openSUSE has issued an advisory on April 8: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/ES5DXAAMYUC767MUW4BPRP6ZPDL6SUW6/ Mageia 9 is also affected.
CVE: (none) => CVE-2023-1544, CVE-2023-6693, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328Status comment: (none) => Patches available from openSUSESource RPM: (none) => qemu-8.2.1-1.mga10.src.rpmWhiteboard: (none) => MGA9TOO
From: * https://bugzilla.suse.com/show_bug.cgi?id=1209554 * https://bugzilla.suse.com/show_bug.cgi?id=1218484 * https://bugzilla.suse.com/show_bug.cgi?id=1220062 * https://bugzilla.suse.com/show_bug.cgi?id=1220065 * https://bugzilla.suse.com/show_bug.cgi?id=1220134 and looking for githup or patch references URLs, trying to pin down the patches is not easy. Here are most, I think: https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52 https://github.com/qemu/qemu/commit/2220e8189fb94068dbad333228659fbac819abb0 https://lore.kernel.org/all/20240213055345-mutt-send-email-mst%40kernel.org/ https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52 but it needs careful checking. One at least looks to be missing. Assigning to Giuseppe who put up the current version.
Assignee: bugsquad => ghibomgx
SUSE has issued an advisory on April 23: https://lwn.net/Articles/970884/ According to Debian: - CVE-2023-6683 is fixed by: https://gitlab.com/qemu-project/qemu/-/commit/405484b29f6548c7b86549b0f961b906337aa68a - CVE-2024-3446 is fixed by: https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/ - CVE-2024-3447 is fixed by: https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/ and https://patchew.org/QEMU/20240409145524.27913-1-philmd@linaro.org/
CVE: CVE-2023-1544, CVE-2023-6693, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328 => CVE-2023-1544, CVE-2023-6683, CVE-2023-6693, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328, CVE-2024-3446, CVE-2024-3447Summary: qemu new security issues CVE-2023-1544, CVE-2023-6693, CVE-2024-24474, CVE-2024-2632[78] => qemu new security issues CVE-2023-1544, CVE-2023-6683, CVE-2023-6693, CVE-2024-24474, CVE-2024-2632[78], CVE-2024-344[67]
RedHat has issued an advisory on April 30: https://lwn.net/Articles/971720/
Status comment: Patches available from openSUSE => Patches available from openSUSE and RedhatCVE: CVE-2023-1544, CVE-2023-6683, CVE-2023-6693, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328, CVE-2024-3446, CVE-2024-3447 => CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328, CVE-2024-3446, CVE-2024-3447Summary: qemu new security issues CVE-2023-1544, CVE-2023-6683, CVE-2023-6693, CVE-2024-24474, CVE-2024-2632[78], CVE-2024-344[67] => qemu new security issues CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-2632[78], CVE-2024-344[67]
For cauldron, there is version qemu-9.0.1-1.mga10 which is the latest stable upstream. For mga9 there is version qemu-7.2.12-2.mga9 in core/updates_testing, which is the latest of 7.2.x series and should address all the issues (however I've not checked them one by one).
Version: Cauldron => 9
Source RPM: qemu-8.2.1-1.mga10.src.rpm => qemu-7.2.12-2.mga9.src.rpm
openSUSE has issued an advisory on August 20: https://lists.suse.com/pipermail/sle-updates/2024-August/036644.html
CVE: CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328, CVE-2024-3446, CVE-2024-3447 => CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328, CVE-2024-3446, CVE-2024-3447, CVE-2024-4467, CVE-2024-7409Summary: qemu new security issues CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-2632[78], CVE-2024-344[67] => qemu new security issues CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-2632[78], CVE-2024-344[67], CVE-2024-4467, CVE-2024-7409
There is qemu-7.2.14-1.mga9 in updates_testing which should add all the known fixes.