UbuntuUpdates.org

Package "spice"

Name: spice

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Header files and development documentation for spice-server
  • Implements the server side of the SPICE protocol
Latest version: 0.14.0-1ubuntu2.5
Release: bionic (18.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "spice" in Bionic

Repository Area Version
base main 0.14.0-1ubuntu2
updates main 0.14.0-1ubuntu2.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.14.0-1ubuntu2.5 2020-10-06 14:06:20 UTC

  spice (0.14.0-1ubuntu2.5) bionic-security; urgency=medium

  * SECURITY UPDATE: multiple buffer overflows in QUIC image decoding
    - debian/patches/CVE-2020-14355-1.patch: check we have some data to
      start decoding quic image in spice-common/common/quic.c.
    - debian/patches/CVE-2020-14355-2.patch: check image size in
      quic_decode_begin in spice-common/common/quic.c.
    - debian/patches/CVE-2020-14355-3.patch: check RLE lengths in
      spice-common/common/quic_tmpl.c.
    - debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow
      in find_bucket in spice-common/common/quic_family_tmpl.c.
    - CVE-2020-14355

 -- Marc Deslauriers <email address hidden> Thu, 01 Oct 2020 07:12:53 -0400
Source diff to previous version

Version: 0.14.0-1ubuntu2.4 2019-01-28 20:07:11 UTC

  spice (0.14.0-1ubuntu2.4) bionic-security; urgency=medium

  * SECURITY UPDATE: off-by-one error in memslot_get_virt
    - debian/patches/CVE-2019-3813.patch: fix checks in server/memslot.c,
      add tests to server/tests/test-qxl-parsing.c.
    - CVE-2019-3813
  * debian/tests/automated-tests: fix incorrect test name, don't fail on
    build writing to stderr.

 -- Marc Deslauriers <email address hidden> Thu, 24 Jan 2019 09:00:10 -0500
Source diff to previous version
CVE-2019-3813 Off-by-one error in array access in spice/server/memslot.c

Version: 0.14.0-1ubuntu2.2 2018-08-22 19:06:55 UTC

  spice (0.14.0-1ubuntu2.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-10873.patch: fix in
      spice-common/python_modules/demarshal.py,
    - CVE-2018-10873

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 20 Aug 2018 15:44:02 -0300
Source diff to previous version
CVE-2018-10873 A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds check

Version: 0.14.0-1ubuntu2.1 2018-05-23 21:06:49 UTC

  spice (0.14.0-1ubuntu2.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Integer overflow and buffer overflow
    - debian/patches/CVE-2017-12194-1.patch: fix a integer overflow
      computing sizes in spice-common/python_modules/demarshal.py.
    - debian/patches/CVE-2017-12194-2.patch: avoid integer overflow
      in spice-common/python_modules/demarshal.py,
      spice-common/python_modules/marshal.py.
    - debian/patches/CVE-2017-12194-3.patch: add tests to verify fix.
    - CVE-2017-12194

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 22 May 2018 14:33:20 -0300
CVE-2017-12194 A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, coul


About   -   Send Feedback to @ubuntu_updates