Описание
Security update for spice
This update for spice fixes the following issues:
Security issue fixed:
- CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706).
Non-security issue fixed:
- Include spice-server tweak to compensate for performance issues with Windows guests (bsc#1109044).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15
libspice-server-devel-0.14.0-4.6.2
libspice-server1-0.14.0-4.6.2
Ссылки
- Link for SUSE-SU-2019:0242-1
- E-Mail link for SUSE-SU-2019:0242-1
- SUSE Security Ratings
- SUSE Bug 1109044
- SUSE Bug 1122706
- SUSE CVE CVE-2019-3813 page
Описание
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15:libspice-server-devel-0.14.0-4.6.2
SUSE Linux Enterprise Module for Server Applications 15:libspice-server1-0.14.0-4.6.2
Ссылки
- CVE-2019-3813
- SUSE Bug 1122706