openSUSE-SU-2019:1420-1

Опубликовано: 20 мая 2019

Источник: suse-cvrf

Описание

Security update for qemu

This update for qemu fixes the following issues:

CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature 'md-clear' (bsc#1111331)

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Список пакетов

openSUSE Leap 42.3

qemu-2.9.1-62.1

qemu-arm-2.9.1-62.1

qemu-block-curl-2.9.1-62.1

qemu-block-dmg-2.9.1-62.1

qemu-block-iscsi-2.9.1-62.1

qemu-block-rbd-2.9.1-62.1

qemu-block-ssh-2.9.1-62.1

qemu-extra-2.9.1-62.1

qemu-guest-agent-2.9.1-62.1

qemu-ipxe-1.0.0+-62.1

qemu-ksm-2.9.1-62.1

qemu-kvm-2.9.1-62.1

qemu-lang-2.9.1-62.1

qemu-linux-user-2.9.1-62.1

qemu-ppc-2.9.1-62.1

qemu-s390-2.9.1-62.1

qemu-seabios-1.10.2-62.1

qemu-sgabios-8-62.1

qemu-testsuite-2.9.1-62.1

qemu-tools-2.9.1-62.1

qemu-vgabios-1.10.2-62.1

qemu-x86-2.9.1-62.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00044.html
E-Mail link for openSUSE-SU-2019:1420-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Затронутые продукты

openSUSE Leap 42.3:qemu-2.9.1-62.1

openSUSE Leap 42.3:qemu-arm-2.9.1-62.1

openSUSE Leap 42.3:qemu-block-curl-2.9.1-62.1

openSUSE Leap 42.3:qemu-block-dmg-2.9.1-62.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-12126.html
CVE-2018-12126
https://bugzilla.suse.com/1103186
SUSE Bug 1103186
https://bugzilla.suse.com/1111331
SUSE Bug 1111331
https://bugzilla.suse.com/1132686
SUSE Bug 1132686
https://bugzilla.suse.com/1135409
SUSE Bug 1135409
https://bugzilla.suse.com/1135522
SUSE Bug 1135522
https://bugzilla.suse.com/1135524
SUSE Bug 1135524
https://bugzilla.suse.com/1137916
SUSE Bug 1137916
https://bugzilla.suse.com/1149725
SUSE Bug 1149725
https://bugzilla.suse.com/1149726
SUSE Bug 1149726
https://bugzilla.suse.com/1149729
SUSE Bug 1149729
https://bugzilla.suse.com/1178658
SUSE Bug 1178658

Описание

Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Затронутые продукты

openSUSE Leap 42.3:qemu-2.9.1-62.1

openSUSE Leap 42.3:qemu-arm-2.9.1-62.1

openSUSE Leap 42.3:qemu-block-curl-2.9.1-62.1

openSUSE Leap 42.3:qemu-block-dmg-2.9.1-62.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-12127.html
CVE-2018-12127
https://bugzilla.suse.com/1103186
SUSE Bug 1103186
https://bugzilla.suse.com/1111331
SUSE Bug 1111331
https://bugzilla.suse.com/1132686
SUSE Bug 1132686
https://bugzilla.suse.com/1135409
SUSE Bug 1135409
https://bugzilla.suse.com/1178658
SUSE Bug 1178658

Описание

Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Затронутые продукты

openSUSE Leap 42.3:qemu-2.9.1-62.1

openSUSE Leap 42.3:qemu-arm-2.9.1-62.1

openSUSE Leap 42.3:qemu-block-curl-2.9.1-62.1

openSUSE Leap 42.3:qemu-block-dmg-2.9.1-62.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-12130.html
CVE-2018-12130
https://bugzilla.suse.com/1103186
SUSE Bug 1103186
https://bugzilla.suse.com/1111331
SUSE Bug 1111331
https://bugzilla.suse.com/1132686
SUSE Bug 1132686
https://bugzilla.suse.com/1135409
SUSE Bug 1135409
https://bugzilla.suse.com/1137916
SUSE Bug 1137916
https://bugzilla.suse.com/1178658
SUSE Bug 1178658

Описание

Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Затронутые продукты

openSUSE Leap 42.3:qemu-2.9.1-62.1

openSUSE Leap 42.3:qemu-arm-2.9.1-62.1

openSUSE Leap 42.3:qemu-block-curl-2.9.1-62.1

openSUSE Leap 42.3:qemu-block-dmg-2.9.1-62.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-11091.html
CVE-2019-11091
https://bugzilla.suse.com/1103186
SUSE Bug 1103186
https://bugzilla.suse.com/1111331
SUSE Bug 1111331
https://bugzilla.suse.com/1132686
SUSE Bug 1132686
https://bugzilla.suse.com/1133319
SUSE Bug 1133319
https://bugzilla.suse.com/1135394
SUSE Bug 1135394
https://bugzilla.suse.com/1178658
SUSE Bug 1178658

openSUSE-SU-2019:1420-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-12126

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-12127

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-12130

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-11091

Описание

Затронутые продукты

Ссылки