Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package sca-patterns-sle12 for
openSUSE:Factory checked in at 2021-04-22 18:03:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sca-patterns-sle12 (Old)
and /work/SRC/openSUSE:Factory/.sca-patterns-sle12.new.12324 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sca-patterns-sle12"
Thu Apr 22 18:03:52 2021 rev:14 rq:887355 version:1.0.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/sca-patterns-sle12/sca-patterns-sle12.changes
2021-04-01 14:19:26.304166046 +0200
+++
/work/SRC/openSUSE:Factory/.sca-patterns-sle12.new.12324/sca-patterns-sle12.changes
2021-04-22 18:04:39.522570349 +0200
@@ -1,0 +2,13 @@
+Wed Apr 21 17:43:35 UTC 2021 - Jason Record <jason.rec...@suse.com>
+
+- New regular patterns (8) for version 1.0.2
+ + sle12sp2/crosstalk_122-000019643.py: Special Register Buffer Data Sampling
aka CrossTalk (CVE-2020-0543) (bsc#1154824)
+ + sle12sp2/ucodeintel_122-000019635.py: L1D data cache eviction and Vector
Register sampling - CVE-2020-0548, CVE-2020-0549 (bsc#1156353)
+ + sle12sp3/crosstalk_123-000019643.py: Special Register Buffer Data Sampling
aka CrossTalk (CVE-2020-0543) (bsc#1154824)
+ + sle12sp3/ucodeintel_123-000019635.py: L1D data cache eviction and Vector
Register sampling - CVE-2020-0548, CVE-2020-0549 (bsc#1156353)
+ + sle12sp4/crosstalk_124-000019643.py: Special Register Buffer Data Sampling
aka CrossTalk (CVE-2020-0543) (bsc#1154824)
+ + sle12sp4/ucodeintel_124-000019635.py: L1D data cache eviction and Vector
Register sampling - CVE-2020-0548, CVE-2020-0549 (bsc#1156353)
+ + sle12sp5/crosstalk_125-000019643.py: Special Register Buffer Data Sampling
aka CrossTalk (CVE-2020-0543) (bsc#1154824)
+ + sle12sp5/ucodeintel_125-000019635.py: L1D data cache eviction and Vector
Register sampling - CVE-2020-0548, CVE-2020-0549 (bsc#1156353)
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sca-patterns-sle12-1.0.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp2/crosstalk_122-000019643.py
new/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp2/crosstalk_122-000019643.py
---
old/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp2/crosstalk_122-000019643.py
1970-01-01 01:00:00.000000000 +0100
+++
new/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp2/crosstalk_122-000019643.py
2021-04-21 19:25:38.380981336 +0200
@@ -0,0 +1,90 @@
+#!/usr/bin/python
+#
+# Title: Pattern for TID000019643
+# Description: Security Vulnerability: Special Register Buffer Data Sampling
aka CrossTalk (CVE-2020-0543)
+# Source: Kernel Package Version Pattern Template v0.1.1
+# Options:
SLE,Security,Crosstalk,crosstalk_151,000019643,1154824,4.12.14-197.45,0,1
+# Distro: SLES12 SP2 LTSS
+# Modified: 2021 Apr 21
+#
+##############################################################################
+# Copyright (C) 2021, SUSE LLC
+##############################################################################
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# Authors/Contributors:
+# Jason Record <jason.rec...@suse.com>
+#
+##############################################################################
+
+import re
+import os
+import Core
+import SUSE
+
+META_CLASS = "SLE"
+META_CATEGORY = "Security"
+META_COMPONENT = "Crosstalk"
+PATTERN_ID = os.path.basename(__file__)
+PRIMARY_LINK = "META_LINK_TID"
+OVERALL = Core.TEMP
+OVERALL_INFO = "NOT SET"
+OTHER_LINKS =
"META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019643|META_LINK_BUG=https://bugzilla.suse.com/show_bug.cgi?id=1154824|META_LINK_CVE-2020-0543=https://www.suse.com/security/cve/CVE-2020-0543/";
+
+Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK,
OVERALL, OVERALL_INFO, OTHER_LINKS)
+
+##############################################################################
+# Local Function Definitions
+##############################################################################
+
+def intelCPU():
+ fileOpen = "hardware.txt"
+ section = "/proc/cpuinfo"
+ content = []
+ CONFIRMED = re.compile("vendor_id.*GenuineIntel", re.IGNORECASE)
+ if Core.getRegExSection(fileOpen, section, content):
+ for line in content:
+ if CONFIRMED.search(line):
+ return True
+ return False
+
+##############################################################################
+# Main Program Execution
+##############################################################################
+
+RPM_NAME = 'ucode-intel'
+RPM_VERSION_FIXED = '20200602-13.68.1'
+KERNEL_VERSION_FIXED = '4.4.121-92.135'
+
+if( SUSE.packageInstalled(RPM_NAME) ):
+ if( intelCPU() ):
+ INSTALLED_VERSION_RPM = SUSE.compareRPM(RPM_NAME,
RPM_VERSION_FIXED)
+ INSTALLED_VERSION_KERN =
SUSE.compareKernel(KERNEL_VERSION_FIXED)
+ if( INSTALLED_VERSION_RPM >= 0 ):
+ if( INSTALLED_VERSION_KERN >= 0 ):
+ Core.updateStatus(Core.IGNORE, "Bug fixes
applied for " + RPM_NAME + " and kernel version")
+ else:
+ Core.updateStatus(Core.WARN, "Risk of L1D data
cache eviction and vector register sampling, update kernel to avoid")
+ else:
+ if( INSTALLED_VERSION_KERN >= 0 ):
+ Core.updateStatus(Core.WARN, "Risk of L1D data
cache eviction and vector register sampling, update " + RPM_NAME + " to avoid")
+ else:
+ Core.updateStatus(Core.WARN, "Risk of L1D data
cache eviction and vector register sampling, update system to avoid")
+ else:
+ Core.updateStatus(Core.ERROR, "ERROR: Intel CPU not found")
+else:
+ Core.updateStatus(Core.ERROR, "ERROR: " + RPM_NAME + " not installed")
+
+Core.printPatternResults()
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp2/ucodeintel_122-000019635.py
new/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp2/ucodeintel_122-000019635.py
---
old/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp2/ucodeintel_122-000019635.py
1970-01-01 01:00:00.000000000 +0100
+++
new/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp2/ucodeintel_122-000019635.py
2021-04-07 16:32:31.169535763 +0200
@@ -0,0 +1,81 @@
+#!/usr/bin/python
+#
+# Title: Pattern for TID000019635
+# Description: Security vulnerability: L1D data cache eviction and Vector
Register sampling - CVE-2020-0548, CVE-2020-0549
+# Source: Package Version Pattern Template v0.3.7
+# Options:
SLE,Security,CPU,000019635,1156353,ucodeintel_151,ucode-intel,20200602-3.25.1,0,1
+# Distro: SLES12 SP2-SP4
+# Modified: 2021 Apr 07
+#
+##############################################################################
+# Copyright (C) 2021 SUSE LLC
+##############################################################################
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# Authors/Contributors:
+# Jason Record <jason.rec...@suse.com>
+#
+##############################################################################
+
+import re
+import os
+import Core
+import SUSE
+
+META_CLASS = "SLE"
+META_CATEGORY = "Security"
+META_COMPONENT = "CPU"
+PATTERN_ID = os.path.basename(__file__)
+PRIMARY_LINK = "META_LINK_TID"
+OVERALL = Core.TEMP
+OVERALL_INFO = "NOT SET"
+OTHER_LINKS =
"META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019635|META_LINK_BUG=https://bugzilla.suse.com/show_bug.cgi?id=1156353|META_LINK_CVE-2020-0548=https://www.suse.com/security/cve/CVE-2020-0548/|META_LINK_CVE-2020-0549=https://www.suse.com/security/cve/CVE-2020-0549/|META_LINK_Intel=https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html";
