Meltdown und Spectre: Die Sicherheitshinweise und Updates von Hardware- und Software-Herstellern
Hersteller von Hard- und Software sind von den Sicherheitslücken Meltdown und Spectre gleichermaßen betroffen. Eine Linkübersicht zu Stellungnahmen, weiterführenden Informationen und Update-Hinweisen.
Eine Vielzahl moderner und älterer Prozessoren sind aufgrund ihrer Hardware-Architektur für die Angriffsszenarien Meltdown und Spectre [1] anfällig (Analyse: So funktionieren Meltdown und Spectre [2]). Schließen lassen sich die Lücken vorerst lediglich über Änderungen an der Software, also an den Programmcodes von Betriebssystemen wie Windows, macOS, Linux, Android und iOS sowie über Patches für einzelne Anwendungen wie etwa Firefox. Daher ist es für Nutzer essentiell, ihre Betriebssysteme immer sofort mit den neuesten Updates zu versorgen und auch Anwendungen so schnell wie möglich zu aktualisieren.
Im folgenden finden Sie Links zu aktuellen Informationen und Sicherheitshinweisen von Hardware- und Software-Anbietern zum Thema Meltdown und Spectre. Die Übersicht wird ständig aktualisiert, über aktuelle Hinweise zu neuen Stellungnahmen im Forum sind wir unseren Lesern dankbar.
Informationsseiten und Updates
Acer
Meltdown and Spectre security vulnerabilities [9]
Amazon
Processor Speculative Execution Research Disclosure [10]
AMD
An Update on AMD Processor Security [11]
Android
Android Security Bulletin—January 2018 [12]
AVM
Meltdown und Spectre – keine Angriffsmöglichkeit bei AVM-Produkten [13]
Apple
About speculative execution vulnerabilities in ARM-based and Intel CPUs [14]
ARM
Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism [15]
Asrock
Asus
ASUS Motherboards Microcode Update for Speculative Execution [17]
Bitdefender
Understanding the impact of Meltdown and Spectre CPU exploits on Bitdefender GravityZone users [18]
Brocade
Brocade Security Advisory ID: BSA-2018- 522 [19]
CA Technologies
Chromium Project
Actions Required to Mitigate Speculative Side-Channel Attack Techniques [21]
CentOS
CentOS Information for VU#584653 [22]
CERT Software Engineering Institute Carnegie Mellon University
Vulnerability Note VU#584653: CPU hardware vulnerable to side-channel attacks [23]
Check Point
Check Point Response to Meltdown and Spectre (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754) [24]
Cisco
CPU Side-Channel Information Disclosure Vulnerabilities [25]
Citrix
Citrix Security Updates for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 [26]
Debian
Debian Security Advisory: DSA-4078-1 linux -- security update [27]
CVE-2017-5754: Security Tracker [28]
Dell
Meltdown and Spectre Vulnerabilities [29]
Dell EMC (Dell Enterprise Servers, Storage and Networking)
Fedora
Protect your Fedora system against Meltdown [31]
FireEye
FireEye Notice for CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715 [32]
Fortinet
CPU hardware vulnerable to Meltdown and Spectre attacks [33]
FreeBSD
8. Januar: Response to Meltdown and Spectre [35]
17. Februar: Revision 329462 [36]
Fujitsu
CPU hardware vulnerable to side-channel attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) [37]
Side-Channel Analysis Method: Spectre & Meltdown Security Review [38]
G DATA
"Spectre" und "Meltdown" - Forscher entdecken schwere Sicherheitslücken in Prozessoren [39]
Gigabyte
GIGABYTE Safeguards Users From Speculative Execution Vulnerability [40]
BIOS update for Side Channel Analysis Security issue Mitigations [41]
Google’s Mitigations Against CPU Speculative Execution Attack Methods [42]
Hitachi Vantara (Hitachi Data Systems)
Hitachi Vantara Statement Regarding Spectre and Meltdown Vulnerabilities [43]
