You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa spice

Sigurnosni nedostatak programskog paketa spice

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4572-2
October 07, 2020

spice vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM

Summary:

Spice could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
– spice: SPICE protocol client and server library

Details:

USN-4572-1 fixed a vulnerability in Spice. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Frediano Ziglio discovered that Spice incorrectly handled QUIC image
decoding. A remote attacker could use this to cause Spice to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
libspice-server1 0.12.4-0nocelt2ubuntu1.8+esm1

After a standard system update you need to restart qemu guests to make all
the necessary changes.

References:
https://usn.ubuntu.com/4572-2
https://usn.ubuntu.com/4572-1
CVE-2020-14355
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl991NMACgkQRbznW4QL
H2kdIxAAnnJF228ZHNvDo13jHKGk715yRdMiAJ+d/hY76QYjLeyNEtJlqV9ubu/u
zaDRSF80REn9KhMuGqCtUOobguXTGnIIq7S59uj7Or6Gh0jqJHhbUES/GeYtOPFb
xovWRxCsne0/H4ZcPXa6QyyjmaToVH7q+bde3iQujWDFzajERU0Ec1MIsJqLFOsT
myhiMaPis2xfEmgg7MamFINE0i9L+8Z2geKuS+MZ+2pVQ+wCt/zPDlXBKNZ6QP7J
DxaXTgkj/ArvmYShVJcqFTBteuDnem+pD5HBFlXCQpFtOpAEOJd0CBlPczgRD10R
esDGTxz4mxxPNmesgnw1xtCoC7fJ55v7RM8xwtFGnSGMroyClGCWNZ4LlgPQtFy1
tKe9u+xIBdXv1+9oH38XTrgpMoUS31M5N7UCi+t2DrqIbNfX736PLZVjq9cdXFfw
tV95S6eMl/h2KzxJYezuJdcFscdOJZ5VVYMhiP2NVyBOOEPelkk0Hul1urqG8iya
uSog0yN7j/PoWbjEwR/+mmVXBhL1s9EMeCJDExpmtNfRLhY64N2r+P/GxCaV50Xl
VCa27gGrUGLToDG3Ec6TkTrixA1u/B94BAHWvbAMnVwRllvRa+SKbuF3zzNXMA0B
hkfm3TsHYJy3yMZGblbYQjemv9e8OwF9EoLESkVZU4U2GYz2UIc=
=YDOD
—–END PGP SIGNATURE—–

AutorBruno Varga
Cert idNCERT-REF-2020-10-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa vino

Otkriveni su sigurnosni nedostaci u programskom paketu vino za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja,...

Close