Debian 8: intel-microcode 3.20180703.2~deb8u1

Debian 8: new linux-4.9 packages.
New packages are available:
  Debian 8: linux-4.9 4.9.110-1~deb8u1

Debian 8: new linux packages (05/10/2018).
New packages are available:
  Debian 8: linux 3.16.59-1

Debian 8: new linux packages (27/03/2019).
New packages are available:
  Debian 8: linux 3.16.64-2

Debian 9: new intel-microcode packages.
New packages are available:
  Debian 9: intel-microcode 3.20180807a.1~deb9u1

Debian 9: new xen packages.
New packages are available:
  Debian 9: xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7

Dell EMC Avamar: solution for Processors.
The solution is indicated in information sources.

Dell EMC Unisphere: solution for Speculative Store.
The solution is indicated in information sources.

F5 BIG-IP: solution for Speculative Store.
The solution is indicated in information sources.

Fedora 26: new kernel packages.
New packages are available:
  Fedora 26: kernel 4.16.11-100.fc26

Fedora 28: new kernel packages.
New packages are available:
  Fedora 28: kernel 4.16.11-300.fc28

Fedora: new xen packages.
New packages are available:
  Fedora 27: xen 4.9.2-4.fc27
  Fedora 28: xen 4.10.1-3.fc28

Fortinet: solution for Meltdown/Spectre.
Fixed versions are indicated in information sources.

HPE ProLiant: solution for Speculative Store.
The solution is indicated in information sources.

IBM AIX: patch for Spectre/Meltdown.
A patch is available:
  http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_fix.tar

IBM i: solution for Spectre/Meltdown.
The solution is indicated in information sources.

IBM QRadar SIEM: solution for CPU Speculative Execution.
The solution is indicated in information sources.

Junos Space: version 18.3R1.
The version 18.3R1 is fixed.

Linux kernel: version 4.14.43.
The version 4.14.43 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v4.x/

Linux kernel: version 4.16.11.
The version 4.16.11 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v4.x/

Linux kernel: version 4.9.102.
The version 4.9.102 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v4.x/

Mitel MiVoice: solution for Speculative Store.
The solution is indicated in information sources.

OpenBSD: patch for ARM64.
A patch is available:
  https://ftp.openbsd.org/pub/OpenBSD/patches/6.5/common/025_eret.patch.sig
  https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/014_eret.patch.sig

OpenStack Nova: version 15.1.3.
The version 15.1.3 is fixed:
  https://www.openstack.org/

OpenStack Nova: version 15.1.5.
The version 15.1.5 is fixed:
  https://www.openstack.org/

OpenStack Nova: version 16.1.3-10.
The version 16.1.3-10 is fixed:
  https://www.openstack.org/

OpenStack Nova: version 17.0.5.
The version 17.0.5 is fixed:
  https://www.openstack.org/

OpenStack Nova: version 17.0.6.
The version 17.0.6 is fixed:
  https://www.openstack.org/

openSUSE Leap 15.0: new java-1_8_0-openjdk packages.
New packages are available:
  openSUSE Leap 15.0: java-1_8_0-openjdk 1.8.0.212-lp150.2.16.1

openSUSE Leap 15.0: new kernel packages.
New packages are available:
  openSUSE Leap 15.0: kernel 4.12.14-lp150.12.4.1

openSUSE Leap 15.0: new libvirt packages.
New packages are available:
  openSUSE Leap 15.0: libvirt 4.0.0-lp150.7.3.1

openSUSE Leap 15.0: new qemu packages (11/06/2018).
New packages are available:
  openSUSE Leap 15.0: qemu 2.11.1-lp150.7.3.1

openSUSE Leap 15.0: new qemu packages (17/08/2018).
New packages are available:
  openSUSE Leap 15.0: qemu 2.11.2-lp150.7.6.1

openSUSE Leap 15.0: new xen packages.
New packages are available:
  openSUSE Leap 15.0: xen 4.10.1_04-lp150.2.3.1

openSUSE Leap 42.3: new java-1_7_0-openjdk packages.
New packages are available:
  openSUSE Leap 42.3: java-1_7_0-openjdk 1.7.0.201-54.1

openSUSE Leap 42.3: new java-1_8_0-openjdk packages (12/10/2018).
New packages are available:
  openSUSE Leap 42.3: java-1_8_0-openjdk 1.8.0.181-27.1

openSUSE Leap 42.3: new java-1_8_0-openjdk packages (23/05/2019).
New packages are available:
  openSUSE Leap 42.3: java-1_8_0-openjdk 1.8.0.212-34.1

openSUSE Leap 42.3: new kernel packages (22/06/2018).
New packages are available:
  openSUSE Leap 42.3: kernel 4.4.138-59.1

