[USN-3679-1] QEMU update


This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–===============2936513603305743416==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol=”application/pgp-signature”;
boundary=”NMUrOd9gWvYZEyLRqKzPtuNA7KdMFxHt7″

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–NMUrOd9gWvYZEyLRqKzPtuNA7KdMFxHt7
Content-Type: multipart/mixed; boundary=”OCYBqK0jp8aKgEepqc5rBpZAVabn3rv0w”;
protected-headers=”v1″
From: Marc Deslauriers
Reply-To: Ubuntu Security
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID:
Subject: [USN-3679-1] QEMU update

–OCYBqK0jp8aKgEepqc5rBpZAVabn3rv0w
Content-Type: text/plain; charset=utf-8
Content-Language: en-CA
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-3679-1
June 12, 2018

qemu update
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Side channel execution mitigations were added to QEMU.

Software Description:
– qemu: Machine emulator and virtualizer

Details:

Ken Johnson and Jann Horn independently discovered that microprocessors
utilizing speculative execution of a memory read may allow unauthorized
memory reads via sidechannel attacks. An attacker in the guest could use
this to expose sensitive guest information, including kernel memory. This=

update allows QEMU to expose new CPU features added by AMD microcode
updates to guests on amd64 and i386.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
qemu 1:2.11+dfsg-1ubuntu7.3
qemu-system 1:2.11+dfsg-1ubuntu7.3
qemu-system-x86 1:2.11+dfsg-1ubuntu7.3

Ubuntu 17.10:
qemu 1:2.10+dfsg-0ubuntu3.8
qemu-system 1:2.10+dfsg-0ubuntu3.8
qemu-system-x86 1:2.10+dfsg-0ubuntu3.8

Ubuntu 16.04 LTS:
qemu 1:2.5+dfsg-5ubuntu10.30
qemu-system 1:2.5+dfsg-5ubuntu10.30
qemu-system-x86 1:2.5+dfsg-5ubuntu10.30

Ubuntu 14.04 LTS:
qemu 2.0.0+dfsg-2ubuntu1.43
qemu-system 2.0.0+dfsg-2ubuntu1.43
qemu-system-x86 2.0.0+dfsg-2ubuntu1.43

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3679-1
CVE-2018-3639

Package Information:
https://launchpad.net/ubuntu/+source/qemu/1:2.11+dfsg-1ubuntu7.3
https://launchpad.net/ubuntu/+source/qemu/1:2.10+dfsg-0ubuntu3.8
https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.30
https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.43

–OCYBqK0jp8aKgEepqc5rBpZAVabn3rv0w–

–NMUrOd9gWvYZEyLRqKzPtuNA7KdMFxHt7
Content-Type: application/pgp-signature; name=”signature.asc”
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename=”signature.asc”

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlsfvOoACgkQZWnYVadE
vpMnbA/+OfBnV0Eg1Yd7eljVWF7vQFiv446FaNkgKVhp+wJ8S8h2kOWe/QUzfAG+
lEMkeMXvS5dtWGt1Y3GXV3RcD5h1aPLJobvkWmq+TJfE/mQa+1NkVT3AsnoeEqq0
xN6sFMMnaZNu+ES7kPiYZWMc5CNSHZWCFnfbF6KaWwd33lnuV/kiNbmsdgWvtk0B
OrGDPcuQ5GeiFB8BbO0418Wyko551jxvpaWAiY2LheIgzFqDnw2gkLTml0REEH9f
KtUBGWJEXIfvzHzDz3Va5BWED8WEECRQ6T+65M8RYeJmHyz4V/bYGWHRtpk3frCm
w94qDxjdyoQF57Gsr5pBSl8VBKMNau1oYwNnZXofJxQRLWu+/kAMZutB3rm4QLlT
yY1A4I0e+nApewayF+RfHE4wUPxzJ6thU0eDErWs4aYpbV67PZs0T+BQhYqcmvwr
ChIcdCQXaRAUgZtFd9kaReWI39x4JoYRHNQhlAk6d5dftRQzI8VBD6K0vrBofoE5
uCC14EU0W9+8NvCRV5SCb/baw36Qy+lX/3U7W8B+ZsFs0xl9ooqx7a1ewbu4q/sM
Wd6Y49xprY471PT3HOSoZOzlNbKiSEmhdWRiOJKPLWPHak3+mmXk9Q6MNmVLzGbM
9+kY3hOWMt+bD8IG07i3MgbLk8UzZCxzREJ19evXwHAnLXedpLg=
=MgDG
—–END PGP SIGNATURE—–

–NMUrOd9gWvYZEyLRqKzPtuNA7KdMFxHt7–

–===============2936513603305743416==
Content-Type: text/plain; charset=”utf-8″
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

–===============2936513603305743416==–