You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa qemu

Sigurnosni nedostatak programskog paketa qemu

==========================================================================
Ubuntu Security Notice USN-3651-1
May 21, 2018

qemu update
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Side channel execution mitigations were added to QEMU.

Software Description:
– qemu: Machine emulator and virtualizer

Details:

Ken Johnson and Jann Horn independently discovered that microprocessors utilizing
speculative execution of a memory read may allow unauthorized memory reads via
sidechannel attacks. An attacker in the guest could use this to expose sensitive
guest information, including kernel memory. This update allows QEMU to expose new
CPU features added by microcode updates to guests on amd64 and i386.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
qemu                            1:2.11+dfsg-1ubuntu7.2
qemu-system                     1:2.11+dfsg-1ubuntu7.2
qemu-system-x86                 1:2.11+dfsg-1ubuntu7.2

Ubuntu 17.10:
qemu                            1:2.10+dfsg-0ubuntu3.7
qemu-system                     1:2.10+dfsg-0ubuntu3.7
qemu-system-x86                 1:2.10+dfsg-0ubuntu3.7

Ubuntu 16.04 LTS:
qemu                            1:2.5+dfsg-5ubuntu10.29
qemu-system                     1:2.5+dfsg-5ubuntu10.29
qemu-system-x86                 1:2.5+dfsg-5ubuntu10.29

Ubuntu 14.04 LTS:
qemu                            2.0.0+dfsg-2ubuntu1.42
qemu-system                     2.0.0+dfsg-2ubuntu1.42
qemu-system-x86                 2.0.0+dfsg-2ubuntu1.42

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3651-1
CVE-2018-3639, https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4

Package Information:
https://launchpad.net/ubuntu/+source/qemu/1:2.11+dfsg-1ubuntu7.2
https://launchpad.net/ubuntu/+source/qemu/1:2.10+dfsg-0ubuntu3.7
https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.29
https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.42—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJbA2L2AAoJEEK++w9AZDrpuUwP+gOf+pvgJhi9OxOmZGlw9Gg5
rUrqpG1e+Odl3qbTR8dOI1HYiopY4Tz4C3Q5P8WT69tMz6y4Q1lWHZzLYuS9XO8f
zdAC4SBbecymikwij8jRaMyR3TXBqG7icQKVvpvuooK7GqLTVFt9JtVSsGBpddy2
zGK6cLUmBQ8nod7cnTKiNsnb8fL240sI/CGTOQz2nRUgQKwBgRX3x47ECle6noSu
K1NniFNiPaSfaD7Cy+YGxYVLq2I2YxvSaXzqQXcuiGqohRH9G3Rif06ZNxZU+SHQ
QdcWH876Qjrd0f+bBJwvlOThPYdRdYJ3SUfCI9FnvwZFrgv2X8l+Ah5i/4UPqJKx
pdEEM808eAtt0UIOyFeomlRIeqpCxFBj5fqSamTj1s0QimhdDK4Piu2WRm483AdE
8jber391gJ4+AIqy9rVGW7bJo9X2KKgD3Jm5vFFcIB7eoyy3AqcdXlQ4xIkEIJQi
RrCk+O3KGc/0yGKNIHYuKH5OMyYoqMCZpm058/NnDXedXv0DSNsDy1HtZH5Rge47
wdXiNuTZzyZZaEIT+8ajUUochgHE5db/1Je9FYoMjzF9wlFQm5WsqygZIwUCBMVF
zM3nx5rfcx0Yk4ZtyMmlGjNsmDNSiSW1HwXXFGogk+foW+QFghVx07kx+ogLYFy7
L8jkWhyOmjccN0s+o1lD
=VwYe
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa gitlab

Otkriveni su sigurnosni nedostaci u programskom paketu gitlab za operacijski sustav Debian. Otkriveni nedostaci potencijalnim napadačima omogućuju otkrivanje informacija. Savjetuje...

Close