+
+Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK,
OVERALL, OVERALL_INFO, OTHER_LINKS)
+
+##############################################################################
+# Local Function Definitions
+##############################################################################
+
+def intelCPU():
+ fileOpen = "hardware.txt"
+ section = "/proc/cpuinfo"
+ content = []
+ CONFIRMED = re.compile("vendor_id.*GenuineIntel", re.IGNORECASE)
+ if Core.getRegExSection(fileOpen, section, content):
+ for line in content:
+ if CONFIRMED.search(line):
+ return True
+ return False
+
+##############################################################################
+# Main Program Execution
+##############################################################################
+
+RPM_NAME = 'ucode-intel'
+RPM_VERSION_FIXED = '20200602-13.68.1'
+if( SUSE.packageInstalled(RPM_NAME) ):
+ INSTALLED_VERSION = SUSE.compareRPM(RPM_NAME, RPM_VERSION_FIXED)
+ if( INSTALLED_VERSION >= 0 ):
+ Core.updateStatus(Core.IGNORE, "Bug fixes applied for " +
RPM_NAME + "")
+ else:
+ if( intelCPU() ):
+ Core.updateStatus(Core.WARN, "Risk of L1D data cache
eviction and vector register sampling, update system to avoid")
+ else:
+ Core.updateStatus(Core.IGNORE, "No Genuine Intel CPUs
found")
+else:
+ Core.updateStatus(Core.ERROR, "ERROR: " + RPM_NAME + " not installed")
+
+Core.printPatternResults()
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp3/crosstalk_123-000019643.py
new/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp3/crosstalk_123-000019643.py
---
old/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp3/crosstalk_123-000019643.py
1970-01-01 01:00:00.000000000 +0100
+++
new/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp3/crosstalk_123-000019643.py
2021-04-21 19:24:36.278485965 +0200
@@ -0,0 +1,90 @@
+#!/usr/bin/python
+#
+# Title: Pattern for TID000019643
+# Description: Security Vulnerability: Special Register Buffer Data Sampling
aka CrossTalk (CVE-2020-0543)
+# Source: Kernel Package Version Pattern Template v0.1.1
+# Options:
SLE,Security,Crosstalk,crosstalk_151,000019643,1154824,4.12.14-197.45,0,1
+# Distro: SLES12 SP3 LTSS
+# Modified: 2021 Apr 21
+#
+##############################################################################
+# Copyright (C) 2021, SUSE LLC
+##############################################################################
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# Authors/Contributors:
+# Jason Record <jason.rec...@suse.com>
+#
+##############################################################################
+
+import re
+import os
+import Core
+import SUSE
+
+META_CLASS = "SLE"
+META_CATEGORY = "Security"
+META_COMPONENT = "Crosstalk"
+PATTERN_ID = os.path.basename(__file__)
+PRIMARY_LINK = "META_LINK_TID"
+OVERALL = Core.TEMP
+OVERALL_INFO = "NOT SET"
+OTHER_LINKS =
"META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019643|META_LINK_BUG=https://bugzilla.suse.com/show_bug.cgi?id=1154824|META_LINK_CVE-2020-0543=https://www.suse.com/security/cve/CVE-2020-0543/";
+
+Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK,
OVERALL, OVERALL_INFO, OTHER_LINKS)
+
+##############################################################################
+# Local Function Definitions
+##############################################################################
+
+def intelCPU():
+ fileOpen = "hardware.txt"
+ section = "/proc/cpuinfo"
+ content = []
+ CONFIRMED = re.compile("vendor_id.*GenuineIntel", re.IGNORECASE)
+ if Core.getRegExSection(fileOpen, section, content):
