Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.2570 spice security update 12 October 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: spice Publisher: Debian Operating System: Debian GNU/Linux 7 Debian GNU/Linux 8 Linux variants Windows Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Modify Arbitrary Files -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2015-5261 CVE-2015-5260 Original Bulletin: http://www.debian.org/security/2015/dsa-3371 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running spice check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3371-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 09, 2015 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : spice CVE ID : CVE-2015-5260 CVE-2015-5261 Debian Bug : 801089 801091 Frediano Ziglio of Red Hat discovered several vulnerabilities in spice, a SPICE protocol client and server library. A malicious guest can exploit these flaws to cause a denial of service (QEMU process crash), execute arbitrary code on the host with the privileges of the hosting QEMU process or read and write arbitrary memory locations on the host. For the oldstable distribution (wheezy), these problems have been fixed in version 0.11.0-1+deb7u2. For the stable distribution (jessie), these problems have been fixed in version 0.12.5-1+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 0.12.5-1.3. We recommend that you upgrade your spice packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWGAWsAAoJEAVMuPMTQ89ETQQP/ipLkOB1y5LAKpD7Hym3qudp xCqd+3A9wptKN8WC2SBdvxFEXeb8I20PPbhkq5Th/S0taUbjx+dLg6OgK+4Ff7fv //E9QRsgcDUpFcV25l4dOxXVX0iRSBnN+QZnCZND5yOy3ON7rEEXV2lvOidIRCst sX+j2U2WZQCDQdY9xebSaF/tCR6mLMDE6WmMzz12dqW4A18HkiI9gXKsPSAPfAeY mMz39Zn5oiHptRzmE2VAGyyU8xW1VQbqj1QEE3nO4Pyk+49DG43djVK02bqrO9P4 u8cNhWhPYC3/QtB+sZJopFrQy4kxaNdtd8Ov1FKCW+HQC9tSwx/sW5VNvAJjHNU1 ZQAz+oCb65gQ74QuUd56srHuad+mlzPkyQTw6k5eHgMlUrxH/tkNp2xUMk0dl9D7 WMqKYQjpndMbDZiuqHv+pNhGCz4AHjVWMiYNZA7uBpU4vTowZafb0FA/C/M6MTEw zUyac6dJDkSgw0hPRN6z1nyhigMLjvbzZVbR3NwTCcYeMBRzW4EHsh+C4AOPlQKh mN6bNw45VSsxE3QFrxT5uh9AftQT6ljsJw06jbUSWT0DtIX8/egJLKWFs1ebMMjY ENnthiWjSFEc6nB3w843todHd6VjCVF54JimEeH4Y0Dv8PGdyRtn4o1Znff+S56M n14mCmekUHD7/xjyIVOO =EfnH - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVhsYsH6ZAP0PgtI9AQJ1zg//f2XtQrNydtZDL9YAdYnlh1r05cPAltVU slezD5xydreRpZvJj5KMHDSGr3oX0lVzcnThCLzhfZS0O+fhe/3nbydc8lGodtj9 OtZjVMRkoST079dq9rMWWuSFYqSM4g+uulh0i0g51TIWrFQPIkp57KXqJOQ8yxIh Hlw6LkHfs4qzSe0k69GCTQZidrqm6ERL7OiZdtdQ1Qfy/PWhAUHvL3akOnqhBwxR tk95FkkemjqQmGsMjmXI86/caj+yncvEkJquIiKDt/BUroEfoXMKFz5Ijnnbiwo9 /9Ob6FTVWm8g0xWlPU0KTVyf4RCHO01qzb8DHpYMmY3IO1wza7+qkJjsVLXJPz7P kVi9Eqy2iYD82oNB8GrjNkVs0lSOM8kRpDdb1l7o1JIdvEIjIkdwJgEiPmwY8srL sY1LYtLCambckYa1DxOGXW+wxqtpwgoQT7MhBuCWPB7gH9igSg82Z8SlddxNs5Xs p6M5owbRVpKbPegDFiU9C5oIEuRZWV68UAMJpZf+9QaIlpgzc5yirOiwI++m77Ax r/0oPtLK6s2PiuV9LzJ/yH4mXaYT/xwU37Jq3TyasuspgWCR7mAURoQyWf3tu37J VF/Mc2Ly4HICjPAs6xLNSX02vu4WlenLiLqQjwmTAWTORlZCP1VwYHe9WssTscfV Zk0qebLjlfc= =BHR0 -----END PGP SIGNATURE-----