Ubuntu Security Notice 3014-1 - Jing Zhao discovered that the Spice smartcard support incorrectly handled memory. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 15.10 and Ubuntu 16.04 LTS. Frediano Ziglio discovered that Spice incorrectly handled certain primary surface parameters. A malicious guest operating system could potentially exploit this issue to escape virtualization. Various other issues were also addressed.
6e05cdcaf2aa1cf993c525ec3863c9f2831bf4e664648184e4bee5b17da517e3Gentoo Linux Security Advisory 201606-5 - Multiple vulnerabilities have been found in spice, the worst of which may result in the remote execution of arbitrary code. Versions less than 0.12.7-r1 are affected.
1d66db877a2f969ac356bd3b70ccfafe3d4d009d836c4386f20de29ce0e797cfDebian Linux Security Advisory 3596-1 - Several vulnerabilities were discovered in spice, a SPICE protocol client and server library.
6e544a5ab3da6f4fc590a236d64b6e7f3a14dbc5ffd86752051aa8ac69b5e3aaRed Hat Security Advisory 2016-1205-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Security Fix: A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code with the privileges of the host's QEMU-KVM process.
930d98110860d2796a0f946db501717e8f5099ba8c04b6a1c80beecc2f3cfbaaRed Hat Security Advisory 2016-1204-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix: A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code with the privileges of the host's QEMU-KVM process.
8a04cdaff042fff44f3f4c78a48933af4d346a06194a31eab8bb9a2a217f76e7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed