Gentoo Archives: gentoo-announce

From: Sam James <sam@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202011-09 ] QEMU: Multiple vulnerabilities
Date: Wed, 11 Nov 2020 03:58:16
Message-Id: 87D3F145-78E0-4054-B03A-4C5EE0712021@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202011-09
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: QEMU: Multiple vulnerabilities
9 Date: November 11, 2020
10 Bugs: #720896, #725634, #743649
11 ID: 202011-09
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in QEMU, the worst of which
19 could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 QEMU is a generic and open source machine emulator and virtualizer.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 app-emulation/qemu < 5.1.0-r1 >= 5.1.0-r1
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in QEMU. Please review
38 the CVE identifiers referenced below for details.
39
40 Impact
41 ======
42
43 Please review the referenced CVE identifiers for details.
44
45 Workaround
46 ==========
47
48 There is no known workaround at this time.
49
50 Resolution
51 ==========
52
53 All QEMU users should upgrade to the latest version:
54
55 # emerge --sync
56 # emerge --ask --oneshot --verbose ">=app-emulation/qemu-5.1.0-r1"
57
58 References
59 ==========
60
61 [ 1 ] CVE-2020-10717
62 https://nvd.nist.gov/vuln/detail/CVE-2020-10717
63 [ 2 ] CVE-2020-10761
64 https://nvd.nist.gov/vuln/detail/CVE-2020-10761
65 [ 3 ] CVE-2020-13253
66 https://nvd.nist.gov/vuln/detail/CVE-2020-13253
67 [ 4 ] CVE-2020-13361
68 https://nvd.nist.gov/vuln/detail/CVE-2020-13361
69 [ 5 ] CVE-2020-13362
70 https://nvd.nist.gov/vuln/detail/CVE-2020-13362
71 [ 6 ] CVE-2020-13659
72 https://nvd.nist.gov/vuln/detail/CVE-2020-13659
73 [ 7 ] CVE-2020-13754
74 https://nvd.nist.gov/vuln/detail/CVE-2020-13754
75 [ 8 ] CVE-2020-13791
76 https://nvd.nist.gov/vuln/detail/CVE-2020-13791
77 [ 9 ] CVE-2020-13800
78 https://nvd.nist.gov/vuln/detail/CVE-2020-13800
79 [ 10 ] CVE-2020-14364
80 https://nvd.nist.gov/vuln/detail/CVE-2020-14364
81
82 Availability
83 ============
84
85 This GLSA and any updates to it are available for viewing at
86 the Gentoo Security Website:
87
88 https://security.gentoo.org/glsa/202011-09
89
90 Concerns?
91 =========
92
93 Security is a primary focus of Gentoo Linux and ensuring the
94 confidentiality and security of our users' machines is of utmost
95 importance to us. Any security concerns should be addressed to
96 security@g.o or alternatively, you may file a bug at
97 https://bugs.gentoo.org.
98
99 License
100 =======
101
102 Copyright 2020 Gentoo Foundation, Inc; referenced text
103 belongs to its owner(s).
104
105 The contents of this document are licensed under the
106 Creative Commons - Attribution / Share Alike license.
107
108 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature