Описание
Security update for spice
This update for spice fixes the following issues:
Security issue fixed:
- CVE-2019-3813: Fixed an out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706).
Список пакетов
SUSE Linux Enterprise Server 11 SP4
libspice-server1-0.12.4-18.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libspice-server1-0.12.4-18.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libspice-server-devel-0.12.4-18.1
Ссылки
- Link for SUSE-SU-2019:13943-1
- E-Mail link for SUSE-SU-2019:13943-1
- SUSE Security Ratings
- SUSE Bug 1122706
- SUSE CVE CVE-2019-3813 page
Описание
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libspice-server1-0.12.4-18.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libspice-server1-0.12.4-18.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libspice-server-devel-0.12.4-18.1
Ссылки
- CVE-2019-3813
- SUSE Bug 1122706