SCIENTIFIC-LINUX-ERRATA Archives

August 2017

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: spice on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Mon, 21 Aug 2017 15:40:11 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (24 lines) 
Synopsis:          Important: spice security update
Advisory ID:       SLSA-2017:2471-1
Issue Date:        2017-08-15
CVE Numbers:       CVE-2017-7506
--

Security Fix(es):

* A vulnerability was discovered in spice server's protocol handling. An
authenticated attacker could send specially crafted messages to the spice
server, causing out-of-bounds memory accesses, leading to parts of server
memory being leaked or a crash. (CVE-2017-7506)

This issue was discovered by Frediano Ziglio (Red Hat).
--

SL7
  x86_64
    spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm
    spice-server-0.12.8-2.el7.1.x86_64.rpm
    spice-server-devel-0.12.8-2.el7.1.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2