DSA-2839-1 spice -- denial of serviceID: oval:org.secpod.oval:def:601190 | Date: (C)2014-01-24 (M)2023-12-07 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been found in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-4130 David Gibson of Red Hat discovered that SPICE incorrectly handled certain network errors. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. CVE-2013-4282 Tomas Jamrisko of Red Hat discovered that SPICE incorrectly handled long passwords in SPICE tickets. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. Applications acting as a SPICE server must be restarted for this update to take effect.