Overview

File _patchinfo of Package patchinfo.30129

<patchinfo incident="30129">
  <issue tracker="bnc" id="1213001">VUL-0: CVE-2023-3255: qemu,kvm: VNC: infinite loop in inflate_buffer() leads to denial of service</issue>
  <issue tracker="bnc" id="1213414">VUL-0: CVE-2023-3301: qemu: vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present</issue>
  <issue tracker="bnc" id="1212968">VUL-0: CVE-2023-2861: qemu,kvm: 9pfs: improper access control on special files</issue>
  <issue tracker="cve" id="2023-3301"/>
  <issue tracker="cve" id="2023-2861"/>
  <issue tracker="cve" id="2023-3255"/>
  <packager>dfaggioli</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

- CVE-2023-2861: Fixed improper access control on special files in 9pfs (bsc#1212968).
- CVE-2023-3301: Fixed NULL pointer dereference in vhost_vdpa_get_vhost_net() (bsc#1213414).
- CVE-2023-3255: Fixed infinite loop in inflate_buffer() leads to denial of service (bsc#1213001). 
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places