Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in Spice (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Spice (Aktualisierung)
ID: USN-4572-2
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 ESM
Datum: Mi, 7. Oktober 2020, 23:14
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14355
Applikationen: SPICE
Update von: Ausführen beliebiger Kommandos in Spice

Originalnachricht


--===============6630741646174100268==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="ReaqsoxgOBHFXBhH"
Content-Disposition: inline


--ReaqsoxgOBHFXBhH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4572-2
October 07, 2020

spice vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM

Summary:

Spice could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
- spice: SPICE protocol client and server library

Details:

USN-4572-1 fixed a vulnerability in Spice. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Frediano Ziglio discovered that Spice incorrectly handled QUIC image
decoding. A remote attacker could use this to cause Spice to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
libspice-server1 0.12.4-0nocelt2ubuntu1.8+esm1

After a standard system update you need to restart qemu guests to make all
the necessary changes.

References:
https://usn.ubuntu.com/4572-2
https://usn.ubuntu.com/4572-1
CVE-2020-14355

--ReaqsoxgOBHFXBhH
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl991NMACgkQRbznW4QL
H2kdIxAAnnJF228ZHNvDo13jHKGk715yRdMiAJ+d/hY76QYjLeyNEtJlqV9ubu/u
zaDRSF80REn9KhMuGqCtUOobguXTGnIIq7S59uj7Or6Gh0jqJHhbUES/GeYtOPFb
xovWRxCsne0/H4ZcPXa6QyyjmaToVH7q+bde3iQujWDFzajERU0Ec1MIsJqLFOsT
myhiMaPis2xfEmgg7MamFINE0i9L+8Z2geKuS+MZ+2pVQ+wCt/zPDlXBKNZ6QP7J
DxaXTgkj/ArvmYShVJcqFTBteuDnem+pD5HBFlXCQpFtOpAEOJd0CBlPczgRD10R
esDGTxz4mxxPNmesgnw1xtCoC7fJ55v7RM8xwtFGnSGMroyClGCWNZ4LlgPQtFy1
tKe9u+xIBdXv1+9oH38XTrgpMoUS31M5N7UCi+t2DrqIbNfX736PLZVjq9cdXFfw
tV95S6eMl/h2KzxJYezuJdcFscdOJZ5VVYMhiP2NVyBOOEPelkk0Hul1urqG8iya
uSog0yN7j/PoWbjEwR/+mmVXBhL1s9EMeCJDExpmtNfRLhY64N2r+P/GxCaV50Xl
VCa27gGrUGLToDG3Ec6TkTrixA1u/B94BAHWvbAMnVwRllvRa+SKbuF3zzNXMA0B
hkfm3TsHYJy3yMZGblbYQjemv9e8OwF9EoLESkVZU4U2GYz2UIc=
=YDOD
-----END PGP SIGNATURE-----

--ReaqsoxgOBHFXBhH--


--===============6630741646174100268==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung