Описание
ELSA-2019-0232: spice-server security update (IMPORTANT)
[0.12.4-16.3]
- Fix off-by-one error during guest-to-host memory address conversion Resolves: CVE-2019-3813
[0.12.4-16.2]
- Prevent potential buffer/integer overflows with invalid MonitorsConfig messages sent from an authenticated client Resolves: CVE-2017-7506
[0.12.4-16.1]
- Fix flexible array buffer overflow Resolves: rhbz#1596008
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
spice-server
0.12.4-16.el6_10.3
spice-server-devel
0.12.4-16.el6_10.3
Связанные CVE
Связанные уязвимости
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-boun ...
