Fedora Linux 8645 Published by

A qemu security update has been released for Fedora 37.



SECURITY: Fedora 37 Update: qemu-7.0.0-10.fc37


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-4387579e67
2022-11-10 22:04:44.632042
--------------------------------------------------------------------------------

Name : qemu
Product : Fedora 37
Version : 7.0.0
Release : 10.fc37
URL :   http://www.qemu.org/
Summary : QEMU is a FAST! processor emulator
Description :
qemu is an open source virtualizer that provides hardware
emulation for the KVM hypervisor. qemu acts as a virtual
machine monitor together with the KVM kernel modules, and emulates the
hardware for a full system such as a PC and its associated peripherals.

--------------------------------------------------------------------------------
Update Information:

vga: avoid crash if no default vga card (rhbz#2095639) lsi53c895a: fix use-
after-free in lsi_do_msgout (CVE-2022-0216) vnc-clipboard: fix integer underflow
(CVE-2022-3165)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 18 2022 Mauro Matteo Cascella - 2:7.0.0-10
- vga: avoid crash if no default vga card (rhbz#2095639)
- lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216) (rhbz#2070902)
- vnc-clipboard: fix integer underflow (CVE-2022-3165) (rhbz#2129759)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2070902 - CVE-2022-0216 qemu: use-after-free in lsi_do_msgout function in hw/scsi/lsi53c895a.c [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2070902
[ 2 ] Bug #2095639 - get Segmentation fault (core dumped) while run: qemu-system-s390x -M s390-ccw-virtio -vga help
  https://bugzilla.redhat.com/show_bug.cgi?id=2095639
[ 3 ] Bug #2129759 - CVE-2022-3165 qemu: VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2129759
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-4387579e67' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________