KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides theuser-space component for running virtual machines using KVM.It was found that the Cirrus blit region checks were insufficient. Aprivileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space withattacker-provided data. (CVE-2014-8106)This issue was found by Paolo Bonzini of Red Hat.This update also fixes the following bug:All qemu-kvm users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. After installing thisupdate, shut down all running virtual machines. Once all virtual machineshave shut down, start them again for this update to take effect.