Test ID:	1.3.6.1.4.1.25623.1.0.121458
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 201604-01
Summary:	Gentoo Linux Local Security Checks GLSA 201604-01
Description:	Summary: Gentoo Linux Local Security Checks GLSA 201604-01 Vulnerability Insight: Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Solution: Update the affected packages to the latest available version. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8613 79719 http://www.securityfocus.com/bid/79719 DSA-3471 http://www.debian.org/security/2016/dsa-3471 GLSA-201604-01 https://security.gentoo.org/glsa/201604-01 [oss-security] 20151221 Re: CVE request: Qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info http://www.openwall.com/lists/oss-security/2015/12/22/1 [qemu-devel] 20151221 [Qemu-devel] [PATCH] scsi: initialise info object with appropriate size https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html https://bugzilla.redhat.com/show_bug.cgi?id=1284008 Common Vulnerability Exposure (CVE) ID: CVE-2015-8619 79668 http://www.securityfocus.com/bid/79668 [oss-security] 20151223 CVE request Qemu: hmp: stack based OOB write in hmp_sendkey routine http://www.openwall.com/lists/oss-security/2015/12/23/1 [qemu-devel] 20151217 [Qemu-devel] [PATCH] hmp: avoid redundant null termination of buffer https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html Common Vulnerability Exposure (CVE) ID: CVE-2016-1714 1034858 http://www.securitytracker.com/id/1034858 80250 http://www.securityfocus.com/bid/80250 DSA-3469 http://www.debian.org/security/2016/dsa-3469 DSA-3470 http://www.debian.org/security/2016/dsa-3470 RHSA-2016:0081 http://rhn.redhat.com/errata/RHSA-2016-0081.html RHSA-2016:0082 http://rhn.redhat.com/errata/RHSA-2016-0082.html RHSA-2016:0083 http://rhn.redhat.com/errata/RHSA-2016-0083.html RHSA-2016:0084 http://rhn.redhat.com/errata/RHSA-2016-0084.html RHSA-2016:0085 http://rhn.redhat.com/errata/RHSA-2016-0085.html RHSA-2016:0086 http://rhn.redhat.com/errata/RHSA-2016-0086.html RHSA-2016:0087 http://rhn.redhat.com/errata/RHSA-2016-0087.html RHSA-2016:0088 http://rhn.redhat.com/errata/RHSA-2016-0088.html [Qemu-devel] 20160106 [PATCH v2 for v2.3.0] fw_cfg: add check to validate current entry value https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html [oss-security] 20160111 CVE request Qemu: nvram: OOB r/w access in processing firmware configurations http://www.openwall.com/lists/oss-security/2016/01/11/7 [oss-security] 20160112 Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations http://www.openwall.com/lists/oss-security/2016/01/12/10 [oss-security] 20160112 Re: Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations http://www.openwall.com/lists/oss-security/2016/01/12/11 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html Common Vulnerability Exposure (CVE) ID: CVE-2016-1922 81058 http://www.securityfocus.com/bid/81058 [oss-security] 20160116 CVE request Qemu: i386: null pointer dereference in vapic_write http://www.openwall.com/lists/oss-security/2016/01/16/1 [oss-security] 20160116 Re: CVE request Qemu: i386: null pointer dereference in vapic_write http://www.openwall.com/lists/oss-security/2016/01/16/6 [qemu-devel] 20160115 [PULL] i386: avoid null pointer dereference https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg02812.html https://bugzilla.redhat.com/show_bug.cgi?id=1283934 Common Vulnerability Exposure (CVE) ID: CVE-2016-1981 81549 http://www.securityfocus.com/bid/81549 RHSA-2016:2585 http://rhn.redhat.com/errata/RHSA-2016-2585.html [oss-security] 20160119 CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines http://www.openwall.com/lists/oss-security/2016/01/19/10 [oss-security] 20160122 Re: CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines http://www.openwall.com/lists/oss-security/2016/01/22/1 [qemu-devel] 20160119 [PATCH] e1000: eliminate infinite loops on out-of-bounds transfer start https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html https://bugzilla.redhat.com/show_bug.cgi?id=1298570 Common Vulnerability Exposure (CVE) ID: CVE-2016-2197 82235 http://www.securityfocus.com/bid/82235 [qemu-devel] 20160128 [PATCH v2] ide: ahci: add check before calling dma_memory_unmap https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05742.html [qemu-devel] 20160129 CVE request Qemu: ide: ahci null pointer dereference when using FIS CLB engines http://www.openwall.com/lists/oss-security/2016/01/29/2 [qemu-devel] 20160130 Re: CVE request Qemu: ide: ahci null pointer dereference when using FIS CLB engines http://www.openwall.com/lists/oss-security/2016/01/30/1 https://bugzilla.redhat.com/show_bug.cgi?id=1302057 Common Vulnerability Exposure (CVE) ID: CVE-2016-2198 [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html [oss-security] 20160129 CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write http://www.openwall.com/lists/oss-security/2016/01/29/6 [oss-security] 20160130 Re: CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write http://www.openwall.com/lists/oss-security/2016/01/30/2 [qemu-devel] 20160129 [PATCH] usb: ehci: add capability mmio write function https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05899.html https://bugzilla.redhat.com/show_bug.cgi?id=1301643 Common Vulnerability Exposure (CVE) ID: CVE-2016-2392 83274 http://www.securityfocus.com/bid/83274 USN-2974-1 http://www.ubuntu.com/usn/USN-2974-1 [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html [oss-security] 20160216 CVE request Qemu: usb: null pointer dereference in remote NDIS control message handling http://www.openwall.com/lists/oss-security/2016/02/16/7 [qemu-devel] 20160211 [Qemu-devel] [PATCH] usb: check USB configuration descriptor object https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg02553.html [qemu-stable] 20160329 [Qemu-stable] [ANNOUNCE] QEMU 2.5.1 Stable released http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=80eecda8e5d09c442c24307f340840a5b70ea3b9 https://bugzilla.redhat.com/show_bug.cgi?id=1302299 Common Vulnerability Exposure (CVE) ID: CVE-2016-2538 83336 http://www.securityfocus.com/bid/83336 [oss-security] 20160222 CVE request Qemu: usb: integer overflow in remote NDIS control message handling http://www.openwall.com/lists/oss-security/2016/02/22/3 [qemu-devel] 20160216 [Qemu-devel] [PATCH 2/2] usb: check RNDIS buffer offsets & length https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03658.html http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e https://bugzilla.redhat.com/show_bug.cgi?id=1303120 Common Vulnerability Exposure (CVE) ID: CVE-2016-2858 84134 http://www.securityfocus.com/bid/84134 [oss-security] 20160304 CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption http://www.openwall.com/lists/oss-security/2016/03/04/1 [oss-security] 20160306 Re: CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption http://www.openwall.com/lists/oss-security/2016/03/07/4 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 https://bugzilla.redhat.com/show_bug.cgi?id=1314676
Copyright	Copyright (C) 2016 Eero Volotinen

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.