ALT-PU-2015-1864-1
Closed vulnerabilities
Published: 2016-06-07
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-5260
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
Severity: HIGH (7.8)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- [Spice-devel] 20151006 Announcing spice 0.12.6
- [Spice-devel] 20151006 Announcing spice 0.12.6
- RHSA-2015:1889
- RHSA-2015:1889
- RHSA-2015:1890
- RHSA-2015:1890
- DSA-3371
- DSA-3371
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 77019
- 77019
- 1033753
- 1033753
- USN-2766-1
- USN-2766-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1260822
- https://bugzilla.redhat.com/show_bug.cgi?id=1260822
- GLSA-201606-05
- GLSA-201606-05
Published: 2016-06-07
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-5261
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
Severity: HIGH (7.1)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
References:
- [Spice-devel] 20151006 Announcing spice 0.12.6
- [Spice-devel] 20151006 Announcing spice 0.12.6
- RHSA-2015:1889
- RHSA-2015:1889
- RHSA-2015:1890
- RHSA-2015:1890
- DSA-3371
- DSA-3371
- [oss-security] 20151006 Fwd: [vs-plain] CVE-2015-5261
- [oss-security] 20151006 Fwd: [vs-plain] CVE-2015-5261
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 1033753
- 1033753
- USN-2766-1
- USN-2766-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1261889
- https://bugzilla.redhat.com/show_bug.cgi?id=1261889
- GLSA-201606-05
- GLSA-201606-05