Synopsis:          Important: qemu-kvm security update
Advisory ID:       SLSA-2017:0352-1
Issue Date:        2017-03-01
CVE Numbers:       CVE-2017-2620
--

Security Fix(es):

* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator
support is vulnerable to an out-of-bounds access issue. The issue could
occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged
user inside guest could use this flaw to crash the QEMU process OR
potentially execute arbitrary code on host with privileges of the QEMU
process. (CVE-2017-2620)
--

SL6
  x86_64
    qemu-guest-agent-0.12.1.2-2.491.el6_8.7.x86_64.rpm
    qemu-img-0.12.1.2-2.491.el6_8.7.x86_64.rpm
    qemu-kvm-0.12.1.2-2.491.el6_8.7.x86_64.rpm
    qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.7.x86_64.rpm
    qemu-kvm-tools-0.12.1.2-2.491.el6_8.7.x86_64.rpm
  i386
    qemu-guest-agent-0.12.1.2-2.491.el6_8.7.i686.rpm
    qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.7.i686.rpm

- Scientific Linux Development Team