Описание
ELSA-2013-1473: spice-server security update (IMPORTANT)
[0.12.0-12.5]
- Fix issue with error-handling of RSA_private_decrypt() in previous patch Related: CVE-2013-4282
[0.12.0-12.el6_4.4]
- Fix buffer overflow when decrypting client SPICE ticket Resolves: CVE-2013-4282
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
spice-server
0.12.0-12.el6_4.5
spice-server-devel
0.12.0-12.el6_4.5
Связанные CVE
Связанные уязвимости
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.
Stack-based buffer overflow in the reds_handle_ticket function in serv ...
