(RHSA-2017:0621) Moderate: qemu-kvm security and bug fix update

ID RHSA-2017:0621
Type redhat
Reporter RedHat
Modified 2018-06-07T18:22:01


Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

Security Fix(es):

  • An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA registers while in VBE mode. A privileged guest user could use this flaw to crash the QEMU process instance. (CVE-2016-3712)

Red Hat would like to thank Zuozhi Fzz (Alibaba Inc.) for reporting this issue.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.