==========================================================================
Ubuntu Security Notice USN-3355-1
July 19, 2017
spice vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
Spice could be made to crash or run programs if it received specially
crafted network traffic.
Software Description:
– spice: SPICE protocol client and server library
Details:
Frediano Ziglio discovered that Spice incorrectly handled certain invalid
monitor configurations. A remote attacker could use this issue to cause
Spice to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
libspice-server1 0.12.8-2ubuntu1.1
Ubuntu 16.04 LTS:
libspice-server1 0.12.6-4ubuntu0.3
Ubuntu 14.04 LTS:
libspice-server1 0.12.4-0nocelt2ubuntu1.5
After a standard system update you need to restart qemu guests to make
all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3355-1
CVE-2017-7506
Package Information:
https://launchpad.net/ubuntu/+source/spice/0.12.8-2ubuntu1.1
https://launchpad.net/ubuntu/+source/spice/0.12.6-4ubuntu0.3
https://launchpad.net/ubuntu/+source/spice/0.12.4-0nocelt2ubuntu1.5
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJZb5SEAAoJEGVp2FWnRL6TmswQAJBVq5W6HcxQ47acp7M6cGtF
6IxevGBJdGH1gD0pS3K6lpUGcdgcCp6XxGlFNByI9dQ8PpCbK7q1993afGw4v/kC
Y4lPzf69EMaXuTZUfyPR45F7AJZzodHnLvCXi59UxgKY18ri1seqwTt+x30SywG2
cqCNwYxkqpnJMf2FkDxGVyWkguUT+Ey9eEhBS2V4nfjcvLp5/kqxQuVQpAeU1PIp
XrDcdmVwByVdfE8vBy5v/xaHoJFTdT/r8uBY1QlP+qnRNytULjI7H2GQ1gZbbSyL
N7liJS6skaQE2Vi2zVhlAj52Qr/M4oYsJFJ/6qYqLsjmGWpqEnq5obq4JVGIhOYp
0PU4UogEALDSRLjSx7jTtQtL6V91FPl3yG1RH6NRt6JD+PqI1mpTwX1ZqNe7kBzn
tHQWqv5Nj87ZdsZ+dh+bKHVrBm6rlgxPRguz7/NDh9DYZpETa+gI1LMw5DwLmgVk
m8yFP/K2myj2sWjboRhv0C6A+zSyjm7wf0FrbN+jpDvQvE1RdK/8EeT9TWJhPzCB
obYo+0w+qrZDY2r3BzURbJkKFUPSvUd1vVCgYU/4UjNnADDs+7fgCCOoUwLg6FCo
iUm8Su2Z38JPr0ZKZbB2MjoJiMOU9cIoNqrRCI+uP+tH170ZW96l/rM9ZTv7dseW
H8x+EwE2ZxN/BKotCCMs
=48Wd
—–END PGP SIGNATURE—–
—