Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

spectre-meltdown-checker-0.44-3.6.1 RPM for x86_64

From OpenSuSE Leap 15.5 for x86_64

Name: spectre-meltdown-checker Distribution: SUSE Linux Enterprise 15
Version: 0.44 Vendor: SUSE LLC <https://www.suse.com/>
Release: 3.6.1 Build date: Wed Aug 18 15:43:35 2021
Group: Productivity/Security Build host: sheep90
Size: 266382 Source RPM: spectre-meltdown-checker-0.44-3.6.1.src.rpm
Packager: https://www.suse.com/
Url: https://github.com/speed47/spectre-meltdown-checker
Summary: Spectre & Meltdown Vulnerability Checker
 
A shell script to tell if your Linux installation is vulnerable
against the three "speculative execution" CVEs that were made public
in early 2018.

Without options, the script inspects the currently running kernel.
Alternatively, a kernel image can be specify on the command line to
analyze a non-running kernel.

The script tries to detect mitigations, including backported
non-vanilla patches, regardless of the advertised kernel version
number.

Provides

Requires

License

GPL-3.0-only

Changelog

* Mon Aug 16 2021 meissner@suse.com
  - version 0.44 (bsc#1189477)
    - feat: add support for SRBDS related vulnerabilities
    - feat: add zstd kernel decompression (#370)
    - enh: arm: add experimental support for binary arm images
    - enh: rsb filling: no longer need the 'strings' tool to check for kernel support in live mode
    - fix: fwdb: remove Intel extract tempdir on exit
    - fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes #278)
    - fix: fwdb: use the commit date as the intel fwdb version
    - fix: fwdb: update Intel's repository URL
    - fix: arm64: CVE-2017-5753: kernels 4.19+ use a different nospec macro
    - fix: on CPU parse info under FreeBSD
    - chore: github: add check run on pull requests
    - chore: fwdb: update to v165.20201021+i20200616
* Wed Dec 11 2019 meissner@suse.com
  - version 0.43
    - feat: implement TAA detection (CVE-2019-11135 bsc#1139073)
    - feat: implement MCEPSC / iTLB Multihit detection (CVE-2018-12207 bsc#1117665)
    - feat: taa: add TSX_CTRL MSR detection in hardware info
    - feat: fwdb: use both Intel GitHub repo and MCEdb to build our firmware version database
    - feat: use --live with --kernel/--config/--map to override file detection in live mode
    - enh: rework the vuln logic of MDS with --paranoid (fixes #307)
    - enh: explain that Enhanced IBRS is better for performance than classic IBRS
    - enh: kernel: autodetect customized arch kernels from cmdline
    - enh: kernel decompression: better tolerance against missing tools
    - enh: mock: implement reading from /proc/cmdline
    - fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a
    - fix: lockdown: detect Red Hat locked down kernels (impacts MSR writes)
    - fix: lockdown: detect locked down mode in vanilla 5.4+ kernels
    - fix: sgx: on locked down kernels, fallback to CPUID bit for detection
    - fix: fwdb: builtin version takes precedence if the local cached version is older
    - fix: pteinv: don't check kernel image if not available
    - fix: silence useless error from grep (fixes #322)
    - fix: msr: fix msr module detection under Ubuntu 19.10 (fixes #316)
    - fix: mocking value for read_msr
    - chore: rename mcedb cmdline parameters to fwdb, and change db version scheme
    - chore: fwdb: update to v130.20191104+i20191027
    - chore: add GitHub check workflow
  - upstream tarball no longer includes license, use the gpl 3 standalone html for it
* Wed Jun 26 2019 palica@liguros.net
  - version 0.42
    * add FreeBSD MDS mitigation detection
    * add mocking functionality to help debugging, dump data to mock the behavior of your CPU with --dump-mock-data
    * AMD, ARM and CAVIUM are not vulnerable to MDS
    * RDCL_NO bit wasn't taking precedence for L1TF check on some newer Intel CPUs
    * The MDS_NO bit on newer Intel CPUs is now recognized and used
    * remove libvirtd from hypervisor detection to avoid false positives (#278)
    * under BSD, the data returned when reading MSR was incorrectly formatted
    * update builtin MCEdb from v110 to v111
* Fri May 24 2019 meissner@suse.com
  - noarch does not work on older distros, removed
* Thu May 16 2019 palica@liguros.net
  - version 0.41
    * add support for the 4 MDS CVEs
    * add Spectre and Meltdown mitigation detection for Hygon CPU
    * for SSBD, report whether the mitigation is active
    * and other fixes and enhancements
* Wed Mar 27 2019 jengelh@inai.de
  - Use Source URL. Remove services, just run `osc service lr
    download_files` for updating.
* Wed Mar 27 2019 meissner@suse.com
  - disable the services, just run "osc service disabledrun" for upadating.
* Sun Oct 14 2018 sean@suspend.net
  - version 0.40
    * add support for L1TF CVEs (aka Foreshadow and Foreshadow-NG)
    * add summary of vulnerabilities at the end of script execution
* Fri Jul 27 2018 jengelh@inai.de
  - Compact and wrap description.
* Wed May 30 2018 meissner@suse.com
  - version 0.37
    * lots of improvements
    * spectre v4 and v3a added
* Mon Jan 15 2018 adrian@suse.de
  - update to version 0.31
    * meltdown: detecting Xen PV, reporting as not vulnerable
    * is_cpu_vulnerable: add check for old Atoms
    * ibrs: check for spec_ctrl_ibrs in cpuinfo
* Sat Jan 13 2018 adrian@suse.de
  - update to version 0.29
    * AMD updates
* Fri Jan 12 2018 adrian@suse.de
  - initial package of version 0.27

Files

/usr/bin/spectre-meltdown-checker.sh
/usr/share/doc/packages/spectre-meltdown-checker
/usr/share/doc/packages/spectre-meltdown-checker/README.md
/usr/share/licenses/spectre-meltdown-checker
/usr/share/licenses/spectre-meltdown-checker/gpl-3.0-standalone.html

Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Mar 9 13:28:21 2025