DSA-3596-1 spice -- spiceID: oval:org.secpod.oval:def:602528 | Date: (C)2016-06-09 (M)2023-12-20 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-0749 Jing Zhao of Red Hat discovered a memory allocation flaw, leading to a heap-based buffer overflow in spice"s smartcard interaction. A user connecting to a guest VM via spice can take advantage of this flaw to cause a denial-of-service , or potentially to execute arbitrary code on the host with the privileges of the hosting QEMU process. CVE-2016-2150 Frediano Ziglio of Red Hat discovered that a malicious guest inside a virtual machine can take control of the corresponding QEMU process in the host using crafted primary surface parameters.