openSUSE Leap 42.3: new kernel packages (25/05/2018).
New packages are available:
  openSUSE Leap 42.3: kernel 4.4.132-53.1

openSUSE Leap 42.3: new libvirt packages.
New packages are available:
  openSUSE Leap 42.3: libvirt 3.3.0-18.1

openSUSE Leap 42.3: new qemu packages (12/11/2018).
New packages are available:
  openSUSE Leap 42.3: qemu 2.9.1-47.1

openSUSE Leap 42.3: new qemu packages (23/05/2018).
New packages are available:
  openSUSE Leap 42.3: qemu 2.9.1-44.1

openSUSE Leap 42.3: new xen packages.
New packages are available:
  openSUSE Leap 42.3: xen 4.9.2_06-22.1

openSUSE Leap: new ucode-intel packages (09/07/2018).
New packages are available:
  openSUSE Leap 42.3: ucode-intel 20180703-25.1
  openSUSE Leap 15.0: ucode-intel 20180703-lp150.2.4.1

openSUSE Leap: new ucode-intel packages (17/08/2018).
New packages are available:
  openSUSE Leap 42.3: ucode-intel 20180807-28.1
  openSUSE Leap 15.0: ucode-intel 20180807-lp150.2.7.1

Oracle Solaris: CPU of January 2019.
A Critical Patch Update is available:
  https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
  https://support.oracle.com/rs?type=doc&id=2492126.1

Oracle Solaris: patch for third party software of April 2020 v2.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

oVirt: solution for Speculative Store.
The solution is indicated in information sources.

Polycom: solution for Meltdown/Spectre.
The solution is indicated in information sources.

RHEL 5.9: new kernel packages.
New packages are available:
  RHEL 5: kernel 2.6.18-348.40.1.el5

RHEL 5: new kernel packages.
New packages are available:
  RHEL 5: kernel 2.6.18-433.el5

RHEL 6.10: new qemu-kvm packages (11/07/2018).
New packages are available:
  RHEL 6: qemu-kvm 0.12.1.2-2.506.el6_10.1

RHEL 6.4: new kernel packages (16/08/2018).
New packages are available:
  RHEL 6: kernel 2.6.32-358.91.4.el6

RHEL 6.4: new kernel packages (30/05/2018).
New packages are available:
  RHEL 6: kernel 2.6.32-358.88.4.el6

RHEL 6.4: new libvirt packages.
New packages are available:
  RHEL 6: libvirt 0.10.2-18.el6_4.17

RHEL 6.4: new qemu-kvm packages.
New packages are available:
  RHEL 6: qemu-kvm 0.12.1.2-2.355.el6_4.11

RHEL 6.5: new kernel packages.
New packages are available:
  RHEL 6: kernel 2.6.32-431.89.4.el6

RHEL 6.5: new libvirt packages.
New packages are available:
  RHEL 6: libvirt 0.10.2-29.el6_5.16

RHEL 6.5: new qemu-kvm packages.
New packages are available:
  RHEL 6: qemu-kvm 0.12.1.2-2.415.el6_5.18

RHEL 6.6: new kernel packages.
New packages are available:
  RHEL 6: kernel 2.6.32-504.72.1.el6

RHEL 6.6: new libvirt packages.
New packages are available:
  RHEL 6: libvirt 0.10.2-46.el6_6.8

RHEL 6.6: new qemu-kvm packages.
New packages are available:
  RHEL 6: qemu-kvm 0.12.1.2-2.448.el6_6.7

RHEL 6.7: new kernel packages (12/06/2018).
New packages are available:
  RHEL 6: kernel 2.6.32-573.59.1.el6

RHEL 6.7: new kernel packages (25/07/2018).
New packages are available:
  RHEL 6: kernel 2.6.32-573.60.1.el6

RHEL 6.7: new kernel packages (29/05/2018).
New packages are available:
  RHEL 6: kernel 2.6.32-573.55.4.el6

RHEL 6.7: new libvirt packages.
New packages are available:
  RHEL 6: libvirt 0.10.2-54.el6_7.8

RHEL 6.7: new qemu-kvm packages.
New packages are available:
  RHEL 6: qemu-kvm 0.12.1.2-2.479.el6_7.8

RHEL 6.9: new java-1.7.0-openjdk packages.
New packages are available:
  RHEL 6: java-1.7.0-openjdk 1.7.0.181-2.6.14.8.el6_9

RHEL 6.9: new java-1.8.0-openjdk packages.
New packages are available:
  RHEL 6: java-1.8.0-openjdk 1.8.0.171-8.b10.el6_9

