Overview

File _patchinfo of Package patchinfo.4075

<patchinfo incident="4075">
  <issue id="848279" tracker="bnc">VUL-0: CVE-2013-4282: spice: buffer overflow in password handling</issue>
  <issue id="948976" tracker="bnc">VUL-0: CVE-2015-5261 spice: host memory access from guest using crafted images</issue>
  <issue id="944787" tracker="bnc">VUL-0: CVE-2015-5260: spice: Insufficient validation of surface_id parameter can cause crash</issue>
  <issue id="944460" tracker="bnc">VUL-0: CVE-2015-3247 spice: memory corruption in worker_update_monitors_config()</issue>
  <issue id="CVE-2013-4282" tracker="cve" />
  <issue id="CVE-2015-5260" tracker="cve" />
  <issue id="CVE-2015-5261" tracker="cve" />
  <issue id="CVE-2015-3247" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>cbosdonnat</packager>
  <description>Spice was updated to fix four security issues.

The following vulnerabilities were fixed:
* CVE-2015-3247: heap corruption in the spice server (bsc#944460)
* CVE-2015-5261: Guest could have accessed host memory using crafted images (bsc#948976)
* CVE-2015-5260: Insufficient validation of surface_id parameter could have caused a crash (bsc#944460)
* CVE-2013-4282: Buffer overflow in password handling (bsc#848279)
</description>
  <summary>Security update for spice</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places