security update for spice-vdagent
This update for spice-vdagent provides the following fixes:
This security issue was fixed:
- CVE-2017-15108: Properly escape save directory that is passed to the shell to
prevent local attacker with access to the session the agent runs from injecting
arbitrary commands to be executed (bsc#1070724).
This non-security issue was fixed:
- Implement endian swapping, required for big-endian guests to connect to the spice client
successfully. (bsc#1012215)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
Michal Suchanek (michals)
Fixed bugs
bnc#1012215
spice-vdagent does not understand endian
bnc#1070724
VUL-0: CVE-2017-15108: spice-vdagent: Improper validation of xfers->save_dir invdagent_file_xfers_data()
