| Revision Date: | 2018-02-06 | Version: | 1 |
| Title: | security update for spice-vdagent (Moderate) |
| Description: |
This update for spice-vdagent provides the following fixes:
This security issue was fixed:
- CVE-2017-15108: Properly escape save directory that is passed to the shell to prevent local attacker with access to the session the agent runs from injecting arbitrary commands to be executed (bsc#1070724).
This non-security issue was fixed:
- Implement endian swapping, required for big-endian guests to connect to the spice client successfully. (bsc#1012215)
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1012215
1070724
CVE-2017-15108
SUSE-SU-2018:0372-1
|
| Platform(s): | SUSE Linux Enterprise Server 12 SP2
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2 is installed AND spice-vdagent-0.16.0-8.5.15 is installed
|