USN-3561-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-3561-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3561-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-3561-1

Related

Published

2018-02-07T16:43:01.436868Z

Modified

2018-02-07T16:43:01.436868Z

Summary

libvirt update

Details

It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory.

This update allows libvirt to expose new CPU features added by microcode updates to guests. On amd64 and i386, new CPU models that match the updated microcode features were added with an -IBRS suffix. Certain environments will require guests to be switched manually to the new CPU models after microcode updates have been applied to the host.

References

Affected packages

Ubuntu:14.04:LTS / libvirt

Package

Name: libvirt
Purl: pkg:deb/ubuntu/libvirt?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.2-0ubuntu13.1.25

Affected versions

1.*

1.1.1-0ubuntu8

1.1.1-0ubuntu9

1.1.4-0ubuntu2

1.1.4-0ubuntu3

1.1.4-0ubuntu4

1.1.4-0ubuntu5

1.2.0-0ubuntu1

1.2.0-0ubuntu2

1.2.0-0ubuntu3

1.2.1-0ubuntu1

1.2.1-0ubuntu2

1.2.1-0ubuntu3

1.2.1-0ubuntu4

1.2.1-0ubuntu5

1.2.1-0ubuntu7

1.2.1-0ubuntu8

1.2.1-0ubuntu9

1.2.1-0ubuntu10

1.2.2-0ubuntu1

1.2.2-0ubuntu2

1.2.2-0ubuntu3

1.2.2-0ubuntu4

1.2.2-0ubuntu5

1.2.2-0ubuntu6

1.2.2-0ubuntu7

1.2.2-0ubuntu8

1.2.2-0ubuntu9

1.2.2-0ubuntu10

1.2.2-0ubuntu11

1.2.2-0ubuntu12

1.2.2-0ubuntu13

1.2.2-0ubuntu13.1

1.2.2-0ubuntu13.1.1

1.2.2-0ubuntu13.1.2

1.2.2-0ubuntu13.1.4

1.2.2-0ubuntu13.1.5

1.2.2-0ubuntu13.1.6

1.2.2-0ubuntu13.1.7

1.2.2-0ubuntu13.1.8

1.2.2-0ubuntu13.1.9

1.2.2-0ubuntu13.1.10

1.2.2-0ubuntu13.1.12

1.2.2-0ubuntu13.1.14

1.2.2-0ubuntu13.1.16

1.2.2-0ubuntu13.1.17

1.2.2-0ubuntu13.1.20

1.2.2-0ubuntu13.1.21

1.2.2-0ubuntu13.1.22

1.2.2-0ubuntu13.1.23

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.2.2-0ubuntu13.1.25",
            "binary_name": "libvirt-bin"
        },
        {
            "binary_version": "1.2.2-0ubuntu13.1.25",
            "binary_name": "libvirt-bin-dbgsym"
        },
        {
            "binary_version": "1.2.2-0ubuntu13.1.25",
            "binary_name": "libvirt-dev"
        },
        {
            "binary_version": "1.2.2-0ubuntu13.1.25",
            "binary_name": "libvirt-dev-dbgsym"
        },
        {
            "binary_version": "1.2.2-0ubuntu13.1.25",
            "binary_name": "libvirt-doc"
        },
        {
            "binary_version": "1.2.2-0ubuntu13.1.25",
            "binary_name": "libvirt0"
        },
        {
            "binary_version": "1.2.2-0ubuntu13.1.25",
            "binary_name": "libvirt0-dbg"
        },
        {
            "binary_version": "1.2.2-0ubuntu13.1.25",
            "binary_name": "libvirt0-dbgsym"
        }
    ]
}

Ubuntu:16.04:LTS / libvirt

Package

Name: libvirt
Purl: pkg:deb/ubuntu/libvirt?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.1-1ubuntu10.17

Affected versions

1.*

1.2.16-2ubuntu11

1.2.16-2ubuntu12

1.2.16-2ubuntu13

1.2.16-2ubuntu14

1.2.21-2ubuntu1

1.2.21-2ubuntu3

1.2.21-2ubuntu4

1.2.21-2ubuntu5

1.2.21-2ubuntu7

1.2.21-2ubuntu8

1.2.21-2ubuntu9

1.2.21-2ubuntu10

1.3.1-1ubuntu1

1.3.1-1ubuntu2

1.3.1-1ubuntu3

1.3.1-1ubuntu4

1.3.1-1ubuntu6

1.3.1-1ubuntu9

1.3.1-1ubuntu10

1.3.1-1ubuntu10.1

1.3.1-1ubuntu10.2

1.3.1-1ubuntu10.3

1.3.1-1ubuntu10.5

1.3.1-1ubuntu10.6

1.3.1-1ubuntu10.7

1.3.1-1ubuntu10.8

1.3.1-1ubuntu10.10

1.3.1-1ubuntu10.11

1.3.1-1ubuntu10.12

1.3.1-1ubuntu10.13

1.3.1-1ubuntu10.14

1.3.1-1ubuntu10.15

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.3.1-1ubuntu10.17",
            "binary_name": "libvirt-bin"
        },
        {
            "binary_version": "1.3.1-1ubuntu10.17",
            "binary_name": "libvirt-bin-dbgsym"
        },
        {
            "binary_version": "1.3.1-1ubuntu10.17",
            "binary_name": "libvirt-dev"
        },
        {
            "binary_version": "1.3.1-1ubuntu10.17",
            "binary_name": "libvirt-dev-dbgsym"
        },
        {
            "binary_version": "1.3.1-1ubuntu10.17",
            "binary_name": "libvirt-doc"
        },
        {
            "binary_version": "1.3.1-1ubuntu10.17",
            "binary_name": "libvirt0"
        },
        {
            "binary_version": "1.3.1-1ubuntu10.17",
            "binary_name": "libvirt0-dbg"
        },
        {
            "binary_version": "1.3.1-1ubuntu10.17",
            "binary_name": "libvirt0-dbgsym"
        }
    ]
}