Environment
Micro Focus Filr 3.0
Novell Filr 2.0
Novell Filr 2.0
Situation
The Meltdown and Spectre vulnerabilities exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs on the vulnerable physical or virtual host.
To help mitigate this hardware implementation related flaw on the software layer, SUSE as an operating system vendor is preparing mitigations for these side channel attacks in the Linux kernel. Since the Filr application is provided as an appliance running on SLES-11, the kernel updates provided by SUSE are required to mitigate these vulnerabilities.
To help mitigate this hardware implementation related flaw on the software layer, SUSE as an operating system vendor is preparing mitigations for these side channel attacks in the Linux kernel. Since the Filr application is provided as an appliance running on SLES-11, the kernel updates provided by SUSE are required to mitigate these vulnerabilities.
Resolution
A fix for this issue is available in Filr 3.0 - Security Update 3 and Filr 2.0 - Security Update 4, both available via the Novell Patch Finder. With the update installed, the kernel version will be updated to 3.0.101-108.21.1.
If you're running Filr 1.2 or older, please upgrade to the Filr 3.0 Security Update 3.
If you're running Filr 1.2 or older, please upgrade to the Filr 3.0 Security Update 3.
Additional Information
For more details, please consult https://meltdownattack.com and https://spectreattack.com.
SUSE TID: https://www.suse.com/support/kb/doc/?id=7022512
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754
SUSE TID: https://www.suse.com/support/kb/doc/?id=7022512
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754