146 lines
8.3 KiB
Plaintext
146 lines
8.3 KiB
Plaintext
<patchinfo incident="10">
|
|
<!-- generated from request(s) 336929 -->
|
|
<issue tracker="bnc" id="1084909">trackerbug: packages do not build reproducibly from hostname</issue>
|
|
<issue tracker="bnc" id="1220065">VUL-0: CVE-2024-26328: qemu: invalid NumVFs value is mishandled in NVME SR/IOV implementation</issue>
|
|
<issue tracker="bnc" id="1220310">Qemu cmdline core dumped with more(8193 or more) cpus</issue>
|
|
<issue tracker="bnc" id="1222218">[HPE Bug]: virt-manager looses connection to linux guest</issue>
|
|
<issue tracker="bnc" id="1222841">VUL-0: CVE-2024-3567: qemu: net: assertion failure in update_sctp_checksum()</issue>
|
|
<issue tracker="bnc" id="1222843">VUL-0: CVE-2024-3446: qemu: virtio: DMA reentrancy issue leads to double free vulnerability</issue>
|
|
<issue tracker="bnc" id="1222845">VUL-0: CVE-2024-3447: qemu: sdhci: heap buffer overflow in sdhci_write_dataport()</issue>
|
|
<issue tracker="bnc" id="1224179">SLES 15 SP6 - KVM : Live migration of guest with multiple qcow devices remains incomplete.</issue>
|
|
<issue tracker="cve" id="2024-3446"/>
|
|
<issue tracker="cve" id="2024-3447"/>
|
|
<issue tracker="cve" id="2024-3567"/>
|
|
<issue tracker="cve" id="2024-26328"/>
|
|
<packager>dfaggioli</packager>
|
|
<rating>critical</rating>
|
|
<category>security</category>
|
|
<summary>Security update for qemu</summary>
|
|
<description>This update for qemu fixes the following issues:
|
|
|
|
- Update to version 8.2.5:
|
|
* target/loongarch: fix a wrong print in cpu dump
|
|
* ui/sdl2: Allow host to power down screen
|
|
* target/i386: fix SSE and SSE2 feature check
|
|
* target/i386: fix xsave.flat from kvm-unit-tests
|
|
* disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs
|
|
* target/riscv/kvm.c: Fix the hart bit setting of AIA
|
|
* target/riscv: rvzicbo: Fixup CBO extension register calculation
|
|
* target/riscv: do not set mtval2 for non guest-page faults
|
|
* target/riscv: prioritize pmp errors in raise_mmu_exception()
|
|
* target/riscv: rvv: Remove redudant SEW checking for vector fp narrow/widen instructions
|
|
* target/riscv: rvv: Check single width operator for vfncvt.rod.f.f.w
|
|
* target/riscv: rvv: Check single width operator for vector fp widen instructions
|
|
* target/riscv: rvv: Fix Zvfhmin checking for vfwcvt.f.f.v and vfncvt.f.f.w instructions
|
|
* target/riscv/cpu.c: fix Zvkb extension config
|
|
* target/riscv: Fix the element agnostic function problem
|
|
* target/riscv/kvm: tolerate KVM disable ext errors
|
|
* hw/intc/riscv_aplic: APLICs should add child earlier than realize
|
|
* iotests: test NBD+TLS+iothread
|
|
* qio: Inherit follow_coroutine_ctx across TLS
|
|
* target/arm: Disable SVE extensions when SVE is disabled
|
|
* hw/intc/arm_gic: Fix handling of NS view of GICC_APR<n>
|
|
* hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers
|
|
* gitlab: use 'setarch -R' to workaround tsan bug
|
|
* gitlab: use $MAKE instead of 'make'
|
|
* dockerfiles: add 'MAKE' env variable to remaining containers
|
|
* gitlab: Update msys2-64bit runner tags
|
|
* target/i386: no single-step exception after MOV or POP SS
|
|
|
|
- Update to version 8.2.4.
|
|
* target/sh4: Fix SUBV opcode
|
|
* target/sh4: Fix ADDV opcode
|
|
* hw/arm/npcm7xx: Store derivative OTP fuse key in little endian
|
|
* hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields
|
|
* hw/ufs: Fix buffer overflow bug
|
|
* tests/avocado: update sunxi kernel from armbian to 6.6.16
|
|
* target/loongarch/cpu.c: typo fix: expection
|
|
* backends/cryptodev-builtin: Fix local_error leaks
|
|
* nbd/server: Mark negotiation functions as coroutine_fn
|
|
* nbd/server: do not poll within a coroutine context
|
|
* linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY
|
|
* target/riscv/kvm: change timer regs size to u64
|
|
* target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64
|
|
* target/riscv/kvm: change KVM_REG_RISCV_FP_F to u32
|
|
|
|
- Update to version 8.2.3.
