QEMU: Multiple vulnerabilities Multiple vulnerabilities have been found in QEMU, worst of which allows local attackers to execute arbitrary code. qemu August 30, 2014 September 02, 2014: 3 201434 486352 505946 507692 507790 507796 510208 510234 local 2.0.0-r1 2.0.0-r1

QEMU is a generic and open source machine emulator and virtualizer.

Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details.

A local attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.

There is no known workaround at this time.

All QEMU users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.0.0-r1" CVE-2007-6227 CVE-2013-4377 CVE-2013-4544 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0150 CVE-2014-0222 CVE-2014-0223 CVE-2014-2894 CVE-2014-3461 BlueKnight pinkbyte