+ for line in content:
+ if CONFIRMED.search(line):
+ return True
+ return False
+
+##############################################################################
+# Main Program Execution
+##############################################################################
+
+RPM_NAME = 'ucode-intel'
+RPM_VERSION_FIXED = '20200602-13.68.1'
+KERNEL_VERSION_FIXED = '4.4.180-94.121'
+
+if( SUSE.packageInstalled(RPM_NAME) ):
+ if( intelCPU() ):
+ INSTALLED_VERSION_RPM = SUSE.compareRPM(RPM_NAME,
RPM_VERSION_FIXED)
+ INSTALLED_VERSION_KERN =
SUSE.compareKernel(KERNEL_VERSION_FIXED)
+ if( INSTALLED_VERSION_RPM >= 0 ):
+ if( INSTALLED_VERSION_KERN >= 0 ):
+ Core.updateStatus(Core.IGNORE, "Bug fixes
applied for " + RPM_NAME + " and kernel version")
+ else:
+ Core.updateStatus(Core.WARN, "Risk of L1D data
cache eviction and vector register sampling, update kernel to avoid")
+ else:
+ if( INSTALLED_VERSION_KERN >= 0 ):
+ Core.updateStatus(Core.WARN, "Risk of L1D data
cache eviction and vector register sampling, update " + RPM_NAME + " to avoid")
+ else:
+ Core.updateStatus(Core.WARN, "Risk of L1D data
cache eviction and vector register sampling, update system to avoid")
+ else:
+ Core.updateStatus(Core.ERROR, "ERROR: Intel CPU not found")
+else:
+ Core.updateStatus(Core.ERROR, "ERROR: " + RPM_NAME + " not installed")
+
+Core.printPatternResults()
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp3/ucodeintel_123-000019635.py
new/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp3/ucodeintel_123-000019635.py
---
old/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp3/ucodeintel_123-000019635.py
1970-01-01 01:00:00.000000000 +0100
+++
new/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp3/ucodeintel_123-000019635.py
2021-04-07 16:33:23.800094662 +0200
@@ -0,0 +1,81 @@
+#!/usr/bin/python
+#
+# Title: Pattern for TID000019635
+# Description: Security vulnerability: L1D data cache eviction and Vector
Register sampling - CVE-2020-0548, CVE-2020-0549
+# Source: Package Version Pattern Template v0.3.7
+# Options:
SLE,Security,CPU,000019635,1156353,ucodeintel_151,ucode-intel,20200602-3.25.1,0,1
+# Distro: SLES12 SP2-SP4
+# Modified: 2021 Apr 07
+#
+##############################################################################
+# Copyright (C) 2021 SUSE LLC
+##############################################################################
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# Authors/Contributors:
+# Jason Record <jason.rec...@suse.com>
+#
+##############################################################################
+
+import re
+import os
+import Core
+import SUSE
+
+META_CLASS = "SLE"
+META_CATEGORY = "Security"
+META_COMPONENT = "CPU"
+PATTERN_ID = os.path.basename(__file__)
+PRIMARY_LINK = "META_LINK_TID"
+OVERALL = Core.TEMP
+OVERALL_INFO = "NOT SET"
+OTHER_LINKS =
"META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019635|META_LINK_BUG=https://bugzilla.suse.com/show_bug.cgi?id=1156353|META_LINK_CVE-2020-0548=https://www.suse.com/security/cve/CVE-2020-0548/|META_LINK_CVE-2020-0549=https://www.suse.com/security/cve/CVE-2020-0549/|META_LINK_Intel=https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html";
+
+Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK,
OVERALL, OVERALL_INFO, OTHER_LINKS)
+
+##############################################################################
+# Local Function Definitions
+##############################################################################
+
+def intelCPU():
+ fileOpen = "hardware.txt"
+ section = "/proc/cpuinfo"
+ content = []