(konkrete Informationen erst nach Login zugänglich)
Huawei
CPU Vulnerabilities 'Meltdown' and 'Spectre' [44]
HP
HPE
IBM
Potential CPU Security Issue [47] (eventuell auch IBM Z)
Potential Impact on Processors in the POWER family [48]
IGEL
IGEL arbeitet an Schutz vor Meltdown und Spectre [50]
Intel
Intel Responds to Security Research Findings [51]
Intel Issues Updates to Protect Systems from Security Exploits [52]
BIOS-Update 0065 für Intel NUC6i3SYH, NUC6i3SYK, NUC6i5SYH, NUC6i5SYK [54]
Linux Processor Microcode Data File Version 20180108 [55]
Intel Security Issue Update: Initial Performance Data Results for Client Systems [56]
Intel-SA-00088 for Intel NUC, Intel Compute Stick, and Intel Compute Card [57]
Lancom
Spectre und Meltdown: LANCOM Geräte sind nicht betroffen [58]
Lenovo
Lenovo Security Advisory: LEN-18282: Reading Privileged Memory with a Side Channel [59]
Linux Foundation
x86/kpti: Kernel Page Table Isolation (was KAISER [60]
McAfee
Meltdown and Spectre – McAfee Product Compatibility Update [61]
Microsoft
January 3, 2018—KB4056892 (OS Build 16299.192) [62]
Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems [64]
Hyper-V: Protecting guest virtual machines from CVE-2017-5715 (branch target injection) [65]
Surface Guidance to protect against speculative execution side-channel vulnerabilities [66]
Microsoft Edge
Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer [67]
Microsoft Azure
Securing Azure customers from CPU vulnerability [68]
Microsoft SQL Server
SQL Server guidance to protect against speculative execution side-channel vulnerabilities [69]
Microsoft Windows Server
Windows Server guidance to protect against speculative execution side-channel vulnerabilities [70]
Mozilla
Mitigations landing for new class of timing attack [71]
MSI
BIOS-Updates für Mainboards mit Z370 [72]
NetApp
Processor Speculated Execution Vulnerabilities in NetApp Products [73]
Netgear
Nvidia
Nvidia's response to speculative side channels CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754 [75]
OpenBSD
OpenBSD 6.2 Errata, 009: SECURITY FIX: March 1, 2018 [77]
Oracle
CVE-2017-5715 (Oracle Linux version 6, 7, Oracle VM version 3.4, qemu-kvm) [78]
Panasonic
Proxmox
Meltdown and Spectre Linux Kernel fixes [80]
QEMU
QEMU and the Spectre and Meltdown attacks [81]
QNAP
Security Advisory for Meltdown and Spectre Vulnerabilities [82]
Quanta QCT
Intel Security Advisory update [83]
Raspberry Pi
WHY RASPBERRY PI ISN’T VULNERABLE TO SPECTRE OR MELTDOWN [84]
Redhat
Kernel Side-Channel Attacks - CVE-2017-5754 CVE-2017-5753 CVE-2017-5715 [85]
Shuttle
Sicherheitstechnische Informationen zu "Meltdown" und "Spectre" (Update) [86]
Sophos
Supermicro
SUSE
SUSE Addresses Meltdown and Spectre Vulnerabilities [89]
Symantec
Synology
Synology-SA-18:01 Meltdown and Spectre Attacks [91]
Telekom
Open Telekom Cloud arbeitet an Lösung für Prozessor-Problem [92]
Open Telekom Cloud Security Advisory about Processor Speculation Leaks [93]
Thomas-Krenn
Sicherheitshinweise zu Meltdown und Spectre [94]
Toshiba
Trend Micro
Important Information for Trend Micro Solutions and Microsoft January 2018 Security Updates [96]
Ubuntu
Ubuntu Updates for the Meltdown / Spectre Vulnerabilities [97]
Univention
Status of Meltdown and Spectre security issues in UCS [98]
VMware
Meltdown and Spectre: VMware products [99]
VMware Security & Compliance Blog [101]
Wind River Linux
Wind River Security Vulnerability Notice [105]
XEN
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmmung wird hier ein externes Video (Kaltura Inc.) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (Kaltura Inc.) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung [107].
