VMware Security Advisory 2018-0007 - VMware Virtual Appliance updates address side-channel analysis due to speculative execution.
ec8f147c16b39decc064b40987ddaf4daf5a97ec067ad903f105fee9b1a0a0d9
Ubuntu Security Notice 3561-1 - It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows libvirt to expose new CPU features added by microcode updates to guests. On amd64 and i386, new CPU models that match the updated microcode features were added with an -IBRS suffix. Certain environments will require guests to be switched manually to the new CPU models after microcode updates have been applied to the host. Various other issues were also addressed.
dcecc1c0c320933f560d27edcde2541b800157c29b7c91559c36818fa010ff71
Ubuntu Security Notice 3560-1 - It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by microcode updates to guests on amd64, i386, and s390x. On amd64 and i386, new CPU models that match the updated microcode features were added with an -IBRS suffix. Certain environments will require guests to be switched manually to the new CPU models after microcode updates have been applied to the host. Various other issues were also addressed.
ecf30c2ab3063f7c4453fd5a2f25fd20a9a0811b8b750790af31f961d51b10e9
Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to mitigate the speculative side channel attack known as Spectre variant 2.
cec4318e6170cf890d70887ea261d7b817e29df36602bfbfb364e75cb35456bb
Ubuntu Security Notice 3549-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory.
6783ef5d60ebcdb96afbe1c101970db5c549d1aa6fd46874cef70bf326ff5247
HPE Security Bulletin HPESBHF03805 7 - On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. Revision 7 of this advisory.
94411ff231e0a5b8a3ee2841348b7cac92c5c35fdf9e1a30ff3519eb7d291886
Ubuntu Security Notice 3541-2 - USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. Various other issues were also addressed.
2bef15d9aab879db3d94b78df252a16c484d98fb8517c35ea9b7de0028cfbf25
Ubuntu Security Notice 3542-2 - USN-3542-1 addressed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 and amd64 architectures. Various other issues were also addressed.
a5579a936801baabe3460bc2e48834a6ab0a14e5d31755f278f7a027f1791f71
Ubuntu Security Notice 3540-2 - USN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. Various other issues were also addressed.
ce51b009896d4900774ac27226430b092f1073e8c79d9cade04851689abf372e
Ubuntu Security Notice 3542-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 and amd64 architectures.
b12b48631c56243ecfc30601e84102d06bd0a8d8e6da80f8a98a135248e58338
Ubuntu Security Notice 3541-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. USN-3523-1 mitigated CVE-2017-5754 for the amd64 architecture in Ubuntu 17.10. This update provides the corresponding mitigations for the ppc64el architecture. Various other issues were also addressed.
9ef5f1ad161688fa3074930ceff911d09b626e952bdc2ea98c50ee76345ffbc1
Ubuntu Security Notice 3540-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. USN-3522-1 mitigated CVE-2017-5754 for the amd64 architecture in Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. Various other issues were also addressed.
57dfc7847333c830d6ea9ae92ea7e78da0ee06b911204eebab292ebc07143d84
Ubuntu Security Notice 3531-2 - USN-3531-1 updated Intel microcode to the 20180108 release. Regressions were discovered in the microcode updates which could cause system instability on certain hardware platforms. At the request of Intel, we have reverted to the previous packaged microcode version, the 20170707 release. It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides the microcode updates required for the corresponding Linux kernel updates. Various other issues were also addressed.
fba819b5f92640ef5b053c71d4d7ca5a931da55a8cf0cabbb754854f18734e14
HPE Security Bulletin HPESBHF03805 5 - On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. Revision 5 of this advisory.
4eadee5be89a39d53f2cbae37a746c713295e463929a44b449e70ab8f214c346
Ubuntu Security Notice 3531-1 - It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides the microcode updates required for the corresponding Linux kernel updates.
7c9b81a120a8434f1f7261103896025df431f67925c0c995b5477bac5165f14d
Ubuntu Security Notice 3530-1 - It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions.
8f96dcbac2259c3601a1033069b3405baa33d4754a54380112435c94bd351a44
VMware Security Advisory 2018-0004.1 - VMware vSphere, Workstation and Fusion updates add Hypervisor- Assisted Guest remediation for speculative execution issue.
3c7f5251b5e0644abc3bb94af6093929973933a6eaf75dd6d6a0dd89c7e5de52
HPE Security Bulletin HPESBHF03805 4 - On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. Revision 4 of this advisory.
ac94c929c6e22558b91eb5ae898ace99f9e34456a07421d2c7647bf7ff3519cd
WebKitGTK+ versions before 2.18.5 suffer from various CPU issues. Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker via a side-channel analysis.
43c0fb7f7af52d9932f66c052acb43b9fd23bbf87445e293c5c55aeb7464f02c
VMware Security Advisory 2018-0002.1 - VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.
963ccf51b4549886833cc22006ffc81cb09d33e8bbc3e81de60d3044de7c9355
VMware Security Advisory 2018-0004 - VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest remediation for speculative execution issue.
c6d2e4b063e3ab3f5a8f434842d6b1780e505c1685915b84e2d41b8aa6dce9d1
Apple Security Advisory 2018-1-8-3 - Safari 11.0.2 is now available and and addresses security issues relating to Spectre.
6a0e6b5a0291d9d29a511d5ac88e1e33fb091e444b41c1d05731905fd88b552c
Apple Security Advisory 2018-1-8-2 - macOS High Sierra 10.13.2 Supplemental Update includes security improvements to Safari and WebKit to mitigate the effects of Spectre.
d853f93e1e71c9aa8d886a2aeccf078dfaa905ed2a74523bb075a36373aaeaf3
Apple Security Advisory 2018-1-8-1 - iOS 11.2.2 is now available and and addresses Spectre issues with Safari and WebKit.
14100c950dadca4bf5143083ee95bc72573920f161f07761ce065fa637ff4c25
This is a note from the FreeBSD team that they were notified of the issue in late December and received a briefing under NDA with the original embargo date of January 9th. Since they received relatively late notice of the issue, their ability to provide fixes is delayed.
6ca4e042704f1c11c5f3b11989e130de889f46523779b326d9cbaf056da654ca