Security update for spice SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:0176-1 Final 1 1 2019-02-14T09:39:48Z current 2019-02-14T09:39:48Z 2019-02-14T09:39:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for spice This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). This update was imported from the SUSE:SLE-12-SP3:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00025.html E-Mail link for openSUSE-SU-2019:0176-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libspice-server-devel-0.12.8-13.1 libspice-server1-0.12.8-13.1 spice-0.12.8-13.1 libspice-server-devel-0.12.8-13.1 as a component of openSUSE Leap 42.3 libspice-server1-0.12.8-13.1 as a component of openSUSE Leap 42.3 spice-0.12.8-13.1 as a component of openSUSE Leap 42.3 Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. CVE-2019-3813 openSUSE Leap 42.3:libspice-server-devel-0.12.8-13.1 openSUSE Leap 42.3:libspice-server1-0.12.8-13.1 openSUSE Leap 42.3:spice-0.12.8-13.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00025.html https://www.suse.com/security/cve/CVE-2019-3813.html CVE-2019-3813 https://bugzilla.suse.com/1122706 SUSE Bug 1122706