Advisories » MGASA-2017-0062

Updated spice packages fix security vulnerability

Publication date: 23 Feb 2017
Modification date: 23 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9577 , CVE-2016-9578

Description

An authenticated attacker could send crafted messages to the spice server
causing a heap overflow leading to a crash or possible code execution.
(CVE-2016-9577)

An attacker able to connect to the spice server could send crafted
messages which would cause the process to crash. (CVE-2016-9578)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20251
• https://rhn.redhat.com/errata/RHSA-2017-0254.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9577
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578

SRPMS

5/core

• spice-0.12.5-2.4.mga5