SPICE has a vulnerability caused by a missing check in python_modules/demarshal.py:write_validate_array_item() which results in generated demarshalling code being vulnerable to multiple buffer overflows. An attacker could exploit this to cause a denial of service.
Product Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1594772
Acknowledgments: Name: Frediano Ziglio (Red Hat)
Upstream patch: https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
Created spice tracking bugs for this issue: Affects: fedora-all [bug 1618554]
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:2732 https://access.redhat.com/errata/RHSA-2018:2732
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:2731 https://access.redhat.com/errata/RHSA-2018:2731
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2018:3470 https://access.redhat.com/errata/RHSA-2018:3470