QEMU: Multiple vulnerabilities
Multiple vulnerabilities have been found in QEMU, the worst of
which could lead to arbitrary code execution, or cause a Denial of Service
condition.
qemu
September 25, 2016
September 26, 2016: 2
573816
579734
580040
583496
583952
584094
584102
584146
584514
584630
584918
589924
589928
591242
591244
591374
591380
591678
592430
593034
593036
593038
593284
593950
593956
remote
2.7.0-r3
2.7.0-r3
QEMU is a generic and open source machine emulator and virtualizer.
Multiple vulnerabilities have been discovered in QEMU. Please review the
CVE identifiers referenced below for details.
Local users within a guest QEMU environment can execute arbitrary code
within the host or a cause a Denial of Service condition of the QEMU
guest process.
There is no known workaround at this time.
All QEMU users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.7.0-r3"
CVE-2016-2841
CVE-2016-4001
CVE-2016-4002
CVE-2016-4020
CVE-2016-4439
CVE-2016-4441
CVE-2016-4453
CVE-2016-4454
CVE-2016-4964
CVE-2016-5106
CVE-2016-5107
CVE-2016-5126
CVE-2016-5238
CVE-2016-5337
CVE-2016-5338
CVE-2016-6490
CVE-2016-6833
CVE-2016-6834
CVE-2016-6836
CVE-2016-6888
CVE-2016-7116
CVE-2016-7156
CVE-2016-7157
CVE-2016-7421
CVE-2016-7422
b-man
b-man