+ CONFIRMED = re.compile("vendor_id.*GenuineIntel", re.IGNORECASE)
+ if Core.getRegExSection(fileOpen, section, content):
+ for line in content:
+ if CONFIRMED.search(line):
+ return True
+ return False
+
+##############################################################################
+# Main Program Execution
+##############################################################################
+
+RPM_NAME = 'ucode-intel'
+RPM_VERSION_FIXED = '20200602-13.68.1'
+if( SUSE.packageInstalled(RPM_NAME) ):
+ INSTALLED_VERSION = SUSE.compareRPM(RPM_NAME, RPM_VERSION_FIXED)
+ if( INSTALLED_VERSION >= 0 ):
+ Core.updateStatus(Core.IGNORE, "Bug fixes applied for " +
RPM_NAME + "")
+ else:
+ if( intelCPU() ):
+ Core.updateStatus(Core.WARN, "Risk of L1D data cache
eviction and vector register sampling, update system to avoid")
+ else:
+ Core.updateStatus(Core.IGNORE, "No Genuine Intel CPUs
found")
+else:
+ Core.updateStatus(Core.ERROR, "ERROR: " + RPM_NAME + " not installed")
+
+Core.printPatternResults()
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp4/crosstalk_124-000019643.py
new/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp4/crosstalk_124-000019643.py
---
old/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp4/crosstalk_124-000019643.py
1970-01-01 01:00:00.000000000 +0100
+++
new/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp4/crosstalk_124-000019643.py
2021-04-21 19:23:10.524574350 +0200
@@ -0,0 +1,90 @@
+#!/usr/bin/python
+#
+# Title: Pattern for TID000019643
+# Description: Security Vulnerability: Special Register Buffer Data Sampling
aka CrossTalk (CVE-2020-0543)
+# Source: Kernel Package Version Pattern Template v0.1.1
+# Options:
SLE,Security,Crosstalk,crosstalk_151,000019643,1154824,4.12.14-197.45,0,1
+# Distro: SLES12 SP4
+# Modified: 2021 Apr 21
+#
+##############################################################################
+# Copyright (C) 2021, SUSE LLC
+##############################################################################
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# Authors/Contributors:
+# Jason Record <jason.rec...@suse.com>
+#
+##############################################################################
+
+import re
+import os
+import Core
+import SUSE
+
+META_CLASS = "SLE"
+META_CATEGORY = "Security"
+META_COMPONENT = "Crosstalk"
+PATTERN_ID = os.path.basename(__file__)
+PRIMARY_LINK = "META_LINK_TID"
+OVERALL = Core.TEMP
+OVERALL_INFO = "NOT SET"
+OTHER_LINKS =
"META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019643|META_LINK_BUG=https://bugzilla.suse.com/show_bug.cgi?id=1154824|META_LINK_CVE-2020-0543=https://www.suse.com/security/cve/CVE-2020-0543/";
+
+Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK,
OVERALL, OVERALL_INFO, OTHER_LINKS)
+
+##############################################################################
+# Local Function Definitions
+##############################################################################
+
+def intelCPU():
+ fileOpen = "hardware.txt"
+ section = "/proc/cpuinfo"
+ content = []
+ CONFIRMED = re.compile("vendor_id.*GenuineIntel", re.IGNORECASE)
+ if Core.getRegExSection(fileOpen, section, content):
+ for line in content:
+ if CONFIRMED.search(line):
+ return True
+ return False
+
+##############################################################################
+# Main Program Execution
+##############################################################################
+
+RPM_NAME = 'ucode-intel'
+RPM_VERSION_FIXED = '20200602-13.68.1'
+KERNEL_VERSION_FIXED = '4.12.14-95.54'
+
+if( SUSE.packageInstalled(RPM_NAME) ):
+ if( intelCPU() ):
+ INSTALLED_VERSION_RPM = SUSE.compareRPM(RPM_NAME,
