ALT-PU-2024-10967-1
Package qemu updated to version 9.0.2-alt2 for branch sisyphus_loongarch64.
Closed vulnerabilities
Published: 2024-07-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2024-4467
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.
References:
- http://www.openwall.com/lists/oss-security/2024/07/23/2
- RHSA-2024:4276
- RHSA-2024:4276
- RHSA-2024:4277
- RHSA-2024:4277
- RHSA-2024:4278
- RHSA-2024:4278
- RHSA-2024:4372
- RHSA-2024:4372
- RHSA-2024:4373
- RHSA-2024:4373
- RHSA-2024:4374
- RHSA-2024:4374
- RHSA-2024:4420
- RHSA-2024:4420
- RHSA-2024:4724
- RHSA-2024:4724
- RHSA-2024:4727
- RHSA-2024:4727
- https://access.redhat.com/security/cve/CVE-2024-4467
- https://access.redhat.com/security/cve/CVE-2024-4467
- RHBZ#2278875
- RHBZ#2278875
- https://security.netapp.com/advisory/ntap-20240822-0005/
Closed bugs
/lib/udev/rules.d/90-qemu-guest-agent.rules содержит синтаксические ошибки