This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2023-1544: out-of-bounds read in VMWare's paravirtual RDMA device operations can be exploited through a malicious
guest driver to crash the QEMU process on the host (bsc#1209554).
- CVE-2024-6505: heap-based buffer overflow in the virtio-net device operations can be exploited by a malicious
privileged user to crash the QEMU process on the host (bsc#1227397).
- CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious
guest user to crash the QEMU process on the host (bsc#1253002).
Other updates and bugfixes:
- [openSUSE][RPM] spec: require qemu-hw-display-virtio-gpu-pci for x86 too.
- [openSUSE][RPM} spec: delete old specfile constructs.
- block/curl: fix curl internal handles handling (bsc#1252768).
- [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286).