RPM_VERSION_FIXED)
+ INSTALLED_VERSION_KERN =
SUSE.compareKernel(KERNEL_VERSION_FIXED)
+ if( INSTALLED_VERSION_RPM >= 0 ):
+ if( INSTALLED_VERSION_KERN >= 0 ):
+ Core.updateStatus(Core.IGNORE, "Bug fixes
applied for " + RPM_NAME + " and kernel version")
+ else:
+ Core.updateStatus(Core.WARN, "Risk of L1D data
cache eviction and vector register sampling, update kernel to avoid")
+ else:
+ if( INSTALLED_VERSION_KERN >= 0 ):
+ Core.updateStatus(Core.WARN, "Risk of L1D data
cache eviction and vector register sampling, update " + RPM_NAME + " to avoid")
+ else:
+ Core.updateStatus(Core.WARN, "Risk of L1D data
cache eviction and vector register sampling, update system to avoid")
+ else:
+ Core.updateStatus(Core.ERROR, "ERROR: Intel CPU not found")
+else:
+ Core.updateStatus(Core.ERROR, "ERROR: " + RPM_NAME + " not installed")
+
+Core.printPatternResults()
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp4/ucodeintel_124-000019635.py
new/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp4/ucodeintel_124-000019635.py
---
old/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp4/ucodeintel_124-000019635.py
1970-01-01 01:00:00.000000000 +0100
+++
new/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp4/ucodeintel_124-000019635.py
2021-04-07 16:33:30.219918868 +0200
@@ -0,0 +1,81 @@
+#!/usr/bin/python
+#
+# Title: Pattern for TID000019635
+# Description: Security vulnerability: L1D data cache eviction and Vector
Register sampling - CVE-2020-0548, CVE-2020-0549
+# Source: Package Version Pattern Template v0.3.7
+# Options:
SLE,Security,CPU,000019635,1156353,ucodeintel_151,ucode-intel,20200602-3.25.1,0,1
+# Distro: SLES12 SP2-SP4
+# Modified: 2021 Apr 07
+#
+##############################################################################
+# Copyright (C) 2021 SUSE LLC
+##############################################################################
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# Authors/Contributors:
+# Jason Record <jason.rec...@suse.com>
+#
+##############################################################################
+
+import re
+import os
+import Core
+import SUSE
+
+META_CLASS = "SLE"
+META_CATEGORY = "Security"
+META_COMPONENT = "CPU"
+PATTERN_ID = os.path.basename(__file__)
+PRIMARY_LINK = "META_LINK_TID"
+OVERALL = Core.TEMP
+OVERALL_INFO = "NOT SET"
+OTHER_LINKS =
"META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019635|META_LINK_BUG=https://bugzilla.suse.com/show_bug.cgi?id=1156353|META_LINK_CVE-2020-0548=https://www.suse.com/security/cve/CVE-2020-0548/|META_LINK_CVE-2020-0549=https://www.suse.com/security/cve/CVE-2020-0549/|META_LINK_Intel=https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html";
+
+Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK,
OVERALL, OVERALL_INFO, OTHER_LINKS)
+
+##############################################################################
+# Local Function Definitions
+##############################################################################
+
+def intelCPU():
+ fileOpen = "hardware.txt"
+ section = "/proc/cpuinfo"
+ content = []
+ CONFIRMED = re.compile("vendor_id.*GenuineIntel", re.IGNORECASE)
+ if Core.getRegExSection(fileOpen, section, content):
+ for line in content:
+ if CONFIRMED.search(line):
+ return True
+ return False
+
+##############################################################################
+# Main Program Execution
+##############################################################################
+
+RPM_NAME = 'ucode-intel'
+RPM_VERSION_FIXED = '20200602-13.68.1'
+if( SUSE.packageInstalled(RPM_NAME) ):
