[3.7] spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) (#9942) · Issues · alpine / aports

[3.7] spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813)

spice versions 0.5.2 through 0.14.1 are vulnerable to an out-of-bounds read
due to an off-by-one error in memslot_get_virt. This may lead to a
denial-of-service, or, in the worst case, code-execution by unauthenticated
attackers.

Fixed In Version:

spice 0.14.2

References:

https://www.openwall.com/lists/oss-security/2019/01/28/2

(from redmine: issue id 9942, created on 2019-01-29, closed on 2019-02-14)

Relations:
- parent #9939 (closed)
Changesets:
- Revision c05d87b3 on 2019-01-31T11:24:42Z:

main/spice: security fix (CVE-2019-3813)

Fixes #9942

Disable test-qxl-parsing failing on armv7 and ppc64le due to CVE fix

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.