Synopsis: Moderate: spice security update
Advisory ID: SLSA-2017:0254-1
Issue Date: 2017-02-05
CVE Numbers: CVE-2016-9578
CVE-2016-9577
—
Security Fix(es):
* A vulnerability was discovered in spice in the server’s protocol
handling. An authenticated attacker could send crafted messages to the
spice server causing a heap overflow leading to a crash or possible code
execution. (CVE-2016-9577)
* A vulnerability was discovered in spice in the server’s protocol
handling. An attacker able to connect to the spice server could send
crafted messages which would cause the process to crash. (CVE-2016-9578)
—
SL7
x86_64
spice-debuginfo-0.12.4-20.el7_3.x86_64.rpm
spice-server-0.12.4-20.el7_3.x86_64.rpm
spice-server-devel-0.12.4-20.el7_3.x86_64.rpm
– Scientific Linux Development Team
