58 lines
2.9 KiB
Plaintext
58 lines
2.9 KiB
Plaintext
<patchinfo incident="60">
|
|
<!-- generated from request(s) 343333 -->
|
|
<issue tracker="bnc" id="1221812">qemu coredump when virsh migrate postcopy + virsh migrate-postcopy on sle15sp6 kvm host</issue>
|
|
<issue tracker="bnc" id="1227322">VUL-0: CVE-2024-4467: qemu: 'qemu-img info' leads to host file read/write</issue>
|
|
<issue tracker="bnc" id="1229007">VUL-0: CVE-2024-7409: qemu: denial of service via improper synchronization in QEMU NBD Server during socket closure</issue>
|
|
<issue tracker="cve" id="2024-4467"/>
|
|
<issue tracker="cve" id="2024-7409"/>
|
|
<packager>dfaggioli</packager>
|
|
<rating>important</rating>
|
|
<category>security</category>
|
|
<summary>Security update for qemu</summary>
|
|
<description>This update for qemu fixes the following issues:
|
|
|
|
- Fix bsc#1221812:
|
|
* block: Reschedule query-block during qcow2 invalidation (bsc#1221812)
|
|
|
|
- Fix bsc#1229007, CVE-2024-7409:
|
|
* nbd/server: CVE-2024-7409: Close stray clients at server-stop (bsc#1229007)
|
|
* nbd/server: CVE-2024-7409: Drop non-negotiating clients (bsc#1229007)
|
|
* nbd/server: CVE-2024-7409: Cap default max-connections to 100 (bsc#1229007)
|
|
* nbd/server: Plumb in new args to nbd_client_add() (bsc#1229007, CVE-2024-7409)
|
|
* nbd: Minor style and typo fixes (bsc#1229007, CVE-2024-7409)
|
|
|
|
- Update to version 8.2.6:
|
|
|
|
Full backport lists (from the various releases) here:
|
|
https://lore.kernel.org/qemu-devel/1721203806.547734.831464.nullmailer@tls.msk.ru/
|
|
|
|
Some of the upstream backports are:
|
|
hw/nvme: fix number of PIDs for FDP RUH update
|
|
sphinx/qapidoc: Fix to generate doc for explicit, unboxed arguments
|
|
char-stdio: Restore blocking mode of stdout on exit
|
|
virtio: remove virtio_tswap16s() call in vring_packed_event_read()
|
|
virtio-pci: Fix the failure process in kvm_virtio_pci_vector_use_one()
|
|
block: Parse filenames only when explicitly requested
|
|
iotests/270: Don't store data-file with json: prefix in image
|
|
iotests/244: Don't store data-file with protocol in image
|
|
qcow2: Don't open data_file with BDRV_O_NO_IO (bsc#1227322, CVE-2024-4467)
|
|
target/arm: Fix FJCVTZS vs flush-to-zero
|
|
target/arm: Fix VCMLA Dd, Dn, Dm[idx]
|
|
i386/cpu: fixup number of addressable IDs for processor cores in the physical package
|
|
tests: Update our CI to use CentOS Stream 9 instead of 8
|
|
migration: Fix file migration with fdset
|
|
tcg/loongarch64: Fix tcg_out_movi vs some pcrel pointers
|
|
target/sparc: use signed denominator in sdiv helper
|
|
linux-user: Make TARGET_NR_setgroups affect only the current thread
|
|
accel/tcg: Fix typo causing tb->page_addr[1] to not be recorded
|
|
stdvga: fix screen blanking
|
|
hw/audio/virtio-snd: Always use little endian audio format
|
|
ui/gtk: Draw guest frame at refresh cycle
|
|
virtio-net: drop too short packets early
|
|
target/i386: fix size of EBP writeback in gen_enter()
|
|
|
|
</description>
|
|
<package>qemu</package>
|
|
<package>qemu:qemu-linux-user</package>
|
|
<seperate_build_arch/>
|
|
</patchinfo> |