Multiple vulnerabilities were found in qemu, a fast processor emulator:
Denial of service in qemu-nbd server
Buffer overflow in USB redirector
Out-of-band memory access in DMA operations
Out-of-band memory access in SLIRP/DHCP
For the stable distribution (stretch), these problems have been fixed in version 1:2.8+dfsg-6+deb9u2.
We recommend that you upgrade your qemu packages.