qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches

From: Paolo Bonzini
Subject: Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches
Date: Fri, 5 Jan 2018 11:57:47 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 
On 05/01/2018 11:40, Stefan Priebe - Profihost AG wrote:
> Thanks! But it‘s very difficult to get all opinions all together.
> 
> SuSE Enterprise told me to update:
> - kernel
> - qemu
> - Intel microcode
> 
> And the released already updates for all of them.

Yes, but live migrate an updated guest from updated to non-updated host
and you'll have a bad surprise.

Paolo

> Stefan
> 
> Excuse my typo sent from my mobile phone.
> 
> Am 05.01.2018 um 09:33 schrieb Paolo Bonzini <address@hidden
> <mailto:address@hidden>>:
> 
>> On 04/01/2018 21:15, Stefan Priebe - Profihost AG wrote:
>>> attached the relevant patch for everybody who needs it.
>>
>> This is the original patch from Intel, which doesn't work unless you
>> have a patched kernel (which you almost certainly don't have) and
>> doesn't even warn you about that.
>>
>> In other words, it's rubbish.  Please read
>> https://www.qemu.org/2018/01/04/spectre/ several times, until you
>> understand why there is no urgent need to update QEMU.
>>
>> Days are 24 hours for QEMU developers just like for you (and believe me,
>> we wished several times that they weren't during the last two months).
>> We are prioritizing the fixes according to their effect in mitigating
>> the vulnerability, their applicability and the availability of patches
>> to the lower levels of the stack.  Right now, the most urgent part is
>> the simple mitigations that can go in Linux 4.15 and stable kernels.
>>
>> Paolo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]