RedHat has issued an advisory on July 22:
Patched packages uploaded for Mageia 3 and Cauldron.
Mageia 2's version doesn't seem to contain the affected code, which is weird, because the version in RHEL6 is older. Perhaps the affected code was actually added to RHEL 6's version by one of the other 3883 patches they had previously added.
Updated qemu packages fix security vulnerability:
An unquoted search path flaw was found in the way the QEMU Guest Agent
service installation was performed on Windows. Depending on the permissions
of the directories in the unquoted search path, a local, unprivileged user
could use this flaw to have a binary of their choosing executed with SYSTEM
Updated packages in core/updates_testing:
Steps to Reproduce:
Testing complete mga3 64
Installed mga3 dualcd with virt-manager
Testing complete mga3 32
Validating. Advisory from comment 0 uploaded.
Could sysadmin please push from 3 core/updates_testing to core/updates.