ELSA-2018-2731

Опубликовано: 20 сент. 2018

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2018-2731: spice and spice-gtk security update (IMPORTANT)

spice [0.14.0-2.0.2]

add arm suppport

[0.14.0-2.5]

Fix flexible array buffer overflow Resolves: rhbz#1596008

spice-gtk [0.34-3.2]

Fix flexible array buffer overflow Resolves: rhbz#1596008

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

spice-glib

0.34-3.el7_5.2

spice-glib-devel

0.34-3.el7_5.2

spice-gtk-tools

0.34-3.el7_5.2

spice-gtk3

0.34-3.el7_5.2

spice-gtk3-devel

0.34-3.el7_5.2

spice-gtk3-vala

0.34-3.el7_5.2

spice-server

0.14.0-2.0.2.el7_5.5

spice-server-devel

0.14.0-2.0.2.el7_5.5

Oracle Linux x86_64

spice-glib

0.34-3.el7_5.2

spice-glib-devel

0.34-3.el7_5.2

spice-gtk-tools

0.34-3.el7_5.2

spice-gtk3

0.34-3.el7_5.2

spice-gtk3-devel

0.34-3.el7_5.2

spice-gtk3-vala

0.34-3.el7_5.2

spice-server

0.14.0-2.el7_5.5

spice-server-devel

0.14.0-2.el7_5.5

Связанные CVE

CVE-2018-10873

Ссылки на источники

Связанные уязвимости

CVE-2018-10873

CVSS3: 8.3

ubuntu

около 7 лет назад

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.