File _patchinfo of Package patchinfo.42037

<patchinfo incident="42037">
  <issue tracker="bnc" id="1227397">VUL-0: CVE-2024-6505: qemu: qemu-kvm: virtio-net: queue index out-of-bounds access in software RSS</issue>
  <issue tracker="bnc" id="1253002">VUL-0: CVE-2025-12464: qemu: net: pad packets to minimum length in qemu_receive_packet()</issue>
  <issue tracker="bnc" id="1254286">cockpit - Virtual machines - Import VM - import qcow2 image failed and it fails to start because of missing 'qemu-hw-display-virtio-gpu' and 'qemu-hw-display-virtio-gpu-pci'</issue>
  <issue tracker="bnc" id="1250984">VUL-0: CVE-2025-11234: qemu: qemu-kvm: use-after-free in websocket handshake code can lead to denial of service</issue>
  <issue tracker="bnc" id="1252768">qemu-system-x86 exists with SIGSEV while installing SLES16 via remote ISO image</issue>
  <issue tracker="cve" id="2025-12464"/>
  <issue tracker="cve" id="2024-6505"/>
  <issue tracker="cve" id="2025-11234"/>
  <packager>dfaggioli</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

- CVE-2024-6505: qemu-kvm: virtio-net: Fixed queue index 
  out-of-bounds access in software RSS (bsc#1227397)
- CVE-2025-12464: net: pad packets to minimum length in 
  qemu_receive_packet() (bsc#1253002)
- CVE-2025-11234: qemu-kvm: Fixed use-after-free in websocket 
  handshake code leading to denial of service (bsc#1250984)

Other fixes:
- Fixed *-virtio-gpu-pci dependency on ARM (bsc#1254286)
- block/curl: Fixed curl internal handles handling (bsc#1252768)
</description>
</patchinfo>