[gentoo-announce] [ GLSA 201706-03 ] QEMU: Multiple vulnerabilities - gentoo-announce

From:	Yury German <blueknight@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201706-03 ] QEMU: Multiple vulnerabilities
Date:	Tue, 06 Jun 2017 06:50:30
Message-Id:	`0009c6d6-3924-024e-6c26-9de8b9ef25a9@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201706-03

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: QEMU: Multiple vulnerabilities

9

     Date: June 06, 2017

10

     Bugs: #614744, #615874, #616460, #616462, #616482, #616484,

11

           #616636, #616870, #616872, #616874, #618808, #619018,

12

           #619020, #620322

13

       ID: 201706-03

14

15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

16

17

Synopsis

18

========

19

20

Multiple vulnerabilities have been found in QEMU, the worst of which

21

may allow a remote attacker to cause a Denial of Service or gain

22

elevated privileges from a guest VM.

23

24

Background

25

==========

26

27

QEMU is a generic and open source machine emulator and virtualizer.

28

29

Affected packages

30

=================

31

32

    -------------------------------------------------------------------

33

     Package              /     Vulnerable     /            Unaffected

34

    -------------------------------------------------------------------

35

  1  app-emulation/qemu          < 2.9.0-r2               >= 2.9.0-r2

36

37

Description

38

===========

39

40

Multiple vulnerabilities have been discovered in QEMU. Please review

41

the CVE identifiers referenced below for details.

42

43

Impact

44

======

45

46

A remote attacker might cause a Denial of Service or gain escalated

47

privileges from a guest VM.

48

49

Workaround

50

==========

51

52

There is no known workaround at this time.

53

54

Resolution

55

==========

56

57

All QEMU users should upgrade to the latest version:

58

59

  # emerge --sync

60

  # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.9.0-r2"

61

62

References

63

==========

64

65

[  1 ] CVE-2016-9603

66

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9603

67

[  2 ] CVE-2017-7377

68

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7377

69

[  3 ] CVE-2017-7471

70

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7471

71

[  4 ] CVE-2017-7493

72

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7493

73

[  5 ] CVE-2017-7718

74

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7718

75

[  6 ] CVE-2017-7980

76

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7980

77

[  7 ] CVE-2017-8086

78

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8086

79

[  8 ] CVE-2017-8112

80

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8112

81

[  9 ] CVE-2017-8309

82

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8309

83

[ 10 ] CVE-2017-8379

84

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8379

85

[ 11 ] CVE-2017-8380

86

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8380

87

[ 12 ] CVE-2017-9060

88

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9060

89

[ 13 ] CVE-2017-9310

90

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9310

91

[ 14 ] CVE-2017-9330

92

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9330

93

94

Availability

95

============

96

97

This GLSA and any updates to it are available for viewing at

98

the Gentoo Security Website:

99

100

 https://security.gentoo.org/glsa/201706-03

101

102

Concerns?

103

=========

104

105

Security is a primary focus of Gentoo Linux and ensuring the

106

confidentiality and security of our users' machines is of utmost

107

importance to us. Any security concerns should be addressed to

108

security@g.o or alternatively, you may file a bug at

109

https://bugs.gentoo.org.

110

111

License

112

=======

113

114

Copyright 2017 Gentoo Foundation, Inc; referenced text

115

belongs to its owner(s).

116

117

The contents of this document are licensed under the

118

Creative Commons - Attribution / Share Alike license.

119

120

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201706-03
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: QEMU: Multiple vulnerabilities
9	Date: June 06, 2017
10	Bugs: #614744, #615874, #616460, #616462, #616482, #616484,
11	#616636, #616870, #616872, #616874, #618808, #619018,
12	#619020, #620322
13	ID: 201706-03
14
15	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
16
17	Synopsis
18	========
19
20	Multiple vulnerabilities have been found in QEMU, the worst of which
21	may allow a remote attacker to cause a Denial of Service or gain
22	elevated privileges from a guest VM.
23
24	Background
25	==========
26
27	QEMU is a generic and open source machine emulator and virtualizer.
28
29	Affected packages
30	=================
31
32	-------------------------------------------------------------------
33	Package / Vulnerable / Unaffected
34	-------------------------------------------------------------------
35	1 app-emulation/qemu < 2.9.0-r2 >= 2.9.0-r2
36
37	Description
38	===========
39
40	Multiple vulnerabilities have been discovered in QEMU. Please review
41	the CVE identifiers referenced below for details.
42
43	Impact
44	======
45
46	A remote attacker might cause a Denial of Service or gain escalated
47	privileges from a guest VM.
48
49	Workaround
50	==========
51
52	There is no known workaround at this time.
53
54	Resolution
55	==========
56
57	All QEMU users should upgrade to the latest version:
58
59	# emerge --sync
60	# emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.9.0-r2"
61
62	References
63	==========
64
65	[ 1 ] CVE-2016-9603
66	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9603
67	[ 2 ] CVE-2017-7377
68	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7377
69	[ 3 ] CVE-2017-7471
70	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7471
71	[ 4 ] CVE-2017-7493
72	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7493
73	[ 5 ] CVE-2017-7718
74	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7718
75	[ 6 ] CVE-2017-7980
76	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7980
77	[ 7 ] CVE-2017-8086
78	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8086
79	[ 8 ] CVE-2017-8112
80	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8112
81	[ 9 ] CVE-2017-8309
82	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8309
83	[ 10 ] CVE-2017-8379
84	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8379
85	[ 11 ] CVE-2017-8380
86	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8380
87	[ 12 ] CVE-2017-9060
88	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9060
89	[ 13 ] CVE-2017-9310
90	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9310
91	[ 14 ] CVE-2017-9330
92	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9330
93
94	Availability
95	============
96
97	This GLSA and any updates to it are available for viewing at
98	the Gentoo Security Website:
99
100	https://security.gentoo.org/glsa/201706-03
101
102	Concerns?
103	=========
104
105	Security is a primary focus of Gentoo Linux and ensuring the
106	confidentiality and security of our users' machines is of utmost
107	importance to us. Any security concerns should be addressed to
108	security@g.o or alternatively, you may file a bug at
109	https://bugs.gentoo.org.
110
111	License
112	=======
113
114	Copyright 2017 Gentoo Foundation, Inc; referenced text
115	belongs to its owner(s).
116
117	The contents of this document are licensed under the
118	Creative Commons - Attribution / Share Alike license.
119
120	http://creativecommons.org/licenses/by-sa/2.5