+ INSTALLED_VERSION = SUSE.compareRPM(RPM_NAME, RPM_VERSION_FIXED)
+ if( INSTALLED_VERSION >= 0 ):
+ Core.updateStatus(Core.IGNORE, "Bug fixes applied for " +
RPM_NAME + "")
+ else:
+ if( intelCPU() ):
+ Core.updateStatus(Core.WARN, "Risk of L1D data cache
eviction and vector register sampling, update system to avoid")
+ else:
+ Core.updateStatus(Core.IGNORE, "No Genuine Intel CPUs
found")
+else:
+ Core.updateStatus(Core.ERROR, "ERROR: " + RPM_NAME + " not installed")
+
+Core.printPatternResults()
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp5/crosstalk_125-000019643.py
new/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp5/crosstalk_125-000019643.py
---
old/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp5/crosstalk_125-000019643.py
1970-01-01 01:00:00.000000000 +0100
+++
new/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp5/crosstalk_125-000019643.py
2021-04-21 19:21:33.790955211 +0200
@@ -0,0 +1,90 @@
+#!/usr/bin/python
+#
+# Title: Pattern for TID000019643
+# Description: Security Vulnerability: Special Register Buffer Data Sampling
aka CrossTalk (CVE-2020-0543)
+# Source: Kernel Package Version Pattern Template v0.1.1
+# Options:
SLE,Security,Crosstalk,crosstalk_151,000019643,1154824,4.12.14-197.45,0,1
+# Distro: SLES12 SP5
+# Modified: 2021 Apr 21
+#
+##############################################################################
+# Copyright (C) 2021, SUSE LLC
+##############################################################################
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# Authors/Contributors:
+# Jason Record <jason.rec...@suse.com>
+#
+##############################################################################
+
+import re
+import os
+import Core
+import SUSE
+
+META_CLASS = "SLE"
+META_CATEGORY = "Security"
+META_COMPONENT = "Crosstalk"
+PATTERN_ID = os.path.basename(__file__)
+PRIMARY_LINK = "META_LINK_TID"
+OVERALL = Core.TEMP
+OVERALL_INFO = "NOT SET"
+OTHER_LINKS =
"META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019643|META_LINK_BUG=https://bugzilla.suse.com/show_bug.cgi?id=1154824|META_LINK_CVE-2020-0543=https://www.suse.com/security/cve/CVE-2020-0543/";
+
+Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK,
OVERALL, OVERALL_INFO, OTHER_LINKS)
+
+##############################################################################
+# Local Function Definitions
+##############################################################################
+
+def intelCPU():
+ fileOpen = "hardware.txt"
+ section = "/proc/cpuinfo"
+ content = []
+ CONFIRMED = re.compile("vendor_id.*GenuineIntel", re.IGNORECASE)
+ if Core.getRegExSection(fileOpen, section, content):
+ for line in content:
+ if CONFIRMED.search(line):
+ return True
+ return False
+
+##############################################################################
+# Main Program Execution
+##############################################################################
+
+RPM_NAME = 'ucode-intel'
+RPM_VERSION_FIXED = '20200602-3.12.1'
+KERNEL_VERSION_FIXED = '4.12.14-122.23'
+
+if( SUSE.packageInstalled(RPM_NAME) ):
+ if( intelCPU() ):
+ INSTALLED_VERSION_RPM = SUSE.compareRPM(RPM_NAME,
RPM_VERSION_FIXED)
+ INSTALLED_VERSION_KERN =
SUSE.compareKernel(KERNEL_VERSION_FIXED)
+ if( INSTALLED_VERSION_RPM >= 0 ):
+ if( INSTALLED_VERSION_KERN >= 0 ):
+ Core.updateStatus(Core.IGNORE, "Bug fixes
applied for " + RPM_NAME + " and kernel version")
+ else:
+ Core.updateStatus(Core.WARN, "Risk of L1D data
cache eviction and vector register sampling, update kernel to avoid")
+ else:
+ if( INSTALLED_VERSION_KERN >= 0 ):
+ Core.updateStatus(Core.WARN, "Risk of L1D data
