Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

openSUSE Leap 15.0 Advisory: 2018:1628-1 Important Spectre Fix

opensuse
Calendar Grey June 9, 2018
Dist Opensuse Esm H88
An important patch for Fedora addresses a severe Meltdown vulnerability in virtualization software, significantly bolstering system defenses and overall functionality.
An update that solves one vulnerability and has one errata is now available.

Description

This update for qemu fixes the following issues:

This security issue was fixed:

- CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM

guests (bsc#1092885).

Systems with microprocessors utilizing speculative execution and

speculative execution of memory reads before the addresses of all prior

memory writes are known may allow unauthorized disclosure of information

to an attacker with local user access via a side-channel analysis.

This patch permits the new x86 cpu feature flag named "ssbd" to be

presented to the guest, given that the host has this feature, and KVM

exposes it to the guest as well.

For this feature to be enabled please use the qemu commandline

-cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the

feature.

spec-ctrl and ssbd support is also required in the host.

This non-security issue was fixed:

- Fix qemu-guest-agent uninstall (boo#1093169)

Topics%20covered

Topics Covered

security advisory important mitigation KVM openSUSE qemu spectre

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-603=1

Package List

- openSUSE Leap 15.0 (x86_64):

qemu-2.11.1-lp150.7.3.1

qemu-arm-2.11.1-lp150.7.3.1

qemu-arm-debuginfo-2.11.1-lp150.7.3.1

qemu-block-curl-2.11.1-lp150.7.3.1

qemu-block-curl-debuginfo-2.11.1-lp150.7.3.1

qemu-block-dmg-2.11.1-lp150.7.3.1

qemu-block-dmg-debuginfo-2.11.1-lp150.7.3.1

qemu-block-gluster-2.11.1-lp150.7.3.1

qemu-block-gluster-debuginfo-2.11.1-lp150.7.3.1

qemu-block-iscsi-2.11.1-lp150.7.3.1

qemu-block-iscsi-debuginfo-2.11.1-lp150.7.3.1

qemu-block-rbd-2.11.1-lp150.7.3.1

qemu-block-rbd-debuginfo-2.11.1-lp150.7.3.1

qemu-block-ssh-2.11.1-lp150.7.3.1

qemu-block-ssh-debuginfo-2.11.1-lp150.7.3.1

qemu-debuginfo-2.11.1-lp150.7.3.1

qemu-debugsource-2.11.1-lp150.7.3.1

qemu-extra-2.11.1-lp150.7.3.1

qemu-extra-debuginfo-2.11.1-lp150.7.3.1

qemu-guest-agent-2.11.1-lp150.7.3.1

qemu-guest-agent-debuginfo-2.11.1-lp150.7.3.1

qemu-ksm-2.11.1-lp150.7.3.1

qemu-kvm-2.11.1-lp150.7.3.1

qemu-lang-2.11.1-lp150.7.3.1

qemu-linux-user-2.11.1-lp150.7.3.1

qemu-linux-user-debuginfo-2.11.1-lp150.7.3.1

qemu-linux-user-debugsource-2.11.1-lp...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2018-3639.html

https://bugzilla.suse.com/1092885

https://bugzilla.suse.com/1093169

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:1628-1
Rating: important
Affected Products: openSUSE Leap 15.0 le.

Topics%20covered

Topics Covered

security advisory important mitigation KVM openSUSE qemu spectre

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here