Fedora 25: QEMU Update Addresses Critical Memory Leaks and Threats

QEMU is a generic and open source processor emulator which achieves a good

emulation speed by using dynamic translation. QEMU has two operating modes:

* Full system emulation. In this mode, QEMU emulates a full system (for

example a PC), including a processor and various peripherials. It can be

used to launch different Operating Systems without rebooting the PC or

to debug system code.

* User mode emulation. In this mode, QEMU can launch Linux processes compiled

for one CPU on another CPU.

As QEMU requires no host kernel patches to run, it is safe and easy to use.

* CVE-2016-6836: vmxnet: Information leakage in vmxnet3_complete_packet (bz #1366370) * CVE-2016-7909: pcnet: Infinite loop in pcnet_rdra_addr (bz #1381196) * CVE-2016-7994: virtio-gpu: memory leak in resource_create_2d (bz #1382667) * CVE-2016-8577: 9pfs: host memory leakage in v9fs_read (bz #1383286) * CVE-2016-8578: 9pfs: potential NULL dereferencein 9pfs routines (bz #1383292) * CVE-2016-8668: OOB buffer access in rocker switch emulation (bz #1384898) * CVE-2016-8669: divide by zero error in serial_update_parameters (bz #1384911) * CVE-2016-8909: intel-hda: infinite loop in dma buffer stream (bz #1388053) * Infinite loop vulnerability in a9_gtimer_update (bz #1388300) * CVE-2016-9101: eepro100: memory leakage at device unplug (bz #1389539) * CVE-2016-9103: 9pfs: information leakage via xattr (bz #1389643) * CVE-2016-9102: 9pfs: memory leakage when creating extended attribute (bz #1389551) * CVE-2016-9104: 9pfs: integer overflow leading to OOB access (bz #1389687) * CVE-2016-9105...