User: Password:
Subscribe / Log in / New account

qspice: denial of service

Package(s):qspice CVE #(s):CVE-2013-4282
Created:October 30, 2013 Updated:May 18, 2015
Description: From the Red Hat advisory:

A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.

openSUSE openSUSE-SU-2015:1750-1 spice 2015-10-15
SUSE SUSE-SU-2015:0884-2 spice 2015-05-16
SUSE SUSE-SU-2015:0884-1 spice 2015-05-15
Mandriva MDVSA-2014:016 spice 2014-01-22
Mageia MGASA-2014-0022 spice 2014-01-21
Debian DSA-2839-1 spice 2014-01-08
Ubuntu USN-2027-1 spice 2013-11-12
Fedora FEDORA-2013-20340 spice 2013-11-08
Fedora FEDORA-2013-20360 spice 2013-11-08
Scientific Linux SLSA-2013:1473-1 spice-server 2013-10-30
Scientific Linux SLSA-2013:1474-1 qspice 2013-10-30
Oracle ELSA-2013-1473 spice-server 2013-10-29
Oracle ELSA-2013-1474 qspice 2013-10-29
CentOS CESA-2013:1473 spice-server 2013-10-30
CentOS CESA-2013:1474 qspice 2013-10-29
Red Hat RHSA-2013:1473-01 spice-server 2013-10-29
Red Hat RHSA-2013:1474-01 qspice 2013-10-29

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds