Package SPICE updated to version 0.13.90-alt1 for branch sisyphus in task 187863.

Published: 2018-07-27
Modified: 2024-11-21

CVE-2016-9577

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

RHSA-2017:0253
RHSA-2017:0253
RHSA-2017:0549
RHSA-2017:0549
96040
96040
RHSA-2017:0254
RHSA-2017:0254
RHSA-2017:0552
RHSA-2017:0552
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577
DSA-3790
DSA-3790

Published: 2018-07-28
Modified: 2024-11-21

CVE-2016-9578

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

RHSA-2017:0253
RHSA-2017:0253
RHSA-2017:0549
RHSA-2017:0549
96118
96118
RHSA-2017:0254
RHSA-2017:0254
RHSA-2017:0552
RHSA-2017:0552
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9578
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9578
DSA-3790
DSA-3790

Version: 2.1.0

Package SPICE update in sisyphus on 2017-09-08

ALT-PU-2017-2174-1

Closed vulnerabilities

CVE-2016-9577

CVE-2016-9578