Advisories » MGASA-2019-0032

Updated spice-vdagent package fixes security vulnerability

Publication date: 11 Jan 2019
Modification date: 11 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-15108

Description

Improperly escaped save directory that is passed to the shell allows
local attacker with access to the session the agent runs to inject
arbitrary commands to be executed (CVE-2017-15108).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22564
• https://lists.opensuse.org/opensuse-updates/2018-02/msg00028.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15108

SRPMS

6/core

• spice-vdagent-0.18.0-1.mga6