drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Spice (Aktualisierung)
Name: |
Ausführen beliebiger Kommandos in Spice (Aktualisierung) |
|
ID: |
USN-4572-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 ESM |
|
Datum: |
Mi, 7. Oktober 2020, 23:14 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14355 |
|
Applikationen: |
SPICE |
|
Update von: |
Ausführen beliebiger Kommandos in Spice |
|
Originalnachricht |
--===============6630741646174100268== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ReaqsoxgOBHFXBhH" Content-Disposition: inline
--ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-4572-2 October 07, 2020
spice vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Spice could be made to crash or run programs if it received specially crafted network traffic.
Software Description: - spice: SPICE protocol client and server library
Details:
USN-4572-1 fixed a vulnerability in Spice. This update provides the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: libspice-server1 0.12.4-0nocelt2ubuntu1.8+esm1
After a standard system update you need to restart qemu guests to make all the necessary changes.
References: https://usn.ubuntu.com/4572-2 https://usn.ubuntu.com/4572-1 CVE-2020-14355
--ReaqsoxgOBHFXBhH Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl991NMACgkQRbznW4QL H2kdIxAAnnJF228ZHNvDo13jHKGk715yRdMiAJ+d/hY76QYjLeyNEtJlqV9ubu/u zaDRSF80REn9KhMuGqCtUOobguXTGnIIq7S59uj7Or6Gh0jqJHhbUES/GeYtOPFb xovWRxCsne0/H4ZcPXa6QyyjmaToVH7q+bde3iQujWDFzajERU0Ec1MIsJqLFOsT myhiMaPis2xfEmgg7MamFINE0i9L+8Z2geKuS+MZ+2pVQ+wCt/zPDlXBKNZ6QP7J DxaXTgkj/ArvmYShVJcqFTBteuDnem+pD5HBFlXCQpFtOpAEOJd0CBlPczgRD10R esDGTxz4mxxPNmesgnw1xtCoC7fJ55v7RM8xwtFGnSGMroyClGCWNZ4LlgPQtFy1 tKe9u+xIBdXv1+9oH38XTrgpMoUS31M5N7UCi+t2DrqIbNfX736PLZVjq9cdXFfw tV95S6eMl/h2KzxJYezuJdcFscdOJZ5VVYMhiP2NVyBOOEPelkk0Hul1urqG8iya uSog0yN7j/PoWbjEwR/+mmVXBhL1s9EMeCJDExpmtNfRLhY64N2r+P/GxCaV50Xl VCa27gGrUGLToDG3Ec6TkTrixA1u/B94BAHWvbAMnVwRllvRa+SKbuF3zzNXMA0B hkfm3TsHYJy3yMZGblbYQjemv9e8OwF9EoLESkVZU4U2GYz2UIc= =YDOD -----END PGP SIGNATURE-----
--ReaqsoxgOBHFXBhH--
--===============6630741646174100268== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|