Attachment #209119 for bug #241931

View | Details | Raw Unified | Return to bug 241931 | Differences between
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="fbe10a8a-05a1-11ea-9dfa-f8b156ac3ff9">
    <topic>FreeBSD -- Intel CPU Microcode Update</topic>
    <affects>
      <package>
	<name>FreeBSD</name>

      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>Starting with version 1.26, the devcpu-data port/package includes
	updates and mitigations for the following technical and security
	advisories (depending on CPU model).</p>
	<p>Intel TSX Updates (TAA) CVE-2019-11135 Voltage Modulation
	Vulnerability CVE-2019-11139 MD_CLEAR Operations
	CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-11091
	TA Indirect Sharing CVE-2017-5715 EGETKEY CVE-2018-12126
	CVE-2018-12127 CVE-2018-12130 CVE-2018-11091 JCC SKX102
	Erratum </p> <p>Updated microcode includes mitigations for
	CPU issues, but may also cause a performance regression due
	to the JCC erratum mitigation.  Please visit
	http://www.intel.com/benchmarks for further information.
	</p> <p>Please visit http://www.intel.com/security for
	detailed information on these advisories as well as a list of
	CPUs that are affected.</p>
	<h1>Impact:</h1>
	<p>Operating a CPU without the latest microcode may result in erratic or
	unpredictable behavior, including system crashes and lock ups.
	Certain issues listed in this advisory may result in the leakage of
	privileged system information to unprivileged users.  Please refer to
	the security advisories listed above for detailed information.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2019-11135</cvename>
      <cvename>CVE-2019-11139</cvename>
      <cvename>CVE-2018-12126</cvename>
      <cvename>CVE-2018-12127</cvename>
      <cvename>CVE-2018-12130</cvename>
      <cvename>CVE-2018-11091</cvename>
      <cvename>CVE-2017-5715 </cvename>
      <freebsdsa>SA-19:26.mcu</freebsdsa>
    </references>
    <dates>
      <discovery>2019-11-12</discovery>
      <entry>2019-11-13</entry>
    </dates>
  </vuln>

  <vuln vid="edc0bf7e-05a1-11ea-9dfa-f8b156ac3ff9">
    <topic>FreeBSD -- Machine Check Exception on Page Size Change</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>12.1</ge><lt>12.1_1</lt></range>
	<range><ge>12.0</ge><lt>12.0_12</lt></range>
	<range><ge>11.3</ge><lt>11.3_5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>Intel discovered a previously published erratum on some Intel
	platforms can be exploited by malicious software to potentially cause
	a denial of service by triggering a machine check that will crash or
	hang the system.</p>
	<h1>Impact:</h1>
	<p>Malicious guest operating systems may be able to crash the host.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2018-12207</cvename>
      <freebsdsa>SA-19:25.mcepsc</freebsdsa>
    </references>
    <dates>
      <discovery>2019-11-12</discovery>
      <entry>2019-11-13</entry>
    </dates>
  </vuln>

  <vuln vid="88d00176-058e-11ea-bd1c-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>

Return to bug 241931

Lines 58-63 Link Here

(-)vuln.xml.new (+81 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="fbe10a8a-05a1-11ea-9dfa-f8b156ac3ff9">
		62	<topic>FreeBSD -- Intel CPU Microcode Update</topic>
		63	<affects>
		64	<package>
		65	<name>FreeBSD</name>
		66
		67	</package>
		68	</affects>
		69	<description>
		70	<body xmlns="http://www.w3.org/1999/xhtml">
		71	<h1>Problem Description:</h1>
		72	<p>Starting with version 1.26, the devcpu-data port/package includes
		73	updates and mitigations for the following technical and security
		74	advisories (depending on CPU model).</p>
		75	<p>Intel TSX Updates (TAA) CVE-2019-11135 Voltage Modulation
		76	Vulnerability CVE-2019-11139 MD_CLEAR Operations
		77	CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-11091
		78	TA Indirect Sharing CVE-2017-5715 EGETKEY CVE-2018-12126
		79	CVE-2018-12127 CVE-2018-12130 CVE-2018-11091 JCC SKX102
		80	Erratum </p> <p>Updated microcode includes mitigations for
		81	CPU issues, but may also cause a performance regression due
		82	to the JCC erratum mitigation. Please visit
		83	http://www.intel.com/benchmarks for further information.
		84	</p> <p>Please visit http://www.intel.com/security for
		85	detailed information on these advisories as well as a list of
		86	CPUs that are affected.</p>
		87	<h1>Impact:</h1>
		88	<p>Operating a CPU without the latest microcode may result in erratic or
		89	unpredictable behavior, including system crashes and lock ups.
		90	Certain issues listed in this advisory may result in the leakage of
		91	privileged system information to unprivileged users. Please refer to
		92	the security advisories listed above for detailed information.</p>
		93	</body>
		94	</description>
		95	<references>
		96	<cvename>CVE-2019-11135</cvename>
		97	<cvename>CVE-2019-11139</cvename>
		98	<cvename>CVE-2018-12126</cvename>
		99	<cvename>CVE-2018-12127</cvename>
		100	<cvename>CVE-2018-12130</cvename>
		101	<cvename>CVE-2018-11091</cvename>
		102	<cvename>CVE-2017-5715 </cvename>
		103	<freebsdsa>SA-19:26.mcu</freebsdsa>
		104	</references>
		105	<dates>
		106	<discovery>2019-11-12</discovery>
		107	<entry>2019-11-13</entry>
		108	</dates>
		109	</vuln>
		110
		111	<vuln vid="edc0bf7e-05a1-11ea-9dfa-f8b156ac3ff9">
		112	<topic>FreeBSD -- Machine Check Exception on Page Size Change</topic>
		113	<affects>
		114	<package>
		115	<name>FreeBSD-kernel</name>
		116	<range><ge>12.1</ge><lt>12.1_1</lt></range>
		117	<range><ge>12.0</ge><lt>12.0_12</lt></range>
		118	<range><ge>11.3</ge><lt>11.3_5</lt></range>
		119	</package>
		120	</affects>
		121	<description>
		122	<body xmlns="http://www.w3.org/1999/xhtml">
		123	<h1>Problem Description:</h1>
		124	<p>Intel discovered a previously published erratum on some Intel
125	platforms can be exploited by malicious software to potentially cause
126	a denial of service by triggering a machine check that will crash or
127	hang the system.</p>
128	<h1>Impact:</h1>
129	<p>Malicious guest operating systems may be able to crash the host.</p>
130	</body>
131	</description>
132	<references>
133	<cvename>CVE-2018-12207</cvename>
134	<freebsdsa>SA-19:25.mcepsc</freebsdsa>
135	</references>
136	<dates>
137	<discovery>2019-11-12</discovery>
138	<entry>2019-11-13</entry>
139	</dates>
140	</vuln>
141
61	<vuln vid="88d00176-058e-11ea-bd1c-3065ec8fd3ec">	142	<vuln vid="88d00176-058e-11ea-bd1c-3065ec8fd3ec">
62	<topic>chromium -- multiple vulnerabilities</topic>	143	<topic>chromium -- multiple vulnerabilities</topic>
63	<affects>	144	<affects>