LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

February 2017

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA February 2017

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Condense Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Content-Type:	text/plain; charset="utf-8"
Date:	Mon, 6 Feb 2017 16:21:06 -0000
Reply-To:	[log in to unmask]
Subject:	Security ERRATA Moderate: spice on SL7.x x86_64
MIME-Version:	1.0
Message-ID:	<[log in to unmask]>
Content-Transfer-Encoding:	7bit
Sender:	Security Errata for Scientific Linux <[log in to unmask]>
From:	Pat Riehecky <[log in to unmask]>
Parts/Attachments:	text/plain (27 lines)

Synopsis:          Moderate: spice security update
Advisory ID:       SLSA-2017:0254-1
Issue Date:        2017-02-05
CVE Numbers:       CVE-2016-9578
                   CVE-2016-9577
--

Security Fix(es):

* A vulnerability was discovered in spice in the server's protocol
handling. An authenticated attacker could send crafted messages to the
spice server causing a heap overflow leading to a crash or possible code
execution. (CVE-2016-9577)

* A vulnerability was discovered in spice in the server's protocol
handling. An attacker able to connect to the spice server could send
crafted messages which would cause the process to crash. (CVE-2016-9578)
--

SL7
  x86_64
    spice-debuginfo-0.12.4-20.el7_3.x86_64.rpm
    spice-server-0.12.4-20.el7_3.x86_64.rpm
    spice-server-devel-0.12.4-20.el7_3.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV