It was found that the QEMU's websocket frame decoder processed incoming
frames without limiting resources used to process the header and the
payload. An attacker able to access a guest's VNC console could use this
flaw to trigger a denial of service on the host by exhausting all
available memory and CPU. (CVE-2015-1779)
After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.
--