spice: Possible buffer overflow via invalid monitor configurations (CVE-2017-7506)
spice versions though 0.13 are vulnerable to out-of-bounds memory
access
when processing specially crafted messages from authenticated attacker
to
the spice server resulting into crash and/or server memory leak.
References:
http://openwall.com/lists/oss-security/2017/07/14/1
Patch:
http://openwall.com/lists/oss-security/2017/07/14/1
(from redmine: issue id 7589, created on 2017-07-24, closed on 2017-08-08)
- Relations:
- child #7590 (closed)
- child #7591 (closed)
- child #7592 (closed)
- child #7593 (closed)