Description
Security Fix(es):
A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache (CVE-2018-12130)
An unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)
Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel (CVE-2018-12127)
Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)
QEMU: device_tree: heap buffer overflow while loading device tree blob (CVE-2018-20815)
libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)
libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)
libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)
libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863).