spice-0.12.4-15.el7.1

エラータID: AXSA:2016-469:01

Release date: 
Monday, June 6, 2016 - 22:54
Subject: 
spice-0.12.4-15.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The Simple Protocol for Independent Computing Environments (SPICE) is
a remote display system built for virtual environments which allows
you to view a computing 'desktop' environment not only on the machine
where it is running, but from anywhere on the Internet and from a wide
variety of machine architectures.

Security issues fixed with this release:

CVE-2016-0749
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-2150
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2016-0749
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
CVE-2016-2150
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.
Additional Info: 

N/A

Download: 

SRPMS
  1. spice-0.12.4-15.el7.1.src.rpm
    MD5: 1429a12af0c24dcfc6bea1c3c3fb0dde
    SHA-256: 9b2ac22f301570db81c5ba1e31802e6d276915b8a031c64c6bd883daba2e4bc8
    Size: 1.72 MB

Asianux Server 7 for x86_64
  1. spice-server-0.12.4-15.el7.1.x86_64.rpm
    MD5: 8b8246f5aaa50a55c52e56f5e954ac19
    SHA-256: 10ba390e82b7d5fae544dae3d3fb62da807975cb00d7c3f21ed324a18e4161ce
    Size: 379.78 kB