>From https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html
> Starting with libseccomp 2.2.0 and kernel >= 3.17, we can use > seccomp_attr_set(ctx, > SCMP_FLTATR_CTL_TSYNC, 1) to update the policy > on all threads. == Xenial == Since Xenial fulfills those requirements, I'd think the QEMU patch would be backportable without too much effort. I haven't look at the code so take this with a grain of salt. == Trusty == Trusty doesn't meet the requirements so addressing it there would probably be more involved and maybe not worth the time investment and the stability risks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1789551 Title: qemu: CVE-2018-15746: seccomp: blacklist is not applied to all threads To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1789551/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
