openSUSE-SU-2025:20171-1

Описание

This update for qemu fixes the following issues:

Update to version 10.0.7.

Security issues fixed:

• CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host (bsc#1253002).
• CVE-2025-11234: use-after-free in WebSocket handshake operations can be exploited by a malicious client with network access to the VNC WebSocket port to cause a denial-of-service (bsc#1250984).

Other updates and bugfixes:

• Version 10.0.7:

  • kvm: Fix kvm_vm_ioctl() and kvm_device_ioctl() return value
  • docs/devel: Update URL for make-pullreq script
  • target/arm: Fix assert on BRA.
  • hw/aspeed/{xdma, rtc, sdhci}: Fix endianness to DEVICE_LITTLE_ENDIAN
  • hw/core/machine: Provide a description for aux-ram-share property
  • hw/pci: Make msix_init take a uint32_t for nentries
  • block/io_uring: avoid potentially getting stuck after resubmit at the end of ioq_submit()
  • block-backend: Fix race when resuming queued requests
  • ui/vnc: Fix qemu abort when query vnc info
  • chardev/char-pty: Do not ignore chr_write() failures
  • hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section()
  • hw/arm/armv7m: Disable reentrancy guard for v7m_sysreg_ns_ops MRs
  • hw/arm/aspeed: Fix missing SPI IRQ connection causing DMA interrupt failure
  • migration: Fix transition to COLO state from precopy
  • Full backport list: https://lore.kernel.org/qemu-devel/1765037524.347582.2700543.nullmailer@tls.msk.ru/

• Version 10.0.6:

  • linux-user/microblaze: Fix little-endianness binary
  • target/hppa: correct size bit parity for fmpyadd
  • target/i386: user: do not set up a valid LDT on reset
  • async: access bottom half flags with qatomic_read
  • target/i386: fix x86_64 pushw op
  • i386/tcg/smm_helper: Properly apply DR values on SMM entry / exit
  • i386/cpu: Prevent delivering SIPI during SMM in TCG mode
  • i386/kvm: Expose ARCH_CAP_FB_CLEAR when invulnerable to MDS
  • target/i386: Fix CR2 handling for non-canonical addresses
  • block/curl.c: Use explicit long constants in curl_easy_setopt calls
  • pcie_sriov: Fix broken MMIO accesses from SR-IOV VFs
  • target/riscv: rvv: Fix vslide1[up|down].vx unexpected result when XLEN2 and SEWd
  • target/riscv: Fix ssamoswap error handling
  • Full backport list: https://lore.kernel.org/qemu-devel/1761022287.744330.6357.nullmailer@tls.msk.ru/

• Version 10.0.5:

  • tests/functional/test_aarch64_sbsaref_freebsd: Fix the URL of the ISO image
  • tests/functional/test_ppc_bamboo: Replace broken link with working assets
  • physmem: Destroy all CPU AddressSpaces on unrealize
  • memory: New AS helper to serialize destroy+free
  • include/system/memory.h: Clarify address_space_destroy() behaviour
  • migration: Fix state transition in postcopy_start() error handling
  • target/riscv: rvv: Modify minimum VLEN according to enabled vector extensions
  • target/riscv: rvv: Replace checking V by checking Zve32x
  • target/riscv: Fix endianness swap on compressed instructions
  • hw/riscv/riscv-iommu: Fixup PDT Nested Walk
  • Full backport list: https://lore.kernel.org/qemu-devel/1759986125.676506.643525.nullmailer@tls.msk.ru/

• [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286).

• [openSUSE][RPM] spec: make glusterfs support conditional (bsc#1254494).