QEMU: Multiple vulnerabilities Multiple vulnerabilities have been found in QEMU, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. QEMU 2016-04-02 2016-04-02 569118 569300 571560 572082 572412 572454 573280 573314 574902 575492 576420 local 2.5.0-r2 2.5.0-r2

QEMU is a generic and open source machine emulator and virtualizer.

Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details.

Local users within a guest QEMU environment can execute arbitrary code within the host or a cause a Denial of Service condition of the QEMU guest process.

There is no known workaround at this time.

All QEMU users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.5.0-r2" CVE-2015-8613 CVE-2015-8619 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2197 CVE-2016-2198 CVE-2016-2392 CVE-2016-2538 CVE-2016-2858 b-man b-man