Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 476
Alerts This Week
Warning Icon 1 476

SUSE 12-SP1: 2017:0400-1 Important: Spice Critical Buffer Overflow

suse
Calendar Grey February 6, 2017
Dist Suse Esm H88
SUSE Security Patch for spice addresses two significant vulnerabilities, featuring a severe buffer overflow and an impact on service availability.
An update that fixes two vulnerabilities is now available

Summary

This security update for spice fixes the following issues: CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. (bsc#1023078) CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a crafted message. (bsc#1023079) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-198=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-198=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-198=1

References

#1023078 #1023079

Cross- CVE-2016-9577 CVE-2016-9578

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP1

SUSE Linux Enterprise Server 12-SP1

SUSE Linux Enterprise Desktop 12-SP1

https://www.suse.com/security/cve/CVE-2016-9577.html

https://www.suse.com/security/cve/CVE-2016-9578.html

https://bugzilla.suse.com/1023078

https://bugzilla.suse.com/1023079

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:0400-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.