UbuntuUpdates.org

Package "spice"

Name: spice

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Implements the client side of the SPICE protocol
Latest version: 0.12.4-0nocelt2ubuntu1.8
Release: trusty (14.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "spice" in Trusty

Repository Area Version
security universe 0.12.4-0nocelt2ubuntu1.8
security main 0.12.4-0nocelt2ubuntu1.8
updates main 0.12.4-0nocelt2ubuntu1.8

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.12.4-0nocelt2ubuntu1.8 2019-01-28 21:07:05 UTC

  spice (0.12.4-0nocelt2ubuntu1.8) trusty-security; urgency=medium

  * SECURITY UPDATE: off-by-one error in memslot_get_virt
    - debian/patches/CVE-2019-3813.patch: fix checks in
      server/red_memslots.c.
    - CVE-2019-3813

 -- Marc Deslauriers <email address hidden> Thu, 24 Jan 2019 09:46:04 -0500
Source diff to previous version
CVE-2019-3813 Off-by-one error in array access in spice/server/memslot.c

Version: 0.12.4-0nocelt2ubuntu1.7 2018-08-22 19:06:50 UTC

  spice (0.12.4-0nocelt2ubuntu1.7) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-10873.patch: fix in
      spice-common/python_modules/demarshal.py,
    - CVE-2018-10873

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 20 Aug 2018 15:45:59 -0300
Source diff to previous version
CVE-2018-10873 A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds check

Version: 0.12.4-0nocelt2ubuntu1.6 2018-05-23 22:07:08 UTC

  spice (0.12.4-0nocelt2ubuntu1.6) trusty-security; urgency=medium

  * SECURITY UPDATE: Integer overflow and buffer overflow
    - debian/patches/CVE-2017-12194-1.patch: fix a integer overflow
      computing sizes in spice-common/python_modules/demarshal.py.
    - debian/patches/CVE-2017-12194-2.patch: avoid integer overflow
      in spice-common/python_modules/demarshal.py,
      spice-common/python_modules/marshal.py.
    - CVE-2017-12194

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 22 May 2018 13:01:14 -0300
Source diff to previous version
CVE-2017-12194 A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, coul

Version: 0.12.4-0nocelt2ubuntu1.5 2017-07-19 18:07:19 UTC

  spice (0.12.4-0nocelt2ubuntu1.5) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via invalid monitor configurations
    - debian/patches/CVE-2017-7506-1.patch: disconnect when receiving
      overly big ClientMonitorsConfig in server/reds.c.
    - debian/patches/CVE-2017-7506-2.patch: avoid integer overflows
      handling monitor configuration in server/reds.c.
    - debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling
      monitor configuration in server/reds.c.
    - CVE-2017-7506

 -- Marc Deslauriers <email address hidden> Tue, 18 Jul 2017 13:39:05 -0400
Source diff to previous version
CVE-2017-7506 spice versions though 0.13 are vulnerable to out-of-bounds memory ...

Version: 0.12.4-0nocelt2ubuntu1.4 2017-02-20 20:07:13 UTC

  spice (0.12.4-0nocelt2ubuntu1.4) trusty-security; urgency=medium

  * SECURITY UPDATE: overflow when reading large messages
    - debian/patches/CVE-2016-9577.patch: check size in
      server/main_channel.c.
    - CVE-2016-9577
  * SECURITY UPDATE: DoS via crafted message
    - debian/patches/CVE-2016-9578-1.patch: limit size in server/reds.c.
    - debian/patches/CVE-2016-9578-2.patch: limit caps in server/reds.c.
    - CVE-2016-9578

 -- Marc Deslauriers <email address hidden> Wed, 15 Feb 2017 14:07:29 -0500


About   -   Send Feedback to @ubuntu_updates