SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2983

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2983

Security update for qemu

Type: security

Severity: important

Issued: 2024-08-20

Description:

This update for qemu fixes the following issues:

- CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322)
- CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007)
  * nbd/server: Close stray clients at server-stop
  * nbd/server: Drop non-negotiating clients
  * nbd/server: Cap default max-connections to 100
  * nbd/server: Plumb in new args to nbd_client_add()
  * nbd: Minor style and typo fixes

- Update qemu to version 8.2.6

References

CVE: CVE-2024-7409
CVE: CVE-2024-4467
Bugzilla: 1229007 VUL-0: CVE-2024-7409: qemu: denial of service via improper synchronization in QEMU NBD Server during socket closure
Bugzilla: 1227322 VUL-0: CVE-2024-4467: qemu: 'qemu-img info' leads to host file read/write

Packages

qemu-8.2.6-150600.3.9.1

qemu-linux-user-8.2.6-150600.3.9.1