This update for qemu fixes the following security issues: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command to the agent via the listening socket causing DoS - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams With this release the mitigations for Spectre v4 are moved the the patches from upstream .