Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package sca-patterns-sle11 for
openSUSE:Factory checked in at 2021-04-22 18:03:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sca-patterns-sle11 (Old)
and /work/SRC/openSUSE:Factory/.sca-patterns-sle11.new.12324 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sca-patterns-sle11"
Thu Apr 22 18:03:52 2021 rev:10 rq:887359 version:1.3.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/sca-patterns-sle11/sca-patterns-sle11.changes
2021-04-01 14:19:25.660165187 +0200
+++
/work/SRC/openSUSE:Factory/.sca-patterns-sle11.new.12324/sca-patterns-sle11.changes
2021-04-22 18:04:40.594571985 +0200
@@ -1,0 +2,6 @@
+Wed Apr 21 17:42:35 UTC 2021 - Jason Record <jason.rec...@suse.com>
+
+- New regular patterns (1) for version 1.3.1
+ + sle11sp4/crosstalk_114-000019643.py: Special Register Buffer Data Sampling
aka CrossTalk (CVE-2020-0543) (bsc#1154824)
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sca-patterns-sle11-1.3.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sca-patterns-sle11-1.3.1/patterns/SLE/sle11sp4/crosstalk_114-000019643.py
new/sca-patterns-sle11-1.3.1/patterns/SLE/sle11sp4/crosstalk_114-000019643.py
---
old/sca-patterns-sle11-1.3.1/patterns/SLE/sle11sp4/crosstalk_114-000019643.py
1970-01-01 01:00:00.000000000 +0100
+++
new/sca-patterns-sle11-1.3.1/patterns/SLE/sle11sp4/crosstalk_114-000019643.py
2021-04-21 19:28:00.869500135 +0200
@@ -0,0 +1,90 @@
+#!/usr/bin/python
+#
+# Title: Pattern for TID000019643
+# Description: Security Vulnerability: Special Register Buffer Data Sampling
aka CrossTalk (CVE-2020-0543)
+# Source: Kernel Package Version Pattern Template v0.1.1
+# Options:
SLE,Security,Crosstalk,crosstalk_151,000019643,1154824,4.12.14-197.45,0,1
+# Distro: SLES11 SP4 LTSS
+# Modified: 2021 Apr 21
+#
+##############################################################################
+# Copyright (C) 2021, SUSE LLC
+##############################################################################
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# Authors/Contributors:
+# Jason Record <jason.rec...@suse.com>
+#
+##############################################################################
+
+import re
+import os
+import Core
+import SUSE
+
+META_CLASS = "SLE"
+META_CATEGORY = "Security"
+META_COMPONENT = "Crosstalk"
+PATTERN_ID = os.path.basename(__file__)
+PRIMARY_LINK = "META_LINK_TID"
+OVERALL = Core.TEMP
+OVERALL_INFO = "NOT SET"
+OTHER_LINKS =
"META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019643|META_LINK_BUG=https://bugzilla.suse.com/show_bug.cgi?id=1154824|META_LINK_CVE-2020-0543=https://www.suse.com/security/cve/CVE-2020-0543/";
+
+Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK,
OVERALL, OVERALL_INFO, OTHER_LINKS)
+
+##############################################################################
+# Local Function Definitions
+##############################################################################
+
+def intelCPU():
+ fileOpen = "hardware.txt"
+ section = "/proc/cpuinfo"
+ content = []
+ CONFIRMED = re.compile("vendor_id.*GenuineIntel", re.IGNORECASE)
+ if Core.getRegExSection(fileOpen, section, content):
+ for line in content:
+ if CONFIRMED.search(line):
+ return True
+ return False
+
+##############################################################################
+# Main Program Execution
+##############################################################################
+
+RPM_NAME = 'microcode_ctl'
+RPM_VERSION_FIXED = '1.17-102.83.53'
+KERNEL_VERSION_FIXED = '3.0.101-108.114'
+
+if( SUSE.packageInstalled(RPM_NAME) ):
+ if( intelCPU() ):
+ INSTALLED_VERSION_RPM = SUSE.compareRPM(RPM_NAME,
RPM_VERSION_FIXED)
+ INSTALLED_VERSION_KERN =
SUSE.compareKernel(KERNEL_VERSION_FIXED)
+ if( INSTALLED_VERSION_RPM >= 0 ):
+ if( INSTALLED_VERSION_KERN >= 0 ):
+ Core.updateStatus(Core.IGNORE, "Bug fixes
applied for " + RPM_NAME + " and kernel version")
+ else:
+ Core.updateStatus(Core.WARN, "Risk of L1D data
cache eviction and vector register sampling, update kernel to avoid")
+ else:
+ if( INSTALLED_VERSION_KERN >= 0 ):
+ Core.updateStatus(Core.WARN, "Risk of L1D data
cache eviction and vector register sampling, update " + RPM_NAME + " to avoid")
+ else:
+ Core.updateStatus(Core.WARN, "Risk of L1D data
cache eviction and vector register sampling, update system to avoid")
+ else:
+ Core.updateStatus(Core.ERROR, "ERROR: Intel CPU not found")
+else:
+ Core.updateStatus(Core.ERROR, "ERROR: " + RPM_NAME + " not installed")
+
+Core.printPatternResults()
+
