Synopsis
The remote FreeBSD host is missing a security-related update.
Description
A number of issues relating to speculative execution were found last year and publicly announced January 3rd. Two of these, known as Meltdown and Spectre V2, are addressed here.
CVE-2017-5754 (Meltdown) - ------------------------
This issue relies on an affected CPU speculatively executing instructions beyond a faulting instruction. When this happens, changes to architectural state are not committed, but observable changes may be left in micro- architectural state (for example, cache). This may be used to infer privileged data.
CVE-2017-5715 (Spectre V2) - --------------------------
Spectre V2 uses branch target injection to speculatively execute kernel code at an address under the control of an attacker. Impact :
An attacker may be able to read secret data from the kernel or from a process when executing untrusted code (for example, in a web browser).
Solution
Update the affected package.