Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Ubuntu 18.04 LTS USN-3651-1 Critical: QEMU Side Channel Threat

ubuntu
Calendar Grey May 22, 2018
Scroller Ubuntu Esm H88
Major QEMU patch for Ubuntu mitigates side channel execution vulnerabilities and resolves additional security concerns impacting various distributions.
Side channel execution mitigations were added to QEMU.

Summary

Side channel execution mitigations were added to QEMU.

Software Description:

- qemu: Machine emulator and virtualizer

Details:

Ken Johnson and Jann Horn independently discovered that microprocessors utilizing

speculative execution of a memory read may allow unauthorized memory reads via

sidechannel attacks. An attacker in the guest could use this to expose sensitive

guest information, including kernel memory. This update allows QEMU to expose new

CPU features added by microcode updates to guests on amd64 and i386.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  qemu                            1:2.11+dfsg-1ubuntu7.2
  qemu-system                     1:2.11+dfsg-1ubuntu7.2
  qemu-system-x86                 1:2.11+dfsg-1ubuntu7.2

Ubuntu 17.10:
  qemu                            1:2.10+dfsg-0ubuntu3.7
  qemu-system                     1:2.10+dfsg-0ubuntu3.7
  qemu-system-x86                 1:2.10+dfsg-0ubuntu3.7

Ubuntu 16.04 LTS:
  qemu                            1:2.5+dfsg-5ubuntu10.29
  qemu-system                     1:2.5+dfsg-5ubuntu10.29
  qemu-system-x86                 1:2.5+dfsg-5ubuntu10.29

Ubuntu 14.04 LTS:
  qemu                            2.0.0+dfsg-2ubuntu1.42
  qemu-system                     2.0.0+dfsg-2ubuntu1.42
  qemu-system-x86                 2.0.0+dfsg-2ubuntu1.42

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-3651-1

  CVE-2018-3639, https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4

Severity
critical
Lowest
Low
Medium
High
Critical

May 21, 2018

Package Information

  https://launchpad.net/ubuntu/+source/qemu/1:2.11+dfsg-1ubuntu7.2
  https://launchpad.net/ubuntu/+source/qemu/1:2.10+dfsg-0ubuntu3.7
  https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.29
  https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.42

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.