Synopsis: Important: qspice security update Issue date: 2010-08-19 CVE Names: CVE-2010-0428 CVE-2010-0429 It was found that the libspice component of QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0428) It was found that the libspice component of QEMU-KVM on the host could be forced to perform certain memory management operations on memory addresses controlled by a guest. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-0429) SL 5.x SRPMS: qspice-0.3.0-54.el5_5.2.src.rpm x86_64: qspice-0.3.0-54.el5_5.2.x86_64.rpm qspice-libs-0.3.0-54.el5_5.2.x86_64.rpm qspice-libs-devel-0.3.0-54.el5_5.2.x86_64.rpm -Connie Sieh -Troy Dawson