Security update for qemu (important)

qemu was updated to fix several issues.

These security issues were fixed:

• CVE-2016-9102: Memory leak in the v9fs_xattrcreate function in
  hw/9pfs/9p.c in allowed local guest OS administrators to cause a denial
  of service (memory consumption and QEMU process crash) via a large
  number of Txattrcreate messages with the same fid number (bsc#1014256).
• CVE-2016-9103: The v9fs_xattrcreate function in hw/9pfs/9p.c in allowed
  local guest OS administrators to obtain sensitive host heap memory
  information by reading xattribute values writing to them (bsc#1007454).
• CVE-2016-9381: Improper processing of shared rings allowing guest
  administrators take over the qemu process, elevating their privilege to
  that of the qemu process (bsc#1009109)
• CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support
  was vulnerable to an infinite loop issue while receiving packets in
  ‘mcf_fec_receive’. A privileged user/process inside guest could have
  used this issue to crash the Qemu process on the host leading to DoS
  (bsc#1013285).
• CVE-2016-9845: The Virtio GPU Device emulator support as vulnerable to
  an information leakage issue while processing the
  ‘VIRTIO_GPU_CMD_GET_CAPSET_INFO’ command. A guest user/process could
  have used this flaw to leak contents of the host memory (bsc#1013767).
• CVE-2016-9846: The Virtio GPU Device emulator support was vulnerable to
  a memory leakage issue while updating the cursor data in
  update_cursor_data_virgl. A guest user/process could have used this flaw
  to leak host memory bytes, resulting in DoS for the host (bsc#1013764).
• CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a
  memory leakage flaw when destroying the USB redirector in
  ‘usbredir_handle_destroy’. A guest user/process could have used this
  issue to leak host memory, resulting in DoS for a host (bsc#1014109).
• CVE-2016-9908: The Virtio GPU Device emulator support was vulnerable to
  an information leakage issue while processing the
  ‘VIRTIO_GPU_CMD_GET_CAPSET’ command. A guest user/process could have
  used this flaw to leak contents of the host memory (bsc#1014514).
• CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory
  leakage issue while processing packet data in ‘ehci_init_transfer’. A
  guest user/process could have used this issue to leak host memory,
  resulting in DoS for the host (bsc#1014111).
• CVE-2016-9912: The Virtio GPU Device emulator support was vulnerable to
  a memory leakage issue while destroying gpu resource object in
  ‘virtio_gpu_resource_destroy’. A guest user/process could have used this
  flaw to leak host memory bytes, resulting in DoS for the host
  (bsc#1014112).
• CVE-2016-9913: VirtFS was vulnerable to memory leakage issue via its
  ‘9p-handle’ or ‘9p-proxy’ backend drivers. A privileged user inside
  guest could have used this flaw to leak host memory, thus affecting
  other services on the host and/or potentially crash the Qemu process on
  the host (bsc#1014110).

These non-security issues were fixed:

• Fixed uint64 property parsing and add regression tests (bsc#937125)
• Added a man page for kvm_stat
• Fix crash in vte (bsc#1008519)
• Various upstream commits targeted towards stable releases (bsc#1013341)

This update was imported from the SUSE:SLE-12-SP2:Update update project.