spice-0.14.0-6.el7.1
エラータID: AXSA:2019-3720:03
The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.
Security Fix(es):
* spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
This issue was discovered by Christophe Fergeau (Asianux).
CVE-2019-3813
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
Update packages.
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
N/A
SRPMS
- spice-0.14.0-6.el7.1.src.rpm
MD5: 9f9282370228a3ba7e763c618d9c6863
SHA-256: 338fa7e65b7825196042af993a360852edce82a39d46dc9f1eaa78dcb581a1bb
Size: 1.32 MB
Asianux Server 7 for x86_64
- spice-server-0.14.0-6.el7.1.x86_64.rpm
MD5: 4d4c34caf97652ef0456aab330f9591e
SHA-256: 376e524727581e15b842acf755a74522b3fa7a301080a0ba59582a6761ac92b9
Size: 401.98 kB