Debian 9843 Published by

The following security updates has been released for Debian GNU/Linux 9:

DSA 4273-1: intel-microcode security update
DSA 4274-1: xen security update
DSA 4275-1: keystone security update



DSA 4273-1: intel-microcode security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4273-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 16, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : intel-microcode
CVE ID : CVE-2018-3639 CVE-2018-3640

This update ships updated CPU microcode for some types of Intel CPUs and
provides SSBD support (needed to address "Spectre v4") and fixes for
"Spectre v3a".

For the stable distribution (stretch), these problems have been fixed in
version 3.20180703.2~deb9u1.

We recommend that you upgrade your intel-microcode packages.

For the detailed security status of intel-microcode please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/intel-microcode

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



DSA 4274-1: xen security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4274-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 16, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : xen
CVE ID : CVE-2018-3620 CVE-2018-3646

This update provides mitigations for the "L1 Terminal Fault"
vulnerability affecting a range of Intel CPUs.

For additional information please refer to
https://xenbits.xen.org/xsa/advisory-273.html. The microcode updates
mentioned there are not yet available in a form distributable by Debian.

In addition two denial of service vulnerabilities have been fixed
(XSA-268 and XSA-269).

For the stable distribution (stretch), these problems have been fixed in
version 4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10.

We recommend that you upgrade your xen packages.

For the detailed security status of xen please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xen

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



DSA 4275-1: keystone security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4275-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 16, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : keystone
CVE ID : CVE-2018-14432
Debian Bug : 904616

Kristi Nikolla discovered an information leak in Keystone, the OpenStack
identity service, if running in a federated setup.

For the stable distribution (stretch), this problem has been fixed in
version 2:10.0.0-9+deb9u1.

We recommend that you upgrade your keystone packages.

For the detailed security status of keystone please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/keystone

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/