[3.7] spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813)
spice versions 0.5.2 through 0.14.1 are vulnerable to an out-of-bounds
read
due to an off-by-one error in memslot_get_virt. This may lead to a
denial-of-service, or, in the worst case, code-execution by
unauthenticated
attackers.
Fixed In Version:
spice 0.14.2
References:
https://www.openwall.com/lists/oss-security/2019/01/28/2
(from redmine: issue id 9942, created on 2019-01-29, closed on 2019-02-14)
- Relations:
- parent #9939 (closed)
- Changesets:
- Revision c05d87b3 on 2019-01-31T11:24:42Z:
main/spice: security fix (CVE-2019-3813)
Fixes #9942
Disable test-qxl-parsing failing on armv7 and ppc64le due to CVE fix