Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Ubuntu 18.04 LTS - USN-3659-1 Moderate: Spice Denial Of Service

ubuntu
Calendar Grey May 24, 2018
Scroller Ubuntu
Explore the details of Ubuntu Security Notice USN-3659-1, which tackles a vulnerability in the spice protocol found in multiple versions.
Spice could be made to crash or run programs if it received specially crafted network traffic.

Summary

Spice could be made to crash or run programs if it received specially

crafted network traffic.

Software Description:

- spice: SPICE protocol client and server library

- spice-protocol: SPICE protocol headers

Details:

Frediano Ziglio discovered that Spice incorrectly handled certain

client messages. An attacker could possibly use this to cause Spice to

crash, resulting in a denial of service, or possibly execute arbitrary

code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  libspice-server1                0.14.0-1ubuntu2.1

Ubuntu 17.10:
  libspice-server1                0.12.8-2.2ubuntu0.1

Ubuntu 16.04 LTS:
  libspice-protocol-dev           0.12.10-1ubuntu0.1

Ubuntu 14.04 LTS:
  libspice-server1                0.12.4-0nocelt2ubuntu1.6

After a standard system update you need to restart qemu guests to make
all the necessary changes.

References

 

  CVE-2017-12194

May 23, 2018

Package Information

 
  https://launchpad.net/ubuntu/+source/spice/0.12.8-2.2ubuntu0.1
  https://launchpad.net/ubuntu/+source/spice-protocol/0.12.10-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/spice/0.12.4-0nocelt2ubuntu1.6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.