Security update for qemu SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0356-1 Final 1 1 2026-02-01T21:18:57Z current 2026-02-01T21:18:57Z 2026-02-01T21:18:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for qemu This update for qemu fixes the following issues: - CVE-2025-11234: Fixed use-after-free in websocket handshake code can lead to denial of service (bsc#1250984). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/sle-micro-rancher/5.2:latest-2026-356,SUSE-2026-356,SUSE-SUSE-MicroOS-5.2-2026-356 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260356-1/ Link for SUSE-SU-2026:0356-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024003.html E-Mail link for SUSE-SU-2026:0356-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1250984 SUSE Bug 1250984 https://www.suse.com/security/cve/CVE-2025-11234/ SUSE CVE CVE-2025-11234 page Container suse/sle-micro-rancher/5.2:latest SUSE Linux Enterprise Micro 5.2 qemu-guest-agent-5.2.0-150300.142.1 qemu-5.2.0-150300.142.1 qemu-SLOF-5.2.0-150300.142.1 qemu-arm-5.2.0-150300.142.1 qemu-audio-alsa-5.2.0-150300.142.1 qemu-audio-pa-5.2.0-150300.142.1 qemu-audio-spice-5.2.0-150300.142.1 qemu-block-curl-5.2.0-150300.142.1 qemu-block-dmg-5.2.0-150300.142.1 qemu-block-gluster-5.2.0-150300.142.1 qemu-block-iscsi-5.2.0-150300.142.1 qemu-block-nfs-5.2.0-150300.142.1 qemu-block-rbd-5.2.0-150300.142.1 qemu-block-ssh-5.2.0-150300.142.1 qemu-chardev-baum-5.2.0-150300.142.1 qemu-chardev-spice-5.2.0-150300.142.1 qemu-extra-5.2.0-150300.142.1 qemu-hw-display-qxl-5.2.0-150300.142.1 qemu-hw-display-virtio-gpu-5.2.0-150300.142.1 qemu-hw-display-virtio-gpu-pci-5.2.0-150300.142.1 qemu-hw-display-virtio-vga-5.2.0-150300.142.1 qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.142.1 qemu-hw-usb-redirect-5.2.0-150300.142.1 qemu-hw-usb-smartcard-5.2.0-150300.142.1 qemu-ipxe-1.0.0+-150300.142.1 qemu-ivshmem-tools-5.2.0-150300.142.1 qemu-ksm-5.2.0-150300.142.1 qemu-kvm-5.2.0-150300.142.1 qemu-lang-5.2.0-150300.142.1 qemu-linux-user-5.2.0-150300.142.1 qemu-microvm-5.2.0-150300.142.1 qemu-ppc-5.2.0-150300.142.1 qemu-s390x-5.2.0-150300.142.1 qemu-seabios-1.14.0_0_g155821a-150300.142.1 qemu-sgabios-8-150300.142.1 qemu-skiboot-5.2.0-150300.142.1 qemu-testsuite-5.2.0-150300.142.2 qemu-tools-5.2.0-150300.142.1 qemu-ui-curses-5.2.0-150300.142.1 qemu-ui-gtk-5.2.0-150300.142.1 qemu-ui-opengl-5.2.0-150300.142.1 qemu-ui-spice-app-5.2.0-150300.142.1 qemu-ui-spice-core-5.2.0-150300.142.1 qemu-vgabios-1.14.0_0_g155821a-150300.142.1 qemu-vhost-user-gpu-5.2.0-150300.142.1 qemu-x86-5.2.0-150300.142.1 qemu-guest-agent-5.2.0-150300.142.1 as a component of Container suse/sle-micro-rancher/5.2:latest qemu-5.2.0-150300.142.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-arm-5.2.0-150300.142.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-audio-spice-5.2.0-150300.142.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-chardev-spice-5.2.0-150300.142.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-guest-agent-5.2.0-150300.142.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-hw-display-qxl-5.2.0-150300.142.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-hw-display-virtio-gpu-5.2.0-150300.142.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-hw-display-virtio-vga-5.2.0-150300.142.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-hw-usb-redirect-5.2.0-150300.142.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-ipxe-1.0.0+-150300.142.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-s390x-5.2.0-150300.142.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-seabios-1.14.0_0_g155821a-150300.142.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-sgabios-8-150300.142.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-tools-5.2.0-150300.142.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-ui-opengl-5.2.0-150300.142.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-ui-spice-core-5.2.0-150300.142.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-vgabios-1.14.0_0_g155821a-150300.142.1 as a component of SUSE Linux Enterprise Micro 5.2 qemu-x86-5.2.0-150300.142.1 as a component of SUSE Linux Enterprise Micro 5.2 A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication. CVE-2025-11234 Container suse/sle-micro-rancher/5.2:latest:qemu-guest-agent-5.2.0-150300.142.1 SUSE Linux Enterprise Micro 5.2:qemu-5.2.0-150300.142.1 SUSE Linux Enterprise Micro 5.2:qemu-arm-5.2.0-150300.142.1 SUSE Linux Enterprise Micro 5.2:qemu-audio-spice-5.2.0-150300.142.1 SUSE Linux Enterprise Micro 5.2:qemu-chardev-spice-5.2.0-150300.142.1 SUSE Linux Enterprise Micro 5.2:qemu-guest-agent-5.2.0-150300.142.1 SUSE Linux Enterprise Micro 5.2:qemu-hw-display-qxl-5.2.0-150300.142.1 SUSE Linux Enterprise Micro 5.2:qemu-hw-display-virtio-gpu-5.2.0-150300.142.1 SUSE Linux Enterprise Micro 5.2:qemu-hw-display-virtio-vga-5.2.0-150300.142.1 SUSE Linux Enterprise Micro 5.2:qemu-hw-usb-redirect-5.2.0-150300.142.1 SUSE Linux Enterprise Micro 5.2:qemu-ipxe-1.0.0+-150300.142.1 SUSE Linux Enterprise Micro 5.2:qemu-s390x-5.2.0-150300.142.1 SUSE Linux Enterprise Micro 5.2:qemu-seabios-1.14.0_0_g155821a-150300.142.1 SUSE Linux Enterprise Micro 5.2:qemu-sgabios-8-150300.142.1 SUSE Linux Enterprise Micro 5.2:qemu-tools-5.2.0-150300.142.1 SUSE Linux Enterprise Micro 5.2:qemu-ui-opengl-5.2.0-150300.142.1 SUSE Linux Enterprise Micro 5.2:qemu-ui-spice-core-5.2.0-150300.142.1 SUSE Linux Enterprise Micro 5.2:qemu-vgabios-1.14.0_0_g155821a-150300.142.1 SUSE Linux Enterprise Micro 5.2:qemu-x86-5.2.0-150300.142.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260356-1/ https://www.suse.com/security/cve/CVE-2025-11234.html CVE-2025-11234 https://bugzilla.suse.com/1250984 SUSE Bug 1250984