ALT Linux Team

Package SPICE update in sisyphus on 2018-08-31

ALT-PU-2018-2257-1

Package SPICE updated to version 0.14.1-alt1 for branch sisyphus in task 212392.

Closed vulnerabilities

Published: 2018-08-17

BDU:2019-00441

Уязвимость функции write_validate_array_item() («demarshal.py») системы рендеринга удаленного виртуального «рабочего стола» SPICE (the Simple Protocol for Independent Computing Environments), связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
References:
Published: 2018-08-17
Modified: 2024-11-21

CVE-2018-10873

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top