RHEL 6.9: new libvirt packages.
New packages are available:
  RHEL 6: libvirt 0.10.2-62.el6_9.2

RHEL 6: new kernel packages (11/07/2018).
New packages are available:
  RHEL 6: kernel 2.6.32-754.2.1.el6

RHEL 6: new kernel packages (16/08/2018).
New packages are available:
  RHEL 6: kernel 2.6.32-754.3.5.el6

RHEL 6: new kernel packages (22/05/2018).
New packages are available:
  RHEL 6: kernel 2.6.32-696.30.1.el6

RHEL 6: new kernel-rt packages (16/08/2018).
New packages are available:
  RHEL 6: kernel-rt 3.10.0-693.37.4.rt56.629.el6rt

RHEL 6: new kernel-rt packages (22/05/2018).
New packages are available:
  RHEL 6: kernel-rt 3.10.0-693.25.7.rt56.615.el6rt

RHEL 6: new qemu-kvm packages (22/05/2018).
New packages are available:
  RHEL 6: qemu-kvm 0.12.1.2-2.503.el6_9.6

RHEL 6.x: new libvirt packages.
New packages are available, as indicated in information sources.

RHEL 6.x: new qemu-kvm packages.
New packages are available, as indicated in information sources.

RHEL 7.2: new kernel packages (18/07/2018).
New packages are available:
  RHEL 7: kernel 3.10.0-327.71.1.el7

RHEL 7.2: new kernel packages (30/05/2018).
New packages are available:
  RHEL 7: kernel 3.10.0-327.66.5.el7

RHEL 7.2: new libvirt packages (22/05/2018).
New packages are available:
  RHEL 7: libvirt 1.2.17-13.el7_2.8

RHEL 7.2: new libvirt packages (31/10/2018).
New packages are available:
  RHEL 7: libvirt 1.2.17-13.el7_2.9

RHEL 7.2: new qemu-kvm packages.
New packages are available:
  RHEL 7: qemu-kvm 1.5.3-105.el7_2.18

RHEL 7.3: new kernel packages (11/07/2018).
New packages are available:
  RHEL 7: kernel 3.10.0-514.53.1.el7

RHEL 7.3: new kernel packages (23/05/2018).
New packages are available:
  RHEL 7: kernel 3.10.0-514.48.5.el7

RHEL 7.3: new kernel packages (30/05/2018).
New packages are available:
  RHEL 7: kernel 3.10.0-514.51.1.el7

RHEL 7.3: new libvirt packages.
New packages are available:
  RHEL 7: libvirt 2.0.0-10.el7_3.12

RHEL 7.3: new qemu-kvm packages.
New packages are available:
  RHEL 7: qemu-kvm 1.5.3-126.el7_3.14

RHEL 7.4: new kernel packages (16/08/2018).
New packages are available:
  RHEL 7: kernel 3.10.0-693.37.4.el7

RHEL 7.4: new kernel packages (23/05/2018).
New packages are available:
  RHEL 7: kernel 3.10.0-693.25.7.el7

RHEL 7.4: new kernel packages (30/05/2018).
New packages are available:
  RHEL 7: kernel 3.10.0-693.33.1.el7

RHEL 7.4: new libvirt packages (22/05/2018).
New packages are available:
  RHEL 7: libvirt 3.2.0-14.el7_4.10

RHEL 7.4: new libvirt packages (27/06/2018).
New packages are available:
  RHEL 7: libvirt 3.2.0-14.el7_4.11

RHEL 7.4: new qemu-kvm packages.
New packages are available:
  RHEL 7: qemu-kvm 1.5.3-141.el7_4.7

RHEL 7.5: new java-1.7.0-openjdk packages.
New packages are available:
  RHEL 7: java-1.7.0-openjdk 1.7.0.181-2.6.14.8.el7_5

RHEL 7.5: new java-1.8.0-openjdk packages.
New packages are available:
  RHEL 7: java-1.8.0-openjdk 1.8.0.171-8.b10.el7_5

RHEL 7.5: new libvirt packages (22/05/2018).
New packages are available:
  RHEL 7: libvirt 3.9.0-14.el7_5.5

RHEL 7.5: new libvirt packages (27/06/2018).
New packages are available:
  RHEL 7: libvirt 3.9.0-14.el7_5.6

RHEL 7.5: new qemu-kvm packages (22/05/2018).
New packages are available:
  RHEL 7: qemu-kvm 1.5.3-156.el7_5.2

RHEL 7.5: new qemu-kvm packages (27/06/2018).
New packages are available:
  RHEL 7: qemu-kvm 1.5.3-156.el7_5.3

