55 lines
3.1 KiB
Plaintext
55 lines
3.1 KiB
Plaintext
<patchinfo incident="93">
|
|
<!-- generated from request(s) 348619 -->
|
|
<issue tracker="bnc" id="1224132">VUL-0: CVE-2024-4693: qemu: virtio-pci: improper release of configure vector leads to guest triggerable crash</issue>
|
|
<issue tracker="bnc" id="1229007">VUL-0: CVE-2024-7409: qemu: denial of service via improper synchronization in QEMU NBD Server during socket closure</issue>
|
|
<issue tracker="bnc" id="1229929">slem6.1, ppc64le only, zypper ref command gets return code 139 after registering the system</issue>
|
|
<issue tracker="bnc" id="1230140">QEMU is missing fix for ppc64 emulation, causing corruption in userspace</issue>
|
|
<issue tracker="bnc" id="1230834">VUL-0: CVE-2024-8354: kvm,qemu: usb: assertion failure in usb_ep_get()</issue>
|
|
<issue tracker="bnc" id="1230915">VUL-0: CVE-2024-8612: qemu: qemu-kvm: information leak in virtio devices</issue>
|
|
<issue tracker="bnc" id="1231519">[sles15sp7][27.1]KVM_SET_USER_MEMORY_REGION Failure During SLES VM Installation on AArch64 Using Virt-Install</issue>
|
|
<issue tracker="cve" id="2024-4693"/>
|
|
<issue tracker="cve" id="2024-7409"/>
|
|
<issue tracker="cve" id="2024-8354"/>
|
|
<issue tracker="cve" id="2024-8612"/>
|
|
<packager>dfaggioli</packager>
|
|
<rating>important</rating>
|
|
<category>security</category>
|
|
<summary>Security update for qemu</summary>
|
|
<description>This update for qemu fixes the following issues:
|
|
|
|
- Bugfixes and CVEs:
|
|
* hw/usb/hcd-ohci: Fix #1510, #303: pid not IN or OUT (bsc#1230834, CVE-2024-8354)
|
|
* softmmu: Support concurrent bounce buffers (bsc#1230915, CVE-2024-8612)
|
|
* system/physmem: Per-AddressSpace bounce buffering (bsc#1230915, CVE-2024-8612)
|
|
* system/physmem: Propagate AddressSpace to MapClient helpers (bsc#1230915, CVE-2024-8612)
|
|
* system/physmem: Replace qemu_mutex_lock() calls with QEMU_LOCK_GUARD (bsc#1230915, CVE-2024-8612)
|
|
|
|
- Update version to 8.2.7
|
|
* Full changelog here:
|
|
https://lore.kernel.org/qemu-devel/d9ff276f-f1ba-4e90-8343-a7a0dc2bf305@tls.msk.ru/
|
|
* Fixes:
|
|
bsc#1229007, CVE-2024-7409
|
|
bsc#1224132, CVE-2024-4693
|
|
* Some backports:
|
|
gitlab: fix logic for changing docker tag on stable branches
|
|
ui/sdl2: set swap interval explicitly when OpenGL is enabled
|
|
hw/intc/arm_gic: fix spurious level triggered interrupts
|
|
hw/audio/virtio-sound: fix heap buffer overflow
|
|
tests/docker: update debian i686 and mipsel images to bookworm
|
|
tests/docker: remove debian-armel-cross
|
|
hw/display/vhost-user-gpu.c: fix vhost_user_gpu_chr_read()
|
|
crypto: check gnutls & gcrypt support the requested pbkdf hash
|
|
crypto: run qcrypto_pbkdf2_count_iters in a new thread
|
|
softmmu/physmem: fix memory leak in dirty_memory_extend()
|
|
target/ppc: Fix migration of CPUs with TLB_EMB TLB type
|
|
gitlab: migrate the s390x custom machine to 22.04
|
|
target/hppa: Fix PSW V-bit packaging in cpu_hppa_get for hppa64
|
|
hw/audio/virtio-snd: fix invalid param check
|
|
virtio-pci: Fix the use of an uninitialized irqfd
|
|
- Fix bsc#1231519:
|
|
* accel/kvm: check for KVM_CAP_READONLY_MEM on VM (bsc#1231519)
|
|
</description>
|
|
<package>qemu</package>
|
|
<package>qemu:qemu-linux-user</package>
|
|
<seperate_build_arch/>
|
|
</patchinfo> |