Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or information disclosure.
In addition this update backports support to passthrough the new md-clear CPU flag added in the intel-microcode update shipped in DSA 4447 to x86-based guests.
For the stable distribution (stretch), these problems have been fixed in version 1:2.8+dfsg-6+deb9u6.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/