[ol7_latest_archive] spice-server-0.12.8-2.el7.1.x86_64

Name:	spice-server
Version:	0.12.8
Release:	2.el7.1
Architecture:	x86_64
Group:	System Environment/Libraries
Size:	1271357
License:	LGPLv2+
RPM:	spice-server-0.12.8-2.el7.1.x86_64.rpm
Source RPM:	spice-0.12.8-2.el7.1.src.rpm
Build Date:	Tue Aug 15 2017
Build Host:	x86-ol7-builder-01.us.oracle.com
Vendor:	Oracle America
URL:	http://www.spice-space.org/
Summary:	Implements the server side of the SPICE protocol
Description:	The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains the run-time libraries for any application that wishes to be a SPICE server.

Changelog (Show File list) (Show related packages)

Wed Jul 05 2017 Christophe Fergeau <cfergeau@redhat.com> 0.12.8-2.1

- Redo build properly versioned as a zstream build
  Related: CVE-2017-7506

Fri Jun 30 2017 Christophe Fergeau <cfergeau@redhat.com> 0.12.8-3

- Prevent potential buffer/integer overflows with invalid MonitorsConfig messages
  sent from an authenticated client
  Resolves: CVE-2017-7506

Tue Apr 25 2017 Christophe Fergeau <cfergeau@redhat.com> 0.12.8-2

- Drop clients immediatly if the magic they send is wrong
  Resolves: rhbz#1416692

Mon Jan 16 2017 Christophe Fergeau <cfergeau@redhat.com> 0.12.8-1

- Rebase to spice-server 0.12.8
  Resolves: rhbz#1388947
  Resolves: rhbz#1377551
  Resolves: rhbz#1283202

Fri Dec 09 2016 Frediano Ziglio <fziglio@redhat.com> - 0.12.4-20

- Fix buffer overflow in main_channel_alloc_msg_rcv_buf when reading large
  messages.
  Resolves: CVE-2016-9577
- Fix remote DoS via crafted message.
  Resolves: CVE-2016-9578

Fri Sep 09 2016 Christophe Fergeau <cfergeau@redhat.com> 0.12.4-19

- Ensure SPICE_MIGRATE_COMPLETED is sent in all cases when it's needed.
  Resolves: rhbz#1352836

Fri Jul 01 2016 Christophe Fergeau <cfergeau@redhat.com> - 0.12.4-18

- Fix crash when connecting to VM using smartcard passthrough
  Resolves: rhbz#1340899
- Fix hang after unredirecting a USB device
  Resolves: rhbz#1338752
- Backport spice_qxl_set_max_monitors()
  Resolves: rhbz#1283202

Wed Apr 27 2016 Christophe Fergeau <cfergeau@redhat.com> - 0.12.4-17

- Fix crash when the client sends a wrong header (for example when using spice-html5)
  Resolves: rhbz#1281442
- Fix crash when guest provides wrong address
  Resolves: rhbz#1264356
- Fix thread-safety issue causing a crash when playing a Youtube video spanning
  multiple monitors
  Resolves: rhbz#1253375
- Add patches reducing QEMU wake-ups
  Related: rhbz#912763, rhbz#1186146
- Fix use-after-free after resetting a VM
  Resolves: rhbz#1281455
- Send KeepAlive probes every 10 minutes
  Resolves: rhbz#1298590
- Add client to guest volume synchronization
  Resolves: rhbz#1264107

Mon Apr 25 2016 Christophe Fergeau <cfergeau@redhat.com> - 0.12.4-16

- Use autosetup
  Related: CVE-2016-0749
- Fix heap-based memory corruption within smartcard handling
  Resolves: CVE-2016-0749
- Fix host memory access from guest with invalid primary surface parameters
  Resolves: CVE-2016-2150

Wed Sep 23 2015 Frediano Ziglio <fziglio@redhat.com> 0.12.4-15

- CVE-2015-5260 CVE-2015-5261 fixed various security flaws
  Resolves: rhbz#1267134