Back to bug 1401603
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-12-05 16:26:14 UTC | CC | security-response-team | |
| Adam Mariš | 2016-12-05 16:27:34 UTC | Blocks | 1401604 | |
| Adam Mariš | 2016-12-05 16:28:01 UTC | Depends On | 1401038 | |
| Doran Moppert | 2016-12-08 04:39:30 UTC | Whiteboard | impact=important,public=no,reported=20161202,source=redhat,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-120,rhel-6/spice-server=new,rhel-7/spice=new,fedora-all/spice=affected | impact=moderate,public=no,reported=20161202,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-120->CWE-120,rhel-6/spice-server=new,rhel-7/spice=new,fedora-all/spice=affected |
| Doran Moppert | 2016-12-08 04:39:35 UTC | Severity | high | medium |
| Doran Moppert | 2016-12-08 04:39:39 UTC | Priority | high | medium |
| Doran Moppert | 2016-12-08 04:50:50 UTC | Whiteboard | impact=moderate,public=no,reported=20161202,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-120->CWE-120,rhel-6/spice-server=new,rhel-7/spice=new,fedora-all/spice=affected | impact=moderate,public=no,reported=20161202,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-120->CWE-120,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected,rhel-7/rhev-hypervisor=new,rhev-m-3/rhev-hypervisor=new |
| Doran Moppert | 2016-12-08 04:51:00 UTC | CC | bmcclain, eedri, fdeutsch, gklein, lsurette, mgoldboi, michal.skrivanek, pstehlik, sherold, srevivo, ycui, ydary, ykaul | |
| Doran Moppert | 2016-12-08 05:01:06 UTC | Doc Text | A vulnerability was discovered in spice, in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server, causing a heap overflow leading to a crash or possible code execution. | |
| Eric Christensen | 2016-12-08 05:12:57 UTC | Doc Text | A vulnerability was discovered in spice, in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server, causing a heap overflow leading to a crash or possible code execution. | A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. |
| Doran Moppert | 2016-12-09 01:00:07 UTC | Depends On | 1403046 | |
| Doran Moppert | 2016-12-09 01:00:19 UTC | Depends On | 1403047 | |
| Doran Moppert | 2016-12-09 01:01:34 UTC | Depends On | 1403048 | |
| Doran Moppert | 2016-12-09 01:01:44 UTC | Depends On | 1403049 | |
| Doran Moppert | 2016-12-09 04:10:44 UTC | CC | dmoppert | |
| Martin Prpič | 2016-12-09 06:50:37 UTC | Alias | CVE-2016-9577 | |
| Martin Prpič | 2016-12-09 06:50:43 UTC | Summary | EMBARGOED spice: Buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages | EMBARGOED CVE-2016-9577 spice: Buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages |
| Christophe Fergeau | 2016-12-09 17:43:49 UTC | CC | fziglio | |
| David Jaša | 2017-01-24 17:34:58 UTC | CC | djasa | |
| Doran Moppert | 2017-01-31 05:28:19 UTC | Whiteboard | impact=moderate,public=no,reported=20161202,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-120->CWE-120,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected,rhel-7/rhev-hypervisor=new,rhev-m-3/rhev-hypervisor=new | impact=moderate,public=20170206,reported=20161202,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-120->CWE-120,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected,rhel-7/rhev-hypervisor=new,rhev-m-3/rhev-hypervisor=new |
| Doran Moppert | 2017-02-01 00:19:56 UTC | CC | dougsland | |
| Whiteboard | impact=moderate,public=20170206,reported=20161202,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-120->CWE-120,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected,rhel-7/rhev-hypervisor=new,rhev-m-3/rhev-hypervisor=new | impact=moderate,public=20170206,reported=20161202,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-120->CWE-122,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected,rhel-7/rhev-hypervisor=new,rhev-m-3/rhev-hypervisor=new | ||
