Fedora 21: qemu Security Update 2015-5482
Summary
QEMU is a generic and open source processor emulator which achieves a good
emulation speed by using dynamic translation. QEMU has two operating modes:
* Full system emulation. In this mode, QEMU emulates a full system (for
example a PC), including a processor and various peripherials. It can be
used to launch different Operating Systems without rebooting the PC or
to debug system code.
* User mode emulation. In this mode, QEMU can launch Linux processes compiled
for one CPU on another CPU.
As QEMU requires no host kernel patches to run, it is safe and easy to use.
Update Information:
* CVE-2015-1779 vnc: insufficient resource limiting in VNC websockets decoder (bz #1205051, bz #1199572) * Qemu: PRDT overflow from guest to host (bz #1204919, bz #1205322) * CVE-2014-8106: cirrus: insufficient blit region checks (bz #1170612, bz #1169454) * Fix .vdi disk corruption (bz #1199400) * Don't install ksm services as executable (bz #1192720)
Change Log
* Thu Apr 2 2015 Cole Robinson
References
[ 1 ] Bug #1204919 - Qemu: PRDT overflow from guest to host https://bugzilla.redhat.com/show_bug.cgi?id=1204919 [ 2 ] Bug #1199572 - CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder https://bugzilla.redhat.com/show_bug.cgi?id=1199572 [ 3 ] Bug #1169454 - CVE-2014-8106 qemu: cirrus: insufficient blit region checks https://bugzilla.redhat.com/show_bug.cgi?id=1169454
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update qemu' at the command line. For more information, refer to "Managing Software with yum", available at .