Joined: 12 May 2004
|Posted: Fri Oct 19, 2012 1:26 am Post subject: [ GLSA 201210-04 ] qemu-kvm: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: qemu-kvm: Multiple vulnerabilities (GLSA 201210-04)
Date: October 18, 2012
Bug(s): #364889, #365259, #372411, #373997, #400595, #430456
Multiple vulnerabilities were found in qemu-kvm, allowing attackers
to execute arbitrary code.
qemu-kvm provides QEMU and Kernel-based Virtual Machine userland tools.
Vulnerable: < 1.1.1-r1
Unaffected: >= 1.1.1-r1
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in qemu-kvm. Please review
the CVE identifiers referenced below for details.
These vulnerabilities allow a remote attacker to cause a Denial of
Service condition on the host server or qemu process, might allow for
arbitrary code execution or a symlink attack when qemu-kvm is in snapshot
There is no known workaround at this time.
All qemu-kvm users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/qemu-kvm-1.1.1-r1"