-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-3a60c34473 2022-02-15 01:37:08.477820 --------------------------------------------------------------------------------
Name : qemu Product : Fedora 35 Version : 6.1.0 Release : 14.fc35 URL : http://www.qemu.org/ Summary : QEMU is a FAST! processor emulator Description : qemu is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu acts as a virtual machine monitor together with the KVM kernel modules, and emulates the hardware for a full system such as a PC and its associated peripherals.
-------------------------------------------------------------------------------- Update Information:
virtiofsd: Drop membership of all supplementary groups (CVE-2022-0358) ---- Fix iovec limits with scsi-generic -------------------------------------------------------------------------------- ChangeLog:
* Wed Feb 9 2022 Eduardo Lima (Etrunko) etrunko@redhat.com - 6.1.0-14 - virtiofsd: Drop membership of all supplementary groups (CVE-2022-0358) Resolves: rhbz#2044863 * Thu Nov 25 2021 Daniel P. Berrang�� berrange@redhat.com - 6.1.0-13 - Fix iovec limits with scsi-generic - Define STAP_SDT_ARG_CONSTRAINT=g on %{arm}, workaround for: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103395 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2044863 - CVE-2022-0358 QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405 https://bugzilla.redhat.com/show_bug.cgi?id=2044863 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-3a60c34473' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------