Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 23 Feb 2017 18:26:20 +1030
From: Doran Moppert <dmoppert@...hat.com>
To: oss-security@...ts.openwall.com
Subject: spice-server: CVE-2016-9577, CVE-2016-9578: remote DoS and buffer
 overflow from crafted messages

Two vulnerabilities in the server component of SPICE
<https://spice-space.org/> were recently assigned CVEs by Red Hat -
distros got notified during embargo, but I neglected to follow up here:

 - CVE-2016-9577 spice: Buffer overflow in main_channel_alloc_msg_rcv_buf
   <https://bugzilla.redhat.com/show_bug.cgi?id=1401603>

 - CVE-2016-9578 spice: Remote DoS via crafted message
   <https://bugzilla.redhat.com/show_bug.cgi?id=1399566>

Both of these attacks are accessible to unauthenticated attackers that
can make connections to the SPICE server.  CVE-2016-9577 may lead to
code execution (heap overflow), while the impact of CVE-2016-9578 is
limited to denial of service.

Both issues were reported by Frediano Ziglio, and fixed in the following
upstream commits:

https://cgit.freedesktop.org/spice/spice/commit/?id=ec124b982abcd23364963ffcd4c370b1ec962fc9
https://cgit.freedesktop.org/spice/spice/commit/?id=e16eee1d8be00b186437bf61e4e1871cd8d0211a
https://cgit.freedesktop.org/spice/spice/commit/?id=1d3e26c0ee75712fa4bbbcfa09d8d5866b66c8af


-- 
Doran Moppert
Red Hat Product Security

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