Overview

File _patchinfo of Package patchinfo.23253

<patchinfo incident="23253">
  <issue tracker="bnc" id="1196737">SLES 12 SP5 - The QEMU direct kernel boot cmdline can corrupt guest kernel data</issue>
  <issue tracker="bnc" id="1193364">L3: virsh - howto remove tsc frequency during runtime</issue>
  <issue tracker="bnc" id="1196087">libvirt on MicroOS on Raspberry Pi 4 requires additional packages to create a kvm virtual machine</issue>
  <issue tracker="bnc" id="1194938">Running KVM guests were stuck and could not be dumped [ ref:_00D1igLOd._5001ipHLu3:ref ]</issue>
  <issue tracker="bnc" id="1192525">VUL-1: CVE-2021-3930: kvm,qemu: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c</issue>
  <issue tracker="bnc" id="1178049">L3-Question: Multiple issues after hanging I/O in SAN</issue>
  <issue tracker="bnc" id="1193545">qemu ships binaries not built from source</issue>
  <issue tracker="bnc" id="1195161">VUL-0: CVE-2022-0358: qemu,kvm: potential privilege escalation via virtiofsd</issue>
  <issue tracker="cve" id="2022-0358"/>
  <issue tracker="cve" id="2021-3930"/>
  <packager>dfaggioli</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

- CVE-2022-0358: Fixed a potential privilege escalation via virtiofsd (bsc#1195161).
- CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI device (bsc#1192525).

Non-security fixes:

- Fixed a kernel data corruption via a long kernel boot cmdline (bsc#1196737).
- Included vmxcap in the qemu-tools package (bsc#1193364).
- Fixed package dependencies (bsc#1196087).
- Fixed an issue were PowerPC firmwares would not be built for non-PowerPC
  builds (bsc#1193545).
- Fixed multiple issues in I/O (bsc#1178049 bsc#1194938).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places