[Bug 1744882] Re: Add SPEC_CTRL and IBRS changes

James Page james.page at ubuntu.com
Thu Feb 22 13:14:52 UTC 2018 

This bug was fixed in the package qemu - 1:2.10+dfsg-0ubuntu3.4~cloud0
---------------

 qemu (1:2.10+dfsg-0ubuntu3.4~cloud0) xenial-pike; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 qemu (1:2.10+dfsg-0ubuntu3.4) artful-security; urgency=medium
 .
   * SECURITY UPDATE: Add support for Spectre mitigations (LP: #1744882)
     - debian/patches/CVE-2017-5715-1.patch: Change X86CPUDefinition::
       model_id to const char* in target/i386/cpu.c.
     - debian/patches/CVE-2017-5715-2.patch: Add support for SPEC_CTRL MSR
       in target/i386/cpu.h, target/i386/kvm.c, target/i386/machine.c.
     - debian/patches/CVE-2017-5715-3.patch: Add spec-ctrl CPUID bit in
       target/i386/cpu.c, target/i386/cpu.h.
     - debian/patches/CVE-2017-5715-4.patch: Add FEAT_8000_0008_EBX CPUID
       feature word in target/i386/cpu.c, target/i386/cpu.h.
     - debian/patches/CVE-2017-5715-5.patch: Add new -IBRS versions of Intel
       CPU models in target/i386/cpu.c.
     - debian/patches/CVE-2017-5715-s390x-1.patch: add linux-header content
       for bpbc in linux-headers/asm-s390/kvm.h, linux-headers/linux/kvm.h.
     - debian/patches/CVE-2017-5715-s390x-2.patch: handle bpb feature in
       target/s390x/cpu.c, target/s390x/cpu.h, target/s390x/cpu_features.c,
       target/s390x/cpu_features_def.h, target/s390x/gen-features.c,
       target/s390x/kvm.c, target/s390x/machine.c.
     - debian/patches/CVE-2017-5715-s390x-3.patch: provide stfle.81 in
       target/s390x/cpu_features.c, target/s390x/cpu_features_def.h,
       target/s390x/gen-features.c.
     - CVE-2017-5715


** Changed in: cloud-archive/pike
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1744882

Title:
  Add SPEC_CTRL and IBRS changes

Status in Ubuntu Cloud Archive:
  New
Status in Ubuntu Cloud Archive icehouse series:
  New
Status in Ubuntu Cloud Archive kilo series:
  Fix Committed
Status in Ubuntu Cloud Archive mitaka series:
  Fix Committed
Status in Ubuntu Cloud Archive ocata series:
  Fix Committed
Status in Ubuntu Cloud Archive pike series:
  Fix Released
Status in qemu package in Ubuntu:
  Triaged
Status in qemu source package in Trusty:
  Fix Released
Status in qemu source package in Xenial:
  Fix Released
Status in qemu source package in Artful:
  Fix Released
Status in qemu source package in Bionic:
  Triaged

Bug description:
  The merge of [1] landed the spectre related changes for SPEC_CTRL and
  IBRS to qemu 2.12

  It is announced in [2] that there shall be a 2.11.1 with the backport that we intend to pick.
  The security team can use this merge at [1] to work on backwards security updates.
  For 18.04 (not yet released) the intention for now is to pick 2.11.1 once available.

  [1]: https://github.com/qemu/qemu/commit/5cad8ca516011695a37d5be905292722b5249da8
  [2]: https://www.qemu.org/2018/01/04/spectre/

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1744882/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list