QEMU: Multiple vulnerabilities — GLSA 201611-11

Multiple vulnerabilities have been found in QEMU, the worst of which could cause a Denial of Service condition.

Affected packages

Background

QEMU is a generic and open source machine emulator and virtualizer.

Description

Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details.

Impact

A privileged user /process within a guest QEMU environment can cause a Denial of Service condition against the QEMU guest process or the host.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.7.0-r6"
 

References

• CVE-2016-10029
• CVE-2016-7161
• CVE-2016-7423
• CVE-2016-7466
• CVE-2016-7907
• CVE-2016-7908
• CVE-2016-7909
• CVE-2016-7994
• CVE-2016-8576
• CVE-2016-8577
• CVE-2016-8578
• CVE-2016-8668
• CVE-2016-8669
• CVE-2016-8909
• CVE-2016-8910
• CVE-2016-9102
• CVE-2016-9103
• CVE-2016-9104
• CVE-2016-9105

Release date
November 18, 2016

Latest revision
January 02, 2017: 2

Severity
normal

Exploitable
local

Bugzilla entries

• 594368
• 594520
• 595192
• 596048
• 596738
• 596752
• 596774
• 596776
• 597108
• 597110
• 598044
• 598046
• 598328
• 603442