This bug was fixed in the package qemu - 1:2.5+dfsg-5ubuntu10.36
---------------
qemu (1:2.5+dfsg-5ubuntu10.36) xenial-security; urgency=medium
* Spectre/Meltdown fixes for ppc64 (LP: #1765364)
- debian/patches/lp1765364/*.patches: add backported capabilities and
spectre/meltdown commits.
* SECURITY UPDATE: race during file renaming in v9fs_wstat
- debian/patches/CVE-2018-19489.patch: add locks to hw/9pfs/9p.c.
- CVE-2018-19489
* SECURITY UPDATE: heap based buffer overflow in slirp
- debian/patches/CVE-2019-6778.patch: check data length while emulating
ident function in slirp/tcp_subr.c.
- CVE-2019-6778
-- Marc Deslauriers <[email protected]> Fri, 22 Mar 2019
14:19:08 -0400
** Changed in: qemu (Ubuntu Xenial)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19489
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6778
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1765364
Title:
Backport spectre/meltdown fixes on qemu for ppc64 into 16.04 and
possibly 14.04 LTS releases
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1765364/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
