Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2019-2229

Опубликовано: 13 авг. 2019
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2019-2229: spice-gtk security and bug fix update (MODERATE)

libgovirt [0.3.4-2]

  • Parse XML nodes automatically Related: rhbz#1427467
  • Set detailed error message for async call Related: rhbz#1427467

spice-gtk [0.35-4]

  • Fix bad channel-reset on usbredir Resolves: rhbz#1625550

[0.35-3]

  • Fix insufficient encoding checks for LZ Resolves: rhbz#1598652

spice-vdagent [0.14.0-18]

  • Fix clipboard logs on requests for targets on grab from client Resolves: rhbz#1594876
  • Make some clipboard logs debug instead of error Resolves: rhbz#1686008

[0.14.0-17]

  • Fix 'Dependency failed for Activation socket' message Resolves: rhbz#1545212
  • Fix socket leak Resolves: rhbz#1650596

virt-viewer [5.0.15]

  • Fix check for ovirt functions Related: rhbz#1427467

[5.0-14]

  • Listen to SpiceSession::disconnected Resolves: rhbz#1505809

[5.0.13]

  • Bypass errors from oVirt foreign menu queries Related: rhbz#1428401

[5.0-12]

  • Centralize recent dialog Resolves: rhbz#1508274
  • Always add guest name as comment Resolves: rhbz#1623756
  • Mark PrintScreen as translatable Resolves: rhbz#1510411
  • Remove symlink to spice-xpi-client-remote-viewer on update (it was dropped) Resolves: rhbz#1658325

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

libgovirt

0.3.4-3.el7

libgovirt-devel

0.3.4-3.el7

spice-glib

0.35-4.el7

spice-glib-devel

0.35-4.el7

spice-gtk-tools

0.35-4.el7

spice-gtk3

0.35-4.el7

spice-gtk3-devel

0.35-4.el7

spice-gtk3-vala

0.35-4.el7

spice-vdagent

0.14.0-18.el7

virt-viewer

5.0-15.el7

Oracle Linux x86_64

libgovirt

0.3.4-3.el7

libgovirt-devel

0.3.4-3.el7

spice-glib

0.35-4.el7

spice-glib-devel

0.35-4.el7

spice-gtk-tools

0.35-4.el7

spice-gtk3

0.35-4.el7

spice-gtk3-devel

0.35-4.el7

spice-gtk3-vala

0.35-4.el7

spice-vdagent

0.14.0-18.el7

virt-viewer

5.0-15.el7

Связанные CVE

CVE-2018-10893

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2018-10893

CVSS3: 7.6
ubuntu
больше 7 лет назад

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

redhat логотип

CVE-2018-10893

CVSS3: 7.6
redhat
больше 7 лет назад

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

nvd логотип

CVE-2018-10893

CVSS3: 7.6
nvd
больше 7 лет назад

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

debian логотип

CVE-2018-10893

CVSS3: 7.6
debian
больше 7 лет назад

Multiple integer overflow and buffer overflow issues were discovered i ...

github логотип

GHSA-5jqv-xfc2-wmwv

CVSS3: 8.8
github
больше 3 лет назад

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.