ELSA-2016-1205

Опубликовано: 06 июн. 2016

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2016-1205: spice security update (IMPORTANT)

[0.12.4-15.1]

Fix heap-based memory corruption within smartcard handling Resolves: CVE-2016-0749
Fix host memory access from guest with invalid primary surface parameters Resolves: CVE-2016-2150

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

spice-server

0.12.4-15.el7_2.1

spice-server-devel

0.12.4-15.el7_2.1

Связанные CVE

CVE-2016-2150

CVE-2016-0749

Ссылки на источники

Связанные уязвимости

openSUSE-SU-2016:1726-1

suse-cvrf

около 9 лет назад

Security update for spice

SUSE-SU-2016:1561-1

suse-cvrf

около 9 лет назад

Security update for spice

ELSA-2016-1204

oracle-oval

около 9 лет назад

ELSA-2016-1204: spice-server security update (IMPORTANT)

SUSE-SU-2016:1559-1

suse-cvrf

около 9 лет назад

Security update for spice

CVE-2016-0749

CVSS3: 9.8

ubuntu

около 9 лет назад

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.