They say that probably because RHEL is one of options in Linux on z; that's the part where their knowledge ends, I think. IBM will (and have) advice for z/OS, z/TPF, z/VSE, z/VM, CFCC, etc.
– Vignesh Mainframe Infrastructure -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of John McKown Sent: 22 May 2018 13:22 To: [email protected] Subject: [EXTERNAL] Fwd: Kernel Side-Channel Attack using Speculative Store Bypass Thought this would be of interest here. It says IBMz _HAS_ the problem. Along with POWER8 and ARM, not just "Intel compatible" (BAD). ---------- Forwarded message --------- From: Alan Ackerman <[email protected]> Date: Mon, May 21, 2018 at 9:36 PM Subject: Kernel Side-Channel Attack using Speculative Store Bypass To: <[email protected]> I got this from Red Hat at https://www.redhat.com/en/blog/speculative-store-bypass-explained-what-it-how-it-works which points to https://access.redhat.com/security/vulnerabilities/ssbd which says: "This issue has been assigned CVE-2018-3639 <https://access.redhat.com/security/cve/cve-2018-3639> and is also referred to as “Variant 4” or “Speculative Store Bypass”. This issue is known to affect CPUs of various microarchitectures from: AMD <https://www.amd.com/en/corporate/security-updates>, ARM <https://developer.arm.com/support/arm-security-updates>, IBM <https://www.ibm.com/blogs/psirt/> POWER8, POWER9, and SystemZ series, and Intel <https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html> processors. All currently supported versions of Red Hat Enterprise Linux, Red Hat OpenShift, Red Hat Virtualization, and Red Hat OpenStack Platform are affected." If we hear anything from IBM, I would guess it would be at their Security Site. I also I got this from US-CERT: https://www.us-cert.gov/ncas/alerts/TA18-141A. Alan Ackerman [email protected] -- Once a government places vague notions of public safety and security above the preservation of freedom, a general loss of liberty is sure to follow. GCS Griffin -- Pelaran Alliance -- TFS Guardian (book) Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN MARKSANDSPENCER.COM ________________________________ Unless otherwise stated above: Marks and Spencer plc Registered Office: Waterside House 35 North Wharf Road London W2 1NW Registered No. 214436 in England and Wales. Telephone (020) 7935 4422 Facsimile (020) 7487 2670 www.marksandspencer.com Please note that electronic mail may be monitored. This e-mail is confidential. If you received it by mistake, please let us know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
