Overview

File _patchinfo of Package patchinfo.2695

<patchinfo incident="2695">
  <issue id="982385" tracker="bnc">VUL-0: EMARBGOED: CVE-2016-0749: spice: heap overflow</issue>
  <issue id="982386" tracker="bnc">VUL-0: EMBARGOED: CVE-2016-2150: spice: guest escape using crafted primary surface parameters</issue>
  <issue id="944787" tracker="bnc">VUL-0: CVE-2015-5260: spice: Insufficient validation of surface_id parameter can cause crash</issue>
  <issue id="948976" tracker="bnc">VUL-0: CVE-2015-5261 spice: host memory access from guest using crafted images</issue>
  <issue id="CVE-2016-0749" tracker="cve" />
  <issue id="CVE-2016-2150" tracker="cve" />
  <issue id="CVE-2015-5260" tracker="cve" />
  <issue id="CVE-2015-5261" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>cbosdonnat</packager>
  <description>spice was updated to fix four security issues.

These security issues were fixed:
- CVE-2016-2150: Guest escape using crafted primary surface parameters (bsc#982386).
- CVE-2016-0749: Heap-based buffer overflow in smartcard interaction (bsc#982385).
- CVE-2015-5260: Insufficient validation of surface_id parameter could have caused a crash (bsc#944787).
- CVE-2015-5261: Host memory access from guest using crafted images (bsc#948976).
  </description>
  <summary>Security update for spice</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places