Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in Spice
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Spice
ID: USN-3659-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.10, Ubuntu 18.04 LTS
Datum: Do, 24. Mai 2018, 14:49
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12194
Applikationen: SPICE

Originalnachricht


--===============2555967078155244101==
Content-Type: multipart/signed; micalg="pgp-sha256";
protocol="application/pgp-signature";
boundary="=-lUKwYmwgmxT06rna2y2Z"


--=-lUKwYmwgmxT06rna2y2Z
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3659-1
May 23, 2018

spice, spice-protocol vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Spice could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
- spice: SPICE protocol client and server library
- spice-protocol: SPICE protocol headers

Details:

Frediano Ziglio discovered that Spice incorrectly handled certain
client messages. An attacker could possibly use this to cause Spice to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libspice-server1 0.14.0-1ubuntu2.1

Ubuntu 17.10:
libspice-server1 0.12.8-2.2ubuntu0.1

Ubuntu 16.04 LTS:
libspice-protocol-dev 0.12.10-1ubuntu0.1

Ubuntu 14.04 LTS:
libspice-server1 0.12.4-0nocelt2ubuntu1.6

After a standard system update you need to restart qemu guests to make
all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3659-1
CVE-2017-12194

Package Information:
https://launchpad.net/ubuntu/+source/spice/0.14.0-1ubuntu2.1
https://launchpad.net/ubuntu/+source/spice/0.12.8-2.2ubuntu0.1
https://launchpad.net/ubuntu/+source/spice-protocol/0.12.10-1ubuntu0.1
https://launchpad.net/ubuntu/+source/spice/0.12.4-0nocelt2ubuntu1.6
--=-lUKwYmwgmxT06rna2y2Z
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJbBqs0AAoJEEW851uECx9pLZcQALXE0SJqvmmoiocLDCbMWfuV
PC0unZ9AylkJplcNiDvl/kUn48GElm5MjpG7uSwk6vioPklZurVTRyXg/5RC1hIX
jwaxI6soaQCF4RUXdazuX6IYRUW6sxW57j5AXSSAd19eZdaltu8ZKMaHBC03eumP
iD9x34qmycKpnV8GY94IYD/NKTiiX12TModv7qzlB7hYHOanWNNHYWqeAGSyPwLD
yNlpwmgyDGZfS5rG2fwmPDUo6HMEoYevZm5ljNKX7re0juB5l6VRyhBX7dpjVOCq
xi7OoNsS4ny7WTqO9xeLKmqOKQ4RM7W5r5XN5wlSri8n8HmAaXsgOY4b7D2bVt2m
UO/1Kq0SCoz4FKuESsrWeglkiVtIQMkZVNA4+GP96F0xSrcP6tcyUTQSG7YAtdiK
NZXITBfwOEKa0Wnlq2cobNGC9qbVHUiGCUB0Zld9oRrBdkyUhAYb+ZUJYMOGviVH
NMqxzOegMlOs0wt3vygF01AznJHpPEuNCrQ63OwY0mn94A4EqN9ufpi2X+OAttPx
tfiCU1bvCYl05rYBj+4RgydOlxdEgWGAalVClcGWOoTSxFBmYwuraMCO6N1+bFs7
8PdMsFp3rvp07dbcKjMCozM1D6005meJIKo2dpdsmTtIk2cDFpNxq4CBceynk8Ra
9zcnG+xj0FPFdYExkvgw
=abMK
-----END PGP SIGNATURE-----

--=-lUKwYmwgmxT06rna2y2Z--



--===============2555967078155244101==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============2555967078155244101==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung