[PATCH security-notice 1/4] LSN-2018-0001 / CVE-2017-5715 - Spectre variant 2 branch target injection

Daniel P. Berrangé <berrange@xxxxxxxxxx> · Tue, 13 Mar 2018 17:27:34 +0000

Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
 notices/2018/0001.xml | 276 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 276 insertions(+)
 create mode 100644 notices/2018/0001.xml

diff --git a/notices/2018/0001.xml b/notices/2018/0001.xml
new file mode 100644
index 0000000..9acb303
--- /dev/null
+++ b/notices/2018/0001.xml
@@ -0,0 +1,276 @@
+<security-notice xmlns="http://security.libvirt.org/xmlns/security-notice/1.0";>
+  <id>2018-0001</id>
+
+  <summary>Spectre variant 2 branch target injection</summary>
+
+  <description>
+    <![CDATA[This is not a vulnerability in libvirt, rather it is
+	     a set of changes in libvirt to enable mitigation of
+	     the Spectre hardware flaws by providing extra CPU
+	     models with the "spec-ctrl" feature . Refer to https://spectreattack.com/
+	     for further backend information.]]>
+  </description>
+
+  <credits>
+    <reporter>
+      <name>Paolo Bonzini</name>
+      <email>pbonzini@xxxxxxxxxx</email>
+    </reporter>
+    <patcher>
+      <name>Paolo Bonzini</name>
+      <email>pbonzini@xxxxxxxxxx</email>
+    </patcher>
+    <patcher>
+      <name>Jiri Denemark</name>
+      <email>jdenemar@xxxxxxxxxx</email>
+    </patcher>
+  </credits>
+
+  <lifecycle>
+    <reported>20171212</reported>
+    <published>20180105</published>
+    <fixed>20180118</fixed>
+  </lifecycle>
+
+  <reference>
+    <advisory type="CVE" id="2017-5715"/>
+  </reference>
+
+  <product name="libvirt">
+    <repository>libvirt.git</repository>
+    <branch>
+      <name>master</name>
+      <tag state="vulnerable">v0.2.0</tag>
+      <tag state="vulnerable">v0.2.1</tag>
+      <tag state="vulnerable">v0.2.2</tag>
+      <tag state="vulnerable">v0.2.3</tag>
+      <tag state="vulnerable">v0.3.0</tag>
+      <tag state="vulnerable">v0.3.1</tag>
+      <tag state="vulnerable">v0.3.2</tag>
+      <tag state="vulnerable">v0.3.3</tag>
+      <tag state="vulnerable">v0.4.1</tag>
+      <tag state="vulnerable">v0.4.2</tag>
+      <tag state="vulnerable">v0.4.4</tag>
+      <tag state="vulnerable">v0.4.6</tag>
+      <tag state="vulnerable">v0.5.0</tag>
+      <tag state="vulnerable">v0.5.1</tag>
+      <tag state="vulnerable">v0.6.0</tag>
+      <tag state="vulnerable">v0.6.1</tag>
+      <tag state="vulnerable">v0.6.2</tag>
+      <tag state="vulnerable">v0.6.3</tag>
+      <tag state="vulnerable">v0.6.4</tag>
+      <tag state="vulnerable">v0.6.5</tag>
+      <tag state="vulnerable">v0.7.0</tag>
+      <tag state="vulnerable">v0.7.1</tag>
+      <tag state="vulnerable">v0.7.2</tag>
+      <tag state="vulnerable">v0.7.3</tag>
+      <tag state="vulnerable">v0.7.4</tag>
+      <tag state="vulnerable">v0.7.5</tag>
+      <tag state="vulnerable">v0.7.6</tag>
+      <tag state="vulnerable">v0.7.7</tag>
+      <tag state="vulnerable">v0.8.0</tag>
+      <tag state="vulnerable">v0.8.1</tag>
+      <tag state="vulnerable">v0.8.2</tag>
+      <tag state="vulnerable">v0.8.3</tag>
+      <tag state="vulnerable">v0.8.4</tag>
+      <tag state="vulnerable">v0.8.5</tag>
+      <tag state="vulnerable">v0.8.6</tag>
+      <tag state="vulnerable">v0.8.7</tag>
+      <tag state="vulnerable">v0.8.8</tag>
+      <tag state="vulnerable">v0.9.0</tag>
+      <tag state="vulnerable">v0.9.1</tag>
+      <tag state="vulnerable">v0.9.2</tag>
+      <tag state="vulnerable">v0.9.3</tag>
+      <tag state="vulnerable">v0.9.4</tag>
+      <tag state="vulnerable">v0.9.5</tag>
+      <tag state="vulnerable">v0.9.6</tag>
+      <tag state="vulnerable">v0.9.7</tag>
+      <tag state="vulnerable">v0.9.8</tag>
+      <tag state="vulnerable">v0.9.9</tag>
+      <tag state="vulnerable">v0.9.10</tag>
+      <tag state="vulnerable">v0.9.11</tag>
+      <tag state="vulnerable">v0.9.12</tag>
+      <tag state="vulnerable">v0.9.13</tag>
