Advisories » MGASA-2014-0022

Updated spice packages fix a security vulnerability

Publication date: 21 Jan 2014
Modification date: 21 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4282

Description

Updated spice packages fix security vulnerability:

A stack-based buffer overflow flaw was found in the way the
reds_handle_ticket() function in the spice-server library handled
decryption of ticket data provided by the client. A remote user able to
initiate a SPICE connection to an application acting as a SPICE server
could use this flaw to crash the application (CVE-2013-4282).
                

References

• https://rhn.redhat.com/errata/RHSA-2013-1473.html
• https://bugs.mageia.org/show_bug.cgi?id=12266
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4282

SRPMS

3/core

• spice-0.12.2-5.2.mga3