[3.3] spice: security update 0.12.6 (CVE-2015-5260, CVE-2015-5261)
CVE-2015-5260 spice: insufficient validation of surface_id parameter can cause crash
A heap-based buffer overflow flaw was found in the way spice handled
certain QXL commands related
to the “surface_id” parameter. A user in a guest could use this flaw to crash the host QEMU-KVM process or,
possibly, execute arbitrary code with the privileges of the host QEMU-KVM process.
CVE-2015-5261 spice: host memory access from guest using crafted images
A heap-based buffer overflow flaw was found in the way SPICE handled
QXL commands related to surface creation. A user in a guest could use this flaw
to read and write arbitrary memory locations on the host.
(from redmine: issue id 4763, created on 2015-10-12, closed on 2015-10-14)
- Revision a8876452 by Natanael Copa on 2015-10-13T09:01:43Z:
main/spice: security upgrade to 0.12.6 CVE-2015-3247 CVE-2015-5260 CVE-2015-5261 ref #4670 fixes #4672 ref #4762 fixes #4763