Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Gentoo: GLSA-201702-28 Moderate: QEMU Code Execution Risk

gentoo
Calendar Grey February 21, 2017
Dist Gentoo Esm H88
Gentoo GLSA-202203-45 warns of various security flaws in VirtualBox, pointing out significant risks to the underlying infrastructure.
Multiple vulnerabilities have been found in QEMU, the worst of which could lead to the execution of arbitrary code on the host system.

Summary

Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details.

Topics%20covered

Topics Covered

security advisory gentoo arbitrary code normal severity execution issue doS threat qemu

Resolution

All QEMU users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.8.0-r1"

References

[ 1 ] CVE-2016-10155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10155 [ 2 ] CVE-2017-2615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2615 [ 3 ] CVE-2017-5525 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5525 [ 4 ] CVE-2017-5552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5552 [ 5 ] CVE-2017-5578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5578 [ 6 ] CVE-2017-5579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5579 [ 7 ] CVE-2017-5667 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5667 [ 8 ] CVE-2017-5856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5856 [ 9 ] CVE-2017-5857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5857 [ 10 ] CVE-2017-5898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5898 [ 11 ] CVE-2017-5931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5931

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201702-28
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: QEMU: Multiple vulnerabilities
Date: February 21, 2017
Bugs: #606264, #606720, #606722, #607000, #607100, #607766,
ID: 201702-28

Topics%20covered

Topics Covered

security advisory gentoo arbitrary code normal severity execution issue doS threat qemu

Synopsis

Multiple vulnerabilities have been found in QEMU, the worst of which could lead to the execution of arbitrary code on the host system.

Background

QEMU is a generic and open source machine emulator and virtualizer.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/qemu < 2.8.0-r1 >= 2.8.0-r1

Impact

===== A local attacker could potentially execute arbitrary code with privileges of QEMU process on the host, gain privileges on the host system, cause a Denial of Service condition, or obtain sensitive information.

Workaround

There is no known workaround at this time.

Related News

Your message here