Overview

File _patchinfo of Package patchinfo.5037

<patchinfo incident="5037">
  <packager>michals</packager>
  <issue tracker="bnc" id="1012215">spice-vdagent does not understand endian</issue>
  <issue tracker="cve" id="2017-15108"></issue>
  <issue tracker="bnc" id="1070724">VUL-0: CVE-2017-15108: spice-vdagent: Improper validation of xfers-&gt;save_dir invdagent_file_xfers_data()</issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>security update for spice-vdagent</summary>
  <description>This update for spice-vdagent provides the following fixes:

This security issue was fixed:

- CVE-2017-15108: Properly escape save directory that is passed to the shell to
  prevent local attacker with access to the session the agent runs from injecting
  arbitrary commands to be executed (bsc#1070724).

This non-security issue was fixed:

- Implement endian swapping, required for big-endian guests to connect to the spice client
  successfully. (bsc#1012215)
  </description>
</patchinfo>
openSUSE Build Service is sponsored by
Places