RHEL 7: new kernel-alt packages (27/06/2018).
New packages are available:
  RHEL 7: kernel-alt 4.14.0-49.8.1.el7a

RHEL 7: new kernel-alt packages (30/10/2018).
New packages are available:
  RHEL 7: kernel-alt 4.14.0-115.el7a

RHEL 7: new kernel packages (16/08/2018).
New packages are available:
  RHEL 7: kernel 3.10.0-862.11.6.el7

RHEL 7: new kernel packages (22/05/2018).
New packages are available:
  RHEL 7: kernel 3.10.0-862.3.2.el7

RHEL 7: new kernel packages (27/06/2018).
New packages are available:
  RHEL 7: kernel 3.10.0-862.6.3.el7

RHEL 7: new kernel-rt packages (16/08/2018).
New packages are available:
  RHEL 7: kernel-rt 3.10.0-862.11.6.rt56.819.el7

RHEL 7: new kernel-rt packages (22/05/2018).
New packages are available:
  RHEL 7: kernel-rt 3.10.0-862.3.2.rt56.808.el7

RHEL 7: new kernel-rt packages (27/06/2018).
New packages are available:
  RHEL 7: kernel-rt 3.10.0-862.6.3.rt56.811.el7

Siemens SIMATIC: solution for Spectre.
The solution is indicated in information sources.

Siemens SIMATIC: solution for Speculative Store.
The solution is indicated in information sources.

SIMATIC WinAC RTX F 2010: workaround for Processor.
A workaround is indicated in the information source.

Slackware 14.2: new kernel packages.
New packages are available:
  Slackware 14.2:kernel 4.4.144-i586-1

SUSE LE 11: new microcode_ctl packages (16/08/2018).
New packages are available:
  SUSE LE 11 SP3: microcode_ctl 1.17-102.83.27.1
  SUSE LE 11 SP4: microcode_ctl 1.17-102.83.27.1

SUSE LE 11: new microcode_ctl packages (27/07/2018).
New packages are available:
  SUSE LE 11 SP4: microcode_ctl 1.17-102.83.24.1
  SUSE LE 11 SP3: microcode_ctl 1.17-102.83.24.1

SUSE LE 11 SP3: new kernel packages (23/05/2018).
New packages are available:
  SUSE LE 11 SP3: kernel 3.0.101-0.47.106.29.1

SUSE LE 11 SP3: new kvm packages (05/09/2018).
New packages are available:
  SUSE LE 11 SP3: kvm 1.4.2-53.23.2

SUSE LE 11 SP3: new kvm packages (24/05/2018).
New packages are available:
  SUSE LE 11 SP3: kvm 1.4.2-53.20.1

SUSE LE 11 SP3: new libvirt packages.
New packages are available:
  SUSE LE 11 SP3: libvirt 1.0.5.9-21.9.1

SUSE LE 11 SP3: new xen packages (27/08/2018).
New packages are available:
  SUSE LE 11 SP3: xen 4.2.5_21-45.25.1

SUSE LE 11 SP4: new kernel packages (01/06/2018).
New packages are available:
  SUSE LE 11 SP4: kernel 3.0.101-108.52.1

SUSE LE 11 SP4: new kernel packages (23/05/2018).
New packages are available:
  SUSE LE 11 SP4: kernel 3.0.101-108.48.1

SUSE LE 11 SP4: new kernel-rt packages.
New packages are available:
  SUSE LE 11 SP4: kernel-rt 3.0.101.rt130-69.27.1

SUSE LE 11 SP4: new kvm packages (10/09/2018).
New packages are available:
  SUSE LE 11 SP4: kvm 1.4.2-60.15.2

SUSE LE 11 SP4: new kvm packages (31/05/2018).
New packages are available:
  SUSE LE 11 SP4: kvm 1.4.2-60.12.1

SUSE LE 11 SP4: new libvirt packages.
New packages are available:
  SUSE LE 11 SP4: libvirt 1.2.5-23.15.1

SUSE LE 11 SP4: new xen packages (11/06/2018).
New packages are available:
  SUSE LE 11 SP4: xen 4.4.4_32-61.29.2

SUSE LE 12: new java-1_7_0-openjdk packages.
New packages are available:
  SUSE LE 12 RTM: java-1_7_0-openjdk 1.7.0.201-43.18.1
  SUSE LE 12 SP1: java-1_7_0-openjdk 1.7.0.201-43.18.1
  SUSE LE 12 SP2: java-1_7_0-openjdk 1.7.0.201-43.18.1
  SUSE LE 12 SP3: java-1_7_0-openjdk 1.7.0.201-43.18.1
  SUSE LE 12 SP4: java-1_7_0-openjdk 1.7.0.201-43.18.1

