Detections
Analytics
GLSA-201609-01 : QEMU: Multiple vulnerabilities
critical Nessus Plugin ID 93697
Synopsis
The remote Gentoo host is missing one or more security-related patches.Description
The remote host is affected by the vulnerability described in GLSA-201609-01 (QEMU: Multiple vulnerabilities)Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details.
Impact :
Local users within a guest QEMU environment can execute arbitrary code within the host or a cause a Denial of Service condition of the QEMU guest process.
Workaround :
There is no known workaround at this time.
Solution
All QEMU users should upgrade to the latest version:# emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/qemu-2.7.0-r3'
See Also
Plugin Details
Severity: Critical
ID: 93697
File Name: gentoo_GLSA-201609-01.nasl
Version: 2.4
Type: local
Family: Gentoo Local Security Checks
Published: 9/26/2016
Updated: 1/23/2026
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2016-4002
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:gentoo:linux:qemu, cpe:/o:gentoo:linux
Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list
Exploit Ease: No known exploits are available
Patch Publication Date: 9/25/2016
Reference Information
CVE: CVE-2016-2841, CVE-2016-4001, CVE-2016-4002, CVE-2016-4020, CVE-2016-4439, CVE-2016-4441, CVE-2016-4453, CVE-2016-4454, CVE-2016-4964, CVE-2016-5106, CVE-2016-5107, CVE-2016-5126, CVE-2016-5238, CVE-2016-5337, CVE-2016-5338, CVE-2016-6490, CVE-2016-6833, CVE-2016-6834, CVE-2016-6836, CVE-2016-6888, CVE-2016-7116, CVE-2016-7156, CVE-2016-7157, CVE-2016-7421, CVE-2016-7422
GLSA: 201609-01