ELSA-2019-0232

ULN >
Oracle Linux Errata repository >
ELSA-2019-0232

ELSA-2019-0232 - spice-server security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2019-01-31

Description

[0.12.4-16.3]
- Fix off-by-one error during guest-to-host memory address conversion
Resolves: CVE-2019-3813

[0.12.4-16.2]
- Prevent potential buffer/integer overflows with invalid MonitorsConfig messages
sent from an authenticated client
Resolves: CVE-2017-7506

[0.12.4-16.1]
- Fix flexible array buffer overflow
Resolves: rhbz#1596008

Related CVEs

CVE-2019-3813

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 6 (x86_64)	spice-server-0.12.4-16.el6_10.3.src.rpm	dd26f168eaa95e088f78b2603ce91c718e6ae33b06474ee77f6b5d0376d92f99	-	ol6_u10_x86_64_patch
	spice-server-0.12.4-16.el6_10.3.src.rpm	dd26f168eaa95e088f78b2603ce91c718e6ae33b06474ee77f6b5d0376d92f99	-	ol6_x86_64_latest
	spice-server-0.12.4-16.el6_10.3.x86_64.rpm	ccfcd83fe8f89cd7fc69088ccd6ddbd226e64fbe67b29cc5199bd48ad0e4aff3	-	ol6_u10_x86_64_patch
	spice-server-0.12.4-16.el6_10.3.x86_64.rpm	ccfcd83fe8f89cd7fc69088ccd6ddbd226e64fbe67b29cc5199bd48ad0e4aff3	-	ol6_x86_64_latest
	spice-server-devel-0.12.4-16.el6_10.3.x86_64.rpm	cea85bd6ad9553ef5a1d5c879164a866ced0eae1e5dc2adb362435112e527790	-	ol6_u10_x86_64_patch
	spice-server-devel-0.12.4-16.el6_10.3.x86_64.rpm	cea85bd6ad9553ef5a1d5c879164a866ced0eae1e5dc2adb362435112e527790	-	ol6_x86_64_latest

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691