Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1725 spice security update 12 July 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: spice Publisher: Debian Operating System: Debian GNU/Linux 8 Debian GNU/Linux 9 Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-7506 Original Bulletin: http://www.debian.org/security/2017/dsa-3907 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running spice check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3907-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 11, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : spice CVE ID : CVE-2017-7506 Frediano Ziglio discovered a buffer overflow in spice, a SPICE protocol client and server library which may result in memory disclosure, denial of service and potentially the execution of arbitrary code. For the oldstable distribution (jessie), this problem has been fixed in version 0.12.5-1+deb8u5. For the stable distribution (stretch), this problem has been fixed in version 0.12.8-2.1+deb9u1. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your spice packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlllQ20ACgkQEMKTtsN8 TjbpaQ//ROlmyl4JVodVQAk8DjVYPogV48ec4deaK2eoUZjbdtnD7MMgbCVpfXwy S28rbzVm8hLIq0Wkz7ypCRVF0PDtlAyY7xBgzRPwzeA6TmzZIh5DGHoX3vPEdCB5 i4nyYKvYJ6LZdtbAyWOIVfuJHAcOEKfNm5nAB2jTrb0zFOArzjYpIRM2qxPl4OPq u+eFgFd0KF+VXoEPkuINl5FgRdO2ykWQUeP1U22KNUcR6cwWLLtpx+1E9eV5Y6RN Ii3RzEJQLTmAemHE2cp19I66bbVWWtgUXFzePeNGr6zYM8K/o+g5O0dPdGbuo8Md E3KUyQlBSLAm+fH1WPu59Q5HaQBPHy9jDMQHqeOLIB9/i75JQ5Y84he3FupsAvJl EdbU/iAzc7mBCFfhec+rVZkabo/9GW4JeIH55fyeikcYDpqnzrr7NbAZMUz1XGtj Lqv6mC5yG6WpFSq8rGyPjxKyUbzy37caB8E5M4rtP8Jk8QfXh2cheZ2T5LkvjjYA AnAmTF4OF2cnwBwu3shzxWXxYx9ln8JNYywJJ/7qa/q8MZqWrEq9nMhR0CVqqim4 YEzRl2ztImL1RnA3JzbLDlC5k8jARs5gXOpAr0JfZRusk8+shnEY7YvxTRQtgjB7 GwfBPJ1eILuqpQiGSIyOvApUmoFKXCNB3miu2IyIBBdrszHGHkA= =hBBD - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWWW7vIx+lLeg9Ub1AQgKig/+P2Pg2SMKP8bGimPhoQCQm/EI0DN1ikCu Hg2O3TqwSRV6mKTz4CbAsa00UH3Gb6XBxPkeZp9ee7PDITWa+NLE9u1E7w8dqbpx pebnoVZi62Oiv9Zqz5yEPNqb/WgJLUHBuZlmu6meXqXvjcnuL+FubI+SUfIhsq9L LuTo/nJrW2NNQ/9hiAqZb/6y+TqTnIqtH47wPNUBBvADdTHUBYray50EAew3ItZg w6eVl2688CiYNhFqnd+zPXWehA7anWpQCKw2BDJzw2If9OEKo8hNdTr977ix+MmL uelPU/TdePCldP/uQB9ElyVtMz1roJ7AT5yNayE6LCmOfa5+BORZgBVorl4T1EDo GRjnQwm6o1nAXjpf/WDTKh8dGrySweLk4TSSXIwPRUdoo0zdEvF2tGZgepgqWZjf uDWklUo4NJrCzeyxDkUHSoFWm6r7XHZxEQ3C8EFbE+xwtvYWnxvbNswVr7rKLaZ1 gSjeaW+VsLkR9HP+UQe/CrTpIgSb7/0r0ayablSf9kCFGJpnZwXBlWeT69hVudMU 7TXf0JKlWgOcVPImwOTZBKAEAgZczeqEeIX9NWLk7GSz9yfs7RxjC4+h3Eumvf4p lXSKHJsNqyNaGojbjpET4BdGUnrn+/ztZ09u9DncG6m0w5qKsAXO3Bh8LjDaqDO8 yZ6mCrBYas8= =t3KL -----END PGP SIGNATURE-----