SUSE-SU-2018:0372-1 -- SLES spice-vdagent| ID: oval:org.secpod.oval:def:89043976 | Date: (C)2021-03-05 (M)2022-10-13 |
| Class: PATCH | Family: unix |
This update for spice-vdagent provides the following fixes: This security issue was fixed: - CVE-2017-15108: Properly escape save directory that is passed to the shell to prevent local attacker with access to the session the agent runs from injecting arbitrary commands to be executed . This non-security issue was fixed: - Implement endian swapping, required for big-endian guests to connect to the spice client successfully
| Platform: |
| SUSE Linux Enterprise Server 12 SP3 |
| SUSE Linux Enterprise Server 12 SP2 |
