Ausführen beliebiger Kommandos in Spice (Aktualisierung)
ID: | USN-4572-2 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 14.04 ESM |
Datum: | Mi, 7. Oktober 2020, 23:14 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14355 |
Applikationen: | SPICE |
Update von: | Ausführen beliebiger Kommandos in Spice |
Originalnachricht |
|
--===============6630741646174100268== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ReaqsoxgOBHFXBhH" Content-Disposition: inline --ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-4572-2 October 07, 2020 spice vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: Spice could be made to crash or run programs if it received specially crafted network traffic. Software Description: - spice: SPICE protocol client and server library Details: USN-4572-1 fixed a vulnerability in Spice. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: libspice-server1 0.12.4-0nocelt2ubuntu1.8+esm1 After a standard system update you need to restart qemu guests to make all the necessary changes. References: https://usn.ubuntu.com/4572-2 https://usn.ubuntu.com/4572-1 CVE-2020-14355 --ReaqsoxgOBHFXBhH Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl991NMACgkQRbznW4QL H2kdIxAAnnJF228ZHNvDo13jHKGk715yRdMiAJ+d/hY76QYjLeyNEtJlqV9ubu/u zaDRSF80REn9KhMuGqCtUOobguXTGnIIq7S59uj7Or6Gh0jqJHhbUES/GeYtOPFb xovWRxCsne0/H4ZcPXa6QyyjmaToVH7q+bde3iQujWDFzajERU0Ec1MIsJqLFOsT myhiMaPis2xfEmgg7MamFINE0i9L+8Z2geKuS+MZ+2pVQ+wCt/zPDlXBKNZ6QP7J DxaXTgkj/ArvmYShVJcqFTBteuDnem+pD5HBFlXCQpFtOpAEOJd0CBlPczgRD10R esDGTxz4mxxPNmesgnw1xtCoC7fJ55v7RM8xwtFGnSGMroyClGCWNZ4LlgPQtFy1 tKe9u+xIBdXv1+9oH38XTrgpMoUS31M5N7UCi+t2DrqIbNfX736PLZVjq9cdXFfw tV95S6eMl/h2KzxJYezuJdcFscdOJZ5VVYMhiP2NVyBOOEPelkk0Hul1urqG8iya uSog0yN7j/PoWbjEwR/+mmVXBhL1s9EMeCJDExpmtNfRLhY64N2r+P/GxCaV50Xl VCa27gGrUGLToDG3Ec6TkTrixA1u/B94BAHWvbAMnVwRllvRa+SKbuF3zzNXMA0B hkfm3TsHYJy3yMZGblbYQjemv9e8OwF9EoLESkVZU4U2GYz2UIc= =YDOD -----END PGP SIGNATURE----- --ReaqsoxgOBHFXBhH-- --===============6630741646174100268== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce |