MiracleLinux 7 : libgovirt-0.3.4-3.el7, spice-gtk-0.35-4.el7, spice-vdagent-0.14.0-18.el7, virt-viewer-5.0-15.el7 (AXSA:2019-4267:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4267:01 advisory. spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows CVE-2018-10893 Tenable has extracted the preceding description...

MGASA-2021-0405 Updated spice packages fix security vulnerability

Updated spice packages fix security vulnerability: A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service CPU consumption by performing many renegotiations within a single connection CVE-2021-20201...

MGASA-2019-0100 Updated spice packages fix security vulnerability

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. CVE-2019-3813 A vulnerability was discovered in SPICE before versio...

MGASA-2017-0239 Updated spice packages fix security vulnerability

A vulnerability was discovered in spice, in the server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses leading to parts of server memory being leaked or a crash CVE-2017-7506. The Mageia 5 package has...

MGASA-2017-0062 Updated spice packages fix security vulnerability

An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. CVE-2016-9577 An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. CVE-2016-9578...

Updated spice packages fix security vulnerabilities

Updated spice packages fix security vulnerabilities: A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to cra...

MGASA-2016-0250 Updated spice packages fix security vulnerabilities

Updated spice packages fix security vulnerabilities: A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to cra...

MGASA-2015-0394 Updated spice packages fix security vulnerabilities

Frediano Ziglio discovered multiple buffer overflows, undefined behavior signed integer operations, race conditions, memory leaks, and denial of service issues in Spice. A malicious guest operating system could potentially exploit these issues to escape virtualization CVE-2015-5260, CVE-2015-5261...

MGASA-2015-0373 Updated spice packages fix CVE-2015-3247

Updated spice packages fix security vulnerability: A race condition flaw, leading to a heap-based memory corruption, was found in spice's workerupdatemonitorsconfig function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM...

Updated spice packages fix CVE-2015-3247

Updated spice packages fix security vulnerability: A race condition flaw, leading to a heap-based memory corruption, was found in spice's workerupdatemonitorsconfig function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM...

MGASA-2014-0022 Updated spice packages fix a security vulnerability

Updated spice packages fix security vulnerability: A stack-based buffer overflow flaw was found in the way the redshandleticket function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting...

Mandriva Linux Security Advisory : spice (MDVSA-2013:217)

Updated spice packages fix security vulnerability : An user able to initiate spice connection to the guest could use a flaw in server/redchannel.c to crash the guest CVE-2013-4130. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Updated spice packages fix CVE-2013-4130

Updated spice packages fix security vulnerability: An user able to initiate spice connection to the guest could use a flaw in server/redchannel.c to crash the guest CVE-2013-4130...

MGASA-2013-0255 Updated spice packages fix CVE-2013-4130

Updated spice packages fix security vulnerability: An user able to initiate spice connection to the guest could use a flaw in server/redchannel.c to crash the guest CVE-2013-4130...