Advisories ยป MGASA-2014-0022

Updated spice packages fix a security vulnerability

Publication date: 21 Jan 2014
Modification date: 21 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4282

Description

Updated spice packages fix security vulnerability:

A stack-based buffer overflow flaw was found in the way the
reds_handle_ticket() function in the spice-server library handled
decryption of ticket data provided by the client. A remote user able to
initiate a SPICE connection to an application acting as a SPICE server
could use this flaw to crash the application (CVE-2013-4282).
                

References

SRPMS

3/core