| Doran Moppert | 2017-02-01 00:25:34 UTC | Whiteboard | impact=moderate,public=20170206,reported=20161202,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-120->CWE-122,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected,rhel-7/rhev-hypervisor=new,rhev-m-3/rhev-hypervisor=new | impact=moderate,public=20170206,reported=20161202,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20->CWE-122,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected,rhel-7/rhev-hypervisor=new,rhev-m-3/rhev-hypervisor=new |
| Douglas Schilling Landgraf | 2017-02-01 00:29:44 UTC | CC | rbarry, sbonazzo | |
| Kurt Seifried | 2017-02-03 16:33:56 UTC | Whiteboard | impact=moderate,public=20170206,reported=20161202,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20->CWE-122,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected,rhel-7/rhev-hypervisor=new,rhev-m-3/rhev-hypervisor=new | impact=moderate,public=20170206,reported=20161202,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20->CWE-122,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected,rhel-7/rhev-hypervisor=new,rhev-m-3/rhev-hypervisor=new,rhev-m-4/distribution=affected |
| Kurt Seifried | 2017-02-03 16:34:51 UTC | Whiteboard | impact=moderate,public=20170206,reported=20161202,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20->CWE-122,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected,rhel-7/rhev-hypervisor=new,rhev-m-3/rhev-hypervisor=new,rhev-m-4/distribution=affected | impact=moderate,public=20170206,reported=20161202,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20->CWE-122,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected,rhel-7/rhev-hypervisor=new,rhev-m-3/rhev-hypervisor=affected,rhev-m-4/distribution=affected |
| Kurt Seifried | 2017-02-03 16:35:44 UTC | Depends On | 1419134 | |
| Doran Moppert | 2017-02-06 03:58:49 UTC | Group | security, qe_staff | |
| CC | alexl, alon, hdegoede, jforbes, marcandre.lureau, Rhev-m-bugs, rh-spice-bugs, sandmann, uril, virt-maint | |||
| Summary | EMBARGOED CVE-2016-9577 spice: Buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages | CVE-2016-9577 spice: Buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages | ||
| Kurt Seifried | 2017-02-06 20:48:19 UTC | Blocks | 1419717 | |
| Frediano Ziglio | 2017-03-14 09:10:36 UTC | CC | fziglio | |
| Eric Christensen | 2017-03-14 21:58:32 UTC | CC | sparks | |
| Doc Text | A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. | A vulnerability was discovered in SPICE in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution. | ||
| Adam Mariš | 2017-03-15 15:20:13 UTC | Depends On | 1432532 | |
| Scott Herold | 2017-09-12 15:33:22 UTC | CC | sherold | |
| Eric Christensen | 2018-02-02 19:42:28 UTC | CC | sparks | |
| PnT Account Manager | 2018-07-18 15:07:36 UTC | CC | rbalakri | |
| Andrej Nemec | 2018-07-27 13:09:07 UTC | Fixed In Version | spice 0.13.90 | |
| PnT Account Manager | 2018-11-05 22:49:46 UTC | CC | ylavi | |
| Doran Moppert | 2019-01-04 06:19:37 UTC | CC | dfediuck, sherold | |
| Whiteboard | impact=moderate,public=20170206,reported=20161202,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20->CWE-122,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected,rhel-7/rhev-hypervisor=new,rhev-m-3/rhev-hypervisor=affected,rhev-m-4/distribution=affected | impact=moderate,public=20170206,reported=20161202,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20->CWE-122,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected,rhev-m-4/rhev-hypervisor=affected,rhev-m-3/rhev-hypervisor=affected,rhev-m-4/distribution=affected | ||
| Gil Klein | 2019-04-14 12:51:37 UTC | CC | gklein | |
| Product Security DevOps Team | 2019-06-08 03:03:21 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-06-08 03:03:21 UTC | |||
| Product Security DevOps Team | 2019-09-29 14:01:53 UTC | Whiteboard | impact=moderate,public=20170206,reported=20161202,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20->CWE-122,rhel-6/spice-server=affected,rhel-7/spice=affected,fedora-all/spice=affected,rhev-m-4/rhev-hypervisor=affected,rhev-m-3/rhev-hypervisor=affected,rhev-m-4/distribution=affected |
Back to bug 1401603