Bug 33074 - qemu new security issues CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-2632[78], CVE-2024-344[67], CVE-2024-4467, CVE-2024-7409
Summary: qemu new security issues CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-202...
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Giuseppe Ghibò
QA Contact: Sec team
URL:
Whiteboard: MGA9TOO
Keywords:
Depends on:
Blocks:
 
Reported: 2024-04-09 10:40 CEST by Nicolas Salguero
Modified: 2024-09-21 12:37 CEST (History)
0 users

See Also:
Source RPM: qemu-7.2.12-2.mga9.src.rpm
CVE: CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328, CVE-2024-3446, CVE-2024-3447, CVE-2024-4467, CVE-2024-7409
Status comment: Patches available from openSUSE and Redhat


Attachments

Description Nicolas Salguero 2024-04-09 10:40:35 CEST
openSUSE has issued an advisory on April 8:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/ES5DXAAMYUC767MUW4BPRP6ZPDL6SUW6/

Mageia 9 is also affected.
Nicolas Salguero 2024-04-09 10:41:04 CEST

CVE: (none) => CVE-2023-1544, CVE-2023-6693, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328
Status comment: (none) => Patches available from openSUSE
Source RPM: (none) => qemu-8.2.1-1.mga10.src.rpm
Whiteboard: (none) => MGA9TOO

Comment 2 Nicolas Salguero 2024-04-23 16:04:06 CEST
SUSE has issued an advisory on April 23:
https://lwn.net/Articles/970884/

According to Debian:
  - CVE-2023-6683 is fixed by: https://gitlab.com/qemu-project/qemu/-/commit/405484b29f6548c7b86549b0f961b906337aa68a
  - CVE-2024-3446 is fixed by: https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/
  - CVE-2024-3447 is fixed by: https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/ and https://patchew.org/QEMU/20240409145524.27913-1-philmd@linaro.org/

CVE: CVE-2023-1544, CVE-2023-6693, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328 => CVE-2023-1544, CVE-2023-6683, CVE-2023-6693, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328, CVE-2024-3446, CVE-2024-3447
Summary: qemu new security issues CVE-2023-1544, CVE-2023-6693, CVE-2024-24474, CVE-2024-2632[78] => qemu new security issues CVE-2023-1544, CVE-2023-6683, CVE-2023-6693, CVE-2024-24474, CVE-2024-2632[78], CVE-2024-344[67]

Comment 3 Nicolas Salguero 2024-04-30 16:52:18 CEST
RedHat has issued an advisory on April 30:
https://lwn.net/Articles/971720/

Status comment: Patches available from openSUSE => Patches available from openSUSE and Redhat
CVE: CVE-2023-1544, CVE-2023-6683, CVE-2023-6693, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328, CVE-2024-3446, CVE-2024-3447 => CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328, CVE-2024-3446, CVE-2024-3447
Summary: qemu new security issues CVE-2023-1544, CVE-2023-6683, CVE-2023-6693, CVE-2024-24474, CVE-2024-2632[78], CVE-2024-344[67] => qemu new security issues CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-2632[78], CVE-2024-344[67]

Comment 4 Giuseppe Ghibò 2024-06-19 11:17:31 CEST
For cauldron, there is version qemu-9.0.1-1.mga10 which is the latest stable upstream. For mga9 there is version qemu-7.2.12-2.mga9 in core/updates_testing, which is the latest of 7.2.x series and should address all the issues (however I've not checked them one by one).

Version: Cauldron => 9

Giuseppe Ghibò 2024-06-19 11:18:28 CEST

Source RPM: qemu-8.2.1-1.mga10.src.rpm => qemu-7.2.12-2.mga9.src.rpm

Comment 5 Nicolas Salguero 2024-09-06 10:13:39 CEST
openSUSE has issued an advisory on August 20:
https://lists.suse.com/pipermail/sle-updates/2024-August/036644.html

CVE: CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328, CVE-2024-3446, CVE-2024-3447 => CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328, CVE-2024-3446, CVE-2024-3447, CVE-2024-4467, CVE-2024-7409
Summary: qemu new security issues CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-2632[78], CVE-2024-344[67] => qemu new security issues CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-2632[78], CVE-2024-344[67], CVE-2024-4467, CVE-2024-7409

Comment 6 Giuseppe Ghibò 2024-09-21 12:37:49 CEST
There is qemu-7.2.14-1.mga9 in updates_testing which should add all the known fixes.

Note You need to log in before you can comment on or make changes to this bug.