Package name
spice
Date
2014-01-22
Advisory ID
MDVSA-2014:016
Affected versions
MBS1 x86_64

Problem description

Updated spice packages fix security vulnerability:

A stack-based buffer overflow flaw was found in the way the
reds_handle_ticket() function in the spice-server library handled
decryption of ticket data provided by the client. A remote user able
to initiate a SPICE connection to an application acting as a SPICE
server could use this flaw to crash the application (CVE-2013-4282).

Updated packages

MBS1 x86_64

 f054ba777f3e168eb87bb2ee6abfd193  mbs1/x86_64/lib64spice-server1-0.12.2-5.2.mbs1.x86_64.rpm
 4d7457a8fc40a236a3dc9383ce4c1ff3  mbs1/x86_64/lib64spice-server-devel-0.12.2-5.2.mbs1.x86_64.rpm
 4f4cfaf5098d6fd2a434e2dec4008da4  mbs1/x86_64/spice-client-0.12.2-5.2.mbs1.x86_64.rpm 
 03a3e63dc3eefbdd801006700bf66568  mbs1/SRPMS/spice-0.12.2-5.2.mbs1.src.rpm

References