advisories/20251.adv

type: security
subject: Updated spice packages fix security vulnerability
CVE:
 - CVE-2016-9577
 - CVE-2016-9578
src:
  5:
   core:
     - spice-0.12.5-2.4.mga5
description: |
  An authenticated attacker could send crafted messages to the spice server
  causing a heap overflow leading to a crash or possible code execution.
  (CVE-2016-9577)

  An attacker able to connect to the spice server could send crafted
  messages which would cause the process to crash. (CVE-2016-9578)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=20251
 - https://rhn.redhat.com/errata/RHSA-2017-0254.html
ID: MGASA-2017-0062
1	type: security
2	subject: Updated spice packages fix security vulnerability
3	CVE:
4	- CVE-2016-9577
5	- CVE-2016-9578
6	src:
7	5:
8	core:
9	- spice-0.12.5-2.4.mga5
10	description: \|
11	An authenticated attacker could send crafted messages to the spice server
12	causing a heap overflow leading to a crash or possible code execution.
13	(CVE-2016-9577)
14
15	An attacker able to connect to the spice server could send crafted
16	messages which would cause the process to crash. (CVE-2016-9578)
17	references:
18	- https://bugs.mageia.org/show_bug.cgi?id=20251
19	- https://rhn.redhat.com/errata/RHSA-2017-0254.html
20	ID: MGASA-2017-0062