From ${URL} : Quick emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. Upstream patch -------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1334398 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
this is in the 2.8.0 release
Stabilization will be happen as part of bug 601824.
Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201701-49 at https://security.gentoo.org/glsa/201701-49 by GLSA coordinator Aaron Bauman (b-man).