spice-0.12.4-20.el7

エラータID: AXSA:2017-1286:02

Release date: 
Monday, February 6, 2017 - 12:51
Subject: 
spice-0.12.4-20.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The Simple Protocol for Independent Computing Environments (SPICE) is
a remote display system built for virtual environments which allows
you to view a computing 'desktop' environment not only on the machine
where it is running, but from anywhere on the Internet and from a wide
variety of machine architectures.

Security issues fixed with this release:

CVE-2016-9577
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-9578
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2016-9577
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.
CVE-2016-9578
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.
Additional Info: 

N/A

Download: 

SRPMS
  1. spice-0.12.4-20.el7.src.rpm
    MD5: 83f2cd545bf5002639d3a41ec59f6230
    SHA-256: f4f0e6044c35ec062dacc1fcaad9e655a015b68a631024d883bb07662acf9d0e
    Size: 1.74 MB

Asianux Server 7 for x86_64
  1. spice-server-0.12.4-20.el7.x86_64.rpm
    MD5: 2c76a34bf8b3670d17b2f6208625eb82
    SHA-256: 1714d979dcccb092b4b4da034d979872e8f220615e83c726a08f4b3899aee60c
    Size: 381.23 kB