Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2016-0749

Published: 9 June 2016

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

Notes

AuthorNote
mdeslaur
technically, this doesn't affect trusty since it is compiled
with --disable-smartcard.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
spice
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was needed)
trusty
Released (0.12.4-0nocelt2ubuntu1.3)
upstream Needs triage

wily
Released (0.12.5-1.1ubuntu2.1)
xenial
Released (0.12.6-4ubuntu0.1)
yakkety
Released (0.12.6-4ubuntu1)
zesty
Released (0.12.6-4ubuntu1)