SUSE LE 12: new java-1_8_0-openjdk packages.
New packages are available:
  SUSE LE 12 SP3: java-1_8_0-openjdk 1.8.0.181-27.26.2
  SUSE LE 12 SP1: java-1_8_0-openjdk 1.8.0.181-27.26.2
  SUSE LE 12 SP2: java-1_8_0-openjdk 1.8.0.181-27.26.2
  SUSE LE 12 SP3: java-1_8_0-openjdk 1.8.0.181-27.26.2

SUSE LE 12: new ucode-intel packages (12/07/2018).
New packages are available:
  SUSE LE 12 RTM: ucode-intel 20180703-13.25.1
  SUSE LE 12 SP1: ucode-intel 20180703-13.25.1
  SUSE LE 12 SP2: ucode-intel 20180703-13.25.1
  SUSE LE 12 SP3: ucode-intel 20180703-13.25.1

SUSE LE 12: new ucode-intel packages (16/08/2018).
New packages are available:
  SUSE LE 12 RTM: ucode-intel 20180807-13.29.1
  SUSE LE 12 SP1: ucode-intel 20180807-13.29.1
  SUSE LE 12 SP2: ucode-intel 20180807-13.29.1
  SUSE LE 12 SP3: ucode-intel 20180807-13.29.1

SUSE LE 12 RTM: new kernel packages.
New packages are available:
  SUSE LE 12 RTM: kernel 3.12.61-52.133.1

SUSE LE 12 RTM: new libvirt packages.
New packages are available:
  SUSE LE 12 RTM: libvirt 1.2.5-27.13.1

SUSE LE 12 RTM: new qemu packages (24/05/2018).
New packages are available:
  SUSE LE 12 RTM: qemu 2.0.2-48.40.2

SUSE LE 12 RTM: new qemu packages (30/08/2018).
New packages are available:
  SUSE LE 12 RTM: qemu 2.0.2-48.43.3

SUSE LE 12 RTM: new xen packages (13/06/2018).
New packages are available:
  SUSE LE 12 RTM: xen 4.4.4_32-22.68.1

SUSE LE 12 SP1: new kernel packages.
New packages are available:
  SUSE LE 12 SP1: kernel 3.12.74-60.64.93.1

SUSE LE 12 SP1: new libvirt packages.
New packages are available:
  SUSE LE 12 SP1: libvirt 1.2.18.4-22.3.1

SUSE LE 12 SP1: new qemu packages (22/05/2018).
New packages are available:
  SUSE LE 12 SP1: qemu 2.3.1-33.9.4

SUSE LE 12 SP1: new qemu packages (31/08/2018).
New packages are available:
  SUSE LE 12 SP1: qemu 2.3.1-33.12.1

SUSE LE 12 SP1: new xen packages.
New packages are available:
  SUSE LE 12 SP1: xen 4.5.5_24-22.49.1

SUSE LE 12 SP2: new kernel packages.
New packages are available:
  SUSE LE 12 SP2: kernel 4.4.121-92.80.1

SUSE LE 12 SP2: new libvirt packages.
New packages are available:
  SUSE LE 12 SP2: libvirt 2.0.0-27.42.1

SUSE LE 12 SP2: new qemu packages (03/10/2018).
New packages are available:
  SUSE LE 12 SP2: qemu 2.6.2-41.43.3

SUSE LE 12 SP2: new qemu packages (22/05/2018).
New packages are available:
  SUSE LE 12 SP2: qemu 2.6.2-41.40.1

SUSE LE 12 SP2: new xen packages (18/06/2018).
New packages are available:
  SUSE LE 12 SP2: xen 4.7.5_04-43.33.1

SUSE LE 12 SP3: new kernel packages (23/05/2018).
New packages are available:
  SUSE LE 12 SP3: kernel 4.4.131-94.29.1

SUSE LE 12 SP3: new kernel packages (24/01/2019).
New packages are available:
  SUSE LE 12 SP3: kernel 4.4.170-4.22.1

SUSE LE 12 SP3: new kernel-rt packages (27/06/2018).
New packages are available:
  SUSE LE 12 SP3: kernel-rt 4.4.138-3.14.1

SUSE LE 12 SP3: new libvirt packages.
New packages are available:
  SUSE LE 12 SP3: libvirt 3.3.0-5.22.1

SUSE LE 12 SP3: new qemu packages (23/05/2018).
New packages are available:
  SUSE LE 12 SP3: qemu 2.9.1-6.16.1

SUSE LE 12 SP3: new qemu packages (30/10/2018).
New packages are available:
  SUSE LE 12 SP3: qemu 2.9.1-6.19.11

