Bug 1023079 (CVE-2016-9578) - VUL-0: CVE-2016-9578: spice: Remote DoS via crafted message
Summary: VUL-0: CVE-2016-9578: spice: Remote DoS via crafted message
Status: RESOLVED FIXED
Alias: CVE-2016-9578
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Cédric Bosdonnat
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/179690/
Whiteboard: CVSSv2:SUSE:CVE-2016-9578:5.0:(AV:N/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2017-02-01 18:21 UTC by Andreas Stieger
Modified: 2017-02-08 17:02 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
the patch from the description was corrupted, attaching a fixed one (1.78 KB, patch)
2017-02-02 12:27 UTC, Vítězslav Čížek 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2017-02-01 23:04:12 UTC 
bugbot adjusting priority
Comment 4 Vítězslav Čížek 2017-02-02 12:27:23 UTC 
Created attachment 712558 [details]
the patch from the description was corrupted, attaching a fixed one
Comment 6 Marcus Meissner 2017-02-06 10:01:29 UTC 
is public
Comment 8 Swamp Workflow Management 2017-02-06 14:10:34 UTC 
SUSE-SU-2017:0392-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1023078,1023079
CVE References: CVE-2016-9577,CVE-2016-9578
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    spice-0.12.7-8.1
SUSE Linux Enterprise Server 12-SP2 (src):    spice-0.12.7-8.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    spice-0.12.7-8.1
Comment 9 Swamp Workflow Management 2017-02-06 14:11:08 UTC 
SUSE-SU-2017:0393-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1023078,1023079
CVE References: CVE-2016-9577,CVE-2016-9578
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    spice-0.12.4-8.12.1
SUSE Linux Enterprise Server 12-LTSS (src):    spice-0.12.4-8.12.1
Comment 10 Swamp Workflow Management 2017-02-06 14:12:23 UTC 
SUSE-SU-2017:0396-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1023078,1023079
CVE References: CVE-2016-9577,CVE-2016-9578
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    spice-0.12.4-8.1
SUSE Linux Enterprise Server 11-SP4 (src):    spice-0.12.4-8.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    spice-0.12.4-8.1
Comment 11 Swamp Workflow Management 2017-02-06 14:15:13 UTC 
SUSE-SU-2017:0400-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1023078,1023079
CVE References: CVE-2016-9577,CVE-2016-9578
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    spice-0.12.5-7.1
SUSE Linux Enterprise Server 12-SP1 (src):    spice-0.12.5-7.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    spice-0.12.5-7.1
Comment 12 Swamp Workflow Management 2017-02-08 11:08:51 UTC 
openSUSE-SU-2017:0419-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1023078,1023079
CVE References: CVE-2016-9577,CVE-2016-9578
Sources used:
openSUSE Leap 42.2 (src):    spice-0.12.7-3.1
Comment 13 Swamp Workflow Management 2017-02-08 11:09:23 UTC 
openSUSE-SU-2017:0421-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1023078,1023079
CVE References: CVE-2016-9577,CVE-2016-9578
Sources used:
openSUSE Leap 42.1 (src):    spice-0.12.5-11.1
Comment 14 Marcus Meissner 2017-02-08 12:22:01 UTC 
all released
Comment 15 Bernhard Wiedemann 2017-02-08 17:02:31 UTC 
This is an autogenerated message for OBS integration:
This bug (1023079) was mentioned in
https://build.opensuse.org/request/show/455554 Factory / spice