Overview

File _patchinfo of Package patchinfo.35262

<patchinfo incident="35262">
  <issue tracker="bnc" id="1227322">VUL-0: CVE-2024-4467: qemu: 'qemu-img info' leads to host file read/write</issue>
  <issue tracker="bnc" id="1229007">VUL-0: CVE-2024-7409: qemu: denial of service via improper synchronization in QEMU NBD Server during socket closure</issue>
  <issue tracker="cve" id="2024-4467"/>
  <issue tracker="cve" id="2024-7409"/>
  <packager>dfaggioli</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

- CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322)
- CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007)
  * nbd/server: Close stray clients at server-stop
  * nbd/server: Drop non-negotiating clients
  * nbd/server: Cap default max-connections to 100
  * nbd/server: Plumb in new args to nbd_client_add()
  * nbd: Minor style and typo fixes

- Update qemu to version 8.2.6
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places