SUSE LE 12 SP3: new xen packages.
New packages are available:
  SUSE LE 12 SP3: xen 4.9.2_06-3.32.1

SUSE LE 12 SP4: new java-1_7_0-openjdk packages.
New packages are available:
  SUSE LE 12 SP4: java-1_7_0-openjdk 1.7.0.231-43.27.2

SUSE LE 15: new qemu packages.
New packages are available:
  SUSE LE 15 RTM: qemu 2.11.2-9.4.1

SUSE LE 15: new ucode-intel packages (12/07/2018).
New packages are available:
  SUSE LE 15 RTM: ucode-intel 20180703-3.3.1

SUSE LE 15: new ucode-intel packages (16/08/2018).
New packages are available:
  SUSE LE 15 RTM: ucode-intel 20180807-3.6.1

SUSE LE 15 SP1: new java-1_8_0-openjdk packages.
New packages are available:
  SUSE LE 15 SP1: java-1_8_0-openjdk 1.8.0.212-3.19.1

Ubuntu 18.04: new linux-image-4.15.0 packages.
New packages are available:
  Ubuntu 18.04 LTS: linux-image-generic 4.15.0.22.23

Ubuntu: new intel-microcode packages.
New packages are available:
  Ubuntu 18.04 LTS: intel-microcode 3.20180807a.0ubuntu0.18.04.1
  Ubuntu 16.04 LTS: intel-microcode 3.20180807a.0ubuntu0.16.04.1
  Ubuntu 14.04 LTS: intel-microcode 3.20180807a.0ubuntu0.14.04.1

Ubuntu: new libvirt packages.
New packages are available:
  Ubuntu 18.04 LTS: libvirt 4.0.0-1ubuntu8.2
  Ubuntu 17.10: libvirt 3.6.0-1ubuntu6.8
  Ubuntu 16.04 LTS: libvirt 1.3.1-1ubuntu10.24
  Ubuntu 14.04 LTS: libvirt 1.2.2-0ubuntu13.1.27

Ubuntu: new linux-image-3.13.0 packages.
New packages are available:
  Ubuntu 12.04 ESM: linux-image-generic-lts-trusty 3.13.0.149.140
  Ubuntu 14.04 LTS: linux-image-generic 3.13.0.149.159

Ubuntu: new linux-image-4.13.0 packages.
New packages are available:
  Ubuntu 16.04 LTS: linux-image-4.13.0-43-generic 4.13.0-43.48~16.04.1
  Ubuntu 17.10: linux-image-generic 4.13.0.43.46

Ubuntu: new linux-image-4.4.0 packages.
New packages are available:
  Ubuntu 14.04 LTS: linux-image-generic-lts-xenial 4.4.0.127.107
  Ubuntu 16.04 LTS: linux-image-generic 4.4.0.127.133

Ubuntu: new qemu packages (12/06/2018).
New packages are available:
  Ubuntu 18.04 LTS: qemu 1:2.11+dfsg-1ubuntu7.3
  Ubuntu 17.10: qemu 1:2.10+dfsg-0ubuntu3.8
  Ubuntu 16.04 LTS: qemu 1:2.5+dfsg-5ubuntu10.30
  Ubuntu 14.04 LTS: qemu 2.0.0+dfsg-2ubuntu1.43

Ubuntu: new qemu packages (22/05/2018).
New packages are available:
  Ubuntu 18.04 LTS: qemu 1:2.11+dfsg-1ubuntu7.2
  Ubuntu 17.10: qemu 1:2.10+dfsg-0ubuntu3.7
  Ubuntu 16.04 LTS: qemu 1:2.5+dfsg-5ubuntu10.29
  Ubuntu 14.04 LTS: qemu 2.0.0+dfsg-2ubuntu1.42

VMware: solution for Speculative Store.
The solution is indicated in information sources.

Wind River Linux: solution (21/05/2019).
The solution is indicated in information sources.

