spice-server-0.12.4-13.AXS4.1
エラータID: AXSA:2016-468:02
The Simple Protocol for Independent Computing Environments (SPICE) is
a remote display system built for virtual environments which allows
you to view a computing 'desktop' environment not only on the machine
where it is running, but from anywhere on the Internet and from a wide
variety of machine architectures.
This package contains the runtime libraries for any application that wishes
to be a SPICE server.
Security issues fixed with this release:
CVE-2016-0749
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-2150
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Update packages.
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.
N/A
SRPMS
- spice-server-0.12.4-13.AXS4.1.src.rpm
MD5: 08049f18488aab69ccc774a1ac426a11
SHA-256: 285e1d1839c0262cf925bea3278962e767822a3708c69dea11c9d8af8e7c3060
Size: 1.75 MB
Asianux Server 4 for x86_64
- spice-server-0.12.4-13.AXS4.1.x86_64.rpm
MD5: d116ffed5ae41aa364ad0aa285932e2b
SHA-256: 9609e459df14ee8e91a373296bdac9da126c1ce22a55053ab1417bf5fdc22943
Size: 345.44 kB
日本語