Explore top 10 tips to secure your open-source projects now. Read More
×
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2595-1 Rating: important References: #1101295 #1104448 Cross-References: CVE-2018-10873 CVE-2018-10893 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for spice fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Avoid buffer overflow on image lz checks (bsc#1101295) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1825=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1825=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1825=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libspice-server-devel-0.12.8-6.1 spice-debugsource-0.12.8-6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libspice-server1-0.12.8-6.1 libspice-server1-debuginfo-0.12.8-6.1 spice-debugsource-0.12.8-6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libspice-server1-0.12.8-6.1 libspice-server1-debuginfo-0.12.8-6.1 spice-debugsource-0.12.8-6.1 References: https://www.suse.com/security/cve/CVE-2018-10873.html https://www.suse.com/security/cve/CVE-2018-10893.html https://bugzilla.suse.com/1101295 https://bugzilla.suse.com/1104448 _______________________________________________ sle-security-updates mailing list
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.. SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1836-1 Rating: important References: #1046779 Cross-References: CVE-2017-7506 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice fixes the following issues: - CVE-2017-7506: A possible buffer overflow via invalid monitor configurations (bsc#1046779) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1138=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1138=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1138=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (x86_64): libspice-server-devel-0.12.7-10.3.1 spice-debugsource-0.12.7-10.3.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libspice-server1-0.12.7-10.3.1 libspice-server1-debuginfo-0.12.7-10.3.1 spice-debugsource-0.12.7-10.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libspice-server1-0.12.7-10.3.1 libspice-server1-debuginfo-0.12.7-10.3.1 spice-debugsource-0.12.7-10.3.1 References: https://www.suse.com/security/cve/CVE-2017-7506.html https://bugzilla.suse.com/1046779 . SUSE has released a security update for spice that rectifies a significant buffer overflow vulnerability, providing necessary patches.. SUSE Security Update, Buffer Overflow Fix, Spice Software Update. . LinuxSecurity.com Team
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.. SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0396-1 Rating: important References: #1023078 #1023079 Cross-References: CVE-2016-9577 CVE-2016-9578 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This security update for spice fixes the following issues: CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. (bsc#1023078) CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a crafted message. (bsc#1023079) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-spice-12970=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-spice-12970=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-spice-12970=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libspice-server-devel-0.12.4-8.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): libspice-server1-0.12.4-8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): spice-debuginfo-0.12.4-8.1 spice-debugsource-0.12.4-8.1 References: https://www.suse.com/security/cve/CVE-2016-9577.html https://www.suse.com/security/cve/CVE-2016-9578.html https://bugzilla.suse.com/1023078 https://bugzilla.suse.com/1023079 . Critical security update released for spice components in SUSE Linux Enterprise. Implement the patch promptly to safeguard your systems.. SUSE Security Update, spice Vulnerability, SUSE Linux Patch. . LinuxSecurity.com Team
Update spice-gtk/spice-protocol/spice to new upstream releases. The spice update fixes CVE-2015-3247, CVE-2015-5260 and CVE-2015-5261. ---- Update to spice- gtk 0.29 ---- Update to release 0.12.7. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-7fcc957ba6 2015-11-01 18:14:58.632855 -------------------------------------------------------------------------------- Name : mingw-spice-gtk Product : Fedora 22 Version : 0.30 Release : 1.fc22 URL : Summary : A GTK+ widget for SPICE clients Description : Client libraries for SPICE desktop servers. -------------------------------------------------------------------------------- Update Information: Update spice-gtk/spice-protocol/spice to new upstream releases. The spice update fixes CVE-2015-3247, CVE-2015-5260 and CVE-2015-5261. ---- Update to spice- gtk 0.29 ---- Update to release 0.12.7 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update mingw-spice-gtk' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Update spice-gtk/spice-protocol/spice to new upstream releases. The spice update fixes CVE-2015-3247, CVE-2015-5260 and CVE-2015-5261.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-a78ebcc142 2015-10-11 16:01:25.357270 -------------------------------------------------------------------------------- Name : mingw-spice-protocol Product : Fedora 23 Version : 0.12.10 Release : 1.fc23 URL : https://www.spice-space.org/ Summary : Spice protocol header files Description : Header files describing the spice protocol and the para-virtual graphics card QXL. -------------------------------------------------------------------------------- Update Information: Update spice-gtk/spice-protocol/spice to new upstream releases. The spice update fixes CVE-2015-3247, CVE-2015-5260 and CVE-2015-5261. -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update mingw-spice-protocol' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Get the latest Linux and open source security news straight to your inbox.