QEMU: Multiple vulnerabilities — GLSA 201602-01

Multiple vulnerabilities have been found in QEMU, the worst of which may allow a remote attacker to cause a Denial of Service or gain elevated privileges from a guest VM.

Affected packages

Background

QEMU is a generic and open source machine emulator and virtualizer.

Description

Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker might cause a Denial of Service or gain escalated privileges from a guest VM.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.5.0-r1"
 

References

• CVE-2015-1779
• CVE-2015-3456
• CVE-2015-5225
• CVE-2015-5278
• CVE-2015-5279
• CVE-2015-5745
• CVE-2015-6815
• CVE-2015-6855
• CVE-2015-7295
• CVE-2015-7504
• CVE-2015-7512
• CVE-2015-7549
• CVE-2015-8345
• CVE-2015-8504
• CVE-2015-8556
• CVE-2015-8558
• CVE-2015-8567
• CVE-2015-8568
• CVE-2015-8666
• CVE-2015-8701
• CVE-2015-8743
• CVE-2015-8744
• CVE-2015-8745
• CVE-2016-1568

Release date
February 04, 2016

Latest revision
February 04, 2016: 1

Severity
normal

Exploitable
local, remote

Bugzilla entries

• 544328
• 549404
• 557206
• 558416
• 559656
• 560422
• 560550
• 560760
• 566792
• 567144
• 567828
• 567868
• 568214
• 568226
• 568246
• 569646
• 570110
• 570988
• 571562
• 571564
• 571566