Date: Thu, 23 Feb 2017 18:26:20 +1030 From: Doran Moppert <dmoppert@...hat.com> To: oss-security@...ts.openwall.com Subject: spice-server: CVE-2016-9577, CVE-2016-9578: remote DoS and buffer overflow from crafted messages Two vulnerabilities in the server component of SPICE <https://spice-space.org/> were recently assigned CVEs by Red Hat - distros got notified during embargo, but I neglected to follow up here: - CVE-2016-9577 spice: Buffer overflow in main_channel_alloc_msg_rcv_buf <https://bugzilla.redhat.com/show_bug.cgi?id=1401603> - CVE-2016-9578 spice: Remote DoS via crafted message <https://bugzilla.redhat.com/show_bug.cgi?id=1399566> Both of these attacks are accessible to unauthenticated attackers that can make connections to the SPICE server. CVE-2016-9577 may lead to code execution (heap overflow), while the impact of CVE-2016-9578 is limited to denial of service. Both issues were reported by Frediano Ziglio, and fixed in the following upstream commits: https://cgit.freedesktop.org/spice/spice/commit/?id=ec124b982abcd23364963ffcd4c370b1ec962fc9 https://cgit.freedesktop.org/spice/spice/commit/?id=e16eee1d8be00b186437bf61e4e1871cd8d0211a https://cgit.freedesktop.org/spice/spice/commit/?id=1d3e26c0ee75712fa4bbbcfa09d8d5866b66c8af -- Doran Moppert Red Hat Product Security Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.