Overview

File _patchinfo of Package patchinfo.36080

<patchinfo incident="36080">
  <issue tracker="bnc" id="1230915">VUL-0: CVE-2024-8612: qemu: qemu-kvm: information leak in virtio devices</issue>
  <issue tracker="bnc" id="1231519">[sles15sp7][27.1]KVM_SET_USER_MEMORY_REGION Failure During SLES VM Installation on AArch64 Using Virt-Install</issue>
  <issue tracker="bnc" id="1224132">VUL-0: CVE-2024-4693: qemu: virtio-pci: improper release of configure vector leads to guest triggerable crash</issue>
  <issue tracker="bnc" id="1229929">slem6.1, ppc64le only, zypper ref command gets return code 139 after registering the system</issue>
  <issue tracker="bnc" id="1230834">VUL-0: CVE-2024-8354: kvm,qemu: usb: assertion failure in usb_ep_get()</issue>
  <issue tracker="bnc" id="1230140">QEMU is missing fix for ppc64 emulation, causing corruption in userspace</issue>
  <issue tracker="bnc" id="1229007">VUL-0: CVE-2024-7409: qemu: denial of service via improper synchronization in QEMU NBD Server during socket closure</issue>
  <issue tracker="cve" id="2024-4693"/>
  <issue tracker="cve" id="2024-8612"/>
  <issue tracker="cve" id="2024-8354"/>
  <issue tracker="cve" id="2024-7409"/>
  <packager>dfaggioli</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

Security fixes:

- CVE-2024-8354: Fixed assertion failure in usb_ep_get() (bsc#1230834)
- CVE-2024-8612: Fixed information leak in virtio devices (bsc#1230915)

Update version to 8.2.7:

Security fixes:

- CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007) 
- CVE-2024-4693: Fixed improper release of configure vector in virtio-pci that lead to guest triggerable crash (bsc#1224132)

Other fixes:

- added missing fix for ppc64 emulation that caused corruption in userspace (bsc#1230140)
- target/ppc: Fix lxvx/stxvx facility check (bsc#1229929)
- accel/kvm: check for KVM_CAP_READONLY_MEM on VM (bsc#1231519)

Full changelog here: 

https://lore.kernel.org/qemu-devel/d9ff276f-f1ba-4e90-8343-a7a0dc2bf305@tls.msk.ru/
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places