Security update for spice SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1750-1 Final 1 1 2015-10-07T17:27:31Z current 2015-10-07T17:27:31Z 2015-10-07T17:27:31Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for spice Spice was updated to fix four security issues. The following vulnerabilities were fixed: * CVE-2015-3247: heap corruption in the spice server (bsc#944460) * CVE-2015-5261: Guest could have accessed host memory using crafted images (bsc#948976) * CVE-2015-5260: Insufficient validation of surface_id parameter could have caused a crash (bsc#944460) * CVE-2013-4282: Buffer overflow in password handling (bsc#848279) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-10/msg00032.html E-Mail link for openSUSE-SU-2015:1750-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings libspice-server-devel-0.12.4-2.3.1 libspice-server1-0.12.4-2.3.1 spice-0.12.4-2.3.1 spice-client-0.12.4-2.3.1 Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket. CVE-2013-4282 important Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-10/msg00032.html https://www.suse.com/security/cve/CVE-2013-4282.html CVE-2013-4282 https://bugzilla.suse.com/848279 SUSE Bug 848279 Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors. CVE-2015-3247 important Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-10/msg00032.html https://www.suse.com/security/cve/CVE-2015-3247.html CVE-2015-3247 https://bugzilla.suse.com/944460 SUSE Bug 944460 Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter. CVE-2015-5260 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-10/msg00032.html https://www.suse.com/security/cve/CVE-2015-5260.html CVE-2015-5260 https://bugzilla.suse.com/944787 SUSE Bug 944787 Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation. CVE-2015-5261 moderate 3.3 AV:L/AC:M/Au:N/C:P/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-10/msg00032.html https://www.suse.com/security/cve/CVE-2015-5261.html CVE-2015-5261 https://bugzilla.suse.com/948976 SUSE Bug 948976 https://bugzilla.suse.com/982386 SUSE Bug 982386