[3.1] spice: memory corruption in worker_update_monitors_config() (CVE-2015-3247)
Race condition in the worker_update_monitors_config function in SPICE
0.12.4
allows a remote authenticated guest user to cause a denial of service
(heap-based memory corruption and QEMU-KVM crash)
or possibly execute arbitrary code on the host via unspecified vectors.
(0.12.5 is also vulnerable)
References
https://security-tracker.debian.org/tracker/CVE-2015-3247
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-3247
Patch:
http://cgit.freedesktop.org/spice/spice/commit/?id=bd6ea0db84949ac903c27708166604de892f4671
(from redmine: issue id 4673, created on 2015-09-29, closed on 2015-10-14)
- Relations:
- relates #4765 (closed)
- copied_to #4672 (closed)
- copied_to #4674 (closed)
- parent #4670 (closed)
- Changesets:
- Revision 73bbe97f by Natanael Copa on 2015-10-13T12:04:56Z:
main/spice: security upgrade to 0.12.6
CVE-2015-3247
CVE-2015-5260
CVE-2015-5261
ref #4670
fixes #4673
ref #4762
fixes #4765