Back to bug 1300646
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Stefan Cornelius | 2016-01-21 10:59:27 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-01-21 10:59:27 UTC | Doc Type | --- | Bug Fix |
| Stefan Cornelius | 2016-01-21 10:59:40 UTC | Blocks | 1292834 | |
| Stefan Cornelius | 2016-01-21 11:06:29 UTC | Alias | CVE-2016-0749 | |
| Stefan Cornelius | 2016-01-21 11:06:35 UTC | Summary | EMBARGOED spice: heap-based memory corruption within smartcard handling | EMBARGOED CVE-2016-0749 spice: heap-based memory corruption within smartcard handling |
| John Skeoch | 2016-01-28 22:10:35 UTC | CC | ecohen | |
| Christophe Fergeau | 2016-02-12 10:20:33 UTC | CC | fziglio | |
| Stefan Cornelius | 2016-03-10 11:08:38 UTC | Depends On | 1316491 | |
| Stefan Cornelius | 2016-03-10 11:08:45 UTC | Depends On | 1316492 | |
| Stefan Cornelius | 2016-03-10 11:08:53 UTC | Depends On | 1316493 | |
| Stefan Cornelius | 2016-03-10 11:09:01 UTC | Depends On | 1316495 | |
| Stefan Cornelius | 2016-03-10 11:21:30 UTC | Blocks | 1313499 | |
| John Skeoch | 2016-04-18 07:40:47 UTC | CC | yeylon | srevivo |
| Christophe Fergeau | 2016-04-19 14:48:21 UTC | CC | uril | |
| Stefan Cornelius | 2016-05-31 11:41:19 UTC | Doc Text | A memory allocation flaw, leading to a heap-based buffer overflow was found in spice's smartcard interaction. A user connecting to a guest VM via spice could possibly exploit this flaw to crash the QEMU-KVM process, or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. | |
| Martin Prpič | 2016-06-01 08:31:09 UTC | Doc Text | A memory allocation flaw, leading to a heap-based buffer overflow was found in spice's smartcard interaction. A user connecting to a guest VM via spice could possibly exploit this flaw to crash the QEMU-KVM process, or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. | A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code with the privileges of the host's QEMU-KVM process. |
| Stefan Cornelius | 2016-06-06 15:13:53 UTC | Whiteboard | impact=important,public=no,reported=20160104,source=redhat,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-131->CWE-122,fedora-all/spice=affected,rhel-6/spice-server=affected,rhel-7/spice=affected,rhev-m-3/rhev-hypervisor=affected | impact=important,public=20160606,reported=20160104,source=redhat,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-131->CWE-122,fedora-all/spice=affected,rhel-6/spice-server=affected,rhel-7/spice=affected,rhev-m-3/rhev-hypervisor=affected |
| Stefan Cornelius | 2016-06-06 15:17:23 UTC | Summary | EMBARGOED CVE-2016-0749 spice: heap-based memory corruption within smartcard handling | CVE-2016-0749 spice: heap-based memory corruption within smartcard handling |
| Stefan Cornelius | 2016-06-06 15:17:30 UTC | Group | security, qe_staff | |
| Stefan Cornelius | 2016-06-06 15:17:46 UTC | Depends On | 1343137 | |
| Huzaifa S. Sidhpurwala | 2016-12-09 06:24:36 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-12-09 01:24:36 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:42:36 UTC | Whiteboard | impact=important,public=20160606,reported=20160104,source=redhat,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-131->CWE-122,fedora-all/spice=affected,rhel-6/spice-server=affected,rhel-7/spice=affected,rhev-m-3/rhev-hypervisor=affected |
Back to bug 1300646