[3.7] spice: Possible buffer overflow via invalid monitor configurations (CVE-2017-7506)
spice versions though 0.13 are vulnerable to out-of-bounds memory
access
when processing specially crafted messages from authenticated attacker
to
the spice server resulting into crash and/or server memory leak.
References:
http://openwall.com/lists/oss-security/2017/07/14/1
Patch:
http://openwall.com/lists/oss-security/2017/07/14/1
(from redmine: issue id 7590, created on 2017-07-24, closed on 2017-08-08)
- Relations:
- parent #7589 (closed)
- Changesets:
- Revision 57a628e0 by Francesco Colista on 2017-08-08T10:55:16Z:
main/spice: fix for CVE-2017-7506. Fixes #7590