- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please note that the hotfix releases of Intel® MPSS for Linux (3.3.5, 3.4.4, and 3.5.1) are now available at https://software.intel.com/en-us/articles/intel-manycore-platform-software-stack-mpss
Two security vulnerabilities that affect the previous versions of Intel® MPSS for Linux release 3.x have been fixed in these hotfix releases: vulnerabilities in the 3rd-party OpenSSL* library and a race condition with the Intel® MPSS host daemon.
Intel® MPSS for Windows* is not affected.
Details of the security issues:
-------------------------------------------------------------------------
Change number: 0000001
Component: Coprocessor OS
Description: On March 19th, 2015 OpenSSL.org issued a security
advisory that listed a number of security
vulnerabilities in the OpenSSL libraries
(CVE-2015-0204, CVE-2015-0209, CVE-2015-0286,
CVE-2015-0287, CVE-2015-0288, CVE-2015-0289,
CVE-2015-0292, and CVE-2015-0293).
Impact: These vulnerabilities are unlikely to have an
adverse impact on the coprocessor OS core
functionality; although user workloads could use
some of the library’s vulnerable functions.
References: http://openssl.org/news/secadv_20150319.txt
Mitigation: The OpenSSL RPMs are being upgraded to version
1.0.0.r, which is free from known vulnerabilities.
-------------------------------------------------------------------------
Change number: 0000002
Component: Coprocessor OS
Description: It was identified during internal testing that there
was a race condition with the Intel® MPSS host
daemon, during which a host attacker could connect
to the coprocessor OS daemon and use this as a pivot
to other attacks. In the worst case the attacker
could achieve a privilege escalation on the
coprocessor OS.
Impact: Privilege escalation
Mitigation: release strengthens the security of a protocol for
communication between MPSS daemon on host and a
corresponding daemon on Coprocessor OS.
Link Copied
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page