You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa spice

Sigurnosni nedostatak programskog paketa spice

==========================================================================
Ubuntu Security Notice USN-3659-1
May 23, 2018

spice, spice-protocol vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Spice could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
– spice: SPICE protocol client and server library
– spice-protocol: SPICE protocol headers

Details:

Frediano Ziglio discovered that Spice incorrectly handled certain
client messages. An attacker could possibly use this to cause Spice to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libspice-server1                0.14.0-1ubuntu2.1

Ubuntu 17.10:
libspice-server1                0.12.8-2.2ubuntu0.1

Ubuntu 16.04 LTS:
libspice-protocol-dev           0.12.10-1ubuntu0.1

Ubuntu 14.04 LTS:
libspice-server1                0.12.4-0nocelt2ubuntu1.6

After a standard system update you need to restart qemu guests to make
all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3659-1
CVE-2017-12194

Package Information:
https://launchpad.net/ubuntu/+source/spice/0.14.0-1ubuntu2.1
https://launchpad.net/ubuntu/+source/spice/0.12.8-2.2ubuntu0.1
https://launchpad.net/ubuntu/+source/spice-protocol/0.12.10-1ubuntu0.1
https://launchpad.net/ubuntu/+source/spice/0.12.4-0nocelt2ubuntu1.6—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJbBqs0AAoJEEW851uECx9pLZcQALXE0SJqvmmoiocLDCbMWfuV
PC0unZ9AylkJplcNiDvl/kUn48GElm5MjpG7uSwk6vioPklZurVTRyXg/5RC1hIX
jwaxI6soaQCF4RUXdazuX6IYRUW6sxW57j5AXSSAd19eZdaltu8ZKMaHBC03eumP
iD9x34qmycKpnV8GY94IYD/NKTiiX12TModv7qzlB7hYHOanWNNHYWqeAGSyPwLD
yNlpwmgyDGZfS5rG2fwmPDUo6HMEoYevZm5ljNKX7re0juB5l6VRyhBX7dpjVOCq
xi7OoNsS4ny7WTqO9xeLKmqOKQ4RM7W5r5XN5wlSri8n8HmAaXsgOY4b7D2bVt2m
UO/1Kq0SCoz4FKuESsrWeglkiVtIQMkZVNA4+GP96F0xSrcP6tcyUTQSG7YAtdiK
NZXITBfwOEKa0Wnlq2cobNGC9qbVHUiGCUB0Zld9oRrBdkyUhAYb+ZUJYMOGviVH
NMqxzOegMlOs0wt3vygF01AznJHpPEuNCrQ63OwY0mn94A4EqN9ufpi2X+OAttPx
tfiCU1bvCYl05rYBj+4RgydOlxdEgWGAalVClcGWOoTSxFBmYwuraMCO6N1+bFs7
8PdMsFp3rvp07dbcKjMCozM1D6005meJIKo2dpdsmTtIk2cDFpNxq4CBceynk8Ra
9zcnG+xj0FPFdYExkvgw
=abMK
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa python

Otkriveni su sigurnosni nedostaci u programskom paketu python za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje proizvoljnog programskog...

Close