kvm was updated to fix 33 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation - CVE-2016-4441: Avoid OOB access in 53C9X emulation - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit - CVE-2016-4037: Fixed USB ehci based DOS - CVE-2016-2538: Fixed potential OOB access in USB net device emulation - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator - CVE-2016-2857: Fixed OOB access when processing IP checksums - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access - CVE-2015-3214: Fixed OOB read in i8254 PIC - CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to avoid any opportunity for guest to cause DoS by abusing that interface - CVE-2014-3689: Fixed insufficient parameter validation in rectangle functions - CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to read host memory by setting the display to a high resolution . - CVE-2015-5239: Integer overflow in vnc_client_read and protocol_client_msg . - CVE-2015-5278: Infinite loop in ne2000_receive function . - CVE-2015-5279: Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU allowed guest OS users to cause a denial of service or possibly execute arbitrary code via vectors related to receiving packets . - CVE-2015-5745: Buffer overflow in virtio-serial . - CVE-2015-6855: hw/ide/core.c in QEMU did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash . - CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device support in QEMU, when big or mergeable receive buffers are not supported, allowed remote attackers to cause a denial of service via a flood of jumbo frames on the tuntap or macvtap interface . - CVE-2015-7549: PCI null pointer dereferences . - CVE-2015-8504: VNC floating point exception . - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS . - CVE-2015-8613: Wrong sized memset in megasas command handler . - CVE-2015-8619: Potential DoS for long HMP sendkey command argument . - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions . - CVE-2016-1568: AHCI use-after-free in aio port commands . - CVE-2016-1714: Potential OOB memory access in processing firmware configuration . - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command . - CVE-2016-1981: Potential DoS in e1000 device emulation by malicious privileged user within guest . - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers . This non-security issue was fixed: - Fix case of IDE interface needing busy status set before flush