spice-server-0.12.4-16.AXS4.2

エラータID: AXSA:2018-3432:01

Release date: 
Monday, December 10, 2018 - 05:13
Subject: 
spice-server-0.12.4-16.AXS4.2
Affected Channels: 
Asianux Server 4 for x86_64
Severity: 
High
Description: 

The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Asianux Server for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Asianux Virtualization Hypervisors.

Security Fix(es):

* spice: Possible buffer overflow via invalid monitor configurations (CVE-2017-7506)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

This issue was discovered by Frediano Ziglio (Asianux).

CVE-2017-7506
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.

Solution: 

Update packages.

CVEs: 
CVE-2017-7506
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.
Additional Info: 

N/A

Download: 

SRPMS
  1. spice-server-0.12.4-16.AXS4.2.src.rpm
    MD5: 9c4db8bd9b227aaced3c471c3b842c34
    SHA-256: 163970fa33eceb2599e80c95874a0f77e43f2e488cf4ff0c5bd7bf8331d8ee7f
    Size: 1.76 MB

Asianux Server 4 for x86_64
  1. spice-server-0.12.4-16.AXS4.2.x86_64.rpm
    MD5: 9a5beb9c062ccf79578bcf91030799ae
    SHA-256: 02c0cb4fbc5fb4524108332acd67888c16085616f7fc638c078d5b345b32fe0f
    Size: 346.31 kB