Red Hat update for spice

Published: 2017-08-16 15:58:20 | Updated: 2017-08-16 15:59:56
Severity High
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2017-7506
CVSSv3 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-119
Exploitation vector Network
Public exploit Not available
Vulnerable software Red Hat Enterprise Linux
Vulnerable software versions Red Hat Enterprise Linux 7
Vendor URL Red Hat Inc.

Security Advisory

1) Buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing SPICE protocol client messages in spice. A remote unauthenticated attacker can send a specially crafted message, trigger buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2017:2471

Back to List