Security update for ucode-intel SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2527-1 Final 1 1 2019-11-18T09:56:28Z current 2019-11-18T09:56:28Z 2019-11-18T09:56:28Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ucode-intel This update for ucode-intel fixes the following issues: - Updated to 20191112 official security release (bsc#1155988) - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2527 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html E-Mail link for openSUSE-SU-2019:2527-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1139073 SUSE Bug 1139073 https://bugzilla.suse.com/1141035 SUSE Bug 1141035 https://bugzilla.suse.com/1155988 SUSE Bug 1155988 https://www.suse.com/security/cve/CVE-2019-11135/ SUSE CVE CVE-2019-11135 page https://www.suse.com/security/cve/CVE-2019-11139/ SUSE CVE CVE-2019-11139 page openSUSE Leap 15.0 ucode-intel-20191112a-lp150.2.33.1 ucode-intel-20191112a-lp150.2.33.1 as a component of openSUSE Leap 15.0 TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11135 openSUSE Leap 15.0:ucode-intel-20191112a-lp150.2.33.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html https://www.suse.com/security/cve/CVE-2019-11135.html CVE-2019-11135 https://bugzilla.suse.com/1139073 SUSE Bug 1139073 https://bugzilla.suse.com/1152497 SUSE Bug 1152497 https://bugzilla.suse.com/1152505 SUSE Bug 1152505 https://bugzilla.suse.com/1152506 SUSE Bug 1152506 https://bugzilla.suse.com/1160120 SUSE Bug 1160120 https://bugzilla.suse.com/1201877 SUSE Bug 1201877 Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. CVE-2019-11139 openSUSE Leap 15.0:ucode-intel-20191112a-lp150.2.33.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html https://www.suse.com/security/cve/CVE-2019-11139.html CVE-2019-11139 https://bugzilla.suse.com/1141035 SUSE Bug 1141035