+      <tag state="vulnerable">v0.10.0</tag>
+      <tag state="vulnerable">v0.10.1</tag>
+      <tag state="vulnerable">v0.10.2</tag>
+      <tag state="vulnerable">v1.0.0</tag>
+      <tag state="vulnerable">v1.0.1</tag>
+      <tag state="vulnerable">v1.0.2</tag>
+      <tag state="vulnerable">v1.0.3</tag>
+      <tag state="vulnerable">v1.0.4</tag>
+      <tag state="vulnerable">v1.0.5</tag>
+      <tag state="vulnerable">v1.0.6</tag>
+      <tag state="vulnerable">v1.1.0</tag>
+      <tag state="vulnerable">v1.1.1</tag>
+      <tag state="vulnerable">v1.1.2</tag>
+      <tag state="vulnerable">v1.1.3</tag>
+      <tag state="vulnerable">v1.1.4</tag>
+      <tag state="vulnerable">v1.2.0</tag>
+      <tag state="vulnerable">v1.2.1</tag>
+      <tag state="vulnerable">v1.2.2</tag>
+      <tag state="vulnerable">v1.2.3</tag>
+      <tag state="vulnerable">v1.2.4</tag>
+      <tag state="vulnerable">v1.2.5</tag>
+      <tag state="vulnerable">v1.2.6</tag>
+      <tag state="vulnerable">v1.2.7</tag>
+      <tag state="vulnerable">v1.2.8</tag>
+      <tag state="vulnerable">v1.2.9</tag>
+      <tag state="vulnerable">v1.2.10</tag>
+      <tag state="vulnerable">v1.2.11</tag>
+      <tag state="vulnerable">v1.2.12</tag>
+      <tag state="vulnerable">v1.2.13</tag>
+      <tag state="vulnerable">v1.2.14</tag>
+      <tag state="vulnerable">v1.2.15</tag>
+      <tag state="vulnerable">v1.2.16</tag>
+      <tag state="vulnerable">v1.2.17</tag>
+      <tag state="vulnerable">v1.2.18</tag>
+      <tag state="vulnerable">v1.2.19</tag>
+      <tag state="vulnerable">v1.2.20</tag>
+      <tag state="vulnerable">v1.2.21</tag>
+      <tag state="vulnerable">v1.3.0</tag>
+      <tag state="vulnerable">v1.3.1</tag>
+      <tag state="vulnerable">v1.3.2</tag>
+      <tag state="vulnerable">v1.3.3</tag>
+      <tag state="vulnerable">v1.3.4</tag>
+      <tag state="vulnerable">v1.3.5</tag>
+      <tag state="vulnerable">v2.0.0</tag>
+      <tag state="vulnerable">v2.1.0</tag>
+      <tag state="vulnerable">v2.2.0</tag>
+      <tag state="vulnerable">v2.3.0</tag>
+      <tag state="vulnerable">v2.4.0</tag>
+      <tag state="vulnerable">v2.5.0</tag>
+      <tag state="vulnerable">v3.0.0</tag>
+      <tag state="vulnerable">v3.1.0</tag>
+      <tag state="vulnerable">v3.2.0</tag>
+      <tag state="vulnerable">v3.3.0</tag>
+      <tag state="vulnerable">v3.4.0</tag>
+      <tag state="vulnerable">v3.5.0</tag>
+      <tag state="vulnerable">v3.6.0</tag>
+      <tag state="vulnerable">v3.7.0</tag>
+      <tag state="vulnerable">v3.8.0</tag>
+      <tag state="vulnerable">v3.9.0</tag>
+      <tag state="vulnerable">v3.10.0</tag>
+      <tag state="vulnerable">v4.0.0</tag>
+      <tag state="fixed">v4.1.0</tag>
+      <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+      <change state="fixed">24d504396c3c05eff87d29173a224e2faaeb2637</change>
+      <change state="fixed">b2042020c32b74069fa5365b5e966537aaba8cf6</change>
+      <change state="fixed">7bb4ce9761dfbd1620ddffb26fbd6f0ff1fedf3f</change>
+      <change state="fixed">49bffcb3cc1850d332b9648c686a7be18de9e708</change>
+      <change state="fixed">7f83eefa9e6940c83579d31941efd07fab1b90c8</change>
+      <change state="fixed">7dd85ff62d7080b52d4d175f53ad5eb11cdcfb9c</change>
+      <change state="fixed">203c92e9cc2db854199b39ef3ffcc10406d3c59e</change>
+      <change state="fixed">30b381cfdd5e92e5afa6de09f0fe533353e71d07</change>
+      <change state="fixed">2e3b220a874e558e54678afd7cf49466fe605e09</change>
+      <change state="fixed">6b7e7d1cc24a28a9f5ece8626f807189647d14b4</change>
+      <change state="fixed">6d4a3cd42781babed7d29b061e220ebff24dd43e</change>
+    </branch>
+    <branch>
+      <name>v0.9.6-maint</name>
+      <tag state="vulnerable">v0.9.6.1</tag>
+      <tag state="vulnerable">v0.9.6.2</tag>
+      <tag state="vulnerable">v0.9.6.3</tag>
+      <tag state="vulnerable">v0.9.6.4</tag>
+      <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+    </branch>
