GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri Oct 19, 2012 1:26 am Post subject: [ GLSA 201210-04 ] qemu-kvm: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: qemu-kvm: Multiple vulnerabilities (GLSA 201210-04)
Severity: high
Exploitable: remote
Date: October 18, 2012
Bug(s): #364889, #365259, #372411, #373997, #400595, #430456
ID: 201210-04
Synopsis
Multiple vulnerabilities were found in qemu-kvm, allowing attackers
to execute arbitrary code.
Background
qemu-kvm provides QEMU and Kernel-based Virtual Machine userland tools.
Affected Packages
Package: app-emulation/qemu-kvm
Vulnerable: < 1.1.1-r1
Unaffected: >= 1.1.1-r1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in qemu-kvm. Please review
the CVE identifiers referenced below for details.
Impact
These vulnerabilities allow a remote attacker to cause a Denial of
Service condition on the host server or qemu process, might allow for
arbitrary code execution or a symlink attack when qemu-kvm is in snapshot
mode.
Workaround
There is no known workaround at this time.
Resolution
All qemu-kvm users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/qemu-kvm-1.1.1-r1"
|
References
CVE-2011-1750
CVE-2011-1751
CVE-2011-2212
CVE-2011-2512
CVE-2012-0029
CVE-2012-2652 |
|
News & Announcements
