Synopsis: Low: qemu-kvm security, bug fix, and enhancement update Advisory ID: SLSA-2018:0816-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-13711 CVE-2017-13672 CVE-2017-15268 CVE-2017-15124 CVE-2018-5683 -- Security Fix(es): * Qemu: vga: OOB read access during display update (CVE-2017-13672) * Qemu: Slirp: use-after-free when sending response (CVE-2017-13711) * Qemu: memory exhaustion through framebuffer update request message in VNC server (CVE-2017-15124) * Qemu: I/O: potential memory exhaustion via websock connection to VNC (CVE-2017-15268) * Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683) Additional Changes: -- SL7 x86_64 qemu-img-1.5.3-156.el7.x86_64.rpm qemu-kvm-1.5.3-156.el7.x86_64.rpm qemu-kvm-common-1.5.3-156.el7.x86_64.rpm qemu-kvm-debuginfo-1.5.3-156.el7.x86_64.rpm qemu-kvm-tools-1.5.3-156.el7.x86_64.rpm - Scientific Linux Development Team