FEDORA-2018-2b053454a4 created by crobinso 2 years ago for Fedora 27
stable
  • nwfilter: increase pcap buffer size to be compatible with TPACKET_V3 (bz #1547237)

Add new CPU features for CVE-2017-5715 and CVE-2018-3639

On Intel x86 hosts, the "ssbd" feature must be explicitly added to any virtual machines that are not using host-passthrough/host-model CPU setup. NB this requires new microcode too, which is not yet available in Fedora microcode_ctl RPMs. New "-IBRS"CPU models are provided for the Spectre fix, though it is possible to just use the "spec-ctrl" feature with existing models

On AMD x86 hosts, the "virt-ssbd" feature must be explicitly added to any virtual machines that are not using host-passthrough /host-model CPU setup. There is no microcode dependency for AMD as this is a virtualized CPUID feature. New "-IBPB" CPU models are provided for the Spectre fix, though it is possible to just use the "ibpb" feature with existing models

In both cases, kernel >= 4.16.10-201 is required on the host and guest in order to activate the fix. QEMU >= qemu-2.10.1-4.fc27 is also required on the host

How to install

sudo dnf upgrade --advisory=FEDORA-2018-2b053454a4

This update has been submitted for testing by crobinso.

2 years ago

This update has obsoleted libvirt-3.7.0-5.fc27, and has inherited its bugs and notes.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon pwalter commented & provided feedback 2 years ago
karma

Works

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

2 years ago
User Icon cairo provided feedback 2 years ago
karma

This update has been submitted for stable by crobinso.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
BZ#1547237 TPACKET_V3 is enabled, causing failure of libvirt's use of libpcap
0
0
BZ#1566890 CVE-2018-3639 hw: cpu: speculative store bypass
0
0
BZ#1592750 CVE-2018-3639 libvirt: hw: cpu: speculative store bypass [fedora-all]
0
0

Automated Test Results