1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3354-1] spice security update

    From Salvatore Bonaccorso@1:229/2 to All on Tue Sep 8 19:40:03 2015
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3354-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 08, 2015 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : spice
    CVE ID : CVE-2015-3247
    Debian Bug : 797976

    Frediano Ziglio of Red Hat discovered a race condition flaw in spice's worker_update_monitors_config() function, leading to a heap-based memory corruption. A malicious user in a guest can take advantage of this flaw
    to cause a denial of service (QEMU process crash) or, potentially
    execute arbitrary code on the host with the privileges of the hosting
    QEMU process.

    For the stable distribution (jessie), this problem has been fixed in
    version 0.12.5-1+deb8u1.

    For the unstable distribution (sid), this problem has been fixed in
    version 0.12.5-1.2.

    We recommend that you upgrade your spice packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJV7xxXAAoJEAVMuPMTQ89Ek28P/0DMZLCpmYys8q9u51DBwxe/ 4D83kcAkCcHkXs3sXf6QLtdOEbEaYwJtewMVglKC+DtWVVfadl69MGag0fvid6yu 4W6dpGMRvITyyFEFwg8w/FnLP15rk6CwI/xZylqXOvEmg/VwxFzwZFEwVkFpNZwu jzUzgalklemPCwQ11EMbDOJZ9dj/t4G9abrB9cUxZ42mlXFXfnOK4d84RC/sOmNo OLSPCozxwZ2Gvf0hzZtnW+YL3rsRWbMzurhG8NuEh6TT/M9Az/sYDZYwJBfVyvm5 zXXVHRMk4YzrXXFtmz39JUkehsROAeNkZRPWs1dNSsqAp21YzpM+gyBem/fA35Fl a9FgxwUNeff7MZCpMYy8/g4Pk0mVOZ3HVSj9/3g8FSJXqnbdCEkMpO47cqyAtSC+ 7yynKo51PvlIMmXCRdMf//43IETIQDDrdykj0PCNOA7xbZxleJeLM9HhrihL8P3n 39RHFsk+RiPl9KCsNTZsA0CxgomizwQsHw1VonVtb4zl7Kgu1LNS8/lIS18fsuG3 FmQ5OJR7mdRtpCXaDE3D6f1JMHhhuT9yFpxyyRBpEIEYvl0Xgp1DwIPA9Y0FLGdw 84I9BAqFNU0jHhdr5EEchD67EwDnUvktMbo+XjV74i2Ke6q1Vss2XypP+Q9cyXiH hlCWKiI0pnrTey9hLHO/
    =yi4J
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)