openSUSE-SU-2018:1628-1

Опубликовано: 09 июн. 2018

Источник: suse-cvrf

Описание

Security update for qemu

This update for qemu fixes the following issues:

This security issue was fixed:

CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885).

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

This patch permits the new x86 cpu feature flag named "ssbd" to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well.

For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature.

spec-ctrl and ssbd support is also required in the host.

This non-security issue was fixed:

Fix qemu-guest-agent uninstall (boo#1093169)

Список пакетов

openSUSE Leap 15.0

qemu-2.11.1-lp150.7.3.1

qemu-arm-2.11.1-lp150.7.3.1

qemu-block-curl-2.11.1-lp150.7.3.1

qemu-block-dmg-2.11.1-lp150.7.3.1

qemu-block-gluster-2.11.1-lp150.7.3.1

qemu-block-iscsi-2.11.1-lp150.7.3.1

qemu-block-rbd-2.11.1-lp150.7.3.1

qemu-block-ssh-2.11.1-lp150.7.3.1

qemu-extra-2.11.1-lp150.7.3.1

qemu-guest-agent-2.11.1-lp150.7.3.1

qemu-ipxe-1.0.0-lp150.7.3.1

qemu-ksm-2.11.1-lp150.7.3.1

qemu-kvm-2.11.1-lp150.7.3.1

qemu-lang-2.11.1-lp150.7.3.1

qemu-linux-user-2.11.1-lp150.7.3.1

qemu-ppc-2.11.1-lp150.7.3.1

qemu-s390-2.11.1-lp150.7.3.1

qemu-seabios-1.11.0-lp150.7.3.1

qemu-sgabios-8-lp150.7.3.1

qemu-testsuite-2.11.1-lp150.7.3.1

qemu-tools-2.11.1-lp150.7.3.1

qemu-vgabios-1.11.0-lp150.7.3.1

qemu-x86-2.11.1-lp150.7.3.1

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00018.html
E-Mail link for openSUSE-SU-2018:1628-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Затронутые продукты

openSUSE Leap 15.0:qemu-2.11.1-lp150.7.3.1

openSUSE Leap 15.0:qemu-arm-2.11.1-lp150.7.3.1

openSUSE Leap 15.0:qemu-block-curl-2.11.1-lp150.7.3.1

openSUSE Leap 15.0:qemu-block-dmg-2.11.1-lp150.7.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-3639.html
CVE-2018-3639
https://bugzilla.suse.com/0
SUSE Bug 0
https://bugzilla.suse.com/1074701
SUSE Bug 1074701
https://bugzilla.suse.com/1085235
SUSE Bug 1085235
https://bugzilla.suse.com/1085308
SUSE Bug 1085308
https://bugzilla.suse.com/1087078
SUSE Bug 1087078
https://bugzilla.suse.com/1087082
SUSE Bug 1087082
https://bugzilla.suse.com/1094912
SUSE Bug 1094912
https://bugzilla.suse.com/1100394
SUSE Bug 1100394
https://bugzilla.suse.com/1102640
SUSE Bug 1102640
https://bugzilla.suse.com/1105412
SUSE Bug 1105412
https://bugzilla.suse.com/1113769
SUSE Bug 1113769

openSUSE-SU-2018:1628-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2018-3639

Описание

Затронутые продукты

Ссылки