User: Password:
|
|
Subscribe / Log in / New account

Ubuntu alert USN-2027-1 (spice)

From:  Marc Deslauriers <marc.deslauriers@canonical.com>
To:  ubuntu-security-announce@lists.ubuntu.com
Subject:  [USN-2027-1] SPICE vulnerability
Date:  Tue, 12 Nov 2013 08:18:09 -0500
Message-ID:  <52822A91.4010603@canonical.com>
Archive-link:  Article, Thread

========================================================================== Ubuntu Security Notice USN-2027-1 November 12, 2013 spice vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 Summary: SPICE could be made to crash if it received specially crafted network traffic. Software Description: - spice: SPICE protocol client and server library Details: Tomas Jamrisko discovered that SPICE incorrectly handled long passwords in SPICE tickets. An attacker could use this issue to cause the SPICE server to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libspice-server1 0.12.4-0nocelt1ubuntu0.1 Ubuntu 13.04: libspice-server1 0.12.2-0nocelt2expubuntu1.2 After a standard system update you need to restart applications using the SPICE protocol, such as QEMU, to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2027-1 CVE-2013-4282 Package Information: https://launchpad.net/ubuntu/+source/spice/0.12.4-0nocelt... https://launchpad.net/ubuntu/+source/spice/0.12.2-0nocelt... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds