RLSA-2026:2214

Synopsis

Important: spice-client-win security update

Description

Spice client MSI installers for Windows clients

Security Fix(es):

* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)

* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2427906 2435961

CVEs

CVE-2026-0719 CVE-2026-1761

Affected packages

Rocky Linux 8 x86_64 - AppStream

spice-client-win-0:8.10-7.el8_10.src.rpm spice-client-win-x64-0:8.10-7.el8_10.noarch.rpm spice-client-win-x86-0:8.10-7.el8_10.noarch.rpm

Rocky Linux 8 aarch64 - AppStream

spice-client-win-0:8.10-7.el8_10.src.rpm spice-client-win-x64-0:8.10-7.el8_10.noarch.rpm spice-client-win-x86-0:8.10-7.el8_10.noarch.rpm