LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:          Important: spice security update
Advisory ID:       SLSA-2017:2471-1
Issue Date:        2017-08-15
CVE Numbers:       CVE-2017-7506
--

Security Fix(es):

* A vulnerability was discovered in spice server's protocol handling. An
authenticated attacker could send specially crafted messages to the spice
server, causing out-of-bounds memory accesses, leading to parts of server
memory being leaked or a crash. (CVE-2017-7506)

This issue was discovered by Frediano Ziglio (Red Hat).
--

SL7
  x86_64
    spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm
    spice-server-0.12.8-2.el7.1.x86_64.rpm
    spice-server-devel-0.12.8-2.el7.1.x86_64.rpm

- Scientific Linux Development Team