User: Password:
Subscribe / Log in / New account

Ubuntu alert USN-2027-1 (spice)

From:  Marc Deslauriers <>
Subject:  [USN-2027-1] SPICE vulnerability
Date:  Tue, 12 Nov 2013 08:18:09 -0500
Message-ID:  <>
Archive-link:  Article, Thread

========================================================================== Ubuntu Security Notice USN-2027-1 November 12, 2013 spice vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 Summary: SPICE could be made to crash if it received specially crafted network traffic. Software Description: - spice: SPICE protocol client and server library Details: Tomas Jamrisko discovered that SPICE incorrectly handled long passwords in SPICE tickets. An attacker could use this issue to cause the SPICE server to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libspice-server1 0.12.4-0nocelt1ubuntu0.1 Ubuntu 13.04: libspice-server1 0.12.2-0nocelt2expubuntu1.2 After a standard system update you need to restart applications using the SPICE protocol, such as QEMU, to make all the necessary changes. References: CVE-2013-4282 Package Information: -- ubuntu-security-announce mailing list Modify settings or unsubscribe at:

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds