QEMU: Multiple vulnerabilities — GLSA 201701-49

Multiple vulnerabilities have been found in QEMU, the worst of which could cause a Denial of Service condition.

Affected packages

Background

QEMU is a generic and open source machine emulator and virtualizer.

Description

Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details.

Impact

A privileged user/process within a guest QEMU environment can cause a Denial of Service condition against the QEMU guest process or the host.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.8.0"
 

References

• CVE-2016-10028
• CVE-2016-9101
• CVE-2016-9776
• CVE-2016-9845
• CVE-2016-9846
• CVE-2016-9907
• CVE-2016-9908
• CVE-2016-9911
• CVE-2016-9912
• CVE-2016-9913
• CVE-2016-9914
• CVE-2016-9915
• CVE-2016-9916
• CVE-2016-9921
• CVE-2016-9923

Release date
January 23, 2017

Latest revision
January 23, 2017: 1

Severity
normal

Exploitable
local

Bugzilla entries

• 598330
• 601450
• 601824
• 601826
• 601830
• 601832
• 602626
• 602628
• 602630
• 602632
• 602634
• 603444