SB2019051525 - Information disclosure in xen (Alpine package)
Published: May 15, 2019
Security Bulletin ID
SB2019051525
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2019-11091)
The vulnerability allows a local authenticated user to gain access to sensitive information.
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=e42bcd9d2c39e861c980adebf91418ddbe72bd21
- https://git.alpinelinux.org/aports/commit/?id=c49084a961893d69e5cdba0b5a8072217ba8be67
- https://git.alpinelinux.org/aports/commit/?id=1a7ae75cb9ed94f62f9859f8a07a0bc1c5021604
- https://git.alpinelinux.org/aports/commit/?id=d9cf7666f5f3aa90dbce9f04bdc7d975284cc530
- https://git.alpinelinux.org/aports/commit/?id=46c72db3ec91d42b57e2341cd9514a876b1b0952
- https://git.alpinelinux.org/aports/commit/?id=49b770e54aaba339695f94b6940ff412732e4f8b
- https://git.alpinelinux.org/aports/commit/?id=4cafe4f7ac5e95424824e1ef5835b409f1fe48e7
- https://git.alpinelinux.org/aports/commit/?id=7fc5ca2a862219a65a85170d6e009147362ef8d8
- https://git.alpinelinux.org/aports/commit/?id=1d0fe0196f9102c4c9edf2965deb91b142688924
- https://git.alpinelinux.org/aports/commit/?id=0c47d89261a9f6f60cdd25fd3c7848e3d089f47a