Synopsis: Important: qemu-kvm security update Advisory ID: SLSA-2016:0082-1 Issue Date: 2016-01-28 CVE Numbers: CVE-2016-1714 -- An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2016-1714) After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. -- SL6 x86_64 qemu-guest-agent-0.12.1.2-2.479.el6_7.4.x86_64.rpm qemu-img-0.12.1.2-2.479.el6_7.4.x86_64.rpm qemu-kvm-0.12.1.2-2.479.el6_7.4.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.4.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.479.el6_7.4.x86_64.rpm i386 qemu-guest-agent-0.12.1.2-2.479.el6_7.4.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.4.i686.rpm - Scientific Linux Development Team