URL dieses Artikels:
https://www.heise.de/-3936141
Links in diesem Artikel:
[1] https://www.heise.de/news/Gravierende-Prozessor-Sicherheitsluecke-Nicht-nur-Intel-CPUs-betroffen-erste-Details-und-Updates-3932573.html
[2] https://www.heise.de/news/Analyse-zur-Prozessorluecke-Meltdown-und-Spectre-sind-ein-Security-Supergau-3935124.html
[3] https://www.heise.de/news/FAQ-zu-Meltdown-und-Spectre-Was-ist-passiert-bin-ich-betroffen-wie-kann-ich-mich-schuetzen-3938146.html
[4] https://www.heise.de/news/Meltdown-Spectre-verstehen-Was-Unternehmen-jetzt-wissen-muessen-3954159.html
[5] https://www.heise.de/news/Meltdown-und-Spectre-im-Ueberblick-Grundlagen-Auswirkungen-und-Praxistipps-3944915.html
[6] https://www.heise.de/news/Meltdown-und-Spectre-Die-Sicherheitshinweise-und-Updates-von-Hardware-und-Software-Herstellern-3936141.html
[7] https://www.heise.de/news/Analyse-zur-Prozessorluecke-Meltdown-und-Spectre-sind-ein-Security-Supergau-3935124.html
[8] https://www.heise.de/thema/Meltdown-und-Spectre
[9] https://us.answers.acer.com/app/answers/detail/a_id/53104
[10] https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
[11] https://www.amd.com/en/corporate/speculative-execution
[12] https://source.android.com/security/bulletin/2018-01-01
[13] https://avm.de/service/aktuelle-sicherheitshinweise/
[14] https://support.apple.com/en-us/HT208394
[15] https://developer.arm.com/support/security-update
[16] http://www.asrock.com/support/index.asp?cat=BIOS
[17] https://www.asus.com/News/V5urzYAT6myCC1o2
[18] https://www.bitdefender.com/support/understanding-the-impact-of-meltdown-and-spectre-cpu-exploits-on-bitdefender-gravityzone-users-2072.html
[19] http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2018-522.htm
[20] https://support.ca.com/us/knowledge-base-articles.TEC1272616.html
[21] https://www.chromium.org/Home/chromium-security/ssca
[22] https://www.kb.cert.org/vuls/id/TNOY-AUQKJ5
[23] http://www.kb.cert.org/vuls/id/584653
[24] https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122205&partition=General&product=All%22
[25] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
[26] https://support.citrix.com/article/CTX231399
[27] https://www.debian.org/security/2018/dsa-4078
[28] https://security-tracker.debian.org/tracker/CVE-2017-5754
[29] http://www.dell.com/support/article/de/de/debsdt1/sln308587
[30] https://www.dell.com/support/article/us/en/04/sln308588/microprocessor-side-channel-vulnerabilities-cve-2017-5715-cve-2017-5753-cve-2017-5754-impact-on-dell-emc-products-dell-enterprise-servers-storage-and-networking-?lang=en
[31] https://fedoramagazine.org/protect-fedora-system-meltdown/
[32] https://www.fireeye.com/blog/products-and-services/2018/01/fireeye-notice-for-meltdown-and-spectre-vulnerabilities.html
[33] https://fortiguard.com/psirt/FG-IR-18-002
[34] https://www.freebsd.org/news/newsflash.html
[35] https://lists.freebsd.org/pipermail/freebsd-security/2018-January/009719.html
[36] https://svnweb.freebsd.org/base?view=revision&revision=329462
[37] http://www.fujitsu.com/global/support/products/software/security/products-f/jvn-93823979e.html
[38] http://support.ts.fujitsu.com/content/SideChannelAnalysisMethod.asp
[39] https://www.gdata.de/blog/2018/30323-spectre-meltdown
[40] http://www.gigabyte.eu/Press/News/1586
[41] https://www.gigabyte.com/MicroSite/481/intel-sa-00088.html
[42] https://support.google.com/faqs/answer/7622138
[43] https://knowledge.hds.com/Support_Information/CVE_Security_Notices/Hitachi_Vantara_Statement_Regarding_Spectre_and_Meltdown_Vulnerabilities
[44] http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180106-01-cpu-en
[45] https://support.hp.com/us-en/document/c05869091
[46] https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
[47] https://www.ibm.com/blogs/psirt/potential-cpu-security-issue/
[48] https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/
[49] https://www.ibm.com/blogs/psirt/ibm-storage-meltdownspectre/
[50] https://www.igel.de/company-news/igel-arbeitet-schutz-vor-meltdown-und-spectre/
[51] https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
[52] https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits/
[53] https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
[54] https://downloadcenter.intel.com/de/download/27422/NUCs-BIOS-Update-SYSKLi35-86A-?product=89190
