Date: Thu, 23 Feb 2017 18:26:20 +1030 From: Doran Moppert <dmoppert@...hat.com> To: oss-security@...ts.openwall.com Subject: spice-server: CVE-2016-9577, CVE-2016-9578: remote DoS and buffer overflow from crafted messages Two vulnerabilities in the server component of SPICE <https://spice-space.org/> were recently assigned CVEs by Red Hat - distros got notified during embargo, but I neglected to follow up here: - CVE-2016-9577 spice: Buffer overflow in main_channel_alloc_msg_rcv_buf <https://bugzilla.redhat.com/show_bug.cgi?id=1401603> - CVE-2016-9578 spice: Remote DoS via crafted message <https://bugzilla.redhat.com/show_bug.cgi?id=1399566> Both of these attacks are accessible to unauthenticated attackers that can make connections to the SPICE server. CVE-2016-9577 may lead to code execution (heap overflow), while the impact of CVE-2016-9578 is limited to denial of service. Both issues were reported by Frediano Ziglio, and fixed in the following upstream commits: https://cgit.freedesktop.org/spice/spice/commit/?id=ec124b982abcd23364963ffcd4c370b1ec962fc9 https://cgit.freedesktop.org/spice/spice/commit/?id=e16eee1d8be00b186437bf61e4e1871cd8d0211a https://cgit.freedesktop.org/spice/spice/commit/?id=1d3e26c0ee75712fa4bbbcfa09d8d5866b66c8af -- Doran Moppert Red Hat Product Security [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