Synopsis: Moderate: spice security update Advisory ID: SLSA-2017:0254-1 Issue Date: 2017-02-05 CVE Numbers: CVE-2016-9578 CVE-2016-9577 -- Security Fix(es): * A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. (CVE-2016-9577) * A vulnerability was discovered in spice in the server's protocol handling. An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. (CVE-2016-9578) -- SL7 x86_64 spice-debuginfo-0.12.4-20.el7_3.x86_64.rpm spice-server-0.12.4-20.el7_3.x86_64.rpm spice-server-devel-0.12.4-20.el7_3.x86_64.rpm - Scientific Linux Development Team