diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-07-24 22:07:56 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-07-25 13:30:36 +0200 |
commit | 0ac01cde033f305e11c290cbd5db0f7b80b75da9 (patch) | |
tree | c5808ebf50aa44108aa3ec9c999454e56d2cffbe /ChangeLog.txt | |
parent | 7dde293aa0b2d58d9f1eee9d1fadc6ce2224f9db (diff) | |
download | current-0ac01cde033f305e11c290cbd5db0f7b80b75da9.tar.gz current-0ac01cde033f305e11c290cbd5db0f7b80b75da9.tar.xz |
Mon Jul 24 22:07:56 UTC 202320230724220756_15.0
patches/packages/kernel-firmware-20230724_59fbffa-noarch-1.txz: Upgraded.
AMD microcode updated to fix a use-after-free in AMD Zen2 processors.
From Tavis Ormandy's annoucement of the issue:
"The practical result here is that you can spy on the registers of other
processes. No system calls or privileges are required.
It works across virtual machines and affects all operating systems.
I have written a poc for this issue that's fast enough to reconstruct
keys and passwords as users log in."
For more information, see:
https://seclists.org/oss-sec/2023/q3/59
https://www.cve.org/CVERecord?id=CVE-2023-20593
(* Security fix *)
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r-- | ChangeLog.txt | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 70e66e53c..e5a1803c3 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,17 @@ +Mon Jul 24 22:07:56 UTC 2023 +patches/packages/kernel-firmware-20230724_59fbffa-noarch-1.txz: Upgraded. + AMD microcode updated to fix a use-after-free in AMD Zen2 processors. + From Tavis Ormandy's annoucement of the issue: + "The practical result here is that you can spy on the registers of other + processes. No system calls or privileges are required. + It works across virtual machines and affects all operating systems. + I have written a poc for this issue that's fast enough to reconstruct + keys and passwords as users log in." + For more information, see: + https://seclists.org/oss-sec/2023/q3/59 + https://www.cve.org/CVERecord?id=CVE-2023-20593 + (* Security fix *) ++--------------------------+ Mon Jul 24 00:17:18 UTC 2023 patches/packages/whois-5.5.18-x86_64-1_slack15.0.txz: Upgraded. Updated the .ga TLD server. |