Red Hat Security Advisory 2017-2408-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator built with Network Block Device Server support was vulnerable to a null-pointer dereference issue. The flaw could occur when releasing a client that was not initialized due to failed negotiation. A remote user or process could exploit this flaw to crash the qemu-nbd server.
43453dd199302989251381bee4c45dba
Red Hat Security Advisory 2017-2392-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. The following packages have been upgraded to a later upstream version: qemu-kvm-rhev. Security Fix: A stack buffer overflow flaw was found in the Quick Emulator built with the Network Block Device client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.
7b9de3483b6b1af562846fd2a740e94b
Gentoo Linux Security Advisory 201702-28 - Multiple vulnerabilities have been found in QEMU, the worst of which could lead to the execution of arbitrary code on the host system. Versions less than 2.8.0-r1 are affected.
1fdbf94fb352c5a21cf5e86d408776f1