Security update for qemu SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0059-1 Final 1 1 2018-01-10T07:32:53Z current 2018-01-10T07:32:53Z 2018-01-10T07:32:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qemu This update for qemu fixes the following issues: This update for qemu fixes the following issues: A mitigation for a security flaw has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. (bsc#1068032) This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00028.html E-Mail link for openSUSE-SU-2018:0059-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 qemu-2.6.2-31.18.1 qemu-arm-2.6.2-31.18.1 qemu-block-curl-2.6.2-31.18.1 qemu-block-dmg-2.6.2-31.18.1 qemu-block-iscsi-2.6.2-31.18.1 qemu-block-rbd-2.6.2-31.18.1 qemu-block-ssh-2.6.2-31.18.1 qemu-extra-2.6.2-31.18.1 qemu-guest-agent-2.6.2-31.18.1 qemu-ipxe-1.0.0-31.18.1 qemu-kvm-2.6.2-31.18.1 qemu-lang-2.6.2-31.18.1 qemu-linux-user-2.6.2-31.18.1 qemu-ppc-2.6.2-31.18.1 qemu-s390-2.6.2-31.18.1 qemu-seabios-1.9.1-31.18.1 qemu-sgabios-8-31.18.1 qemu-testsuite-2.6.2-31.18.1 qemu-tools-2.6.2-31.18.1 qemu-vgabios-1.9.1-31.18.1 qemu-x86-2.6.2-31.18.1 qemu-2.6.2-31.18.1 as a component of openSUSE Leap 42.2 qemu-arm-2.6.2-31.18.1 as a component of openSUSE Leap 42.2 qemu-block-curl-2.6.2-31.18.1 as a component of openSUSE Leap 42.2 qemu-block-dmg-2.6.2-31.18.1 as a component of openSUSE Leap 42.2 qemu-block-iscsi-2.6.2-31.18.1 as a component of openSUSE Leap 42.2 qemu-block-rbd-2.6.2-31.18.1 as a component of openSUSE Leap 42.2 qemu-block-ssh-2.6.2-31.18.1 as a component of openSUSE Leap 42.2 qemu-extra-2.6.2-31.18.1 as a component of openSUSE Leap 42.2 qemu-guest-agent-2.6.2-31.18.1 as a component of openSUSE Leap 42.2 qemu-ipxe-1.0.0-31.18.1 as a component of openSUSE Leap 42.2 qemu-kvm-2.6.2-31.18.1 as a component of openSUSE Leap 42.2 qemu-lang-2.6.2-31.18.1 as a component of openSUSE Leap 42.2 qemu-linux-user-2.6.2-31.18.1 as a component of openSUSE Leap 42.2 qemu-ppc-2.6.2-31.18.1 as a component of openSUSE Leap 42.2 qemu-s390-2.6.2-31.18.1 as a component of openSUSE Leap 42.2 qemu-seabios-1.9.1-31.18.1 as a component of openSUSE Leap 42.2 qemu-sgabios-8-31.18.1 as a component of openSUSE Leap 42.2 qemu-testsuite-2.6.2-31.18.1 as a component of openSUSE Leap 42.2 qemu-tools-2.6.2-31.18.1 as a component of openSUSE Leap 42.2 qemu-vgabios-1.9.1-31.18.1 as a component of openSUSE Leap 42.2 qemu-x86-2.6.2-31.18.1 as a component of openSUSE Leap 42.2 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CVE-2017-5715 openSUSE Leap 42.2:qemu-2.6.2-31.18.1 openSUSE Leap 42.2:qemu-arm-2.6.2-31.18.1 openSUSE Leap 42.2:qemu-block-curl-2.6.2-31.18.1 openSUSE Leap 42.2:qemu-block-dmg-2.6.2-31.18.1 openSUSE Leap 42.2:qemu-block-iscsi-2.6.2-31.18.1 openSUSE Leap 42.2:qemu-block-rbd-2.6.2-31.18.1 openSUSE Leap 42.2:qemu-block-ssh-2.6.2-31.18.1 openSUSE Leap 42.2:qemu-extra-2.6.2-31.18.1 openSUSE Leap 42.2:qemu-guest-agent-2.6.2-31.18.1 openSUSE Leap 42.2:qemu-ipxe-1.0.0-31.18.1 openSUSE Leap 42.2:qemu-kvm-2.6.2-31.18.1 openSUSE Leap 42.2:qemu-lang-2.6.2-31.18.1 openSUSE Leap 42.2:qemu-linux-user-2.6.2-31.18.1 openSUSE Leap 42.2:qemu-ppc-2.6.2-31.18.1 openSUSE Leap 42.2:qemu-s390-2.6.2-31.18.1 openSUSE Leap 42.2:qemu-seabios-1.9.1-31.18.1 openSUSE Leap 42.2:qemu-sgabios-8-31.18.1 openSUSE Leap 42.2:qemu-testsuite-2.6.2-31.18.1 openSUSE Leap 42.2:qemu-tools-2.6.2-31.18.1 openSUSE Leap 42.2:qemu-vgabios-1.9.1-31.18.1 openSUSE Leap 42.2:qemu-x86-2.6.2-31.18.1 important 4.7 AV:L/AC:M/Au:N/C:C/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00028.html https://www.suse.com/security/cve/CVE-2017-5715.html CVE-2017-5715 https://bugzilla.suse.com/1068032 SUSE Bug 1068032 https://bugzilla.suse.com/1074562 SUSE Bug 1074562 https://bugzilla.suse.com/1074578 SUSE Bug 1074578 https://bugzilla.suse.com/1074701 SUSE Bug 1074701 https://bugzilla.suse.com/1074741 SUSE Bug 1074741 https://bugzilla.suse.com/1074919 SUSE Bug 1074919 https://bugzilla.suse.com/1075006 SUSE Bug 1075006 https://bugzilla.suse.com/1075007 SUSE Bug 1075007 https://bugzilla.suse.com/1075262 SUSE Bug 1075262 https://bugzilla.suse.com/1075419 SUSE Bug 1075419 https://bugzilla.suse.com/1076115 SUSE Bug 1076115 https://bugzilla.suse.com/1076372 SUSE Bug 1076372 https://bugzilla.suse.com/1078353 SUSE Bug 1078353 https://bugzilla.suse.com/1080039 SUSE Bug 1080039 https://bugzilla.suse.com/1087939 SUSE Bug 1087939 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 https://bugzilla.suse.com/1095735 SUSE Bug 1095735 https://bugzilla.suse.com/1102055 SUSE Bug 1102055 https://bugzilla.suse.com/1102517 SUSE Bug 1102517 https://bugzilla.suse.com/1105108 SUSE Bug 1105108 https://bugzilla.suse.com/1126516 SUSE Bug 1126516 https://bugzilla.suse.com/1173489 SUSE Bug 1173489 https://bugzilla.suse.com/1174161 SUSE Bug 1174161 https://bugzilla.suse.com/1178658 SUSE Bug 1178658