FEDORA-2018-e657c3c037 — security update for libvirt

obsolete

libvirt-3.7.0-5.fc27

FEDORA-2018-e657c3c037 created by berrange 6 years ago for Fedora 27

Add new CPU features for CVE-2017-5715 and CVE-2018-3639

On Intel x86 hosts, the "ssbd" feature must be explicitly added to any virtual machines that are not using host-passthrough/host-model CPU setup. NB this requires new microcode too, which is not yet available in Fedora microcode_ctl RPMs. New "-IBRS"CPU models are provided for the Spectre fix, though it is possible to just use the "spec-ctrl" feature with existing models

On AMD x86 hosts, the "virt-ssbd" feature must be explicitly added to any virtual machines that are not using host-passthrough /host-model CPU setup. There is no microcode dependency for AMD as this is a virtualized CPUID feature. New "-IBPB" CPU models are provided for the Spectre fix, though it is possible to just use the "ibpb" feature with existing models

In both cases, kernel >= 4.16.10-201 is required on the host and guest in order to activate the fix. QEMU >= qemu-2.10.1-4.fc27 is also required on the host

This update has been submitted for testing by berrange.

6 years ago

berrange edited this update.

6 years ago

This update has been pushed to testing.

6 years ago

cserpentis commented & provided feedback 6 years ago

karma

works for me in a VM

This update has been obsoleted by libvirt-3.7.0-6.fc27.

6 years ago

Please login to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

disabled

Thresholds

Minimum Karma

Minimum Testing

14 days

Dates

submitted

6 years ago

in testing

6 years ago

modified

6 years ago

Builds

libvirt-3.7.0-5.fc27

BZ#1566890 CVE-2018-3639 hw: cpu: speculative store bypass

BZ#1592750 CVE-2018-3639 libvirt: hw: cpu: speculative store bypass [fedora-all]

libvirt-3.7.0-5.fc27

Automated Test Results

ignored