svn commit: r518430 - head/security/vuxml

Dave Cottlehuber dch at FreeBSD.org
Mon Nov 25 21:45:07 UTC 2019 

Author: dch
Date: Mon Nov 25 21:45:06 2019
New Revision: 518430
URL: https://svnweb.freebsd.org/changeset/ports/518430

Log:
  security/vuxml: add FreeBSD kernel entries for recent Intel CVEs
  
  PR:		241931
  Submitted by:	Miroslav Lachman <000.fbsd at quip.cz>
  Reviewed by:	dch
  Approved by:	joneum (ports-secteam)
  Security:	CVE-2019-11135
  Security:	CVE-2019-11139
  Security:	CVE-2018-12126
  Security:	CVE-2018-12127
  Security:	CVE-2018-12130
  Security:	CVE-2018-11091
  Security:	CVE-2017-5715
  Security:	CVE-2018-12207
  Sponsored by:	SkunkWerks, GmbH

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Mon Nov 25 20:58:50 2019	(r518429)
+++ head/security/vuxml/vuln.xml	Mon Nov 25 21:45:06 2019	(r518430)
@@ -58,6 +58,87 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="fbe10a8a-05a1-11ea-9dfa-f8b156ac3ff9">
+    <topic>FreeBSD -- Intel CPU Microcode Update</topic>
+    <affects>
+      <package>
+	<name>FreeBSD-kernel</name>
+	<range><ge>12.1</ge><lt>12.1_1</lt></range>
+	<range><ge>12.0</ge><lt>12.0_12</lt></range>
+	<range><ge>11.3</ge><lt>11.3_5</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Starting with version 1.26, the devcpu-data port/package includes
+	updates and mitigations for the following technical and security
+	advisories (depending on CPU model).</p>
+	<p>Intel TSX Updates (TAA) CVE-2019-11135 Voltage Modulation
+	Vulnerability CVE-2019-11139 MD_CLEAR Operations
+	CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-11091
+	TA Indirect Sharing CVE-2017-5715 EGETKEY CVE-2018-12126
+	CVE-2018-12127 CVE-2018-12130 CVE-2018-11091 JCC SKX102
+	  Erratum </p>
+	<p>Updated microcode includes mitigations for
+	CPU issues, but may also cause a performance regression due
+	to the JCC erratum mitigation.  Please visit
+	http://www.intel.com/benchmarks for further information.
+	</p>
+	<p>Please visit http://www.intel.com/security for
+	detailed information on these advisories as well as a list of
+	CPUs that are affected.</p>
+	<p>Operating a CPU without the latest microcode may result in erratic or
+	unpredictable behavior, including system crashes and lock ups.
+	Certain issues listed in this advisory may result in the leakage of
+	privileged system information to unprivileged users.  Please refer to
+	the security advisories listed above for detailed information.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2019-11135</cvename>
+      <cvename>CVE-2019-11139</cvename>
+      <cvename>CVE-2018-12126</cvename>
+      <cvename>CVE-2018-12127</cvename>
+      <cvename>CVE-2018-12130</cvename>
+      <cvename>CVE-2018-11091</cvename>
+      <cvename>CVE-2017-5715</cvename>
+      <freebsdsa>SA-19:26.mcu</freebsdsa>
+    </references>
+    <dates>
+      <discovery>2019-11-14</discovery>
+      <entry>2019-11-25</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="edc0bf7e-05a1-11ea-9dfa-f8b156ac3ff9">
+    <topic>FreeBSD -- Machine Check Exception on Page Size Change</topic>
+    <affects>
+      <package>
+	<name>FreeBSD-kernel</name>
+	<range><ge>12.1</ge><lt>12.1_1</lt></range>
+	<range><ge>12.0</ge><lt>12.0_12</lt></range>
+	<range><ge>11.3</ge><lt>11.3_5</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Intel discovered a previously published erratum on some Intel
+	platforms can be exploited by malicious software to potentially cause
+	a denial of service by triggering a machine check that will crash or
+	hang the system.</p>
+	<p>Malicious guest operating systems may be able to crash the host.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2018-12207</cvename>
+      <freebsdsa>SA-19:25.mcepsc</freebsdsa>
+    </references>
+    <dates>
+      <discovery>2019-11-14</discovery>
+      <entry>2019-11-25</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="6ade62d9-0f62-11ea-9673-4c72b94353b5">
     <topic>clamav -- Denial-of-Service (DoS) vulnerability</topic>
     <affects>

More information about the svn-ports-all mailing list