[55] https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File?product=52214
[56] https://newsroom.intel.com/editorials/intel-security-issue-update-initial-performance-data-results-client-systems/
[57] https://www.intel.com/content/www/us/en/support/articles/000026620/mini-pcs.html
[58] https://www.lancom-systems.de/service-support/soforthilfe/allgemeine-sicherheitshinweise/
[59] https://support.lenovo.com/de/en/solutions/len-18282
[60] https://lkml.org/lkml/2017/12/4/709
[61] https://kc.mcafee.com/corporate/index?page=content&id=KB90167
[62] https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892
[63] https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
[64] https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
[65] https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/cve-2017-5715-and-hyper-v-vms
[66] https://support.microsoft.com/en-us/help/4073065/surface-guidance-to-protect-against-speculative-execution-side-channel
[67] https://blogs.windows.com/msedgedev/2018/01/03/speculative-execution-mitigations-microsoft-edge-internet-explorer/#Rohm8y8BJcfgKBoG.97
[68] https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
[69] https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server
[70] https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
[71] https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
[72] http://www.rbt-pressroom.eu/de/pressbox/updates-schliessen-moegliche-sicherheitsluecken-in-der-aktuellen-intel-microcode-version/
[73] https://security.netapp.com/advisory/ntap-20180104-0001/
[74] https://kb.netgear.com/000053240/Security-Advisory-for-Speculative-Code-Execution-Spectre-and-Meltdown-on-Some-ReadyNAS-and-ReadyDATA-Storage-Systems-PSV-2018-0005
[75] https://forums.geforce.com/default/topic/1033210/nvidias-response-to-speculative-side-channels-cve-2017-5753-cve-2017-5715-and-cve-2017-5754/
[76] http://nvidia.custhelp.com/app/answers/detail/a_id/4611/~/security-bulletin%3A-nvidia-gpu-display-driver-security-updates-for-speculative
[77] https://www.openbsd.org/errata62.html
[78] https://linux.oracle.com/cve/CVE-2017-5715.html
[79] https://pc-dl.panasonic.co.jp/itn/vuln/g18-001.html
[80] https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/
[81] https://www.qemu.org/2018/01/04/spectre/
[82] https://www.qnap.com/de-de/security-advisory/nas-201801-08
[83] https://www.qct.io/Press-Releases/index/PR/Server/Intel-SA-00088
[84] https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/
[85] https://access.redhat.com/security/vulnerabilities/speculativeexecution?sc_cid=701f2000000tsLNAAY&
[86] http://www.shuttle.eu/de/news/view/sicherheitstechnische-informationen-zu-meltdown-und-spectre-update/86fc24644d/29/
[87] https://community.sophos.com/kb/en-us/128053
[88] https://www.supermicro.com/support/security_Intel-SA-00088.cfm
[89] https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
[90] https://support.symantec.com/en_US/article.INFO4793.html
[91] https://www.synology.com/de-de/support/security/Synology_SA_18_01
[92] https://cloud.telekom.de/blog/prozessorproblem/
[93] https://imagefactory.otc.t-systems.com/Blog-Review/SpecExLeak/
[94] https://www.thomas-krenn.com/de/wiki/Sicherheitshinweise_zu_Meltdown_und_Spectre
[95] https://support.toshiba.com/support/viewContentDetail?contentId=4015952
[96] https://esupport.trendmicro.com/en-us/home/pages/technical-support/1118996.aspx
[97] https://insights.ubuntu.com/2018/01/04/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities/
[98] https://help.univention.com/t/status-of-meltdown-and-spectre-security-issues-in-ucs/7678
[99] https://vinfrastructure.it/2018/01/meltdown-spectre-vmware-patches/
[100] https://www.vmware.com/security/advisories/VMSA-2018-0002.html
[101] https://blogs.vmware.com/security/2018/01/vmsa-2018-0002.html
[102] https://kb.vmware.com/s/article/52264
[103] https://kb.vmware.com/s/article/52245
[104] https://www.vmware.com/security/advisories/VMSA-2018-0007.html
[105] https://knowledge.windriver.com/en-us/000_Products/000/010/050/010/000_Wind_River_Security_Vulnerability_Notice%3A__Linux_Kernel_Meltdown_and_Spectre_Break_(Side-Channel_Attacks)_-_CVE-2017-5754_CVE-2017-5753_CVE-2017-5715
[106] https://xenbits.xen.org/xsa/advisory-254.html
[107] https://www.heise.de/Datenschutzerklaerung-der-Heise-Medien-GmbH-Co-KG-4860.html
[108] mailto:mfi@heise.de
Copyright © 2018 Heise Medien