## This update for qemu fixes the following issues: * Fix bsc#1221812: * block: Reschedule query-block during qcow2 invalidation (bsc#1221812) * Fix bsc#1229007, CVE-2024-7409: * nbd/server: CVE-2024-7409: Close stray clients at server-stop (bsc#1229007) * nbd/server: CVE-2024-7409: Drop non-negotiating clients (bsc#1229007) * nbd/server: CVE-2024-7409: Cap default max-connections to 100 (bsc#1229007) * nbd/server: Plumb in new args to nbd_client_add() (bsc#1229007, CVE-2024-7409) * nbd: Minor style and typo fixes (bsc#1229007, CVE-2024-7409) * Update to version 8.2.6: Full backport lists (from the various releases) here: https://lore.kernel.org/qemu- devel/1721203806.547734.831464.nullmailer@tls.msk.ru/ Some of the upstream backports are: hw/nvme: fix number of PIDs for FDP RUH
* bsc#1221812
* bsc#1227322
* bsc#1229007
Cross-
* CVE-2024-4467
* CVE-2024-7409
CVSS scores:
* CVE-2024-4467 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-4467 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-7409 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-7409 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-7409 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* SUSE Linux Micro 6.0
An update that solves two vulnerabilities and has one fix can now be installed.
##
* https://www.suse.com/security/cve/CVE-2024-4467.html
* https://www.suse.com/security/cve/CVE-2024-7409.html
* https://bugzilla.suse.com/show_bug.cgi?id=1221812
Get the latest Linux and open source security news straight to your inbox.