On Tue, Oct 06, 2015 at 06:38:06AM -0400, Frediano Ziglio wrote: > > > > See https://access.redhat.com/security/cve/CVE-2015-5260, > > https://access.redhat.com/security/cve/CVE-2015-5261 and > > http://openwall.com/lists/oss-security/2015/10/06/4 for some > > details on the security problems discovered. > > > > These patches were already be sended to different distribution > > and updates are available for RedHat products (and perhaps others). > > > > First two patches contains additional checks for accessing surfaces > > array in RedWorker structure (see server/red_worker.c). > > > > The other patches group up similar issues related to races between host > > and guest and some structure checking. > > Some of these missing checks allow quite easily to read/write large > > arbitrary memory ranges in the host. > > > > These patches were reviewed internally and are already pushed. Thanks! Christophe
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel