|
CVE-2017-7506: spice versions though 0.13 are vulnerable to
out-of-bounds memory access when processing specially crafted messages
from authenticated attacker to the spice server resulting into crash
and/or server memory leak.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-7506
Patches from:
https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f1e7ec03e26ab6b8ca9b7ec060846a5b706a963d
https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=ec6229c79abe05d731953df5f7e9a05ec9f6df79
https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=a957a90baf2c62d31f3547e56bba7d0e812d2331
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|