- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-3659-1
May 23, 2018
spice, spice-protocol vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
Spice could be made to crash or run programs if it received specially
crafted network traffic.
Software Description:
– spice: SPICE protocol client and server library
– spice-protocol: SPICE protocol headers
Details:
Frediano Ziglio discovered that Spice incorrectly handled certain
client messages. An attacker could possibly use this to cause Spice to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
libspice-server1 0.14.0-1ubuntu2.1
Ubuntu 17.10:
libspice-server1 0.12.8-2.2ubuntu0.1
Ubuntu 16.04 LTS:
libspice-protocol-dev 0.12.10-1ubuntu0.1
Ubuntu 14.04 LTS:
libspice-server1 0.12.4-0nocelt2ubuntu1.6
After a standard system update you need to restart qemu guests to make
all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3659-1
CVE-2017-12194
Package Information:
https://launchpad.net/ubuntu/+source/spice/0.14.0-1ubuntu2.1
https://launchpad.net/ubuntu/+source/spice/0.12.8-2.2ubuntu0.1
https://launchpad.net/ubuntu/+source/spice-protocol/0.12.10-1ubuntu0.1
https://launchpad.net/ubuntu/+source/spice/0.12.4-0nocelt2ubuntu1.6—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJbBqs0AAoJEEW851uECx9pLZcQALXE0SJqvmmoiocLDCbMWfuV
PC0unZ9AylkJplcNiDvl/kUn48GElm5MjpG7uSwk6vioPklZurVTRyXg/5RC1hIX
jwaxI6soaQCF4RUXdazuX6IYRUW6sxW57j5AXSSAd19eZdaltu8ZKMaHBC03eumP
iD9x34qmycKpnV8GY94IYD/NKTiiX12TModv7qzlB7hYHOanWNNHYWqeAGSyPwLD
yNlpwmgyDGZfS5rG2fwmPDUo6HMEoYevZm5ljNKX7re0juB5l6VRyhBX7dpjVOCq
xi7OoNsS4ny7WTqO9xeLKmqOKQ4RM7W5r5XN5wlSri8n8HmAaXsgOY4b7D2bVt2m
UO/1Kq0SCoz4FKuESsrWeglkiVtIQMkZVNA4+GP96F0xSrcP6tcyUTQSG7YAtdiK
NZXITBfwOEKa0Wnlq2cobNGC9qbVHUiGCUB0Zld9oRrBdkyUhAYb+ZUJYMOGviVH
NMqxzOegMlOs0wt3vygF01AznJHpPEuNCrQ63OwY0mn94A4EqN9ufpi2X+OAttPx
tfiCU1bvCYl05rYBj+4RgydOlxdEgWGAalVClcGWOoTSxFBmYwuraMCO6N1+bFs7
8PdMsFp3rvp07dbcKjMCozM1D6005meJIKo2dpdsmTtIk2cDFpNxq4CBceynk8Ra
9zcnG+xj0FPFdYExkvgw
=abMK
—–END PGP SIGNATURE—–
—
| Autor | Danijel Kozinovic |
| Cert id | NCERT-REF-2018-05-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
