{"affected":[{"ecosystem_specific":{"binaries":[{"qemu-SLOF":"7.1.0-150500.49.9.2","qemu-accel-qtest":"7.1.0-150500.49.9.2","qemu-accel-tcg-x86":"7.1.0-150500.49.9.2","qemu-arm":"7.1.0-150500.49.9.2","qemu-audio-alsa":"7.1.0-150500.49.9.2","qemu-audio-jack":"7.1.0-150500.49.9.2","qemu-audio-oss":"7.1.0-150500.49.9.2","qemu-audio-pa":"7.1.0-150500.49.9.2","qemu-audio-spice":"7.1.0-150500.49.9.2","qemu-block-dmg":"7.1.0-150500.49.9.2","qemu-block-gluster":"7.1.0-150500.49.9.2","qemu-block-nfs":"7.1.0-150500.49.9.2","qemu-chardev-spice":"7.1.0-150500.49.9.2","qemu-extra":"7.1.0-150500.49.9.2","qemu-hw-display-qxl":"7.1.0-150500.49.9.2","qemu-hw-display-virtio-gpu":"7.1.0-150500.49.9.2","qemu-hw-display-virtio-gpu-pci":"7.1.0-150500.49.9.2","qemu-hw-display-virtio-vga":"7.1.0-150500.49.9.2","qemu-hw-s390x-virtio-gpu-ccw":"7.1.0-150500.49.9.2","qemu-hw-usb-redirect":"7.1.0-150500.49.9.2","qemu-hw-usb-smartcard":"7.1.0-150500.49.9.2","qemu-ivshmem-tools":"7.1.0-150500.49.9.2","qemu-microvm":"7.1.0-150500.49.9.2","qemu-ppc":"7.1.0-150500.49.9.2","qemu-s390x":"7.1.0-150500.49.9.2","qemu-seabios":"1.16.0_0_gd239552-150500.49.9.2","qemu-sgabios":"8-150500.49.9.2","qemu-skiboot":"7.1.0-150500.49.9.2","qemu-ui-gtk":"7.1.0-150500.49.9.2","qemu-ui-opengl":"7.1.0-150500.49.9.2","qemu-ui-spice-app":"7.1.0-150500.49.9.2","qemu-ui-spice-core":"7.1.0-150500.49.9.2","qemu-vgabios":"1.16.0_0_gd239552-150500.49.9.2","qemu-vhost-user-gpu":"7.1.0-150500.49.9.2","qemu-x86":"7.1.0-150500.49.9.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP5","name":"qemu","purl":"pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.1.0-150500.49.9.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for qemu fixes the following issues:\n\n- CVE-2021-3638: hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (bsc#1188609)\n- CVE-2023-3180: virtio-crypto: verify src and dst buffer length for sym request (bsc#1213925)\n- CVE-2023-3354: io: remove io watch if TLS channel is closed during handshake (bsc#1212850)\n- [openSUSE] roms/ipxe: Backport 0aa2e4ec9635, in preparation of binutils 2.41 (bsc#1215311)\n- target/s390x: Fix the 'ignored match' case in VSTRS (bsc#1213210)\n- linux-user/elfload: Enable vxe2 on s390x (bsc#1213210)\n","id":"SUSE-SU-2024:0589-1","modified":"2024-02-22T09:14:24Z","published":"2024-02-22T09:14:24Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20240589-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188609"},{"type":"REPORT","url":"https://bugzilla.suse.com/1212850"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213210"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213925"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215311"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3638"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-3180"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-3354"}],"related":["CVE-2021-3638","CVE-2023-3180","CVE-2023-3354"],"summary":"Security update for qemu","upstream":["CVE-2021-3638","CVE-2023-3180","CVE-2023-3354"]}