openSUSE has issued an advisory on April 8: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/ES5DXAAMYUC767MUW4BPRP6ZPDL6SUW6/ Mageia 9 is also affected.
Whiteboard: (none) => MGA9TOOCVE: (none) => CVE-2023-1544, CVE-2023-6693, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328Status comment: (none) => Patches available from openSUSESource RPM: (none) => qemu-8.2.1-1.mga10.src.rpm
From: * https://bugzilla.suse.com/show_bug.cgi?id=1209554 * https://bugzilla.suse.com/show_bug.cgi?id=1218484 * https://bugzilla.suse.com/show_bug.cgi?id=1220062 * https://bugzilla.suse.com/show_bug.cgi?id=1220065 * https://bugzilla.suse.com/show_bug.cgi?id=1220134 and looking for githup or patch references URLs, trying to pin down the patches is not easy. Here are most, I think: https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52 https://github.com/qemu/qemu/commit/2220e8189fb94068dbad333228659fbac819abb0 https://lore.kernel.org/all/20240213055345-mutt-send-email-mst%40kernel.org/ https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52 but it needs careful checking. One at least looks to be missing. Assigning to Giuseppe who put up the current version.
Assignee: bugsquad => ghibomgx
SUSE has issued an advisory on April 23: https://lwn.net/Articles/970884/ According to Debian: - CVE-2023-6683 is fixed by: https://gitlab.com/qemu-project/qemu/-/commit/405484b29f6548c7b86549b0f961b906337aa68a - CVE-2024-3446 is fixed by: https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/ - CVE-2024-3447 is fixed by: https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/ and https://patchew.org/QEMU/20240409145524.27913-1-philmd@linaro.org/
Summary: qemu new security issues CVE-2023-1544, CVE-2023-6693, CVE-2024-24474, CVE-2024-2632[78] => qemu new security issues CVE-2023-1544, CVE-2023-6683, CVE-2023-6693, CVE-2024-24474, CVE-2024-2632[78], CVE-2024-344[67]CVE: CVE-2023-1544, CVE-2023-6693, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328 => CVE-2023-1544, CVE-2023-6683, CVE-2023-6693, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328, CVE-2024-3446, CVE-2024-3447
RedHat has issued an advisory on April 30: https://lwn.net/Articles/971720/
Status comment: Patches available from openSUSE => Patches available from openSUSE and RedhatSummary: qemu new security issues CVE-2023-1544, CVE-2023-6683, CVE-2023-6693, CVE-2024-24474, CVE-2024-2632[78], CVE-2024-344[67] => qemu new security issues CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-2632[78], CVE-2024-344[67]CVE: CVE-2023-1544, CVE-2023-6683, CVE-2023-6693, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328, CVE-2024-3446, CVE-2024-3447 => CVE-2023-1544, CVE-2023-3019, CVE-2023-3255, CVE-2023-5088, CVE-2023-6683, CVE-2023-6693, CVE-2023-42467, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328, CVE-2024-3446, CVE-2024-3447