Advisories ยป MGASA-2019-0100

Updated spice packages fix security vulnerability

Publication date: 22 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-3813 , CVE-2018-10873 , CVE-2018-10893


Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds
read due to an off-by-one error in memslot_get_virt. This may lead to a
denial of service, or, in the worst case, code-execution by unauthenticated
attackers. (CVE-2019-3813)

A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages lacked sufficient bounds
checks. A malicious client or server, after authentication, could send
specially crafted messages to its peer which would result in a crash or,
potentially, other impacts. (CVE-2018-10873)

Multiple integer overflow and buffer overflow issues were discovered in
spice-client's handling of LZ compressed frames. A malicious server could
cause the client to crash or, potentially, execute arbitrary code.