Security update for spice-gtk SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:2593-1 Final 1 1 2018-09-03T14:55:03Z current 2018-09-03T14:55:03Z 2018-09-03T14:55:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for spice-gtk This update for spice-gtk fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Avoid buffer overflow on image lz checks (bsc#1101295) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-SERVER-12-2018-1826 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20182593-1/ Link for SUSE-SU-2018:2593-1 https://lists.suse.com/pipermail/sle-security-updates/2018-September/004526.html E-Mail link for SUSE-SU-2018:2593-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1101295 SUSE Bug 1101295 https://bugzilla.suse.com/1104448 SUSE Bug 1104448 https://www.suse.com/security/cve/CVE-2018-10873/ SUSE CVE CVE-2018-10873 page https://www.suse.com/security/cve/CVE-2018-10893/ SUSE CVE CVE-2018-10893 page SUSE Linux Enterprise Server 12-LTSS libspice-client-glib-2_0-8-0.25-5.3.1 libspice-client-gtk-2_0-4-0.25-5.3.1 libspice-client-gtk-3_0-4-0.25-5.3.1 libspice-controller0-0.25-5.3.1 typelib-1_0-SpiceClientGlib-2_0-0.25-5.3.1 typelib-1_0-SpiceClientGtk-3_0-0.25-5.3.1 libspice-client-glib-2_0-8-0.25-5.3.1 as a component of SUSE Linux Enterprise Server 12-LTSS libspice-client-gtk-2_0-4-0.25-5.3.1 as a component of SUSE Linux Enterprise Server 12-LTSS libspice-client-gtk-3_0-4-0.25-5.3.1 as a component of SUSE Linux Enterprise Server 12-LTSS libspice-controller0-0.25-5.3.1 as a component of SUSE Linux Enterprise Server 12-LTSS typelib-1_0-SpiceClientGlib-2_0-0.25-5.3.1 as a component of SUSE Linux Enterprise Server 12-LTSS typelib-1_0-SpiceClientGtk-3_0-0.25-5.3.1 as a component of SUSE Linux Enterprise Server 12-LTSS A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. CVE-2018-10873 SUSE Linux Enterprise Server 12-LTSS:libspice-client-glib-2_0-8-0.25-5.3.1 SUSE Linux Enterprise Server 12-LTSS:libspice-client-gtk-2_0-4-0.25-5.3.1 SUSE Linux Enterprise Server 12-LTSS:libspice-client-gtk-3_0-4-0.25-5.3.1 SUSE Linux Enterprise Server 12-LTSS:libspice-controller0-0.25-5.3.1 SUSE Linux Enterprise Server 12-LTSS:typelib-1_0-SpiceClientGlib-2_0-0.25-5.3.1 SUSE Linux Enterprise Server 12-LTSS:typelib-1_0-SpiceClientGtk-3_0-0.25-5.3.1 important 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182593-1/ https://www.suse.com/security/cve/CVE-2018-10873.html CVE-2018-10873 https://bugzilla.suse.com/1104448 SUSE Bug 1104448 Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. CVE-2018-10893 SUSE Linux Enterprise Server 12-LTSS:libspice-client-glib-2_0-8-0.25-5.3.1 SUSE Linux Enterprise Server 12-LTSS:libspice-client-gtk-2_0-4-0.25-5.3.1 SUSE Linux Enterprise Server 12-LTSS:libspice-client-gtk-3_0-4-0.25-5.3.1 SUSE Linux Enterprise Server 12-LTSS:libspice-controller0-0.25-5.3.1 SUSE Linux Enterprise Server 12-LTSS:typelib-1_0-SpiceClientGlib-2_0-0.25-5.3.1 SUSE Linux Enterprise Server 12-LTSS:typelib-1_0-SpiceClientGtk-3_0-0.25-5.3.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182593-1/ https://www.suse.com/security/cve/CVE-2018-10893.html CVE-2018-10893 https://bugzilla.suse.com/1101295 SUSE Bug 1101295