UbuntuUpdates.org

Package "libspice-server1"

Name: libspice-server1

Description:

Implements the server side of the SPICE protocol

Latest version: 0.12.6-4ubuntu0.5
Release: xenial (16.04)
Level: updates
Repository: main
Head package: spice
Homepage: http://spice-space.org/

Links


Download "libspice-server1"


Other versions of "libspice-server1" in Xenial

Repository Area Version
base main 0.12.6-4
security main 0.12.6-4ubuntu0.5

Changelog

Version: 0.12.6-4ubuntu0.5 2020-10-06 15:06:17 UTC

  spice (0.12.6-4ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple buffer overflows in QUIC image decoding
    - debian/patches/CVE-2020-14355-1.patch: check we have some data to
      start decoding quic image in spice-common/common/quic.c.
    - debian/patches/CVE-2020-14355-2.patch: check image size in
      quic_decode_begin in spice-common/common/quic.c.
    - debian/patches/CVE-2020-14355-3.patch: check RLE lengths in
      spice-common/common/quic_tmpl.c.
    - debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow
      in find_bucket in spice-common/common/quic_family_tmpl.c.
    - CVE-2020-14355

 -- Marc Deslauriers <email address hidden> Thu, 01 Oct 2020 07:15:42 -0400

Source diff to previous version

Version: 0.12.6-4ubuntu0.4 2019-01-28 21:07:07 UTC

  spice (0.12.6-4ubuntu0.4) xenial-security; urgency=medium

  * SECURITY UPDATE: off-by-one error in memslot_get_virt
    - debian/patches/CVE-2019-3813.patch: fix checks in
      server/red_memslots.c.
    - CVE-2019-3813

 -- Marc Deslauriers <email address hidden> Thu, 24 Jan 2019 09:45:07 -0500

Source diff to previous version
CVE-2019-3813 Off-by-one error in array access in spice/server/memslot.c

Version: 0.12.6-4ubuntu0.3 2017-07-19 18:07:22 UTC

  spice (0.12.6-4ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via invalid monitor configurations
    - debian/patches/CVE-2017-7506-1.patch: disconnect when receiving
      overly big ClientMonitorsConfig in server/reds.c.
    - debian/patches/CVE-2017-7506-2.patch: avoid integer overflows
      handling monitor configuration in server/reds.c.
    - debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling
      monitor configuration in server/reds.c.
    - CVE-2017-7506

 -- Marc Deslauriers <email address hidden> Tue, 18 Jul 2017 13:34:33 -0400

Source diff to previous version
CVE-2017-7506 spice versions though 0.13 are vulnerable to out-of-bounds memory ...

Version: 0.12.6-4ubuntu0.2 2017-02-20 20:07:15 UTC

  spice (0.12.6-4ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: overflow when reading large messages
    - debian/patches/CVE-2016-9577.patch: check size in
      server/main_channel.c.
    - CVE-2016-9577
  * SECURITY UPDATE: DoS via crafted message
    - debian/patches/CVE-2016-9578-1.patch: limit size in server/reds.c.
    - debian/patches/CVE-2016-9578-2.patch: limit caps in server/reds.c.
    - CVE-2016-9578

 -- Marc Deslauriers <email address hidden> Wed, 15 Feb 2017 14:02:33 -0500

Source diff to previous version

Version: 0.12.6-4ubuntu0.1 2016-06-21 15:06:36 UTC

  spice (0.12.6-4ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    memory allocation flaw in smartcard interaction
    - debian/patches/CVE-2016-0749/*.patch: add a ref to item and allocate
      msg with the expected size in server/smartcard.c.
    - CVE-2016-0749
  * SECURITY UPDATE: host memory access from guest with invalid primary
    surface parameters
    - debian/patches/CVE-2016-2150/*.patch: create a function to validate
      surface parameters in server/red_parse_qxl.*, improve primary surface
      parameter checks in server/red_worker.c.
    - CVE-2016-2150

 -- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 10:12:39 -0400

CVE-2016-0749 The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code v
CVE-2016-2150 SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to



About   -   Send Feedback to @ubuntu_updates