File _patchinfo of Package patchinfo.42065
<patchinfo incident="42065"> <issue tracker="bnc" id="1252768">qemu-system-x86 exists with SIGSEV while installing SLES16 via remote ISO image</issue> <issue tracker="bnc" id="1253002">VUL-0: CVE-2025-12464: qemu: net: pad packets to minimum length in qemu_receive_packet()</issue> <issue tracker="bnc" id="1209554">VUL-0: CVE-2023-1544: kvm,qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()</issue> <issue tracker="bnc" id="1254286">cockpit - Virtual machines - Import VM - import qcow2 image failed and it fails to start because of missing 'qemu-hw-display-virtio-gpu' and 'qemu-hw-display-virtio-gpu-pci'</issue> <issue tracker="bnc" id="1227397">VUL-0: CVE-2024-6505: qemu: qemu-kvm: virtio-net: queue index out-of-bounds access in software RSS</issue> <issue tracker="cve" id="2024-6505"/> <issue tracker="cve" id="2025-12464"/> <issue tracker="cve" id="2023-1544"/> <packager>dfaggioli</packager> <rating>important</rating> <category>security</category> <summary>Security update for qemu</summary> <description>This update for qemu fixes the following issues: Security issues fixed: - CVE-2023-1544: out-of-bounds read in VMWare's paravirtual RDMA device operations can be exploited through a malicious guest driver to crash the QEMU process on the host (bsc#1209554). - CVE-2024-6505: heap-based buffer overflow in the virtio-net device operations can be exploited by a malicious privileged user to crash the QEMU process on the host (bsc#1227397). - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host (bsc#1253002). Other updates and bugfixes: - [openSUSE][RPM] spec: require qemu-hw-display-virtio-gpu-pci for x86 too. - [openSUSE][RPM} spec: delete old specfile constructs. - block/curl: fix curl internal handles handling (bsc#1252768). - [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286). </description> </patchinfo>
