Summary: | <app-emulation/qemu-2.11.0: ps2 information leakage | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Francis Booth <boothf> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | qemu+disabled |
Priority: | Low | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02946.html | ||
Whiteboard: | C4 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
Francis Booth
2017-11-22 20:15:45 UTC
@maintainer(s): please call for stabilization when ready, thank you. (x86,amd64) Last patch: Thu, 16 Nov 2017 (from Upstream) Last drop: Tue, 14 Nov 2017 via (from Gentoo) commit https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a65a8fa1bcac5e89c0ba154e8f9078aeef3d157f Gentoo Security Padawan (jmbailey/mbailey_j) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=725631c3eee62d147ea634c969ab90d1c70f5612 commit 725631c3eee62d147ea634c969ab90d1c70f5612 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2018-02-11 20:16:02 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2018-02-11 20:27:01 +0000 app-emulation/qemu: version bump to 2.11.0, important security fixes - Added slot operator for libnfs - Added patch for glibc-2.27 compatibility - Added patch for CVE-2017-16845 - Backported upstream msr / spec ctrl patches: 6cfbc54e89 i386: Add EPYC-IBPB CPU model ac96c41354 i386: Add new -IBRS versions of Intel CPU models 1b3420e1c4 i386: Add FEAT_8000_0008_EBX CPUID feature word a2381f0934 i386: Add spec-ctrl CPUID bit a33a2cfe2f i386: Add support for SPEC_CTRL MSR - CVEs addressed by bump: CVE-2017-17381 CVE-2017-18030 CVE-2017-18043 - CVEs addressed by patchset: CVE-2017-15124 CVE-2017-16845 CVE-2018-5683 - CVE-2018-5748 is a libvirt vulnerability, not a qemu issue... Bug: https://bugs.gentoo.org/638506 Bug: https://bugs.gentoo.org/643432 Bug: https://bugs.gentoo.org/646814 Closes: https://bugs.gentoo.org/641100 Closes: https://bugs.gentoo.org/646568 Closes: https://bugs.gentoo.org/646710 Package-Manager: Portage-2.3.24, Repoman-2.3.6 app-emulation/qemu/Manifest | 2 + .../qemu/files/qemu-2.11.0-glibc-2.27.patch | 54 ++ app-emulation/qemu/qemu-2.11.0.ebuild | 803 +++++++++++++++++++++ 3 files changed, 859 insertions(+)} This issue was resolved and addressed in GLSA 201804-08 at https://security.gentoo.org/glsa/201804-08 by GLSA coordinator Aaron Bauman (b-man). |