A buffer overflow vulnerability in main_channel_alloc_msg_rcv_buf was found that occurs when reading large messages due to missing buffer size check. Product bug: https://bugzilla.redhat.com/show_bug.cgi?id=1401038
Acknowledgments: Name: Frediano Ziglio (Red Hat)
This bug is fixed in spice-0.12.4-20.el7_3.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:0254 https://rhn.redhat.com/errata/RHSA-2017-0254.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:0253 https://rhn.redhat.com/errata/RHSA-2017-0253.html
Shouldn't this bug been closed?
(In reply to Frediano Ziglio from comment #10) > Shouldn't this bug been closed? No, there are still open trackers for this bug.
Created spice tracking bugs for this issue: Affects: fedora-all [bug 1432532]
This issue has been addressed in the following products: RHEV 4.X RHEV-H and Agents for RHEL-7 Via RHSA-2017:0552 https://access.redhat.com/errata/RHSA-2017:0552
This issue has been addressed in the following products: RHEV 4.X RHEV-H and Agents for RHEL-7 Via RHSA-2017:0549 https://rhn.redhat.com/errata/RHSA-2017-0549.html