Security update for spice
This update for spice fixes the following issues:
Security issues fixed:
- CVE-2018-10873: Fix potential heap corruption when demarshalling (bsc#1104448)
- CVE-2018-10893: Avoid buffer overflow on image lz checks (bsc#1101295)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
-
Submitted by
Cédric Bosdonnat (cbosdonnat)
Fixed bugs
bnc#1101295
VUL-0: CVE-2018-10893: spice, spice-gtk: Insufficient encoding checks for LZ can cause different integer/buffer overflows
bnc#1104448
VUL-0: CVE-2018-10873: spice-gtk,spice: post-auth crash or potential heap corruption when demarshalling
