Ver Mensaje Individual
  #3  
Antiguo 07-ene-2018, 16:12
Avatar de gvcastellon
gvcastellon gvcastellon está desconectado
Miembro Senior
 
Fecha de Ingreso: 17-febrero-2012
Ubicación: Somewhere in the third planet of the Solar System ;)
Versión: Leap 42.1
Mensajes: 1.230
Agradecimientos: 992
Agradecido 565 Veces en 362 Mensajes
Poder de Credibilidad: 8
gvcastellon está en el buen camino
DR, gracias por mantenernos actualizados.

En mi caso tengo openSuSE 42.3, con estos parches actualizados, en la información detallada de la actualización del Kernel, tambien sugieren: ....creo muy extenso para publicarlo todo aquí.

...original.
Cita:
Please also check with your CPU / Hardware vendor on updated firmware
or BIOS images regarding this issue.
...traducido.
Cita:
Por favor, consulte también con su proveedor de CPU / Hardware sobre firmware actualizado, o imágenes de BIOS con respecto a este problema.
Básicamente seria revisar el Hardware involucrado instalado y ver si hay parches del fabricante.

Código:
openSUSE-Leap-42.3-Update   | openSUSE-2018-2    | security    | important | reboot      | applied    | Security update for the Linux Kernel
Código:
zypper patch-info openSUSE-2018-2
Loading repository data...
Reading installed packages...


Information for patch openSUSE-2018-2:
--------------------------------------
Repository  : openSUSE-Leap-42.3-Update           
Name        : openSUSE-2018-2                     
Version     : 1                                   
Arch        : noarch                              
Vendor      : maint-coord@suse.de                 
Status      : applied                             
Category    : security                            
Severity    : important                           
Created On  : Fri 05 Jan 2018 02:20:26 AM EST     
Interactive : reboot                              
Summary     : Security update for the Linux Kernel
Description :                                     


    The openSUSE Leap 42.3 kernel was updated to 4.4.104 to receive various security and bugfixes.

    This update adds mitigations for various side channel attacks against
    modern CPUs that could disclose content of otherwise unreadable memory
    (bnc#1068032).

    - CVE-2017-5753 / "SpectreAttack": Local attackers on systems with
      modern CPUs featuring deep instruction pipelining could use attacker
      controllable speculative execution over code patterns in the Linux
      Kernel to leak content from otherwise not readable memory in the same
      address space, allowing retrieval of passwords, cryptographic keys
      and other secrets.

      This problem is mitigated by adding speculative fencing on affected
      code paths throughout the Linux kernel.


    - CVE-2017-5715 / "SpectreAttack": Local attackers on systems with modern
      CPUs featuring branch prediction could use mispredicted branches to
      speculatively execute code patterns that in turn could be made to
      leak other non-readable content in the same address space, an attack
      similar to CVE-2017-5753.

      This problem is mitigated by disabling predictive branches, depending
      on CPU architecture either by firmware updates and/or fixes in the
      user-kernel privilege boundaries.

      Please also check with your CPU / Hardware vendor on updated firmware
      or BIOS images regarding this issue.

      As this feature can have a performance impact, it can be disabled
      using the "nospec" kernel commandline option.


    - CVE-2017-5754 / "MeltdownAttack": Local attackers on systems with
      modern CPUs featuring deep instruction pipelining could use code
      patterns in userspace to speculative executive code that would read
      otherwise read protected memory, an attack similar to CVE-2017-5753.

      This problem is mitigated by unmapping the Linux Kernel from the user
      address space during user code execution, following a approach called
      "KAISER". The terms used here are "KAISER" / "Kernel Address Isolation"
      and "PTI" / "Page Table Isolation".

      Note that this is only done on affected platforms.

      This feature can be enabled / disabled by the "pti=[on|off|auto]" or
      "nopti" commandline options.
Suerte. ...vendrán mas temporadas de "Mr.Robot", XD
__________________
The box said: 'Requires Windows 95 or better' SO I INSTALLED LINUX


Kernel: 4.4.76-1-default x86_64
Distro: openSUSE Leap 42.3 /TW
KDE Plasma 5.8.7
Motherboard-ASUS M4A78LT-M LE
Quad core AMD Phenom II X4 B50Processor- 3.2 GHz
RAM-8.0 GiB
Video-AMD Radeon HD-6770

Última edición por DiabloRojo; 07-ene-2018 a las 16:52 Razón: Fusionar dos mensajes y eliminar otro
Responder Citando
Los Siguientes 3 Usuarios Han Dado las Gracias a gvcastellon Por Este Mensaje:
Krovikan (08-ene-2018), mikrios (08-ene-2018), SergioNN (07-ene-2018)