Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201702-28 ] QEMU: Multiple vulnerabilities
Date: Tue, 21 Feb 2017 00:32:33
Message-Id: 71b1ce64-b394-bce1-e292-1fab3f593a2f@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201702-28
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: QEMU: Multiple vulnerabilities
9 Date: February 21, 2017
10 Bugs: #606264, #606720, #606722, #607000, #607100, #607766,
11 #608034, #608036, #608038, #608520, #608728
12 ID: 201702-28
13
14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16 Synopsis
17 ========
18
19 Multiple vulnerabilities have been found in QEMU, the worst of which
20 could lead to the execution of arbitrary code on the host system.
21
22 Background
23 ==========
24
25 QEMU is a generic and open source machine emulator and virtualizer.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 app-emulation/qemu < 2.8.0-r1 >= 2.8.0-r1
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in QEMU. Please review
39 the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A local attacker could potentially execute arbitrary code with
45 privileges of QEMU process on the host, gain privileges on the host
46 system, cause a Denial of Service condition, or obtain sensitive
47 information.
48
49 Workaround
50 ==========
51
52 There is no known workaround at this time.
53
54 Resolution
55 ==========
56
57 All QEMU users should upgrade to the latest version:
58
59 # emerge --sync
60 # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.8.0-r1"
61
62 References
63 ==========
64
65 [ 1 ] CVE-2016-10155
66 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10155
67 [ 2 ] CVE-2017-2615
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2615
69 [ 3 ] CVE-2017-5525
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5525
71 [ 4 ] CVE-2017-5552
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5552
73 [ 5 ] CVE-2017-5578
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5578
75 [ 6 ] CVE-2017-5579
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5579
77 [ 7 ] CVE-2017-5667
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5667
79 [ 8 ] CVE-2017-5856
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5856
81 [ 9 ] CVE-2017-5857
82 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5857
83 [ 10 ] CVE-2017-5898
84 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5898
85 [ 11 ] CVE-2017-5931
86 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5931
87
88 Availability
89 ============
90
91 This GLSA and any updates to it are available for viewing at
92 the Gentoo Security Website:
93
94 https://security.gentoo.org/glsa/201702-28
95
96 Concerns?
97 =========
98
99 Security is a primary focus of Gentoo Linux and ensuring the
100 confidentiality and security of our users' machines is of utmost
101 importance to us. Any security concerns should be addressed to
102 security@g.o or alternatively, you may file a bug at
103 https://bugs.gentoo.org.
104
105 License
106 =======
107
108 Copyright 2017 Gentoo Foundation, Inc; referenced text
109 belongs to its owner(s).
110
111 The contents of this document are licensed under the
112 Creative Commons - Attribution / Share Alike license.
113
114 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups