spice-gtk-0.26-8.AXS4.1, spice-server-0.12.4-16.AXS4.1
エラータID: AXSA:2018-3326:01
The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Asianux Server for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Asianux Virtualization Hypervisors.
The spice-gtk packages provide a GIMP Toolkit (GTK ) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol.
Security Fix(es):
* spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
This issue was discovered by Frediano Ziglio (Asianux).
CVE-2018-10873
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
Update packages.
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
N/A
SRPMS
- spice-gtk-0.26-8.AXS4.1.src.rpm
MD5: 4011c11a153014ff2297a426acb246fc
SHA-256: 6bcecb27c28e6b3da5913568865dab1888b38f8aecaf721ae2793ba408b28a47
Size: 1.29 MB - spice-server-0.12.4-16.AXS4.1.src.rpm
MD5: b928f200f477b76391541eff06f187c6
SHA-256: 58fc1c7aaea4d2d04954749c3216dcfa0931dda2dd77470e8eb6e1348674f3d6
Size: 1.76 MB
Asianux Server 4 for x86
- spice-glib-0.26-8.AXS4.1.i686.rpm
MD5: 695a48a36ff7e658ae6f2124971c1947
SHA-256: f1008b93295d39fe0d4f2c49cf1ba27e922e0e12caabe0b758660ea15be435ed
Size: 319.49 kB - spice-gtk-0.26-8.AXS4.1.i686.rpm
MD5: 0b997dbad6a608726b16c62d56a83fdd
SHA-256: 386d6627e8fcb8467c7096a33144acc2ae8b87c42e6b75f042c230674efcaf1e
Size: 69.21 kB - spice-gtk-python-0.26-8.AXS4.1.i686.rpm
MD5: 1367d5dd14fbd97fffac67dbe8862779
SHA-256: 181e41a8d761d993ea0410a2a55d86b96fc91432aa89dfd1dd7e38c2a8ed4a37
Size: 25.89 kB
Asianux Server 4 for x86_64
- spice-glib-0.26-8.AXS4.1.x86_64.rpm
MD5: 811f76bee1d0ef8f212c267d89cca284
SHA-256: fe662844ea90f073617e60f2695e12245962fc61297f82d9e7c730fff5afcdf9
Size: 315.53 kB - spice-gtk-0.26-8.AXS4.1.x86_64.rpm
MD5: 62a86511f2915d8881c00af93b4513b5
SHA-256: b7abbe01311c1ad1437a8beb0c295e73b6dc56dead1c2a133ee9ce713c51c338
Size: 69.71 kB - spice-gtk-python-0.26-8.AXS4.1.x86_64.rpm
MD5: 8487afbe4299a8c877b0f39821d9bbe9
SHA-256: 9d8d4f70ba8eda35a66654fd7d8696201d5c9bcd20210847d7a653a9f20ee4bc
Size: 26.95 kB - spice-glib-0.26-8.AXS4.1.i686.rpm
MD5: 695a48a36ff7e658ae6f2124971c1947
SHA-256: f1008b93295d39fe0d4f2c49cf1ba27e922e0e12caabe0b758660ea15be435ed
Size: 319.49 kB - spice-gtk-0.26-8.AXS4.1.i686.rpm
MD5: 0b997dbad6a608726b16c62d56a83fdd
SHA-256: 386d6627e8fcb8467c7096a33144acc2ae8b87c42e6b75f042c230674efcaf1e
Size: 69.21 kB - spice-server-0.12.4-16.AXS4.1.x86_64.rpm
MD5: b150563709817b4aaf2c9c193ea545f0
SHA-256: e3ad928b7333023c5fe93e191c91d01bc79fc184b91b83ea092840df9d445b87
Size: 346.06 kB