A buffer overread has been discovered in spice possibly allowing remote execution of code.
Package | app-emulation/spice on all architectures |
---|---|
Affected versions | < 0.14.2 |
Unaffected versions | >= 0.14.2 |
Provides a complete open source solution for remote access to virtual machines in a seamless way so you can play videos, record audio, share USB devices, and share folders without complications.
A flaw in spice’s memory handling code has been discovered, allowing an out of bounds read.
A remote attacker may be able to send malicious packets causing remote code execution.
There is no known workaround at this time.
All spice users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/spice-0.14.2"
Release date
July 27, 2020
Latest revision
July 27, 2020: 1
Severity
normal
Exploitable
remote
Bugzilla entries