Описание
Security update for spice
This security update for spice fixes the following issues:
- CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. (bsc#1023078)
- CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a crafted message. (bsc#1023079)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Список пакетов
openSUSE Leap 42.2
libspice-server-devel-0.12.7-3.1
libspice-server1-0.12.7-3.1
spice-0.12.7-3.1
spice-client-0.12.7-3.1
Ссылки
- E-Mail link for openSUSE-SU-2017:0419-1
- SUSE Security Ratings
Описание
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.
Затронутые продукты
openSUSE Leap 42.2:libspice-server-devel-0.12.7-3.1
openSUSE Leap 42.2:libspice-server1-0.12.7-3.1
openSUSE Leap 42.2:spice-0.12.7-3.1
openSUSE Leap 42.2:spice-client-0.12.7-3.1
Ссылки
- CVE-2016-9577
- SUSE Bug 1023078
Описание
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.
Затронутые продукты
openSUSE Leap 42.2:libspice-server-devel-0.12.7-3.1
openSUSE Leap 42.2:libspice-server1-0.12.7-3.1
openSUSE Leap 42.2:spice-0.12.7-3.1
openSUSE Leap 42.2:spice-client-0.12.7-3.1
Ссылки
- CVE-2016-9578
- SUSE Bug 1023078
- SUSE Bug 1023079