openSUSE Leap 42.3: 2018:0780-1 Important: QEMU Denial of Service Fix
opensuse
March 23, 2018
An update that solves 8 vulnerabilities and has four fixes is now available.
Description
This update for qemu fixes the following issues:
This update has the next round of Spectre v2 related patches, which now
integrate with corresponding changes in libvirt. (CVE-2017-5715
bsc#1068032)
The January 2018 release of qemu initially addressed the Spectre v2
vulnerability for KVM guests by exposing the spec-ctrl feature for all x86
vcpu types, which was the quick and dirty approach, but not the proper
solution.
We replaced our initial patch by the patches from upstream.
This update defines spec_ctrl and ibpb cpu feature flags as well as new
cpu models which are clones of existing models with either -IBRS or -IBPB
added to the end of the model name. These new vcpu models explicitly
include the new feature(s), whereas the feature flags can be added to the
cpu parameter as with other features. In short, for continued Spectre v2
protection, ensure that either the appropriate cpu feature flag is added
to the QEMU command-line, or...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-291=1
Package List
- openSUSE Leap 42.3 (i586 x86_64):
qemu-linux-user-2.9.1-41.1
qemu-linux-user-debuginfo-2.9.1-41.1
qemu-linux-user-debugsource-2.9.1-41.1
- openSUSE Leap 42.3 (noarch):
qemu-ipxe-1.0.0-41.1
qemu-seabios-1.10.2-41.1
qemu-sgabios-8-41.1
qemu-vgabios-1.10.2-41.1
- openSUSE Leap 42.3 (x86_64):
qemu-2.9.1-41.1
qemu-arm-2.9.1-41.1
qemu-arm-debuginfo-2.9.1-41.1
qemu-block-curl-2.9.1-41.1
qemu-block-curl-debuginfo-2.9.1-41.1
qemu-block-dmg-2.9.1-41.1
qemu-block-dmg-debuginfo-2.9.1-41.1
qemu-block-iscsi-2.9.1-41.1
qemu-block-iscsi-debuginfo-2.9.1-41.1
qemu-block-rbd-2.9.1-41.1
qemu-block-rbd-debuginfo-2.9.1-41.1
qemu-block-ssh-2.9.1-41.1
qemu-block-ssh-debuginfo-2.9.1-41.1
qemu-debugsource-2.9.1-41.1
qemu-extra-2.9.1-41.1
qemu-extra-debuginfo-2.9.1-41.1
qemu-guest-agent-2.9.1-41.1
qemu-guest-agent-debuginfo-2.9.1-41.1
qemu-ksm-2.9.1-41.1
qemu-kvm-2.9.1-41.1
qemu-lang-2.9.1-41.1
qemu-ppc-2.9.1-41.1
qemu-ppc-debuginfo-2.9.1-41.1
qemu-s390-2.9.1-41.1
qemu-s390-debuginfo-2.9.1-41.1
qemu-testsuite-2.9.1-41.1
qemu-tools-2.9.1-41.1
qemu...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2017-15119.html
https://www.suse.com/security/cve/CVE-2017-15124.html
https://www.suse.com/security/cve/CVE-2017-16845.html
https://www.suse.com/security/cve/CVE-2017-17381.html
https://www.suse.com/security/cve/CVE-2017-18043.html
https://www.suse.com/security/cve/CVE-2017-5715.html
https://www.suse.com/security/cve/CVE-2018-5683.html
https://www.suse.com/security/cve/CVE-2018-7550.html
https://bugzilla.suse.com/1040202
https://bugzilla.suse.com/1068032
https://bugzilla.suse.com/1068613
https://bugzilla.suse.com/1070144
https://bugzilla.suse.com/1071228
https://bugzilla.suse.com/1073489
https://bugzilla.suse.com/1074572
https://bugzilla.suse.com/1076114
https://bugzilla.suse.com/1076775
https://bugzilla.suse.com/1076813
https://bugzilla.suse.com/1082276
https://bugzilla.suse.com/1083291
--
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2018:0780-1
Rating: important
Affected Products:
openSUSE Leap 42.3
le.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!