spice-server-0.12.4-6.AXS4.1

エラータID: AXSA:2014-003:01

Release date: 
Tuesday, March 18, 2014 - 19:33
Subject: 
spice-server-0.12.4-6.AXS4.1
Affected Channels: 
Asianux Server 4 for x86_64
Severity: 
High
Description: 

The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.

This package contains the runtime libraries for any application that wishes to be a SPICE server.

Security issues fixed with this release:

• CVE-2013-4282
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.

Fixed bugs:

• Previously, the SPICE server assumed that the client was connected until they got disconnected, and continued to communicate with it even if unresponsive. This could lead to queues filling up. Now the SPICE server disconnect as soon as the client is unresponsive.

Solution: 

Update packages.

CVEs: 
CVE-2013-4282
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.
Additional Info: 

N/A

Download: 

SRPMS
  1. spice-server-0.12.4-6.AXS4.1.src.rpm
    MD5: 78a172c8369ddef53f441bdf4396d75a
    SHA-256: 8d90c39f9a0a354f9df29179dc5bebd8337da128be0ebabd500a1bfe11251a4e
    Size: 1.71 MB

Asianux Server 4 for x86_64
  1. spice-server-0.12.4-6.AXS4.1.x86_64.rpm
    MD5: 557b3ddf9d0f8fe89c04432686f3ad7c
    SHA-256: 10925785b0c5cf6d219a568ad39cb325d6f6190890ddffc652ffd4db57c8d5a8
    Size: 347.08 kB