| Summary: | qemu new security issues CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-2632[78], CVE-2024-344[67] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | Giuseppe Ghibò <ghibomgx> |
| Status: | NEW --- | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | 9 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9TOO | ||
| Source RPM: | qemu-7.2.12-2.mga9.src.rpm | CVE: | CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328, CVE-2024-3446, CVE-2024-3447 |
| Status comment: | Patches available from openSUSE and Redhat | ||
|
Description
Nicolas Salguero
2024-04-09 10:40:35 CEST
Nicolas Salguero
2024-04-09 10:41:04 CEST
CVE:
(none) =>
CVE-2023-1544, CVE-2023-6693, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328 From: * https://bugzilla.suse.com/show_bug.cgi?id=1209554 * https://bugzilla.suse.com/show_bug.cgi?id=1218484 * https://bugzilla.suse.com/show_bug.cgi?id=1220062 * https://bugzilla.suse.com/show_bug.cgi?id=1220065 * https://bugzilla.suse.com/show_bug.cgi?id=1220134 and looking for githup or patch references URLs, trying to pin down the patches is not easy. Here are most, I think: https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52 https://github.com/qemu/qemu/commit/2220e8189fb94068dbad333228659fbac819abb0 https://lore.kernel.org/all/20240213055345-mutt-send-email-mst%40kernel.org/ https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52 but it needs careful checking. One at least looks to be missing. Assigning to Giuseppe who put up the current version. Assignee:
bugsquad =>
ghibomgx SUSE has issued an advisory on April 23: https://lwn.net/Articles/970884/ According to Debian: - CVE-2023-6683 is fixed by: https://gitlab.com/qemu-project/qemu/-/commit/405484b29f6548c7b86549b0f961b906337aa68a - CVE-2024-3446 is fixed by: https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/ - CVE-2024-3447 is fixed by: https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/ and https://patchew.org/QEMU/20240409145524.27913-1-philmd@linaro.org/ Summary:
qemu new security issues CVE-2023-1544, CVE-2023-6693, CVE-2024-24474, CVE-2024-2632[78] =>
qemu new security issues CVE-2023-1544, CVE-2023-6683, CVE-2023-6693, CVE-2024-24474, CVE-2024-2632[78], CVE-2024-344[67] RedHat has issued an advisory on April 30: https://lwn.net/Articles/971720/ Summary:
qemu new security issues CVE-2023-1544, CVE-2023-6683, CVE-2023-6693, CVE-2024-24474, CVE-2024-2632[78], CVE-2024-344[67] =>
qemu new security issues CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-2632[78], CVE-2024-344[67] For cauldron, there is version qemu-9.0.1-1.mga10 which is the latest stable upstream. For mga9 there is version qemu-7.2.12-2.mga9 in core/updates_testing, which is the latest of 7.2.x series and should address all the issues (however I've not checked them one by one). Version:
Cauldron =>
9
Giuseppe Ghibò
2024-06-19 11:18:28 CEST
Source RPM:
qemu-8.2.1-1.mga10.src.rpm =>
qemu-7.2.12-2.mga9.src.rpm |