192 matches found
CVE-2017-12194
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are...
Security update for spice (important)
This update for spice fixes the following security issues: - CVE-2017-7506: Fixed an out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak bsc1046779. This update was imported from the...
spice: Possible buffer overflow via invalid monitor configurations
A vulnerability was discovered in spice server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses, leading to parts of server memory being leaked or a crash...
Scientific Linux Security Update : spice on SL7.x x86_64 (20170815)
Security Fixes : - A vulnerability was discovered in spice server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses, leading to parts of server memory being leaked or a crash. CVE-2017-7506 This issue wa...
Oracle Linux 7 : spice (ELSA-2017-2471)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-2471 advisory. - Redo build properly versioned as a zstream build Related: CVE-2017-7506 Tenable has extracted the preceding description block directly from the Oracle Linux...
spice: Possible buffer overflow via invalid monitor configurations
A vulnerability was discovered in spice server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses, leading to parts of server memory being leaked or a crash...
Out-of-bounds
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak...
CVE-2017-7506
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak...
Virtuozzo 6 : spice-server / spice-server-devel (VZLSA-2017-0253)
An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Virtuozzo 7 : spice-server / spice-server-devel (VZLSA-2017-0254)
An update for spice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
CVE-2017-7506
A vulnerability was discovered in spice server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses, leading to parts of server memory being leaked or a crash...
spice: Buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages
A vulnerability was discovered in SPICE in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution...
spice: Buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages
A vulnerability was discovered in SPICE in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution...
Updated spice packages fix security vulnerability
An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. CVE-2016-9577 An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. CVE-2016-9578...
RedHat Update for spice-server RHSA-2017:0253-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for spice-server CESA-2017:0253 centos6
Check the version of spice-server SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882652";...
Scientific Linux Security Update : spice-server on SL6.x x86_64 (20170205)
Security Fixes : - A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. CVE-2016-9577 - A vulnerability was discovered in spice in...
CentOS 6 : spice-server (CESA-2017:0253)
An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
SUSE SLED12 / SLES12 Security Update : spice (SUSE-SU-2017:0392-1)
This security update for spice fixes the following issues : - CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. bsc1023078 CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via...
SUSE-SU-2017:0392-1 Security update for spice
This security update for spice fixes the following issues: CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. bsc1023078 CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a...