--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-9f02e5ed7b
2018-07-06 15:43:24.292244
--------------------------------------------------------------------------------
Name : qemu
Product : Fedora 27
Version : 2.10.1
Release : 4.fc27
URL :
http://www.qemu.org/
Summary : QEMU is a FAST! processor emulator
Description :
QEMU is a generic and open source processor emulator which achieves a good
emulation speed by using dynamic translation. QEMU has two operating modes:
* Full system emulation. In this mode, QEMU emulates a full system (for
example a PC), including a processor and various peripherials. It can be
used to launch different Operating Systems without rebooting the PC or
to debug system code.
* User mode emulation. In this mode, QEMU can launch Linux processes compiled
for one CPU on another CPU.
As QEMU requires no host kernel patches to run, it is safe and easy to use.
--------------------------------------------------------------------------------
Update Information:
Add new CPU features for CVE-2017-5715 and CVE-2018-3639 On Intel x86 hosts, the
"ssbd" feature must be explicitly added to any virtual machines that are not
using host-passthrough/host-model CPU setup. NB this requires new microcode too,
which is not yet available in Fedora microcode_ctl RPMs. On AMD x86 hosts, the
"virt-ssbd" feature must be explicitly added to any virtual machines that are
not using host-passthrough/host-model CPU setup. There is no microcode
dependency for AMD as this is a virtualized CPUID feature. In both cases, kernel
= 4.16.10-301 is required on the host and guest in order to activate
the fix.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 19 2018 Daniel P. Berrang�� <berrange(a)redhat.com> - 2:2.10.1-4
- Add new CPU features for CVE-2017-5715 and CVE-2018-3639
* Thu Mar 22 2018 Adam Williamson <awilliam(a)redhat.com> - 2:2.1.01-3
- Backport fix for restoring snapshot more than once (rhbz #1531048)
* Thu Dec 21 2017 Daniel P. Berrange <berrange(a)redhat.com> - 2:2.10.1-2
- Re-enable RBD on arm/ppc (rhbz #1528378)
* Thu Oct 19 2017 Cole Robinson <crobinso(a)redhat.com> - 2:2.10.1-1
- Fix ppc64 KVM failure (bz #1501936)
- CVE-2017-15038: 9p: information disclosure when reading extended
attributes (bz #1499111)
- CVE-2017-15268: potential memory exhaustion via websock connection to VNC
(bz #1496882)
* Tue Oct 17 2017 Paolo Bonzini <pbonzini(a)redhat.com> - 2:2.10.0-5
- Update patch 1014 for new libmultipath/libmpathpersist API
- Force build to fail if multipath is not available
- Tighten permissions on the qemu-pr-helper socket
* Thu Sep 28 2017 Paolo Bonzini <pbonzini(a)redhat.com> - 2:2.10.0-4
- Stop using tcmalloc, glibc got faster
* Fri Sep 22 2017 Paolo Bonzini <pbonzini(a)redhat.com> - 2:2.10.0-3
- Backport persistent reservation manager in preparation for SELinux work
- Fix endianness of e_type in the ppc64le binfmt (Nathaniel McCallum)
* Mon Sep 18 2017 Nathaniel McCallum <npmccallum(a)redhat.com> - 2:2.10.0-2
- Fix endianness of e_type in the ppc64le binfmt
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1566890 - CVE-2018-3639 hw: cpu: speculative store bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1566890
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-9f02e5ed7b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------