Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.0:Update
patchinfo.8172
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.8172
<patchinfo incident="8172"> <issue id="1087082" tracker="bnc">VUL-0: CVE-2018-3639: V4 - Speculative Store Bypass aka "Memory Disambiguation"</issue> <issue id="1088273" tracker="bnc">SLES 15 - Fix kdump/kexec race condition by supporting H_INT_RESET firmware call (XIVE)</issue> <issue id="2018-3639" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>jkosina</packager> <reboot_needed/> <description> The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1087082). A new boot commandline option was introduced, "spec_store_bypass_disable", which can have following values: - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as "prctl" above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is "seccomp", meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing: - "Vulnerable" - "Mitigation: Speculative Store Bypass disabled" - "Mitigation: Speculative Store Bypass disabled via prctl" - "Mitigation: Speculative Store Bypass disabled via prctl and seccomp" The following non-security bugs were fixed: - allow_unsupported: add module tainting on feature use (FATE#323394). - powerpc/64/kexec: fix race in kexec when XIVE is shutdown (bsc#1088273). - reiserfs: mark read-write mode unsupported (FATE#323394). - reiserfs: package in separate KMP (FATE#323394). </description> <summary>Security update for the Linux Kernel</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor