Amazon Linux 2 Security Advisory: ALAS-2019-1184
Advisory Release Date: 2019-03-21 19:33 Pacific
Advisory Updated Date: 2019-03-28 19:33 Pacific
Severity:
Important
Issue Overview:
Spice, versions 0.5.2 through 0.14.0, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.(CVE-2019-3813)
Affected Packages:
spice
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update spice to update your system.
New Packages:
src:
spice-0.14.0-6.amzn2.1.src
x86_64:
spice-server-0.14.0-6.amzn2.1.x86_64
spice-server-devel-0.14.0-6.amzn2.1.x86_64
spice-debuginfo-0.14.0-6.amzn2.1.x86_64