1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3907-1] spice security update

    From Moritz Muehlenhoff@1:229/2 to All on Tue Jul 11 23:40:02 2017
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3907-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff
    July 11, 2017 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : spice
    CVE ID : CVE-2017-7506

    Frediano Ziglio discovered a buffer overflow in spice, a SPICE protocol
    client and server library which may result in memory disclosure, denial
    of service and potentially the execution of arbitrary code.

    For the oldstable distribution (jessie), this problem has been fixed
    in version 0.12.5-1+deb8u5.

    For the stable distribution (stretch), this problem has been fixed in
    version 0.12.8-2.1+deb9u1.

    For the unstable distribution (sid), this problem will be fixed soon.

    We recommend that you upgrade your spice packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlllQ20ACgkQEMKTtsN8 TjbpaQ//ROlmyl4JVodVQAk8DjVYPogV48ec4deaK2eoUZjbdtnD7MMgbCVpfXwy S28rbzVm8hLIq0Wkz7ypCRVF0PDtlAyY7xBgzRPwzeA6TmzZIh5DGHoX3vPEdCB5 i4nyYKvYJ6LZdtbAyWOIVfuJHAcOEKfNm5nAB2jTrb0zFOArzjYpIRM2qxPl4OPq u+eFgFd0KF+VXoEPkuINl5FgRdO2ykWQUeP1U22KNUcR6cwWLLtpx+1E9eV5Y6RN Ii3RzEJQLTmAemHE2cp19I66bbVWWtgUXFzePeNGr6zYM8K/o+g5O0dPdGbuo8Md E3KUyQlBSLAm+fH1WPu59Q5HaQBPHy9jDMQHqeOLIB9/i75JQ5Y84he3FupsAvJl EdbU/iAzc7mBCFfhec+rVZkabo/9GW4JeIH55fyeikcYDpqnzrr7NbAZMUz1XGtj Lqv6mC5yG6WpFSq8rGyPjxKyUbzy37caB8E5M4rtP8Jk8QfXh2cheZ2T5LkvjjYA AnAmTF4OF2cnwBwu3shzxWXxYx9ln8JNYywJJ/7qa/q8MZqWrEq9nMhR0CVqqim4 YEzRl2ztImL1RnA3JzbLDlC5k8jARs5gXOpAr0JfZRusk8+shnEY7YvxTRQtgjB7 GwfBPJ1eILuqpQiGSIyOvApUmoFKXCNB3miu2IyIBBdrszHGHkA=
    =hBBD
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)