Ubuntu Security Notice 3537-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.59 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.21. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
f06c3188f3f4cb50d15c064298500314a1a0cae930a692b0592e1800d4052cc2
Ubuntu Security Notice 3531-2 - USN-3531-1 updated Intel microcode to the 20180108 release. Regressions were discovered in the microcode updates which could cause system instability on certain hardware platforms. At the request of Intel, we have reverted to the previous packaged microcode version, the 20170707 release. It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides the microcode updates required for the corresponding Linux kernel updates. Various other issues were also addressed.
fba819b5f92640ef5b053c71d4d7ca5a931da55a8cf0cabbb754854f18734e14
Red Hat Security Advisory 2018-0108-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.
771a9efa8fa8f3141dbc34c6b791e537854d0adeb4826112ae3345e34a05918a
Red Hat Security Advisory 2018-0104-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
23e4eb85adf22ae638f041d69f34b8ae5d01c7943467ebc94c5cf0c8afdcd354
Red Hat Security Advisory 2018-0109-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.
4f40722f3569a88276d4c88cecc1c778fbbaf7c5421fac22717c2388f9659e7e
Red Hat Security Advisory 2018-0110-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.
661103e6b7ba601d02e9dfc69a7b8784e8215a3ef6ec95afc05371b955f18e91
Red Hat Security Advisory 2018-0111-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.
d437624fa7ccdb619f968f9303672a69db835a3db4ce6ef500034e74bc653adf
Red Hat Security Advisory 2018-0112-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.
b0e11e3ce3062c5d96bd32dc4c8ce3eff84aecc527d6989d43c67301ef4e8d04
Red Hat Security Advisory 2018-0103-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
c16f0fde94f2617365307ee6256aa71fba0a999718a6a4c5ae723fe6a33dfe0b
Red Hat Security Advisory 2018-0105-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
123ed77d7ae54b4df02e144eb969fe51e544c1dbd19c304eedf4f6a358e6c61b
Red Hat Security Advisory 2018-0107-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
18b3e3b017b4fbd82b463c819fd12cb2f5ddd3e5a8e28cbde288c57bacad4b3d
Red Hat Security Advisory 2018-0106-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
92d26d61560735d40dea0ffaef3c0427fb9b2c16b380360d1cbc9f508056e414
Red Hat Security Advisory 2018-0102-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.
42467302e983da033be8f6a3260ca149adaf6a9d3514fe080d1a6022c64446b9
Red Hat Security Advisory 2018-0101-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.
41a4a97a732661a75d9fdaf74edd3dd40714d6b040171fe8fc8abd3e9769405a
Debian Linux Security Advisory 4093-1 - Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS, was vulnerable to Cross Protocol Scripting attacks. An attacker could craft a HTML page that, when visited by a victim running OpenOCD, could execute arbitrary commands on the victims host.
777db35532db3a19ea95735a3d759ff726c656fed384a35e50a1dc283d2e50bd