important: spice-gtk/kernel security update
important
An update for spice-gtk/kernel is now available for NewStart CGSL MAIN 4.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
spice-gtk: spice-client-glib-2.0 is a SPICE client library for GLib2.
kernel: The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
Security Fix(es):
spice-gtk: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.(CVE-2018-10893)
spice-gtk: bugfix
kernel: A vulnerability was found in the Linux kernel’s implementation of the AF_ISDN protocol, which does not enforce the CAP_NET_RAW capability. This flaw can allow unprivileged users to create a raw socket for this protocol. This could further allow the user to control the availability of an existing ISDN circuit.(CVE-2019-17055)
kernel: A vulnerability was found in the Linux kernel's generic WiFi ESSID handling implementation. The flaw allows a system to join a wireless network where the ESSID is longer than the maximum length of 32 characters, which can cause the system to crash or execute code.(CVE-2019-17133)
kernel: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 4.05.F18.