==========================================================================
Ubuntu Security Notice USN-2736-1
September 08, 2015
spice vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 15.04
– Ubuntu 14.04 LTS
Summary:
Spice could be made to crash or run programs.
Software Description:
– spice: SPICE protocol client and server library
Details:
Frediano Ziglio discovered that Spice incorrectly handled monitor configs.
A malicious guest could use this issue to cause a denial of service, or
possibly execute arbitrary code on the host as the user running the QEMU
process. In the default installation, when QEMU is used with libvirt,
attackers would be isolated by the libvirt AppArmor profile.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
libspice-server1 0.12.5-1ubuntu0.1
Ubuntu 14.04 LTS:
libspice-server1 0.12.4-0nocelt2ubuntu1.1
After a standard system update you need to restart all QEMU virtual
machines using Spice to make the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2736-1
CVE-2015-3247
Package Information:
https://launchpad.net/ubuntu/+source/spice/0.12.5-1ubuntu0.1
https://launchpad.net/ubuntu/+source/spice/0.12.4-0nocelt2ubuntu1.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJV7vB5AAoJEGVp2FWnRL6TOtoP/juacyKRLxajTCoInrMAEJGD
rWloNx+qnmT2WgpsCGhsKaD0QJDKjTBjse3eMMXa/lW9jRw+W6kcaE+xze3m9KUf
6ph5UbZ1c1rY6wkLus3rEz7Lvm9XaEFsBNjzRZ033gPGynPcCnGWsllqxzp5vn9s
/OPG0hWIL8+I0kIK4XyXCBkP+n2gF4i2W/Rg0bhMQik3HMidaHWiiG7Dq9SyCch7
fNA+zyJES0BuOmzPqdhD8lGIciahB3S6JJvVPNlPERcLS1DmtWDRQL7ei/tBNzF7
jur1THr9HRNqh9e6XLtoHfqiqCLlmx0iwSyGE8pj37u3evyw3n9ntw7n8PJP8rTj
TzSI7OfDEw/yac+UsB6pPgTh+i0VbP4q6sJA455haLQjGzM0p6UuXcpucEcz6X1k
o1Y1ujist5LMpmeFBB4rOtXH/q5G3YGeXKgYichfMe6kgY7YlRj+bBi1oSPgue9W
ZMM0JiueAdcddl2RksLRv+RisCfPrCI1Kmev3cNRJ7FiQS/5H1erbWmeLpa0W4ls
fuEy0cgn6s0N5Z/TioY9opaakCAizi293WzVZ/W22jXeGMMCzwQa4zBXDJA1z3xU
Jlcr0pptT58/5pVtZKT9wAuzTfV9hHLdPCIBMxBXeOMAevN05NL0g+V9+a3yEqed
79qH3iNIWSgGZoPvWTco
=IQ59
—–END PGP SIGNATURE—–
—