Fedora 38: 2023-68df3f4b02 Critical: QEMU Privilege Escalation and DoS
fedora
August 29, 2023
Rebase to qemu 7.2.5
Summary
qemu is an open source virtualizer that provides hardware
emulation for the KVM hypervisor. qemu acts as a virtual
machine monitor together with the KVM kernel modules, and emulates the
hardware for a full system such as a PC and its associated peripherals.
Update Information:
Rebase to qemu 7.2.5
Change Log
* Tue Aug 22 2023 Mauro Matteo Cascella
References
[ 1 ] Bug #2175700 - CVE-2023-0664 qemu: local privilege escalation via the QEMU Guest Agent on Windows [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2175700 [ 2 ] Bug #2218149 - CVE-2023-3354 qemu: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2218149 [ 3 ] Bug #2219543 - CVE-2023-3255 qemu: VNC: infinite loop in inflate_buffer() leads to denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2219543 [ 4 ] Bug #2228748 - CVE-2023-3180 qemu: virtio-crypto: heap buffer overflow in virtio_crypto_sym_op_helper() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2228748
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-68df3f4b02' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Name: qemu
Product: Fedora 38
Version: 7.2.5
Release: 1.fc38
Summary: QEMU is a FAST! processor emulator
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!