[Spice-devel] [PATCH 00/19] CVE-2015-5260 and CVE-2015-5261 related fixes
Christophe Fergeau
cfergeau at redhat.com
Tue Oct 6 03:48:01 PDT 2015
On Tue, Oct 06, 2015 at 06:38:06AM -0400, Frediano Ziglio wrote:
> >
> > See https://access.redhat.com/security/cve/CVE-2015-5260,
> > https://access.redhat.com/security/cve/CVE-2015-5261 and
> > http://openwall.com/lists/oss-security/2015/10/06/4 for some
> > details on the security problems discovered.
> >
> > These patches were already be sended to different distribution
> > and updates are available for RedHat products (and perhaps others).
> >
> > First two patches contains additional checks for accessing surfaces
> > array in RedWorker structure (see server/red_worker.c).
> >
> > The other patches group up similar issues related to races between host
> > and guest and some structure checking.
> > Some of these missing checks allow quite easily to read/write large
> > arbitrary memory ranges in the host.
> >
>
> These patches were reviewed internally and are already pushed.
Thanks!
Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20151006/463a93ff/attachment-0001.sig>
More information about the Spice-devel
mailing list