FreeBSD Bugzilla – Attachment 209326 Details for
Bug 241931
security/vuxml: Add November FreeBSD Security Advisories SA-19:25 and SA-19:26
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
pass make validate
file_241931.txt (text/plain), 3.85 KB, created by
Dave Cottlehuber
on 2019-11-21 19:16:00 UTC
(
hide
)
Description:
pass make validate
Filename:
MIME Type:
Creator:
Dave Cottlehuber
Created:
2019-11-21 19:16:00 UTC
Size:
3.85 KB
patch
obsolete
>Index: vuln.xml >=================================================================== >--- vuln.xml (revision 518106) >+++ vuln.xml (working copy) >@@ -58,8 +58,91 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="fbe10a8a-05a1-11ea-9dfa-f8b156ac3ff9"> >+ <topic>FreeBSD -- Intel CPU Microcode Update</topic> >+ <affects> >+ <package> >+ <name>FreeBSD-kernel</name> >+ <range><ge>12.1</ge><lt>12.1_1</lt></range> >+ <range><ge>12.0</ge><lt>12.0_12</lt></range> >+ <range><ge>11.3</ge><lt>11.3_5</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <h1>Problem Description:</h1> >+ <p>Starting with version 1.26, the devcpu-data port/package includes >+ updates and mitigations for the following technical and security >+ advisories (depending on CPU model).</p> >+ <p>Intel TSX Updates (TAA) CVE-2019-11135 Voltage Modulation >+ Vulnerability CVE-2019-11139 MD_CLEAR Operations >+ CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-11091 >+ TA Indirect Sharing CVE-2017-5715 EGETKEY CVE-2018-12126 >+ CVE-2018-12127 CVE-2018-12130 CVE-2018-11091 JCC SKX102 >+ Erratum </p> <p>Updated microcode includes mitigations for >+ CPU issues, but may also cause a performance regression due >+ to the JCC erratum mitigation. Please visit >+ http://www.intel.com/benchmarks for further information. >+ </p> <p>Please visit http://www.intel.com/security for >+ detailed information on these advisories as well as a list of >+ CPUs that are affected.</p> >+ <h1>Impact:</h1> >+ <p>Operating a CPU without the latest microcode may result in erratic or >+ unpredictable behavior, including system crashes and lock ups. >+ Certain issues listed in this advisory may result in the leakage of >+ privileged system information to unprivileged users. Please refer to >+ the security advisories listed above for detailed information.</p> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2019-11135</cvename> >+ <cvename>CVE-2019-11139</cvename> >+ <cvename>CVE-2018-12126</cvename> >+ <cvename>CVE-2018-12127</cvename> >+ <cvename>CVE-2018-12130</cvename> >+ <cvename>CVE-2018-11091</cvename> >+ <cvename>CVE-2017-5715</cvename> >+ <freebsdsa>SA-19:26.mcu</freebsdsa> >+ </references> >+ <dates> >+ <discovery>2019-11-12</discovery> >+ <entry>2019-11-13</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="edc0bf7e-05a1-11ea-9dfa-f8b156ac3ff9"> >+ <topic>FreeBSD -- Machine Check Exception on Page Size Change</topic> >+ <affects> >+ <package> >+ <name>FreeBSD-kernel</name> >+ <range><ge>12.1</ge><lt>12.1_1</lt></range> >+ <range><ge>12.0</ge><lt>12.0_12</lt></range> >+ <range><ge>11.3</ge><lt>11.3_5</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <h1>Problem Description:</h1> >+ <p>Intel discovered a previously published erratum on some Intel >+ platforms can be exploited by malicious software to potentially cause >+ a denial of service by triggering a machine check that will crash or >+ hang the system.</p> >+ <h1>Impact:</h1> >+ <p>Malicious guest operating systems may be able to crash the host.</p> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2018-12207</cvename> >+ <freebsdsa>SA-19:25.mcepsc</freebsdsa> >+ </references> >+ <dates> >+ <discovery>2019-11-12</discovery> >+ <entry>2019-11-13</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="ecb7fdec-0b82-11ea-874d-0c9d925bbbc0"> >- <topic>drm graphics drivers -- Local privilege escalation and denial of serivce</topic> >+ <topic>drm graphics drivers -- Local privilege escalation and denial of service</topic> > <affects> > <package> > <name>drm-current-kmod</name>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=209326">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 241931
:
209119
| 209326