|From:||Marc Deslauriers <firstname.lastname@example.org>|
|Subject:||[USN-2027-1] SPICE vulnerability|
|Date:||Tue, 12 Nov 2013 08:18:09 -0500|
========================================================================== Ubuntu Security Notice USN-2027-1 November 12, 2013 spice vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 Summary: SPICE could be made to crash if it received specially crafted network traffic. Software Description: - spice: SPICE protocol client and server library Details: Tomas Jamrisko discovered that SPICE incorrectly handled long passwords in SPICE tickets. An attacker could use this issue to cause the SPICE server to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libspice-server1 0.12.4-0nocelt1ubuntu0.1 Ubuntu 13.04: libspice-server1 0.12.2-0nocelt2expubuntu1.2 After a standard system update you need to restart applications using the SPICE protocol, such as QEMU, to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2027-1 CVE-2013-4282 Package Information: https://launchpad.net/ubuntu/+source/spice/0.12.4-0nocelt... https://launchpad.net/ubuntu/+source/spice/0.12.2-0nocelt... -- ubuntu-security-announce mailing list email@example.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds