USN-3561-1
See a problem?- Source
- https://ubuntu.com/security/notices/USN-3561-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3561-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-3561-1
- Related
- Published
- 2018-02-07T16:43:01.436868Z
- Modified
- 2018-02-07T16:43:01.436868Z
- Summary
- libvirt update
- Details
-
It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory.
This update allows libvirt to expose new CPU features added by microcode updates to guests. On amd64 and i386, new CPU models that match the updated microcode features were added with an -IBRS suffix. Certain environments will require guests to be switched manually to the new CPU models after microcode updates have been applied to the host.
- References
Affected packages
Ubuntu:14.04:LTS / libvirt
Package
- Name
- libvirt
- Purl
- pkg:deb/ubuntu/libvirt@1.2.2-0ubuntu13.1.25?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.2-0ubuntu13.1.25
Affected versions
1.*
1.1.1-0ubuntu8
1.1.1-0ubuntu9
1.1.4-0ubuntu2
1.1.4-0ubuntu3
1.1.4-0ubuntu4
1.1.4-0ubuntu5
1.2.0-0ubuntu1
1.2.0-0ubuntu2
1.2.0-0ubuntu3
1.2.1-0ubuntu1
1.2.1-0ubuntu2
1.2.1-0ubuntu3
1.2.1-0ubuntu4
1.2.1-0ubuntu5
1.2.1-0ubuntu7
1.2.1-0ubuntu8
1.2.1-0ubuntu9
1.2.1-0ubuntu10
1.2.2-0ubuntu1
1.2.2-0ubuntu2
1.2.2-0ubuntu3
1.2.2-0ubuntu4
1.2.2-0ubuntu5
1.2.2-0ubuntu6
1.2.2-0ubuntu7
1.2.2-0ubuntu8
1.2.2-0ubuntu9
1.2.2-0ubuntu10
1.2.2-0ubuntu11
1.2.2-0ubuntu12
1.2.2-0ubuntu13
1.2.2-0ubuntu13.1
1.2.2-0ubuntu13.1.1
1.2.2-0ubuntu13.1.2
1.2.2-0ubuntu13.1.4
1.2.2-0ubuntu13.1.5
1.2.2-0ubuntu13.1.6
1.2.2-0ubuntu13.1.7
1.2.2-0ubuntu13.1.8
1.2.2-0ubuntu13.1.9
1.2.2-0ubuntu13.1.10
1.2.2-0ubuntu13.1.12
1.2.2-0ubuntu13.1.14
1.2.2-0ubuntu13.1.16
1.2.2-0ubuntu13.1.17
1.2.2-0ubuntu13.1.20
1.2.2-0ubuntu13.1.21
1.2.2-0ubuntu13.1.22
1.2.2-0ubuntu13.1.23
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"libvirt-doc": "1.2.2-0ubuntu13.1.25",
"libvirt0-dbgsym": "1.2.2-0ubuntu13.1.25",
"libvirt-dev-dbgsym": "1.2.2-0ubuntu13.1.25",
"libvirt-dev": "1.2.2-0ubuntu13.1.25",
"libvirt-bin-dbgsym": "1.2.2-0ubuntu13.1.25",
"libvirt0": "1.2.2-0ubuntu13.1.25",
"libvirt0-dbg": "1.2.2-0ubuntu13.1.25",
"libvirt-bin": "1.2.2-0ubuntu13.1.25"
}
]
}
Ubuntu:16.04:LTS / libvirt
Package
- Name
- libvirt
- Purl
- pkg:deb/ubuntu/libvirt@1.3.1-1ubuntu10.17?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3.1-1ubuntu10.17
Affected versions
1.*
1.2.16-2ubuntu11
1.2.16-2ubuntu12
1.2.16-2ubuntu13
1.2.16-2ubuntu14
1.2.21-2ubuntu1
1.2.21-2ubuntu3
1.2.21-2ubuntu4
1.2.21-2ubuntu5
1.2.21-2ubuntu7
1.2.21-2ubuntu8
1.2.21-2ubuntu9
1.2.21-2ubuntu10
1.3.1-1ubuntu1
1.3.1-1ubuntu2
1.3.1-1ubuntu3
1.3.1-1ubuntu4
1.3.1-1ubuntu6
1.3.1-1ubuntu9
1.3.1-1ubuntu10
1.3.1-1ubuntu10.1
1.3.1-1ubuntu10.2
1.3.1-1ubuntu10.3
1.3.1-1ubuntu10.5
1.3.1-1ubuntu10.6
1.3.1-1ubuntu10.7
1.3.1-1ubuntu10.8
1.3.1-1ubuntu10.10
1.3.1-1ubuntu10.11
1.3.1-1ubuntu10.12
1.3.1-1ubuntu10.13
1.3.1-1ubuntu10.14
1.3.1-1ubuntu10.15
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"libvirt-doc": "1.3.1-1ubuntu10.17",
"libvirt0-dbgsym": "1.3.1-1ubuntu10.17",
"libvirt-dev-dbgsym": "1.3.1-1ubuntu10.17",
"libvirt-dev": "1.3.1-1ubuntu10.17",
"libvirt-bin-dbgsym": "1.3.1-1ubuntu10.17",
"libvirt0": "1.3.1-1ubuntu10.17",
"libvirt0-dbg": "1.3.1-1ubuntu10.17",
"libvirt-bin": "1.3.1-1ubuntu10.17"
}
]
}