CentOS Errata and Security Advisory CESA-2016:1205
The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing ‘desktop’ environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.
Security Fix(es):
A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice’s smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code with the privileges of the host’s QEMU-KVM process. (CVE-2016-0749)
A memory access flaw was found in the way spice handled certain guests using crafted primary surface parameters. A user in a guest could use this flaw to read from and write to arbitrary memory locations on the host. (CVE-2016-2150)
The CVE-2016-0749 issue was discovered by Jing Zhao (Red Hat) and the CVE-2016-2150 issue was discovered by Frediano Ziglio (Red Hat).
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-June/084066.html
Affected packages:
spice-server
spice-server-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2016:1205
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | x86_64 | spice-server | < 0.12.4-15.el7_2.1 | spice-server-0.12.4-15.el7_2.1.x86_64.rpm |
CentOS | 7 | x86_64 | spice-server-devel | < 0.12.4-15.el7_2.1 | spice-server-devel-0.12.4-15.el7_2.1.x86_64.rpm |