|
|
* Update version for 8.2.3 release
|
|
* ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS.
|
|
* ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs.
|
|
* hw/pci-host/ppc440_pcix: Do not expose a bridge device on PCI bus
|
|
* hw/isa/vt82c686: Keep track of PIRQ/PINT pins separately
|
|
* virtio-pci: fix use of a released vector
|
|
* linux-user/x86_64: Handle the vsyscall page in open_self_maps_{2,4}
|
|
* hw/audio/virtio-snd: Remove unused assignment
|
|
* hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum()
|
|
* hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set
|
|
* hw/net/lan9118: Fix overflow in MIL TX FIFO
|
|
* hw/net/lan9118: Replace magic '2048' value by MIL_TXFIFO_SIZE definition
|
|
* backends/cryptodev: Do not abort for invalid session ID
|
|
* hw/misc/applesmc: Fix memory leak in reset() handler
|
|
* hw/block/nand: Fix out-of-bound access in NAND block buffer
|
|
* hw/block/nand: Have blk_load() take unsigned offset and return boolean
|
|
* hw/block/nand: Factor nand_load_iolen() method out
|
|
* qemu-options: Fix CXL Fixed Memory Window interleave-granularity typo
|
|
* hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs
|
|
* hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs
|
|
* hw/display/virtio-gpu: Protect from DMA re-entrancy bugs
|
|
* mirror: Don't call job_pause_point() under graph lock (bsc#1224179)
|
|
|
|
- Backports and bugfixes:
|
|
* hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum() (bsc#1222841, CVE-2024-3567)
|
|
* hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)
|
|
* hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)
|
|
* hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)
|
|
* hw/virtio: Introduce virtio_bh_new_guarded() helper (bsc#1222843, CVE-2024-3446)
|
|
* hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (bsc#1222845, CVE-2024-3447)
|
|
* hw/nvme: Use pcie_sriov_num_vfs() (bsc#1220065, CVE-2024-26328)
|
|
|
|
- Update to version 8.2.2
|
|
* chardev/char-socket: Fix TLS io channels sending too much data to the backend
|
|
* tests/unit/test-util-sockets: Remove temporary file after test
|
|
* hw/usb/bus.c: PCAP adding 0xA in Windows version
|
|
* hw/intc/Kconfig: Fix GIC settings when using "--without-default-devices"
|
|
* gitlab: force allow use of pip in Cirrus jobs
|
|
* tests/vm: avoid re-building the VM images all the time
|
|
* tests/vm: update openbsd image to 7.4
|
|
* target/i386: leave the A20 bit set in the final NPT walk
|
|
* target/i386: remove unnecessary/wrong application of the A20 mask
|
|
* target/i386: Fix physical address truncation
|
|
* target/i386: check validity of VMCB addresses
|
|
* target/i386: mask high bits of CR3 in 32-bit mode
|
|
* pl031: Update last RTCLR value on write in case it's read back
|
|
* hw/nvme: fix invalid endian conversion
|
|
* update edk2 binaries to edk2-stable202402
|
|
* update edk2 submodule to edk2-stable202402
|
|
* target/ppc: Fix crash on machine check caused by ifetch
|
|
* target/ppc: Fix lxv/stxv MSR facility check
|
|
* .gitlab-ci.d/windows.yml: Drop msys2-32bit job
|
|
* system/vl: Update description for input grab key
|
|
* docs/system: Update description for input grab key
|
|
* hw/hppa/Kconfig: Fix building with "configure --without-default-devices"
|
|
* tests/qtest: Depend on dbus_display1_dep
|
|
* meson: Explicitly specify dbus-display1.h dependency
|
|
* audio: Depend on dbus_display1_dep
|
|
* ui/console: Fix console resize with placeholder surface
|
|
* ui/clipboard: add asserts for update and request
|
|
* ui/clipboard: mark type as not available when there is no data
|
|
* ui: reject extended clipboard message if not activated
|
|
* target/i386: Generate an illegal opcode exception on cmp instructions with lock prefix
|
|
* i386/cpuid: Move leaf 7 to correct group
|
|
* i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F
|
|
* i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and FEAT_XSAVE_XSS_HI leafs
|
|
* i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when CPUID_EXT_XSAVE is not available
|
|
* .gitlab-ci/windows.yml: Don't install libusb or spice packages on 32-bit
|
|
* iotests: Make 144 deterministic again
|
|
* target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU
|
|
* target/arm: Fix SVE/SME gross MTE suppression checks
|
|
* target/arm: Handle mte in do_ldrq, do_ldro
|
|
- Address bsc#1220310. Backported upstream commits:
|
|
* ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS
|
|
* ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs.
|
|
</description>
|
|
<package>qemu</package>
|
|
<package>qemu:qemu-linux-user</package>
|
|
<seperate_build_arch/>
|
|
</patchinfo> |