Advisories » MGASA-2015-0394

Updated spice packages fix security vulnerabilities

Publication date: 09 Oct 2015
Modification date: 09 Oct 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5260 , CVE-2015-5261

Description

Frediano Ziglio discovered multiple buffer overflows, undefined behavior
signed integer operations, race conditions, memory leaks, and denial
of service issues in Spice. A malicious guest operating system could
potentially exploit these issues to escape virtualization (CVE-2015-5260,
CVE-2015-5261).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16919
• http://www.ubuntu.com/usn/usn-2766-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5260
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5261

SRPMS

5/core

• spice-0.12.5-2.2.mga5