spice-0.14.0-6.el7.1

エラータID: AXSA:2019-3720:03

Release date: 
Thursday, February 21, 2019 - 04:26
Subject: 
spice-0.14.0-6.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.

Security Fix(es):

* spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

This issue was discovered by Christophe Fergeau (Asianux).

CVE-2019-3813
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.

Solution: 

Update packages.

CVEs: 
CVE-2019-3813
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
Additional Info: 

N/A

Download: 

SRPMS
  1. spice-0.14.0-6.el7.1.src.rpm
    MD5: 9f9282370228a3ba7e763c618d9c6863
    SHA-256: 338fa7e65b7825196042af993a360852edce82a39d46dc9f1eaa78dcb581a1bb
    Size: 1.32 MB

Asianux Server 7 for x86_64
  1. spice-server-0.14.0-6.el7.1.x86_64.rpm
    MD5: 4d4c34caf97652ef0456aab330f9591e
    SHA-256: 376e524727581e15b842acf755a74522b3fa7a301080a0ba59582a6761ac92b9
    Size: 401.98 kB