Headline
Ubuntu Security Notice USN-6485-1
Ubuntu Security Notice 6485-1 - Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, Nir Shlomovich, Tavis Ormandy, Daniel Moghimi, Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela, Doug Kwan, and Kostik Shtoyk discovered that some Intel Processors did not properly handle certain sequences of processor instructions. A local attacker could possibly use this to cause a core hang , gain access to sensitive information or possibly escalate their privileges.
==========================================================================Ubuntu Security Notice USN-6485-1November 17, 2023intel-microcode vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 23.04- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)- Ubuntu 16.04 LTS (Available with Ubuntu Pro)Summary:The system could be made to crash or expose sensitive information under certainconditions.Software Description:- intel-microcode: Processor microcode for Intel CPUsDetails:Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn,Hisham Shafi, Nir Shlomovich, Tavis Ormandy, Daniel Moghimi, Josh Eads, SalmanQazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela, Doug Kwan, and KostikShtoyk discovered that some Intel(R) Processors did not properly handle certainsequences of processor instructions. A local attacker could possibly use this tocause a core hang (resulting in a denial of service), gain access to sensitiveinformation or possibly escalate their privileges.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10: intel-microcode 3.20231114.0ubuntu0.23.10.1Ubuntu 23.04: intel-microcode 3.20231114.0ubuntu0.23.04.1Ubuntu 22.04 LTS: intel-microcode 3.20231114.0ubuntu0.22.04.1Ubuntu 20.04 LTS: intel-microcode 3.20231114.0ubuntu0.20.04.1Ubuntu 18.04 LTS (Available with Ubuntu Pro): intel-microcode 3.20231114.0ubuntu0.18.04.1+esm1Ubuntu 16.04 LTS (Available with Ubuntu Pro): intel-microcode 3.20231114.0ubuntu0.16.04.1+esm1After a standard system update you need to reboot your computer to makeall the necessary changes.References: https://ubuntu.com/security/notices/USN-6485-1 CVE-2023-23583Package Information: https://launchpad.net/ubuntu/+source/intel-microcode/3.20231114.0ubuntu0.23.10.1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20231114.0ubuntu0.23.04.1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20231114.0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20231114.0ubuntu0.20.04.1Related news
Debian Linux Security Advisory 5563-1 - Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, Nir Shlomovich, avis Ormandy, Daniel Moghimi, Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela, Doug Kwan, and Kostik Shtoyk discovered that some Intel processors mishandle repeated sequences of instructions leading to unexpected behavior, which may result in privilege escalation, information disclosure or denial of service.
By Deeba Ahmed Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments. This is a post from HackRead.com Read the original post: Google Reveals ‘Reptar’ Vulnerability Threatening Intel Processors
YouTube’s new rules may not be around for long anyway, because they might run afoul of European Union regulations
Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs. Tracked as CVE-2023-23583 (CVSS score: 8.8), the issue has the potential to "allow escalation of privilege and/or information disclosure and/or denial of service via local access." Successful exploitation of the vulnerability could also permit a bypass of the CPU's
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.