SUSE-SU-2020:3842-1 Security update for spice

This update for spice fixes the following issues: - CVE-2018-10873: Fixed a potential heap corruption when demarshalling bsc1104448 - CVE-2018-10893: Fixed a buffer overflow on image lz checks bsc1101295...

RHEL 7 : redhat-virtualization-host (RHSA-2017:0549)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:0549 advisory. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host,...

SUSE-SU-2017:0396-1 Security update for spice

This security update for spice fixes the following issues: CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. bsc1023078 CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a...

Ubuntu 14.04 LTS / 16.04 LTS : Spice vulnerabilities (USN-3014-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3014-1 advisory. Jing Zhao discovered that the Spice smartcard support incorrectly handled memory. A remote attacker could use this issue to cause Spice to...

USN-3014-1 spice vulnerabilities

Jing Zhao discovered that the Spice smartcard support incorrectly handled memory. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 15.10 and Ubuntu 16.04 LTS. CVE-2016-0749...

SUSE-SU-2016:1559-1 Security update for spice

spice was updated to fix four security issues. These security issues were fixed: - CVE-2016-2150: Guest escape using crafted primary surface parameters bsc982386. - CVE-2016-0749: Heap-based buffer overflow in smartcard interaction bsc982385. - CVE-2015-5260: Insufficient validation of surfaceid...

SUSE-SU-2015:1733-1 Security update for spice

Spice was updated to fix three security issues. The following vulnerabilities were fixed: CVE-2015-3247: heap corruption in the spice server bsc944460 CVE-2015-5261: Guest could have accessed host memory using crafted images bsc948976 CVE-2015-5260: Insufficient validation of surfaceid parameter...

USN-2766-1 spice vulnerabilities

Frediano Ziglio discovered multiple buffer overflows, undefined behavior signed integer operations, race conditions, memory leaks, and denial of service issues in Spice. A malicious guest operating system could potentially exploit these issues to escape virtualization. CVE-2015-5260, CVE-2015-526...

Ubuntu 14.04 LTS : Spice vulnerabilities (USN-2766-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2766-1 advisory. Frediano Ziglio discovered multiple buffer overflows, undefined behavior signed integer operations, race conditions, memory leaks, and denial of service...