From ${URL} : Qemu emulator built with the IDE AHCI Emulation support is vulnerable to a use after free(kind of) issue. It could occur after processing AHCI Native Command Queuing(NCQ) AIO commands. A privileged user inside guest could use this flaw to crash the Qemu process instance or might potentially execute arbitrary code with privileges of the Qemu process on the host. Upstream fix: - ------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg01184.html Reference: - ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1288532 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
fix is in qemu-2.5.0-r1 in the tree now http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96bdea53ec5c2e6d80e30b288043e34bfc766e25
@vapier: is fine to stabilize 2.5.0-r1?
(In reply to Agostino Sarubbo from comment #2) > @vapier: is fine to stabilize 2.5.0-r1? Should be. Get the arches going.
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Added to existing GLSA draft
CVE-2016-1568 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1568): A user-after-free vulnerability was discovered in the QEMU emulator built with IDE AHCI emulation support. The flaw could occur after processing AHCI Native Command Queuing(NCQ) AIO commands. A privileged user inside the guest could use this flaw to crash the QEMU process instance (denial of service) or potentially execute arbitrary code on the host with QEMU-process privileges.
This issue was resolved and addressed in GLSA 201602-01 at https://security.gentoo.org/glsa/201602-01 by GLSA coordinator Kristian Fiskerstrand (K_F).
