-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.1725
                           spice security update
                               12 July 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           spice
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
                   Debian GNU/Linux 9
                   Linux variants
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Denial of Service               -- Existing Account
                   Access Confidential Data        -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-7506  

Original Bulletin: 
   http://www.debian.org/security/2017/dsa-3907

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running spice check for an updated version of the software for their
         operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3907-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 11, 2017                         https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : spice
CVE ID         : CVE-2017-7506

Frediano Ziglio discovered a buffer overflow in spice, a SPICE protocol
client and server library which may result in memory disclosure, denial
of service and potentially the execution of arbitrary code.

For the oldstable distribution (jessie), this problem has been fixed
in version 0.12.5-1+deb8u5.

For the stable distribution (stretch), this problem has been fixed in
version 0.12.8-2.1+deb9u1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your spice packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlllQ20ACgkQEMKTtsN8
TjbpaQ//ROlmyl4JVodVQAk8DjVYPogV48ec4deaK2eoUZjbdtnD7MMgbCVpfXwy
S28rbzVm8hLIq0Wkz7ypCRVF0PDtlAyY7xBgzRPwzeA6TmzZIh5DGHoX3vPEdCB5
i4nyYKvYJ6LZdtbAyWOIVfuJHAcOEKfNm5nAB2jTrb0zFOArzjYpIRM2qxPl4OPq
u+eFgFd0KF+VXoEPkuINl5FgRdO2ykWQUeP1U22KNUcR6cwWLLtpx+1E9eV5Y6RN
Ii3RzEJQLTmAemHE2cp19I66bbVWWtgUXFzePeNGr6zYM8K/o+g5O0dPdGbuo8Md
E3KUyQlBSLAm+fH1WPu59Q5HaQBPHy9jDMQHqeOLIB9/i75JQ5Y84he3FupsAvJl
EdbU/iAzc7mBCFfhec+rVZkabo/9GW4JeIH55fyeikcYDpqnzrr7NbAZMUz1XGtj
Lqv6mC5yG6WpFSq8rGyPjxKyUbzy37caB8E5M4rtP8Jk8QfXh2cheZ2T5LkvjjYA
AnAmTF4OF2cnwBwu3shzxWXxYx9ln8JNYywJJ/7qa/q8MZqWrEq9nMhR0CVqqim4
YEzRl2ztImL1RnA3JzbLDlC5k8jARs5gXOpAr0JfZRusk8+shnEY7YvxTRQtgjB7
GwfBPJ1eILuqpQiGSIyOvApUmoFKXCNB3miu2IyIBBdrszHGHkA=
=hBBD
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWWW7vIx+lLeg9Ub1AQgKig/+P2Pg2SMKP8bGimPhoQCQm/EI0DN1ikCu
Hg2O3TqwSRV6mKTz4CbAsa00UH3Gb6XBxPkeZp9ee7PDITWa+NLE9u1E7w8dqbpx
pebnoVZi62Oiv9Zqz5yEPNqb/WgJLUHBuZlmu6meXqXvjcnuL+FubI+SUfIhsq9L
LuTo/nJrW2NNQ/9hiAqZb/6y+TqTnIqtH47wPNUBBvADdTHUBYray50EAew3ItZg
w6eVl2688CiYNhFqnd+zPXWehA7anWpQCKw2BDJzw2If9OEKo8hNdTr977ix+MmL
uelPU/TdePCldP/uQB9ElyVtMz1roJ7AT5yNayE6LCmOfa5+BORZgBVorl4T1EDo
GRjnQwm6o1nAXjpf/WDTKh8dGrySweLk4TSSXIwPRUdoo0zdEvF2tGZgepgqWZjf
uDWklUo4NJrCzeyxDkUHSoFWm6r7XHZxEQ3C8EFbE+xwtvYWnxvbNswVr7rKLaZ1
gSjeaW+VsLkR9HP+UQe/CrTpIgSb7/0r0ayablSf9kCFGJpnZwXBlWeT69hVudMU
7TXf0JKlWgOcVPImwOTZBKAEAgZczeqEeIX9NWLk7GSz9yfs7RxjC4+h3Eumvf4p
lXSKHJsNqyNaGojbjpET4BdGUnrn+/ztZ09u9DncG6m0w5qKsAXO3Bh8LjDaqDO8
yZ6mCrBYas8=
=t3KL
-----END PGP SIGNATURE-----