important: microcode_ctl/spice security update
important
An update for microcode_ctl/spice is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
microcode_ctl: The microcode_ctl utility is a companion to the microcode driver written by Tigran Aivazian
spice: This package contains the header files, static libraries and development documentation for spice-server. If you like to develop programs using spice-server, you will need to install spice-server-devel.
Security Fix(es):
microcode_ctl: A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.(CVE-2020-8696)
microcode_ctl: Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-8698)
microcode_ctl: A vulnerability was found in Intel's implementation of RAPL (Running Average Power Limit). An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.(CVE-2020-8695)
microcode_ctl: bugfix
spice: Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.(CVE-2020-14355)
spice: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F11B5.