Security update for spectre-meltdown-checker

Announcement ID:	SUSE-SU-2024:0884-1
Rating:	moderate
References:	jsc#PED-2362 jsc#SLE-5514
Cross-References:	CVE-2023-20593
CVSS scores:	CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:	Basesystem Module 15-SP5 openSUSE Leap 15.5 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 SUSE Linux Enterprise Real Time 15 SP5 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3

An update that solves one vulnerability and contains two features can now be installed.

Description:

This update for spectre-meltdown-checker fixes the following issues:

updated to 0.46 This release mainly focuses on the detection of the new Zenbleed (CVE-2023-20593) vulnerability, among few other changes that were in line waiting for a release:
feat: detect the vulnerability and mitigation of Zenbleed (CVE-2023-20593)
feat: add the linux-firmware repository as another source for CPU microcode versions
feat: arm: add Neoverse-N2, Neoverse-V1 and Neoverse-V2
fix: docker: adding missing utils (#433)
feat: add support for Guix System kernel
fix: rewrite SQL to be sqlite3 >= 3.41 compatible (#443)
fix: a /devnull file was mistakenly created on the filesystem
fix: fwdb: ignore MCEdb versions where an official Intel version exists (fixes #430)
updated to 0.45
arm64: phytium: Add CPU Implementer Phytium
arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig
chore: ensure vars are set before being dereferenced (set -u compat)
chore: fix indentation
chore: fwdb: update to v220+i20220208
chore: only attempt to load msr and cpuid module once
chore: read_cpuid: use named constants
chore: readme: framapic is gone, host the screenshots on GitHub
chore: replace 'Vulnerable to' by 'Affected by' in the hw section
chore: speculative execution -> transient execution
chore: update fwdb to v222+i20220208
chore: update Intel Family 6 models
chore: wording: model not vulnerable -> model not affected
doc: add an FAQ entry about CVE support
doc: add an FAQ.md and update the README.md accordingly
doc: more FAQ and README
doc: readme: make the FAQ entry more visible
feat: add --allow-msr-write, no longer write by default (#385), detect when writing is denied
feat: add --cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208
feat: add subleaf != 0 support for read_cpuid
feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371)
feat: bsd: for unimplemented CVEs, at least report when CPU is not affected
feat: hw check: add IPRED, RRSBA, BHI features check
feat: implement detection for MCEPSC under BSD
feat: set default TMPDIR for Android (#415)
fix: extract_kernel: don't overwrite kernel_err if already set
fix: has_vmm false positive with pcp
fix: is_ucode_blacklisted: fix some model names
fix: mcedb: v191 changed the MCE table format
fix: refuse to run under MacOS and ESXi
fix: retpoline: detection on 5.15.28+ (#420)
fix: variant4: added case where prctl ssbd status is tagged as 'unknown'

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-884=1
SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2024-884=1
SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-884=1
SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-884=1
openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-884=1
Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-884=1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-884=1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-884=1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-884=1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-884=1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-884=1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-884=1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-884=1
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-884=1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-884=1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-884=1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-884=1

Package List:

SUSE Manager Proxy 4.3 (x86_64)
- spectre-meltdown-checker-0.46-150100.3.9.1
SUSE Manager Retail Branch Server 4.3 (x86_64)
- spectre-meltdown-checker-0.46-150100.3.9.1
SUSE Manager Server 4.3 (x86_64)
- spectre-meltdown-checker-0.46-150100.3.9.1
SUSE Enterprise Storage 7.1 (x86_64)
- spectre-meltdown-checker-0.46-150100.3.9.1
openSUSE Leap 15.5 (x86_64)
- spectre-meltdown-checker-0.46-150100.3.9.1
Basesystem Module 15-SP5 (x86_64)
- spectre-meltdown-checker-0.46-150100.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64)
- spectre-meltdown-checker-0.46-150100.3.9.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
- spectre-meltdown-checker-0.46-150100.3.9.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
- spectre-meltdown-checker-0.46-150100.3.9.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
- spectre-meltdown-checker-0.46-150100.3.9.1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
- spectre-meltdown-checker-0.46-150100.3.9.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64)
- spectre-meltdown-checker-0.46-150100.3.9.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64)
- spectre-meltdown-checker-0.46-150100.3.9.1
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (x86_64)
- spectre-meltdown-checker-0.46-150100.3.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
- spectre-meltdown-checker-0.46-150100.3.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
- spectre-meltdown-checker-0.46-150100.3.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
- spectre-meltdown-checker-0.46-150100.3.9.1

Security update for spectre-meltdown-checker

Description:

Patch Instructions:

Package List:

References: