SUSE_ALP_Standard/patchinfo.20240830091202805976.269002615871826/_patchinfo

<patchinfo incident="60">
  <!-- generated from request(s) 343333 -->
  <issue tracker="bnc" id="1221812">qemu coredump when virsh migrate postcopy + virsh migrate-postcopy on sle15sp6 kvm host</issue>
  <issue tracker="bnc" id="1227322">VUL-0: CVE-2024-4467: qemu: 'qemu-img info' leads to host file read/write</issue>
  <issue tracker="bnc" id="1229007">VUL-0: CVE-2024-7409: qemu: denial of service via improper synchronization in QEMU NBD Server during socket closure</issue>
  <issue tracker="cve" id="2024-4467"/>
  <issue tracker="cve" id="2024-7409"/>
  <packager>dfaggioli</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

- Fix bsc#1221812:
  * block: Reschedule query-block during qcow2 invalidation (bsc#1221812)

- Fix bsc#1229007, CVE-2024-7409:
  * nbd/server: CVE-2024-7409: Close stray clients at server-stop (bsc#1229007)
  * nbd/server: CVE-2024-7409: Drop non-negotiating clients (bsc#1229007)
  * nbd/server: CVE-2024-7409: Cap default max-connections to 100 (bsc#1229007)
  * nbd/server: Plumb in new args to nbd_client_add() (bsc#1229007, CVE-2024-7409)
  * nbd: Minor style and typo fixes (bsc#1229007, CVE-2024-7409)

- Update to version 8.2.6:

  Full backport lists (from the various releases) here:
   https://lore.kernel.org/qemu-devel/1721203806.547734.831464.nullmailer@tls.msk.ru/

  Some of the upstream backports are:
   hw/nvme: fix number of PIDs for FDP RUH update
   sphinx/qapidoc: Fix to generate doc for explicit, unboxed arguments
   char-stdio: Restore blocking mode of stdout on exit
   virtio: remove virtio_tswap16s() call in vring_packed_event_read()
   virtio-pci: Fix the failure process in kvm_virtio_pci_vector_use_one()
   block: Parse filenames only when explicitly requested
   iotests/270: Don't store data-file with json: prefix in image
   iotests/244: Don't store data-file with protocol in image
   qcow2: Don't open data_file with BDRV_O_NO_IO (bsc#1227322, CVE-2024-4467)
   target/arm: Fix FJCVTZS vs flush-to-zero
   target/arm: Fix VCMLA Dd, Dn, Dm[idx]
   i386/cpu: fixup number of addressable IDs for processor cores in the physical package
   tests: Update our CI to use CentOS Stream 9 instead of 8
   migration: Fix file migration with fdset
   tcg/loongarch64: Fix tcg_out_movi vs some pcrel pointers
   target/sparc: use signed denominator in sdiv helper
   linux-user: Make TARGET_NR_setgroups affect only the current thread
   accel/tcg: Fix typo causing tb-&gt;page_addr[1] to not be recorded
   stdvga: fix screen blanking
   hw/audio/virtio-snd: Always use little endian audio format
   ui/gtk: Draw guest frame at refresh cycle
   virtio-net: drop too short packets early
   target/i386: fix size of EBP writeback in gen_enter()

</description>
  <package>qemu</package>
  <package>qemu:qemu-linux-user</package>
  <seperate_build_arch/>
</patchinfo>
Update incident numbers 2024-10-15 13:37:56 +02:00			`<patchinfo incident="60">`
Adding patchinfo patchinfo.20240830091202805976.269002615871826 2024-10-10 13:15:04 +02:00			`<!-- generated from request(s) 343333 -->`
			`<issue tracker="bnc" id="1221812">qemu coredump when virsh migrate postcopy + virsh migrate-postcopy on sle15sp6 kvm host</issue>`
			`<issue tracker="bnc" id="1227322">VUL-0: CVE-2024-4467: qemu: 'qemu-img info' leads to host file read/write</issue>`
			`<issue tracker="bnc" id="1229007">VUL-0: CVE-2024-7409: qemu: denial of service via improper synchronization in QEMU NBD Server during socket closure</issue>`
			`<issue tracker="cve" id="2024-4467"/>`
			`<issue tracker="cve" id="2024-7409"/>`
			`<packager>dfaggioli</packager>`
			`<rating>important</rating>`
			`<category>security</category>`
			`<summary>Security update for qemu</summary>`
			`<description>This update for qemu fixes the following issues:`

			`- Fix bsc#1221812:`
			`* block: Reschedule query-block during qcow2 invalidation (bsc#1221812)`

			`- Fix bsc#1229007, CVE-2024-7409:`
			`* nbd/server: CVE-2024-7409: Close stray clients at server-stop (bsc#1229007)`
			`* nbd/server: CVE-2024-7409: Drop non-negotiating clients (bsc#1229007)`
			`* nbd/server: CVE-2024-7409: Cap default max-connections to 100 (bsc#1229007)`
			`* nbd/server: Plumb in new args to nbd_client_add() (bsc#1229007, CVE-2024-7409)`
			`* nbd: Minor style and typo fixes (bsc#1229007, CVE-2024-7409)`

			`- Update to version 8.2.6:`

			`Full backport lists (from the various releases) here:`
			`https://lore.kernel.org/qemu-devel/1721203806.547734.831464.nullmailer@tls.msk.ru/`

			`Some of the upstream backports are:`
			`hw/nvme: fix number of PIDs for FDP RUH update`
			`sphinx/qapidoc: Fix to generate doc for explicit, unboxed arguments`
			`char-stdio: Restore blocking mode of stdout on exit`
			`virtio: remove virtio_tswap16s() call in vring_packed_event_read()`
			`virtio-pci: Fix the failure process in kvm_virtio_pci_vector_use_one()`
			`block: Parse filenames only when explicitly requested`
			`iotests/270: Don't store data-file with json: prefix in image`
			`iotests/244: Don't store data-file with protocol in image`
			`qcow2: Don't open data_file with BDRV_O_NO_IO (bsc#1227322, CVE-2024-4467)`
			`target/arm: Fix FJCVTZS vs flush-to-zero`
			`target/arm: Fix VCMLA Dd, Dn, Dm[idx]`
			`i386/cpu: fixup number of addressable IDs for processor cores in the physical package`
			`tests: Update our CI to use CentOS Stream 9 instead of 8`
			`migration: Fix file migration with fdset`
			`tcg/loongarch64: Fix tcg_out_movi vs some pcrel pointers`
			`target/sparc: use signed denominator in sdiv helper`
			`linux-user: Make TARGET_NR_setgroups affect only the current thread`
			`accel/tcg: Fix typo causing tb->page_addr[1] to not be recorded`
			`stdvga: fix screen blanking`
			`hw/audio/virtio-snd: Always use little endian audio format`
			`ui/gtk: Draw guest frame at refresh cycle`
			`virtio-net: drop too short packets early`
			`target/i386: fix size of EBP writeback in gen_enter()`

			`</description>`
			`<package>qemu</package>`
			`<package>qemu:qemu-linux-user</package>`
			`<seperate_build_arch/>`
Update incident numbers 2024-10-15 13:37:56 +02:00			`</patchinfo>`