Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 23 Feb 2017 18:26:20 +1030
From: Doran Moppert <dmoppert@...hat.com>
To: oss-security@...ts.openwall.com
Subject: spice-server: CVE-2016-9577, CVE-2016-9578: remote DoS and buffer
 overflow from crafted messages

Two vulnerabilities in the server component of SPICE
<https://spice-space.org/> were recently assigned CVEs by Red Hat -
distros got notified during embargo, but I neglected to follow up here:

 - CVE-2016-9577 spice: Buffer overflow in main_channel_alloc_msg_rcv_buf
   <https://bugzilla.redhat.com/show_bug.cgi?id=1401603>

 - CVE-2016-9578 spice: Remote DoS via crafted message
   <https://bugzilla.redhat.com/show_bug.cgi?id=1399566>

Both of these attacks are accessible to unauthenticated attackers that
can make connections to the SPICE server.  CVE-2016-9577 may lead to
code execution (heap overflow), while the impact of CVE-2016-9578 is
limited to denial of service.

Both issues were reported by Frediano Ziglio, and fixed in the following
upstream commits:

https://cgit.freedesktop.org/spice/spice/commit/?id=ec124b982abcd23364963ffcd4c370b1ec962fc9
https://cgit.freedesktop.org/spice/spice/commit/?id=e16eee1d8be00b186437bf61e4e1871cd8d0211a
https://cgit.freedesktop.org/spice/spice/commit/?id=1d3e26c0ee75712fa4bbbcfa09d8d5866b66c8af


-- 
Doran Moppert
Red Hat Product Security

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.