Synopsis: Important: qemu-kvm security update Advisory ID: SLSA-2017:0352-1 Issue Date: 2017-03-01 CVE Numbers: CVE-2017-2620 -- Security Fix(es): * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620) -- SL6 x86_64 qemu-guest-agent-0.12.1.2-2.491.el6_8.7.x86_64.rpm qemu-img-0.12.1.2-2.491.el6_8.7.x86_64.rpm qemu-kvm-0.12.1.2-2.491.el6_8.7.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.7.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.491.el6_8.7.x86_64.rpm i386 qemu-guest-agent-0.12.1.2-2.491.el6_8.7.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.491.el6_8.7.i686.rpm - Scientific Linux Development Team