Synopsis: Important: qemu-kvm security update
Advisory ID: SLSA-2017:0987-1
Issue Date: 2017-04-18
CVE Numbers: CVE-2016-9603
—
Security Fix(es):
* A heap buffer overflow flaw was found in QEMU’s Cirrus CLGD 54xx VGA
emulator’s VNC display driver support; the issue could occur when a VNC
client attempted to update its display after a VGA operation is performed
by a guest. A privileged user/process inside a guest could use this flaw
to crash the QEMU process or, potentially, execute arbitrary code on the
host with privileges of the QEMU process. (CVE-2016-9603)
—
SL7
x86_64
qemu-img-1.5.3-126.el7_3.6.x86_64.rpm
qemu-kvm-1.5.3-126.el7_3.6.x86_64.rpm
qemu-kvm-common-1.5.3-126.el7_3.6.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-126.el7_3.6.x86_64.rpm
qemu-kvm-tools-1.5.3-126.el7_3.6.x86_64.rpm
– Scientific Linux Development Team
