This update for qemu fixes the following issues:
- Update to version 10.0.8
- CVE-2025-14876: Fixed unbounded allocation in virtio-crypto. (bsc#1255400)
- CVE-2026-0665: Fixed PIRQ bounds check in xen_physdev_map_pirq. (bsc#1256484)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-381=1
- openSUSE Leap 16.0:
qemu-10.0.8-160000.1.1
qemu-SLOF-10.0.8-160000.1.1
qemu-accel-qtest-10.0.8-160000.1.1
qemu-arm-10.0.8-160000.1.1
qemu-audio-alsa-10.0.8-160000.1.1
qemu-audio-dbus-10.0.8-160000.1.1
qemu-audio-jack-10.0.8-160000.1.1
qemu-audio-oss-10.0.8-160000.1.1
qemu-audio-pa-10.0.8-160000.1.1
qemu-audio-pipewire-10.0.8-160000.1.1
qemu-audio-spice-10.0.8-160000.1.1
qemu-block-curl-10.0.8-160000.1.1
qemu-block-dmg-10.0.8-160000.1.1
qemu-block-iscsi-10.0.8-160000.1.1
qemu-block-nfs-10.0.8-160000.1.1
qemu-block-rbd-10.0.8-160000.1.1
qemu-block-ssh-10.0.8-160000.1.1
qemu-chardev-baum-10.0.8-160000.1.1
qemu-chardev-spice-10.0.8-160000.1.1
qemu-doc-10.0.8-160000.1.1
qemu-extra-10.0.8-160000.1.1
qemu-guest-agent-10.0.8-160000.1.1
qemu-headless-10.0.8-160000.1.1
qemu-hw-display-qxl-10.0.8-160000.1.1
qemu-hw-display-virtio-gpu-10.0.8-160000.1.1
qemu-hw-display-virtio-gpu-pci-10.0.8-160000.1.1
qemu-hw-display-virtio-vga-10.0.8-160000.1.1
qemu-hw-s390x-virtio-gpu-ccw-10.0.8-160000.1.1
qemu-hw-usb-host-10.0.8-160000.1....
Read the Full Advisory* bsc#1255400
* bsc#1256484
* bsc#1257474
* bsc#1257492
References:
* https://www.suse.com/security/cve/CVE-2025-14876.html
* https://www.suse.com/security/cve/CVE-2026-0665.html
Get the latest Linux and open source security news straight to your inbox.