spice: remote DoS (CVE-2013-4282)
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.
•CONFIRM:
http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2
•REDHAT:RHSA-2013:1460
•URL: http://rhn.redhat.com/errata/RHSA-2013-1460.html
•REDHAT:RHSA-2013:1473
•URL: http://rhn.redhat.com/errata/RHSA-2013-1473.html
•REDHAT:RHSA-2013:1474
•URL: http://rhn.redhat.com/errata/RHSA-2013-1474.html
•UBUNTU:USN-2027-1
•URL: http://www.ubuntu.com/usn/USN-2027-1
(from redmine: issue id 2595, created on 2014-01-14, closed on 2014-01-15)
- Relations:
- child #2596 (closed)
- Changesets:
- Revision ce226a62 by Natanael Copa on 2014-01-14T16:04:41Z:
main/spice: security fix for CVE-2013-4282
ref #2595
- Revision 69607512 by Natanael Copa on 2014-01-14T16:06:03Z:
main/spice: security fix for CVE-2013-4282
ref #2595