ALAS2-2019-1184


Amazon Linux 2 Security Advisory: ALAS-2019-1184
Advisory Release Date: 2019-03-28 19:33 Pacific
Severity: Important
References: CVE-2019-3813 

Issue Overview:

Spice, versions 0.5.2 through 0.14.0, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.(CVE-2019-3813 )


Affected Packages:

spice


Issue Correction:
Run yum update spice to update your system.

New Packages:
src:
    spice-0.14.0-6.amzn2.1.src

x86_64:
    spice-server-0.14.0-6.amzn2.1.x86_64
    spice-server-devel-0.14.0-6.amzn2.1.x86_64
    spice-debuginfo-0.14.0-6.amzn2.1.x86_64