Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 23 Feb 2017 18:26:20 +1030
From: Doran Moppert <>
Subject: spice-server: CVE-2016-9577, CVE-2016-9578: remote DoS and buffer
 overflow from crafted messages

Two vulnerabilities in the server component of SPICE
<> were recently assigned CVEs by Red Hat -
distros got notified during embargo, but I neglected to follow up here:

 - CVE-2016-9577 spice: Buffer overflow in main_channel_alloc_msg_rcv_buf

 - CVE-2016-9578 spice: Remote DoS via crafted message

Both of these attacks are accessible to unauthenticated attackers that
can make connections to the SPICE server.  CVE-2016-9577 may lead to
code execution (heap overflow), while the impact of CVE-2016-9578 is
limited to denial of service.

Both issues were reported by Frediano Ziglio, and fixed in the following
upstream commits:

Doran Moppert
Red Hat Product Security

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