{"affected":[{"ecosystem_specific":{"binaries":[{"libspice-client-glib-2_0-8":"0.34-3.3.1","libspice-client-glib-helper":"0.34-3.3.1","libspice-client-gtk-3_0-5":"0.34-3.3.1","libspice-controller0":"0.34-3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"spice-gtk","purl":"pkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.34-3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"spice-gtk-devel":"0.34-3.3.1","typelib-1_0-SpiceClientGlib-2_0":"0.34-3.3.1","typelib-1_0-SpiceClientGtk-3_0":"0.34-3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15","name":"spice-gtk","purl":"pkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.34-3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for spice-gtk fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-10873: Fix potential heap corruption when demarshalling (bsc#1104448)\n- CVE-2018-10893: Avoid buffer overflow on image lz checks (bsc#1101295)\n\nOther bugs fixed:\n\n- Add setuid bit to spice-client-glib-usb-acl-helper (bsc#1101420)\n","id":"SUSE-SU-2018:2709-1","modified":"2018-09-13T20:40:42Z","published":"2018-09-13T20:40:42Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20182709-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1101295"},{"type":"REPORT","url":"https://bugzilla.suse.com/1101420"},{"type":"REPORT","url":"https://bugzilla.suse.com/1104448"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-10873"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-10893"}],"related":["CVE-2018-10873","CVE-2018-10893"],"summary":"Security update for spice-gtk","upstream":["CVE-2018-10873","CVE-2018-10893"]}