Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201701-49 ] QEMU: Multiple vulnerabilities
Date: Mon, 23 Jan 2017 03:04:16
Message-Id: cb62377b-8b29-0a2d-1741-1d13fc9bb563@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201701-49
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: QEMU: Multiple vulnerabilities
9 Date: January 23, 2017
10 Bugs: #598330, #601450, #601824, #601826, #601830, #601832,
11 #602626, #602628, #602630, #602632, #602634, #603444
12 ID: 201701-49
13
14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16 Synopsis
17 ========
18
19 Multiple vulnerabilities have been found in QEMU, the worst of which
20 could cause a Denial of Service condition.
21
22 Background
23 ==========
24
25 QEMU is a generic and open source machine emulator and virtualizer.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 app-emulation/qemu < 2.8.0 >= 2.8.0
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in QEMU. Please review
39 the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A privileged user/process within a guest QEMU environment can cause a
45 Denial of Service condition against the QEMU guest process or the host.
46
47 Workaround
48 ==========
49
50 There is no known workaround at this time.
51
52 Resolution
53 ==========
54
55 All QEMU users should upgrade to the latest version:
56
57 # emerge --sync
58 # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.8.0"
59
60 References
61 ==========
62
63 [ 1 ] CVE-2016-10028
64 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10028
65 [ 2 ] CVE-2016-9101
66 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9101
67 [ 3 ] CVE-2016-9776
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9776
69 [ 4 ] CVE-2016-9845
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9845
71 [ 5 ] CVE-2016-9846
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9846
73 [ 6 ] CVE-2016-9907
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9907
75 [ 7 ] CVE-2016-9908
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9908
77 [ 8 ] CVE-2016-9911
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9911
79 [ 9 ] CVE-2016-9912
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9912
81 [ 10 ] CVE-2016-9913
82 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9913
83 [ 11 ] CVE-2016-9914
84 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9914
85 [ 12 ] CVE-2016-9915
86 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9915
87 [ 13 ] CVE-2016-9916
88 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9916
89 [ 14 ] CVE-2016-9921
90 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9921
91 [ 15 ] CVE-2016-9923
92 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9923
93
94 Availability
95 ============
96
97 This GLSA and any updates to it are available for viewing at
98 the Gentoo Security Website:
99
100 https://security.gentoo.org/glsa/201701-49
101
102 Concerns?
103 =========
104
105 Security is a primary focus of Gentoo Linux and ensuring the
106 confidentiality and security of our users' machines is of utmost
107 importance to us. Any security concerns should be addressed to
108 security@g.o or alternatively, you may file a bug at
109 https://bugs.gentoo.org.
110
111 License
112 =======
113
114 Copyright 2017 Gentoo Foundation, Inc; referenced text
115 belongs to its owner(s).
116
117 The contents of this document are licensed under the
118 Creative Commons - Attribution / Share Alike license.
119
120 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature