Описание
Security update for spice
The remote desktop software SPICE was updated to address one security issue.
The following vulnerabilitiy was fixed:
- A stack-based buffer overflow in the password handling code allowed remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket. (bsc#848279, CVE-2013-4282)
Список пакетов
SUSE Linux Enterprise Desktop 12
libspice-server1-0.12.4-6.1
SUSE Linux Enterprise Server 12
libspice-server1-0.12.4-6.1
SUSE Linux Enterprise Server for SAP Applications 12
libspice-server1-0.12.4-6.1
Ссылки
- Link for SUSE-SU-2015:0884-1
- E-Mail link for SUSE-SU-2015:0884-1
- SUSE Security Ratings
- SUSE Bug 848279
- SUSE CVE CVE-2013-4282 page
Описание
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:libspice-server1-0.12.4-6.1
SUSE Linux Enterprise Server 12:libspice-server1-0.12.4-6.1
SUSE Linux Enterprise Server for SAP Applications 12:libspice-server1-0.12.4-6.1
Ссылки
- CVE-2013-4282
- SUSE Bug 848279