Fedora Linux 8637 Published by

A qemu security update has been released for Fedora 38.



[SECURITY] Fedora 38 Update: qemu-7.2.5-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-68df3f4b02
2023-08-29 01:34:30.990994
--------------------------------------------------------------------------------

Name : qemu
Product : Fedora 38
Version : 7.2.5
Release : 1.fc38
URL : http://www.qemu.org/
Summary : QEMU is a FAST! processor emulator
Description :
qemu is an open source virtualizer that provides hardware
emulation for the KVM hypervisor. qemu acts as a virtual
machine monitor together with the KVM kernel modules, and emulates the
hardware for a full system such as a PC and its associated peripherals.

--------------------------------------------------------------------------------
Update Information:

Rebase to qemu 7.2.5
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 22 2023 Mauro Matteo Cascella [mcascell@redhat.com] - 2:7.2.5-1
- Rebase to qemu 7.2.5
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2175700 - CVE-2023-0664 qemu: local privilege escalation via the QEMU Guest Agent on Windows [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2175700
[ 2 ] Bug #2218149 - CVE-2023-3354 qemu: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2218149
[ 3 ] Bug #2219543 - CVE-2023-3255 qemu: VNC: infinite loop in inflate_buffer() leads to denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2219543
[ 4 ] Bug #2228748 - CVE-2023-3180 qemu: virtio-crypto: heap buffer overflow in virtio_crypto_sym_op_helper() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2228748
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-68df3f4b02' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------