This security update for spice fixes the following issues: CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a crafted message