Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:0392-1

Опубликовано: 06 фев. 2017
Источник: suse-cvrf

Описание

Security update for spice

This security update for spice fixes the following issues:

CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. (bsc#1023078) CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a crafted message. (bsc#1023079)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2
libspice-server1-0.12.7-8.1
SUSE Linux Enterprise Server 12 SP2
libspice-server1-0.12.7-8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libspice-server1-0.12.7-8.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libspice-server-devel-0.12.7-8.1

Ссылки

Описание

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libspice-server1-0.12.7-8.1
SUSE Linux Enterprise Server 12 SP2:libspice-server1-0.12.7-8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libspice-server1-0.12.7-8.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libspice-server-devel-0.12.7-8.1
Ссылки

Описание

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libspice-server1-0.12.7-8.1
SUSE Linux Enterprise Server 12 SP2:libspice-server1-0.12.7-8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libspice-server1-0.12.7-8.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libspice-server-devel-0.12.7-8.1
Ссылки