Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

openSUSE Leap 42.3: 2018:1380-1 Important: Qemu Spectre Mitigation

opensuse
Calendar Grey May 23, 2018
Dist Opensuse Esm H88
A new update has been released for openSUSE addressing significant problems associated with qemu and enhancing Spectre mitigation proceedings for KVM instances.
An update that solves one vulnerability and has one errata is now available.

Description

This update for qemu fixes several issues.

This security issue was fixed:

- CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM

guests (bsc#1092885).

Systems with microprocessors utilizing speculative execution and

speculative execution of memory reads before the addresses of all prior

memory writes are known may allow unauthorized disclosure of information

to an attacker with local user access via a side-channel analysis.

This patch permits the new x86 cpu feature flag named "ssbd" to be

presented to the guest, given that the host has this feature, and KVM

exposes it to the guest as well.

For this feature to be enabled please use the qemu commandline

-cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the

feature.

spec-ctrl and ssbd support is also required in the host.

This non-security issue was fixed:

- bsc#1070615: Add new look up path "sys/class/tpm" for tpm cancel path

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory issue important KVM openSUSE qemu Spectre mitigation

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-489=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

qemu-linux-user-2.9.1-44.1

qemu-linux-user-debuginfo-2.9.1-44.1

qemu-linux-user-debugsource-2.9.1-44.1

- openSUSE Leap 42.3 (noarch):

qemu-ipxe-1.0.0-44.1

qemu-seabios-1.10.2-44.1

qemu-sgabios-8-44.1

qemu-vgabios-1.10.2-44.1

- openSUSE Leap 42.3 (x86_64):

qemu-2.9.1-44.1

qemu-arm-2.9.1-44.1

qemu-arm-debuginfo-2.9.1-44.1

qemu-block-curl-2.9.1-44.1

qemu-block-curl-debuginfo-2.9.1-44.1

qemu-block-dmg-2.9.1-44.1

qemu-block-dmg-debuginfo-2.9.1-44.1

qemu-block-iscsi-2.9.1-44.1

qemu-block-iscsi-debuginfo-2.9.1-44.1

qemu-block-rbd-2.9.1-44.1

qemu-block-rbd-debuginfo-2.9.1-44.1

qemu-block-ssh-2.9.1-44.1

qemu-block-ssh-debuginfo-2.9.1-44.1

qemu-debugsource-2.9.1-44.1

qemu-extra-2.9.1-44.1

qemu-extra-debuginfo-2.9.1-44.1

qemu-guest-agent-2.9.1-44.1

qemu-guest-agent-debuginfo-2.9.1-44.1

qemu-ksm-2.9.1-44.1

qemu-kvm-2.9.1-44.1

qemu-lang-2.9.1-44.1

qemu-ppc-2.9.1-44.1

qemu-ppc-debuginfo-2.9.1-44.1

qemu-s390-2.9.1-44.1

qemu-s390-debuginfo-2.9.1-44.1

qemu-testsuite-2.9.1-44.1

qemu-tools-2.9.1-44.1

qemu...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2018-3639.html

https://bugzilla.suse.com/1070615

https://bugzilla.suse.com/1092885

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:1380-1
Rating: important
Affected Products: openSUSE Leap 42.3 le.

Topics%20covered

Topics Covered

security advisory issue important KVM openSUSE qemu Spectre mitigation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here