Discover Government News

=========================================================================Ubuntu Security Notice USN-2766-1
October 07, 2015

spice vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.04
- Ubuntu 14.04 LTS

Summary:

Spice could be made to crash or run programs.

Software Description:
- spice: SPICE protocol client and server library

Details:

Frediano Ziglio discovered multiple buffer overflows, undefined behavior
signed integer operations, race conditions, memory leaks, and denial
of service issues in Spice. A malicious guest operating system could
potentially exploit these issues to escape virtualization. (CVE-2015-5260,
CVE-2015-5261)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  libspice-server1                0.12.5-1ubuntu0.2

Ubuntu 14.04 LTS:
  libspice-server1                0.12.4-0nocelt2ubuntu1.2

After a standard system update you need to restart qemu guests to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2766-1
  CVE-2015-5260, CVE-2015-5261

Package Information:
  https://launchpad.net/ubuntu/+source/spice/0.12.5-1ubuntu0.2
  https://launchpad.net/ubuntu/+source/spice/0.12.4-0nocelt2ubuntu1.2

Ubuntu 2766-1: Spice vulnerabilities

October 7, 2015
Spice could be made to crash or run programs.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: libspice-server1 0.12.5-1ubuntu0.2 Ubuntu 14.04 LTS: libspice-server1 0.12.4-0nocelt2ubuntu1.2 After a standard system update you need to restart qemu guests to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2766-1

CVE-2015-5260, CVE-2015-5261

Severity
October 07, 2015

Package Information

https://launchpad.net/ubuntu/+source/spice/0.12.5-1ubuntu0.2 https://launchpad.net/ubuntu/+source/spice/0.12.4-0nocelt2ubuntu1.2

Related News