+    <branch>
+      <name>v0.9.11-maint</name>
+      <tag state="vulnerable">v0.9.11.1</tag>
+      <tag state="vulnerable">v0.9.11.2</tag>
+      <tag state="vulnerable">v0.9.11.3</tag>
+      <tag state="vulnerable">v0.9.11.4</tag>
+      <tag state="vulnerable">v0.9.11.5</tag>
+      <tag state="vulnerable">v0.9.11.6</tag>
+      <tag state="vulnerable">v0.9.11.7</tag>
+      <tag state="vulnerable">v0.9.11.8</tag>
+      <tag state="vulnerable">v0.9.11.9</tag>
+      <tag state="vulnerable">v0.9.11.10</tag>
+      <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+    </branch>
+    <branch>
+      <name>v0.9.12-maint</name>
+      <tag state="vulnerable">v0.9.12.1</tag>
+      <tag state="vulnerable">v0.9.12.2</tag>
+      <tag state="vulnerable">v0.9.12.3</tag>
+      <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+    </branch>
+    <branch>
+      <name>v0.10.2-maint</name>
+      <tag state="vulnerable">v0.10.2.1</tag>
+      <tag state="vulnerable">v0.10.2.2</tag>
+      <tag state="vulnerable">v0.10.2.3</tag>
+      <tag state="vulnerable">v0.10.2.4</tag>
+      <tag state="vulnerable">v0.10.2.5</tag>
+      <tag state="vulnerable">v0.10.2.6</tag>
+      <tag state="vulnerable">v0.10.2.7</tag>
+      <tag state="vulnerable">v0.10.2.8</tag>
+      <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+    </branch>
+    <branch>
+      <name>v1.0.5-maint</name>
+      <tag state="vulnerable">v1.0.5.1</tag>
+      <tag state="vulnerable">v1.0.5.2</tag>
+      <tag state="vulnerable">v1.0.5.3</tag>
+      <tag state="vulnerable">v1.0.5.4</tag>
+      <tag state="vulnerable">v1.0.5.5</tag>
+      <tag state="vulnerable">v1.0.5.6</tag>
+      <tag state="vulnerable">v1.0.5.7</tag>
+      <tag state="vulnerable">v1.0.5.8</tag>
+      <tag state="vulnerable">v1.0.5.9</tag>
+      <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+    </branch>
+    <branch>
+      <name>v1.1.3-maint</name>
+      <tag state="vulnerable">v1.1.3.1</tag>
+      <tag state="vulnerable">v1.1.3.2</tag>
+      <tag state="vulnerable">v1.1.3.3</tag>
+      <tag state="vulnerable">v1.1.3.4</tag>
+      <tag state="vulnerable">v1.1.3.5</tag>
+      <tag state="vulnerable">v1.1.3.6</tag>
+      <tag state="vulnerable">v1.1.3.7</tag>
+      <tag state="vulnerable">v1.1.3.8</tag>
+      <tag state="vulnerable">v1.1.3.9</tag>
+      <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+    </branch>
+    <branch>
+      <name>v1.2.9-maint</name>
+      <tag state="vulnerable">v1.2.9.1</tag>
+      <tag state="vulnerable">v1.2.9.2</tag>
+      <tag state="vulnerable">v1.2.9.3</tag>
+      <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+    </branch>
+    <branch>
+      <name>v1.2.13-maint</name>
+      <tag state="vulnerable">v1.2.13.1</tag>
+      <tag state="vulnerable">v1.2.13.2</tag>
+      <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+    </branch>
+    <branch>
+      <name>v1.2.18-maint</name>
+      <tag state="vulnerable">v1.2.18.1</tag>
+      <tag state="vulnerable">v1.2.18.2</tag>
+      <tag state="vulnerable">v1.2.18.3</tag>
+      <tag state="vulnerable">v1.2.18.4</tag>
+      <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+    </branch>
+    <branch>
+      <name>v1.3.3-maint</name>
+      <tag state="vulnerable">v1.3.3.1</tag>
+      <tag state="vulnerable">v1.3.3.2</tag>
+      <tag state="vulnerable">v1.3.3.3</tag>
+      <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+    </branch>
+    <branch>
+      <name>v2.2-maint</name>
+      <tag state="vulnerable">v2.2.1</tag>
+      <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+    </branch>
+    <branch>
+      <name>v3.2-maint</name>
+      <tag state="vulnerable">v3.2.1</tag>
+      <change state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+    </branch>
+  </product>
+
+</security-notice>
-- 
2.14.3

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list







