Univention Corporate Server 3.2 erratum 349 (security)

These vulnerabilities have been fixed in qemu-kvm:
* Buffer overflow in the e1000 driver (CVE-2012-6075)
* Buffer overflow in virtio-net (CVE-2014-0150)
* Buffer overflow in processing SMART commands in the emulated IDE adaptor
  (CVE-2014-2894)
* Buffer overflow in the SCSI implementation in QEMU (CVE-2013-4344)
* Denial of service through division by zero in parallels driver
  (CVE-2014-0142)
* Integer overflows in various block drivers (CVE-2014-0143)
* Memory corruption in various block drivers (CVE-2014-0144)
* Buffer overflows in block drivers (CVE-2014-0145)
* NULL pointer dereference in qcow driver (CVE-2014-0146)
* Missing input sanitising in qcow driver (CVE-2014-0147)
* Out of bounds access in parsing qcow1 images (CVE-2014-0223, CVE-2014-0222)
* NULL pointer dereference in SLIRP (CVE-2014-3640)
* vmware_vga: insufficient parameter validation in rectangle functions
  (CVE-2014-3689)
* Missing sanitising of the bits_per_pixel value in the VNC display driver
  (CVE-2014-7815)
* Missing access checks in the Cirrus VGA emulator may result in privilege
  escalation (CVE-2014-8106)
* VGA emulator in QEMU allows local guest users to read host memory by
  setting the display to a high resolution (CVE-2014-3615)
* Virtualized Environment Neglected Operations Manipulation (VENOM)
  in QEMU's virtual Floppy Disk Controller (CVE-2015-3456)
* Denial of service due to insecure temporary file use in /net/slirp.c
  (CVE-2015-4037)
* A privileged guest user in a guest with an AMD PCNet ethernet card enabled
  can potentially use this flaw to execute arbitrary code on the host with
  the privileges of the hosting QEMU process (CVE-2015-3209)