Synopsis: Important: qemu-kvm security and bug fix update
Advisory ID: SLSA-2016:0083-1
Issue Date: 2016-01-28
CVE Numbers: CVE-2016-1714
An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware
Configuration device emulation processed certain firmware configurations.
A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the
QEMU process instance or, potentially, execute arbitrary code on the host
with privileges of the QEMU process. (CVE-2016-1714)
This update also fixes the following bugs:
* Incorrect handling of the last sector of an image file could trigger an
assertion failure in qemu-img. This update changes the handling of the
last sector, and no assertion failure occurs.
After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
- Scientific Linux Development Team