spice: Arbitrary code execution

2020-07-27T00:00:00
ID GLSA-202007-30
Type gentoo
Reporter Gentoo Foundation
Modified 2020-07-27T00:00:00

Description

Background

Provides a complete open source solution for remote access to virtual machines in a seamless way so you can play videos, record audio, share USB devices, and share folders without complications.

Description

A flaw in spice’s memory handling code has been discovered, allowing an out of bounds read.

Impact

A remote attacker may be able to send malicious packets causing remote code execution.

Workaround

There is no known workaround at this time.

Resolution

All spice users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-emulation/spice-0.14.2"