qemu-kvm - security update

Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution on x86 hardware.

• CVE-2015-7295
  Jason Wang of Red Hat Inc. discovered that the Virtual Network
  Device support is vulnerable to denial-of-service (via resource
  exhaustion), that could occur when receiving large packets.
• CVE-2015-7504
  Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc.
  discovered that the PC-Net II ethernet controller is vulnerable to
  a heap-based buffer overflow that could result in
  denial-of-service (via application crash) or arbitrary code
  execution.
• CVE-2015-7512
  Ling Liu of Qihoo 360 Inc. and Jason Wang of Red Hat Inc.
  discovered that the PC-Net II ethernet controller is vulnerable to
  a buffer overflow that could result in denial-of-service (via
  application crash) or arbitrary code execution.
• CVE-2015-8345
  Qinghao Tang of Qihoo 360 Inc. discovered that the eepro100
  emulator contains a flaw that could lead to an infinite loop when
  processing Command Blocks, eventually resulting in
  denial-of-service (via application crash).
• CVE-2015-8504
  Lian Yihan of Qihoo 360 Inc. discovered that the VNC display
  driver support is vulnerable to an arithmetic exception flaw that
  could lead to denial-of-service (via application crash).
• CVE-2015-8558
  Qinghao Tang of Qihoo 360 Inc. discovered that the USB EHCI
  emulation support contains a flaw that could lead to an infinite
  loop during communication between the host controller and a device
  driver. This could lead to denial-of-service (via resource
  exhaustion).
• CVE-2015-8743
  Ling Liu of Qihoo 360 Inc. discovered that the NE2000 emulator is
  vulnerable to an out-of-bound read/write access issue, potentially
  resulting in information leak or memory corruption.
• CVE-2016-1568
  Qinghao Tang of Qihoo 360 Inc. discovered that the IDE AHCI
  emulation support is vulnerable to a use-after-free issue, that
  could lead to denial-of-service (via application crash) or
  arbitrary code execution.
• CVE-2016-1714
  Donghai Zhu of Alibaba discovered that the Firmware Configuration
  emulation support is vulnerable to an out-of-bound read/write
  access issue, that could lead to denial-of-service (via
  application crash) or arbitrary code execution.
• CVE-2016-1922
  Ling Liu of Qihoo 360 Inc. discovered that 32-bit Windows guests
  support is vulnerable to a null pointer dereference issue, that
  could lead to denial-of-service (via application crash).

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.1.2+dfsg-6+deb7u12.

We recommend that you upgrade your qemu-kvm packages.