Overview

File _patchinfo of Package patchinfo.37352

<patchinfo incident="37352">
  <issue tracker="bnc" id="1219722">QEMU: [ipxe] Apply patch to build with newer Binutils</issue>
  <issue tracker="bnc" id="1219733">qemu ipxe roms will stop compiling with binutils update</issue>
  <issue tracker="bnc" id="1230915">VUL-0: CVE-2024-8612: qemu: qemu-kvm: information leak in virtio devices</issue>
  <issue tracker="bnc" id="1222845">VUL-0: CVE-2024-3447: qemu: sdhci: heap buffer overflow in sdhci_write_dataport()</issue>
  <issue tracker="bnc" id="1229007">VUL-0: CVE-2024-7409: qemu: denial of service via improper synchronization in QEMU NBD Server during socket closure</issue>
  <issue tracker="cve" id="2024-8612"/>
  <issue tracker="cve" id="2024-7409"/>
  <issue tracker="cve" id="2024-3447"/>
  <packager>dfaggioli</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

- CVE-2024-8612: Fixed information leak in virtio devices (bsc#1230915).
- CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007).
- CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport() (bsc#1222845).

Other fixes:

- Fix ipxe build with new binutils (bsc#1219733, bsc#1219722).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places