Xen: patch for Speculative Store.
A patch is available:
  https://xenbits.xen.org/xsa/xsa263.meta
  https://xenbits.xen.org/xsa/xsa263-unstable/0001-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch
  https://xenbits.xen.org/xsa/xsa263-unstable/0002-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-.patch
  https://xenbits.xen.org/xsa/xsa263-unstable/0003-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-.patch
  https://xenbits.xen.org/xsa/xsa263-4.6/0001-x86-spec_ctrl-Read-MSR_ARCH_CAPABILITIES-only-once.patch
  https://xenbits.xen.org/xsa/xsa263-4.6/0002-x86-spec_ctrl-Express-Xen-s-choice-of-MSR_SPEC_CTRL-.patch
  https://xenbits.xen.org/xsa/xsa263-4.6/0003-x86-spec_ctrl-Merge-bti_ist_info-and-use_shadow_spec.patch
  https://xenbits.xen.org/xsa/xsa263-4.6/0004-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATI.patch
  https://xenbits.xen.org/xsa/xsa263-4.6/0005-x86-spec_ctrl-Rename-bits-of-infrastructure-to-avoid.patch
  https://xenbits.xen.org/xsa/xsa263-4.6/0006-x86-spec_ctrl-Elide-MSR_SPEC_CTRL-handling-in-idle-c.patch
  https://xenbits.xen.org/xsa/xsa263-4.6/0007-x86-spec_ctrl-Split-X86_FEATURE_SC_MSR-into-PV-and-H.patch
  https://xenbits.xen.org/xsa/xsa263-4.6/0008-x86-spec_ctrl-Explicitly-set-Xen-s-default-MSR_SPEC_.patch
  https://xenbits.xen.org/xsa/xsa263-4.6/0009-x86-cpuid-Improvements-to-guest-policies-for-specula.patch
  https://xenbits.xen.org/xsa/xsa263-4.6/0010-x86-spec_ctrl-Introduce-a-new-spec-ctrl-command-line.patch
  https://xenbits.xen.org/xsa/xsa263-4.6/0011-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch
  https://xenbits.xen.org/xsa/xsa263-4.6/0012-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-.patch
  https://xenbits.xen.org/xsa/xsa263-4.6/0013-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-.patch
  https://xenbits.xen.org/xsa/xsa263-4.7/0001-x86-Fix-x86-further-CPUID-handling-adjustments.patch
  https://xenbits.xen.org/xsa/xsa263-4.7/0002-x86-spec_ctrl-Read-MSR_ARCH_CAPABILITIES-only-once.patch
  https://xenbits.xen.org/xsa/xsa263-4.7/0003-x86-spec_ctrl-Express-Xen-s-choice-of-MSR_SPEC_CTRL-.patch
  https://xenbits.xen.org/xsa/xsa263-4.7/0004-x86-spec_ctrl-Merge-bti_ist_info-and-use_shadow_spec.patch
  https://xenbits.xen.org/xsa/xsa263-4.7/0005-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATI.patch
  https://xenbits.xen.org/xsa/xsa263-4.7/0006-x86-spec_ctrl-Rename-bits-of-infrastructure-to-avoid.patch
  https://xenbits.xen.org/xsa/xsa263-4.7/0007-x86-spec_ctrl-Elide-MSR_SPEC_CTRL-handling-in-idle-c.patch
  https://xenbits.xen.org/xsa/xsa263-4.7/0008-x86-spec_ctrl-Split-X86_FEATURE_SC_MSR-into-PV-and-H.patch
  https://xenbits.xen.org/xsa/xsa263-4.7/0009-x86-spec_ctrl-Explicitly-set-Xen-s-default-MSR_SPEC_.patch
  https://xenbits.xen.org/xsa/xsa263-4.7/0010-x86-cpuid-Improvements-to-guest-policies-for-specula.patch
  https://xenbits.xen.org/xsa/xsa263-4.7/0011-x86-spec_ctrl-Introduce-a-new-spec-ctrl-command-line.patch
  https://xenbits.xen.org/xsa/xsa263-4.7/0012-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch
  https://xenbits.xen.org/xsa/xsa263-4.7/0013-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-.patch
  https://xenbits.xen.org/xsa/xsa263-4.7/0014-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-.patch
  https://xenbits.xen.org/xsa/xsa263-4.8/0001-x86-Fix-x86-further-CPUID-handling-adjustments.patch
  https://xenbits.xen.org/xsa/xsa263-4.8/0002-x86-spec_ctrl-Read-MSR_ARCH_CAPABILITIES-only-once.patch
  https://xenbits.xen.org/xsa/xsa263-4.8/0003-x86-spec_ctrl-Express-Xen-s-choice-of-MSR_SPEC_CTRL-.patch
  https://xenbits.xen.org/xsa/xsa263-4.8/0004-x86-spec_ctrl-Merge-bti_ist_info-and-use_shadow_spec.patch
  https://xenbits.xen.org/xsa/xsa263-4.8/0005-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATI.patch
