UbuntuUpdates.org

Package "spice-protocol"

Name: spice-protocol

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • SPICE protocol headers
Latest version: 0.12.10-1ubuntu0.2
Release: xenial (16.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "spice-protocol" in Xenial

Repository Area Version
base main 0.12.10-1
updates main 0.12.10-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.12.10-1ubuntu0.2 2018-08-22 19:06:52 UTC

  spice-protocol (0.12.10-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-10873.patch: fix in
      python_modules/demarshal.py,
    - CVE-2018-10873

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 21 Aug 2018 10:04:48 -0300
Source diff to previous version
CVE-2018-10873 A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds check

Version: 0.12.10-1ubuntu0.1 2018-05-23 21:06:47 UTC

  spice-protocol (0.12.10-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Integer overflow and buffer overflow
    - debian/patches/CVE-2017-12194-1.patch: fix a integer overflow
      computing sizes in python_modules/demarshal.py.
    - debian/patches/CVE-2017-12194-2.patch: avoid integer overflow
      in python_modules/demarshal.py,
      spice-common/python_modules/marshal.py.
    - CVE-2017-12194

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 23 May 2018 14:05:27 -0300
CVE-2017-12194 A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, coul


About   -   Send Feedback to @ubuntu_updates