ELSA-2018-2732

Опубликовано: 20 сент. 2018

Источник: oracle-oval

Платформа: Oracle Linux 6

Описание

ELSA-2018-2732: spice-gtk and spice-server security update (IMPORTANT)

spice-gtk [0.26-8.1]

Fix flexible array buffer overflow Resolves: rhbz#1596008

spice-server [0.12.4-16.1]

Fix flexible array buffer overflow Resolves: rhbz#1596008

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

spice-glib

0.26-8.el6_10.1

spice-glib-devel

0.26-8.el6_10.1

spice-gtk

0.26-8.el6_10.1

spice-gtk-devel

0.26-8.el6_10.1

spice-gtk-python

0.26-8.el6_10.1

spice-gtk-tools

0.26-8.el6_10.1

spice-server

0.12.4-16.el6_10.1

spice-server-devel

0.12.4-16.el6_10.1

Oracle Linux i686

spice-glib

0.26-8.el6_10.1

spice-glib-devel

0.26-8.el6_10.1

spice-gtk

0.26-8.el6_10.1

spice-gtk-devel

0.26-8.el6_10.1

spice-gtk-python

0.26-8.el6_10.1

spice-gtk-tools

0.26-8.el6_10.1

Связанные CVE

CVE-2018-10873

Ссылки на источники

Связанные уязвимости

CVE-2018-10873

CVSS3: 8.3

ubuntu

около 7 лет назад

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.