  https://xenbits.xen.org/xsa/xsa263-4.8/0006-x86-spec_ctrl-Rename-bits-of-infrastructure-to-avoid.patch
  https://xenbits.xen.org/xsa/xsa263-4.8/0007-x86-spec_ctrl-Elide-MSR_SPEC_CTRL-handling-in-idle-c.patch
  https://xenbits.xen.org/xsa/xsa263-4.8/0008-x86-spec_ctrl-Split-X86_FEATURE_SC_MSR-into-PV-and-H.patch
  https://xenbits.xen.org/xsa/xsa263-4.8/0009-x86-spec_ctrl-Explicitly-set-Xen-s-default-MSR_SPEC_.patch
  https://xenbits.xen.org/xsa/xsa263-4.8/0010-x86-cpuid-Improvements-to-guest-policies-for-specula.patch
  https://xenbits.xen.org/xsa/xsa263-4.8/0011-x86-spec_ctrl-Introduce-a-new-spec-ctrl-command-line.patch
  https://xenbits.xen.org/xsa/xsa263-4.8/0012-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch
  https://xenbits.xen.org/xsa/xsa263-4.8/0013-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-.patch
  https://xenbits.xen.org/xsa/xsa263-4.8/0014-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-.patch
  https://xenbits.xen.org/xsa/xsa263-4.9/0001-x86-spec_ctrl-Read-MSR_ARCH_CAPABILITIES-only-once.patch
  https://xenbits.xen.org/xsa/xsa263-4.9/0002-x86-spec_ctrl-Express-Xen-s-choice-of-MSR_SPEC_CTRL-.patch
  https://xenbits.xen.org/xsa/xsa263-4.9/0003-x86-spec_ctrl-Merge-bti_ist_info-and-use_shadow_spec.patch
  https://xenbits.xen.org/xsa/xsa263-4.9/0004-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATI.patch
  https://xenbits.xen.org/xsa/xsa263-4.9/0005-x86-spec_ctrl-Rename-bits-of-infrastructure-to-avoid.patch
  https://xenbits.xen.org/xsa/xsa263-4.9/0006-x86-spec_ctrl-Elide-MSR_SPEC_CTRL-handling-in-idle-c.patch
  https://xenbits.xen.org/xsa/xsa263-4.9/0007-x86-spec_ctrl-Split-X86_FEATURE_SC_MSR-into-PV-and-H.patch
  https://xenbits.xen.org/xsa/xsa263-4.9/0008-x86-spec_ctrl-Explicitly-set-Xen-s-default-MSR_SPEC_.patch
  https://xenbits.xen.org/xsa/xsa263-4.9/0009-x86-cpuid-Improvements-to-guest-policies-for-specula.patch
  https://xenbits.xen.org/xsa/xsa263-4.9/0010-x86-spec_ctrl-Introduce-a-new-spec-ctrl-command-line.patch
  https://xenbits.xen.org/xsa/xsa263-4.9/0011-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch
  https://xenbits.xen.org/xsa/xsa263-4.9/0012-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-.patch
  https://xenbits.xen.org/xsa/xsa263-4.9/0013-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-.patch
  https://xenbits.xen.org/xsa/xsa263-4.10/0001-x86-spec_ctrl-Read-MSR_ARCH_CAPABILITIES-only-once.patch
  https://xenbits.xen.org/xsa/xsa263-4.10/0002-x86-spec_ctrl-Express-Xen-s-choice-of-MSR_SPEC_CTRL-.patch
  https://xenbits.xen.org/xsa/xsa263-4.10/0003-x86-spec_ctrl-Merge-bti_ist_info-and-use_shadow_spec.patch
  https://xenbits.xen.org/xsa/xsa263-4.10/0004-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATI.patch
  https://xenbits.xen.org/xsa/xsa263-4.10/0005-x86-spec_ctrl-Rename-bits-of-infrastructure-to-avoid.patch
  https://xenbits.xen.org/xsa/xsa263-4.10/0006-x86-spec_ctrl-Elide-MSR_SPEC_CTRL-handling-in-idle-c.patch
  https://xenbits.xen.org/xsa/xsa263-4.10/0007-x86-spec_ctrl-Split-X86_FEATURE_SC_MSR-into-PV-and-H.patch
  https://xenbits.xen.org/xsa/xsa263-4.10/0008-x86-spec_ctrl-Explicitly-set-Xen-s-default-MSR_SPEC_.patch
  https://xenbits.xen.org/xsa/xsa263-4.10/0009-x86-cpuid-Improvements-to-guest-policies-for-specula.patch
  https://xenbits.xen.org/xsa/xsa263-4.10/0010-x86-spec_ctrl-Introduce-a-new-spec-ctrl-command-line.patch
  https://xenbits.xen.org/xsa/xsa263-4.10/0011-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch
  https://xenbits.xen.org/xsa/xsa263-4.10/0012-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-.patch
  https://xenbits.xen.org/xsa/xsa263-4.10/0013-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-.patch
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a cybersecurity watch. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.