Security update for spice
Spice was updated to fix four security issues.
The following vulnerabilities were fixed:
* CVE-2015-3247: heap corruption in the spice server (bsc#944460)
* CVE-2015-5261: Guest could have accessed host memory using crafted images (bsc#948976)
* CVE-2015-5260: Insufficient validation of surface_id parameter could have caused a crash (bsc#944460)
* CVE-2013-4282: Buffer overflow in password handling (bsc#848279)
-
Submitted by
Cédric Bosdonnat (cbosdonnat)
Fixed bugs
bnc#848279
VUL-0: CVE-2013-4282: spice: buffer overflow in password handling
bnc#948976
VUL-0: CVE-2015-5261 spice: host memory access from guest using crafted images
bnc#944787
VUL-0: CVE-2015-5260: spice: Insufficient validation of surface_id parameter can cause crash
bnc#944460
VUL-0: CVE-2015-3247 spice: memory corruption in worker_update_monitors_config()