cache eviction and vector register sampling, update " + RPM_NAME + " to avoid")
+ else:
+ Core.updateStatus(Core.WARN, "Risk of L1D data
cache eviction and vector register sampling, update system to avoid")
+ else:
+ Core.updateStatus(Core.ERROR, "ERROR: Intel CPU not found")
+else:
+ Core.updateStatus(Core.ERROR, "ERROR: " + RPM_NAME + " not installed")
+
+Core.printPatternResults()
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp5/ucodeintel_125-000019635.py
new/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp5/ucodeintel_125-000019635.py
---
old/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp5/ucodeintel_125-000019635.py
1970-01-01 01:00:00.000000000 +0100
+++
new/sca-patterns-sle12-1.0.2/patterns/SLE/sle12sp5/ucodeintel_125-000019635.py
2021-04-07 16:33:56.571197273 +0200
@@ -0,0 +1,81 @@
+#!/usr/bin/python
+#
+# Title: Pattern for TID000019635
+# Description: Security vulnerability: L1D data cache eviction and Vector
Register sampling - CVE-2020-0548, CVE-2020-0549
+# Source: Package Version Pattern Template v0.3.7
+# Options:
SLE,Security,CPU,000019635,1156353,ucodeintel_151,ucode-intel,20200602-3.25.1,0,1
+# Distro: SLES12 SP5
+# Modified: 2021 Apr 07
+#
+##############################################################################
+# Copyright (C) 2021 SUSE LLC
+##############################################################################
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# Authors/Contributors:
+# Jason Record <jason.rec...@suse.com>
+#
+##############################################################################
+
+import re
+import os
+import Core
+import SUSE
+
+META_CLASS = "SLE"
+META_CATEGORY = "Security"
+META_COMPONENT = "CPU"
+PATTERN_ID = os.path.basename(__file__)
+PRIMARY_LINK = "META_LINK_TID"
+OVERALL = Core.TEMP
+OVERALL_INFO = "NOT SET"
+OTHER_LINKS =
"META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019635|META_LINK_BUG=https://bugzilla.suse.com/show_bug.cgi?id=1156353|META_LINK_CVE-2020-0548=https://www.suse.com/security/cve/CVE-2020-0548/|META_LINK_CVE-2020-0549=https://www.suse.com/security/cve/CVE-2020-0549/|META_LINK_Intel=https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html";
+
+Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK,
OVERALL, OVERALL_INFO, OTHER_LINKS)
+
+##############################################################################
+# Local Function Definitions
+##############################################################################
+
+def intelCPU():
+ fileOpen = "hardware.txt"
+ section = "/proc/cpuinfo"
+ content = []
+ CONFIRMED = re.compile("vendor_id.*GenuineIntel", re.IGNORECASE)
+ if Core.getRegExSection(fileOpen, section, content):
+ for line in content:
+ if CONFIRMED.search(line):
+ return True
+ return False
+
+##############################################################################
+# Main Program Execution
+##############################################################################
+
+RPM_NAME = 'ucode-intel'
+RPM_VERSION_FIXED = '20200602-3.12.1'
+if( SUSE.packageInstalled(RPM_NAME) ):
+ INSTALLED_VERSION = SUSE.compareRPM(RPM_NAME, RPM_VERSION_FIXED)
+ if( INSTALLED_VERSION >= 0 ):
+ Core.updateStatus(Core.IGNORE, "Bug fixes applied for " +
RPM_NAME + "")
+ else:
+ if( intelCPU() ):
+ Core.updateStatus(Core.WARN, "Risk of L1D data cache
eviction and vector register sampling, update system to avoid")
+ else:
+ Core.updateStatus(Core.IGNORE, "No Genuine Intel CPUs
found")
+else:
+ Core.updateStatus(Core.ERROR, "ERROR: " + RPM_NAME + " not installed")
+
+Core.printPatternResults()
+
