SUSE-SU-2018:0877-1

Опубликовано: 05 апр. 2018

Источник: suse-cvrf

Описание

Security update for spice-gtk

This update for spice-gtk fixes the following issues:

CVE-2017-12194: A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable. (bsc#1085415)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3

libspice-client-glib-2_0-8-0.33-3.3.2

libspice-client-glib-helper-0.33-3.3.2

libspice-client-gtk-3_0-5-0.33-3.3.2

libspice-controller0-0.33-3.3.2

typelib-1_0-SpiceClientGlib-2_0-0.33-3.3.2

typelib-1_0-SpiceClientGtk-3_0-0.33-3.3.2

SUSE Linux Enterprise Server 12 SP3

libspice-client-glib-2_0-8-0.33-3.3.2

libspice-client-glib-helper-0.33-3.3.2

libspice-client-gtk-3_0-5-0.33-3.3.2

libspice-controller0-0.33-3.3.2

typelib-1_0-SpiceClientGlib-2_0-0.33-3.3.2

typelib-1_0-SpiceClientGtk-3_0-0.33-3.3.2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

libspice-client-glib-2_0-8-0.33-3.3.2

libspice-client-glib-helper-0.33-3.3.2

libspice-client-gtk-3_0-5-0.33-3.3.2

libspice-controller0-0.33-3.3.2

typelib-1_0-SpiceClientGlib-2_0-0.33-3.3.2

typelib-1_0-SpiceClientGtk-3_0-0.33-3.3.2

SUSE Linux Enterprise Software Development Kit 12 SP3

spice-gtk-devel-0.33-3.3.2

typelib-1_0-SpiceClientGtk-3_0-0.33-3.3.2

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20180877-1/
Link for SUSE-SU-2018:0877-1
https://lists.suse.com/pipermail/sle-security-updates/2018-April/003873.html
E-Mail link for SUSE-SU-2018:0877-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1085415
SUSE Bug 1085415
https://www.suse.com/security/cve/CVE-2017-12194/
SUSE CVE CVE-2017-12194 page

Описание

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP3:libspice-client-glib-2_0-8-0.33-3.3.2

SUSE Linux Enterprise Desktop 12 SP3:libspice-client-glib-helper-0.33-3.3.2

SUSE Linux Enterprise Desktop 12 SP3:libspice-client-gtk-3_0-5-0.33-3.3.2

SUSE Linux Enterprise Desktop 12 SP3:libspice-controller0-0.33-3.3.2

Ссылки

https://www.suse.com/security/cve/CVE-2017-12194.html
CVE-2017-12194
https://bugzilla.suse.com/1085415
SUSE Bug 1085415

SUSE-SU-2018:0877-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3

SUSE Linux Enterprise Server 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Software Development Kit 12 SP3

Ссылки

Уязвимость: CVE-2017-12194

Описание

Затронутые продукты

Ссылки