Security update for spice
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2017:1832-1
Final
1
1
2017-07-11T16:03:28Z
current
2017-07-11T16:03:28Z
2017-07-11T16:03:28Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for spice
This update for spice fixes the following issues:
- CVE-2017-7506: A possible buffer overflow via invalid monitor configurations (bsc#1046779)
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-OpenStack-Cloud-6-2017-1137,SUSE-SLE-SAP-12-SP1-2017-1137,SUSE-SLE-SERVER-12-SP1-2017-1137
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2017/suse-su-20171832-1/
Link for SUSE-SU-2017:1832-1
https://lists.suse.com/pipermail/sle-security-updates/2017-July/003020.html
E-Mail link for SUSE-SU-2017:1832-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1046779
SUSE Bug 1046779
https://www.suse.com/security/cve/CVE-2017-7506/
SUSE CVE CVE-2017-7506 page
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE OpenStack Cloud 6
libspice-server1-0.12.5-10.1
libspice-server1-0.12.5-10.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS
libspice-server1-0.12.5-10.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
libspice-server1-0.12.5-10.1 as a component of SUSE OpenStack Cloud 6
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.
CVE-2017-7506
SUSE Linux Enterprise Server 12 SP1-LTSS:libspice-server1-0.12.5-10.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libspice-server1-0.12.5-10.1
SUSE OpenStack Cloud 6:libspice-server1-0.12.5-10.1
important
7.5
AV:N/AC:M/Au:S/C:P/I:P/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20171832-1/
https://www.suse.com/security/cve/CVE-2017-7506.html
CVE-2017-7506
https://bugzilla.suse.com/1046779
SUSE Bug 1046779
https://bugzilla.suse.com/1047730
SUSE Bug 1047730