Описание
Security update for spice
This security update for spice fixes the following issues:
CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. (bsc#1023078) CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a crafted message. (bsc#1023079)
Список пакетов
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for SAP Applications 12
Ссылки
- Link for SUSE-SU-2017:0393-1
- E-Mail link for SUSE-SU-2017:0393-1
- SUSE Security Ratings
- SUSE Bug 1023078
- SUSE Bug 1023079
- SUSE CVE CVE-2016-9577 page
- SUSE CVE CVE-2016-9578 page
Описание
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.
Затронутые продукты
Ссылки
- CVE-2016-9577
- SUSE Bug 1023078
Описание
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.
Затронутые продукты
Ссылки
- CVE-2016-9578
- SUSE Bug 1023078
- SUSE Bug 1023079