[Git][security-tracker-team/security-tracker][master] Add notes on qemu mitigation needed as part for CVE-2018-3639

Salvatore Bonaccorso carnil at debian.org
Thu Sep 13 20:19:41 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a8c8c896 by Salvatore Bonaccorso at 2018-09-13T19:16:20Z
Add notes on qemu mitigation needed as part for CVE-2018-3639

Note, we explicitly do not track the source package as vulnerable,
because it is not, but fixes are required to enable the mitigation for
quests and protect them against CVE-2018-3639.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35727,6 +35727,11 @@ CVE-2018-3639 (Systems with microprocessors utilizing speculative execution and
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
 	NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
 	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
+	NOTE: Qemu part of the mitigations for the speculative store buffer bypass
+	NOTE: vulnerabilities on x86 are needed: #908682
+	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=d19d1f965904a533998739698020ff4ee8a103da
+	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=cfeea0c021db6234c154dbc723730e81553924ff
+	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=403503b162ffc33fb64cfefdf7b880acf41772cd
 CVE-2018-3638 (Escalation of privilege in all versions of the Intel Remote Keyboard ...)
 	NOT-FOR-US: Intel
 CVE-2018-3637



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8c8c896e4a9eb5797c47af9d1d1327461b75b6e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8c8c896e4a9eb5797c47af9d1d1327461b75b6e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180913/7181f59d/attachment.html>

More information about the debian-security-tracker-commits mailing list