[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2427-1] spice security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2427-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
November 01, 2020                           https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : spice
Version        : 0.12.8-2.1+deb9u4
CVE ID         : CVE-2020-14355
Debian Bug     : 971750

Multiple buffer overflow vulnerabilities were found in the QUIC
image decoding process of the SPICE remote display system,
before spice-0.14.2-1.

Both the SPICE client (spice-gtk) and server are affected by
these flaws. These flaws allow a malicious client or server to
send specially crafted messages that, when processed by the
QUIC image compression algorithm, result in a process crash
or potential code execution.

For Debian 9 stretch, this problem has been fixed in version
0.12.8-2.1+deb9u4.

We recommend that you upgrade your spice packages.

For the detailed security status of spice please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/spice

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl+e6tcACgkQgj6WdgbD
S5bonBAAmDo9gwtOqme9sEjMJz/9i31Phb6JPDKhz2v2hgX0/B3Catc+Ds/BuLIJ
kF2pkS4fktI/xZhKor4EyUHQXqqRoybRqIiW/DUeSEOIFqQYmtC2ThM8vDDgX1P0
i89eQh0GYs86k9ef115WB2U/qyBJfUj8VFCnbAy/U0hov6P1yWxA3EgQ3K55l4gq
wzWBUUJCFO93UbVZvlbvgXMdy4V5ji8eqhI2YS4q6Y+ihpIBLgZmfjSt+dBMn4Ki
rAYj7j0eJHxpZ/sHz0OqW416A8K02L6j9QHwdACq2Q3I5ouGL/DjAJeLNAGrPgXE
6+4jIpzIMu/bGZx9jMmJFRTvhsGRFnd5eP1VCeyexBSJY1NcHDDirt4fgXd5VH7y
HK5c+a+EAR6g093QCTtOJge8sFXUscZpLJZamaWgAbhjTVWRgP4Rau76u6egjFIq
NVuVkfdpbFLhApAOt1Bp1p1VM1wsEY7eeHzwb3lR2NZJ19hZK9KEDCgLwZxTe4tZ
gR6qUEs8XxyGEdgsB/YwAWIUuXIbJOXGp9KKpn6mueAxMcZwhFW5ZGHIsFZmJ+45
tz05jkhtM1C/SyyTWEQJU+PgHKAc8XkQ1LO4uA81htIrtvJRcwH4C5AdDhJJgIFB
oz+YXR2xiCwxP02h8rvX72MFoRxVP1QHvEibWThtlhfccK/xz74=
=Guf4
-----END PGP SIGNATURE-----


Reply to: