Joined: 12 May 2004
|Posted: Tue Jul 28, 2020 4:26 am Post subject: [ GLSA 202007-30 ] spice
|Gentoo Linux Security Advisory
Title: spice: Arbitrary code execution (GLSA 202007-30)
A buffer overread has been discovered in spice possibly allowing
remote execution of code.
Provides a complete open source solution for remote access to virtual
machines in a seamless way so you can play videos, record audio, share
USB devices, and share folders without complications.
Vulnerable: < 0.14.2
Unaffected: >= 0.14.2
Architectures: All supported architectures
A flaw in spice’s memory handling code has been discovered, allowing
an out of bounds read.
A remote attacker may be able to send malicious packets causing remote
There is no known workaround at this time.
All spice users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/spice-0.14.2"