My Favorites

Close

Please to see your favorites.

  • Bookmark
  • Email Document
  • Printer Friendly
  • Favorite
  • Rating:

Meltdown and Spectre CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715

This document (7022579) is provided subject to the disclaimer at the end of this document.

Environment

Change Guardian 4x and 5x

Situation

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents. 
Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.

Resolution

These vulnerabilities are resolved by patches provided between January 2018 and March 2018. You should apply the latest operating system patches to your Change Guardian systems to address these vulnerabilities.

The operating system patches should be downloaded from your OS vendor if you have a traditional installation of Change Guardian. If you have one or more Change Guardian appliances, you should apply the latest updates from the NCC appliance update channel or contact Customer Support for assistance if your appliance doesn’t have direct connectivity to the NCC channel. The NCC channel updates are available as of April, 1st 2018.

For more information about how SUSE has addressed this, a detailed timeline, and steps to verify that your system is protected, see

https://www.suse.com/support/kb/doc/?id=7022512. 

For similar information from Red Hat, see 

https://access.redhat.com/security/vulnerabilities/speculativeexecution. 


Note: With the latest OS patches, the previously published recommendation to manually remove the file microcode_ctl-1.17-102.83.9.1 does not apply.

References: 

https://nvd.nist.gov/vuln/detail/CVE-2017-5715

https://nvd.nist.gov/vuln/detail/CVE-2017-5753

https://nvd.nist.gov/vuln/detail/CVE-2017-5754

Additional Information

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7022579
  • Creation Date:19-JAN-18
  • Modified Date:13-APR-18
    • NovellChange Guardian
    • SUSESUSE Linux Enterprise Server
< Back to Support Search

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center