qemu: multiple vulnerabilities

A stack buffer-overflow vulnerability has been discovered in the QEMU emulator built with SCSI MegaRAID SAS HBA emulation support. The flaw occurs when processing the SCSI controller's CTRL_GET_INFO command. A privileged guest user could exploit this flaw to crash the QEMU process instance (denial of service). (CVE-2015-8613)

An out-of-bounds write vulnerability has been found in the QEMU emulator built with Human Monitor Interface(HMP) support. The issue occurs when the 'sendkey' command (in hmp_sendkey) is processed with a 'keyname_len' that is greater than the 'keyname_buf' array size. A user or process could exploit this flaw to crash the QEMU process instance (denial of service). (CVE-2015-8619)

An out-of-bounds read-write access flaw was found in the QEMU emulator built with NE2000-device emulation support. The flaw occurred while performing 'ioport' read-write operations. A privileged (CAP_SYS_RAWIO) user or process could exploit the flaw to leak or corrupt QEMU memory bytes (CVE-2015-8743)

A user-after-free vulnerability was discovered in the QEMU emulator built with IDE AHCI emulation support. The flaw could occur after processing AHCI Native Command Queuing(NCQ) AIO commands. A privileged user inside the guest could use this flaw to crash the QEMU process instance (denial of service) or potentially execute arbitrary code on the host with QEMU-process privileges (CVE-2016-1568).

An out-of-bounds read/write flaw was discovered in the QEMU emulator built with Firmware Configuration device emulation support. The flaw could occur while processing firmware configurations if the current configuration entry value was set to be invalid. A privileged(CAP_SYS_RAWIO) user or process inside the guest could exploit this flaw to crash the QEMU process instance (denial of service), or potentially execute arbitrary code on the host with QEMU-process privileges (CVE-2016-1714).