{"vulnerability": "rhsa-2018:0017", "sightings": [{"uuid": "0945d99d-0abc-4a65-9c7e-810bcc97f1eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "RHSA-2018:0017", "type": "exploited", "source": "https://t.me/information_security_channel/11989", "content": "Pessoal segue informa\u00e7\u00f5es e links sobre o caso:\n\nMeltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors\nhttps://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html\n \nProjectZero\nhttps://googleprojectzero.blogspot.com.br/2018/01/reading-privileged-memory-with-side.html\n \nIntel Responds to Security Research Findings\nhttps://newsroom.intel.com/news/intel-responds-to-security-research-findings/\n \n \nCPU hardware vulnerable to side-channel attacks\nhttp://www.kb.cert.org/vuls/id/584653\n \nMeltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.\nhttps://meltdownattack.com/\n \nSpectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre\nhttps://spectreattack.com/\n\n\nMicrosoft\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002\n \nMicrosoft Azure\nhttps://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/\n \nAWS\nhttps://aws.amazon.com/security/security-bulletins/AWS-2018-013/\n \nLinux RedHat\nhttps://access.redhat.com/errata/RHSA-2018:0017\n \nVMware\nhttps://www.vmware.com/security/advisories/VMSA-2018-0002.html\n \nCitrix\nhttps://support.citrix.com/article/CTX231399\n \nGoogle Chrome\nhttps://www.chromium.org/Home/chromium-security/ssca\n \nMozilla Firefox\nhttps://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/", "creation_timestamp": "2018-01-04T15:39:21.000000Z"}]}