spice-0.12.4-9.el7.3

エラータID: AXSA:2015-509:01

Release date: 
Tuesday, October 13, 2015 - 15:35
Subject: 
spice-0.12.4-9.el7.3
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The Simple Protocol for Independent Computing Environments (SPICE) is
a remote display system built for virtual environments which allows
you to view a computing 'desktop' environment not only on the machine
where it is running, but from anywhere on the Internet and from a wide
variety of machine architectures.

Security issues fixed with this release:

CVE-2015-5260
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-5261
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2015-5260
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
CVE-2015-5261
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
Additional Info: 

N/A

Download: 

SRPMS
  1. spice-0.12.4-9.el7.3.src.rpm
    MD5: b552ea82e1c6d940292e28c2a5c22267
    SHA-256: f22ef4ee24d58576f6627e2d8c94ad14a9a8029e0b4f5cdce4484de66cf6e794
    Size: 1.71 MB

Asianux Server 7 for x86_64
  1. spice-server-0.12.4-9.el7.3.x86_64.rpm
    MD5: f0aa4cd3647fce52c74e194ac712d427
    SHA-256: 6bcbb4b79e08149d3cb4a76b64d806ef08d41e5ad6c55377153f8f642be08bc8
    Size: 378.51 kB