지락문화예술공작단

USN-3014-1: Spice vulnerabilities Ubuntu Security Notice USN-3014-1 21st June, 2016 spice vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Summary Several security issues were fixed in Spice. Software description spice – SPICE protocol client and server library Details Jing Zhao discovered that the Spice smartcard support incorrectly handledmemory. A remote attacker could use this issue to cause Spice to crash,resulting in a denial of service, or possibly execute arbitrary code. Thisissue only applied to Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-0749) Frediano Ziglio discovered that Spice incorrectly handled certain primarysurface parameters. A malicious guest operating system could potentiallyexploit this issue to escape virtualization. (CVE-2016-2150) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libspice-server1 0.12.6-4ubuntu0.1 Ubuntu 15.10: libspice-server1 [ more… ]