Filr and Meltdown / Spectre vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)

  • 7022541
  • 11-Jan-2018
  • 18-Jan-2018

Environment

Micro Focus Filr 3.0
Novell Filr 2.0

Situation

The Meltdown and Spectre vulnerabilities exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs on the vulnerable physical or virtual host.

To help mitigate this hardware implementation related flaw on the software layer, SUSE as an operating system vendor is preparing mitigations for these side channel attacks in the Linux kernel. Since the Filr application is provided as an appliance running on SLES-11,  the kernel updates provided by SUSE are required to mitigate these vulnerabilities.

Resolution

A fix for this issue is available in Filr 3.0 - Security Update 3 and Filr 2.0 - Security Update 4, both available via the Novell Patch Finder. With the update installed, the kernel version will be updated to 3.0.101-108.21.1.

If you're running Filr 1.2 or older, please upgrade to the Filr 3.0 Security Update 3.

Additional Information