漏洞类别:RedHat
漏洞等级: 
漏洞信息
The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.
Security Fix(es):
A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. (CVE-2016-9577)
A vulnerability was discovered in spice in the server's protocol handling. An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. (CVE-2016-9578)
漏洞危害
A remote attacker could exploit this vulnerability to execute arbitrary code on the system or crash the process.
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2017:0254 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论