spice-gtk-0.26-8.AXS4.2

エラータID: AXSA:2020-4447:01

Release date: 
Tuesday, February 11, 2020 - 12:49
Subject: 
spice-gtk-0.26-8.AXS4.2
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Moderate
Description: 

The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol.

Security Fix(es):

* spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows (CVE-2018-10893)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-10893
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

Solution: 

Update packages.

CVEs: 
CVE-2018-10893
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
Additional Info: 

N/A

Download: 

SRPMS
  1. spice-gtk-0.26-8.AXS4.2.src.rpm
    MD5: 55c043bdd88773c630fe03c909b56408
    SHA-256: 8a4c7cd9975992b854c8de7853c3bad465a4bf9c5653e5787e0fe1b3b09488c5
    Size: 1.29 MB

Asianux Server 4 for x86
  1. spice-glib-0.26-8.AXS4.2.i686.rpm
    MD5: 593fd9728f9c9db45e75f27a2a4614bc
    SHA-256: a8f9635bc9f9a1b7ad8ced25dcd55e7f64286d5c1181c6dcdf33800acc5ba17f
    Size: 319.89 kB
  2. spice-gtk-0.26-8.AXS4.2.i686.rpm
    MD5: a96946be47be8ce844e6475465ec833d
    SHA-256: d2ba89a64bb4cb6a832ecef50e052918ba211e37bd0c771364884b4b996a47a6
    Size: 69.32 kB
  3. spice-gtk-python-0.26-8.AXS4.2.i686.rpm
    MD5: 3096db4687aa515a8a86ebce85561b7f
    SHA-256: b3418a16fb950a27974c62e9c482afee7d8a18ad88d992eaf31f1e11ce21b7c7
    Size: 26.02 kB

Asianux Server 4 for x86_64
  1. spice-glib-0.26-8.AXS4.2.x86_64.rpm
    MD5: 4489a47f06db16ceeea4fa275b0a3e6a
    SHA-256: 7c3c0cd8fe8f6e2d3475b969b58b50b6c7b511f01da5d2a783f7d1c5485b0d8e
    Size: 315.88 kB
  2. spice-gtk-0.26-8.AXS4.2.x86_64.rpm
    MD5: 5f525ece396a73989521eb6c07f61369
    SHA-256: fc8d7c3d7aa817702dcb01b0271f0d70d4d2a9b74b84a8a29770013ac4c8f61d
    Size: 69.83 kB
  3. spice-gtk-python-0.26-8.AXS4.2.x86_64.rpm
    MD5: ff17f8568515bb99e77b85f3f75c2613
    SHA-256: 8c71577ab946b1ec782a44664cecef2648e0214df003438fc1d1cbfae70cd65a
    Size: 27.07 kB
  4. spice-glib-0.26-8.AXS4.2.i686.rpm
    MD5: 593fd9728f9c9db45e75f27a2a4614bc
    SHA-256: a8f9635bc9f9a1b7ad8ced25dcd55e7f64286d5c1181c6dcdf33800acc5ba17f
    Size: 319.89 kB
  5. spice-gtk-0.26-8.AXS4.2.i686.rpm
    MD5: a96946be47be8ce844e6475465ec833d
    SHA-256: d2ba89a64bb4cb6a832ecef50e052918ba211e37bd0c771364884b4b996a47a6
    Size: 69.32 kB