File _patchinfo of Package patchinfo.7764
<patchinfo incident="7764"> <packager>michals</packager> <issue tracker="bnc" id="1012215">spice-vdagent does not understand endian</issue> <issue tracker="cve" id="2017-15108"></issue> <issue tracker="bnc" id="1070724">VUL-0: CVE-2017-15108: spice-vdagent: Improper validation of xfers->save_dir invdagent_file_xfers_data()</issue> <category>security</category> <rating>moderate</rating> <summary>security update for spice-vdagent</summary> <description>This update for spice-vdagent provides the following fixes: This security issue was fixed: - CVE-2017-15108: Properly escape save directory that is passed to the shell to prevent local attacker with access to the session the agent runs from injecting arbitrary commands to be executed (bsc#1070724). This non-security issue was fixed: - Implement endian swapping, required for big-endian guests to connect to the spice client successfully. (bsc#1012215) This update was imported from the SUSE:SLE-12-SP2:Update update project.</description> </patchinfo>
