Security update for spice
This security update for spice fixes the following issues:
CVE-2016-9577: A buffer overflow in the spice server could have potentially been used
by unauthenticated attackers to execute arbitrary code. (bsc#1023078)
CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a crafted message. (bsc#1023079)
This update was imported from the SUSE:SLE-12-SP1:Update update project.
-
Submitted by
Peter Simons (psimons)
Fixed bugs
bnc#1023078
VUL-0: CVE-2016-9577: spice: Buffer overflow in main_channel_alloc_msg_rcv_buf
bnc#1023079
VUL-0: CVE-2016-9578: spice: Remote DoS via crafted message
