spice: two vulnerabilities

Package(s):

spice

CVE #(s):

CVE-2016-9577 CVE-2016-9578

Created:

February 6, 2017

Updated:

February 21, 2017

Description:

From the Red Hat advisory:

* A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. (CVE-2016-9577)

* A vulnerability was discovered in spice in the server's protocol handling. An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. (CVE-2016-9578)

Alerts:

Ubuntu	USN-3202-1	spice	2017-02-20
Debian-LTS	DLA-825-1	spice	2017-02-17
Debian	DSA-3790-1	spice	2017-02-16
Fedora	FEDORA-2017-05793780f0	spice	2017-02-09
Fedora	FEDORA-2017-5972ebe591	spice	2017-02-09
openSUSE	openSUSE-SU-2017:0421-1	spice	2017-02-08
openSUSE	openSUSE-SU-2017:0419-1	spice	2017-02-08
SUSE	SUSE-SU-2017:0396-1	spice	2017-02-06
SUSE	SUSE-SU-2017:0393-1	spice	2017-02-06
SUSE	SUSE-SU-2017:0400-1	spice	2017-02-06
SUSE	SUSE-SU-2017:0392-1	spice	2017-02-06
Scientific Linux	SLSA-2017:0253-1	spice-server	2017-02-06
Scientific Linux	SLSA-2017:0254-1	spice	2017-02-06
Oracle	ELSA-2017-0253	spice-server	2017-02-05
Oracle	ELSA-2017-0254	spice	2017-02-05
CentOS	CESA-2017:0253	spice-server	2017-02-06
CentOS	CESA-2017:0254	spice	2017-02-06
Red Hat	RHSA-2017:0253-01	spice-server	2017-02-05
Red Hat	RHSA-2017:0254-01	spice	2017-02-05