qemu was updated to fix several issues. These security issues were fixed: - CVE-2016-9102: Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in allowed local guest OS administrators to cause a denial of service via a large number of Txattrcreate messages with the same fid number . - CVE-2016-9103: The v9fs_xattrcreate function in hw/9pfs/9p.c in allowed local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values writing to them . - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in "mcf_fec_receive". A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS . - CVE-2016-9845: The Virtio GPU Device emulator support as vulnerable to an information leakage issue while processing the "VIRTIO_GPU_CMD_GET_CAPSET_INFO" command. A guest user/process could have used this flaw to leak contents of the host memory . - CVE-2016-9846: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue while updating the cursor data in update_cursor_data_virgl. A guest user/process could have used this flaw to leak host memory bytes, resulting in DoS for the host . - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in "usbredir_handle_destroy". A guest user/process could have used this issue to leak host memory, resulting in DoS for a host . - CVE-2016-9908: The Virtio GPU Device emulator support was vulnerable to an information leakage issue while processing the "VIRTIO_GPU_CMD_GET_CAPSET" command. A guest user/process could have used this flaw to leak contents of the host memory . - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in "ehci_init_transfer". A guest user/process could have used this issue to leak host memory, resulting in DoS for the host . - CVE-2016-9912: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue while destroying gpu resource object in "virtio_gpu_resource_destroy". A guest user/process could have used this flaw to leak host memory bytes, resulting in DoS for the host . - CVE-2016-9913: VirtFS was vulnerable to memory leakage issue via its "9p-handle" or "9p-proxy" backend drivers. A privileged user inside guest could have used this flaw to leak host memory, thus affecting other services on the host and/or potentially crash the Qemu process on the host . These non-security issues were fixed: - Fixed uint64 property parsing and add regression tests - Added a man page for kvm_stat - Fix crash in vte - Various upstream commits targeted towards stable releases