Jump to content
Compatible Support Forums
Sign in to follow this  
news

[Tech ARP] The Intel Channel Symposium 2015

Recommended Posts

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512

 

- -------------------------------------------------------------------------

Debian Security Advisory DSA-3371-1 security ( -at -) debian.org

https://www.debian.org/security/ Salvatore Bonaccorso

October 09, 2015 https://www.debian.org/security/faq

- -------------------------------------------------------------------------

 

Package : spice

CVE ID : CVE-2015-5260 CVE-2015-5261

Debian Bug : 801089 801091

 

Frediano Ziglio of Red Hat discovered several vulnerabilities in spice,

a SPICE protocol client and server library. A malicious guest can

exploit these flaws to cause a denial of service (QEMU process crash),

execute arbitrary code on the host with the privileges of the hosting

QEMU process or read and write arbitrary memory locations on the host.

 

For the oldstable distribution (wheezy), these problems have been fixed

in version 0.11.0-1+deb7u2.

 

For the stable distribution (jessie), these problems have been fixed in

version 0.12.5-1+deb8u2.

 

For the unstable distribution (sid), these problems have been fixed in

version 0.12.5-1.3.

 

We recommend that you upgrade your spice packages.

 

Further information about Debian Security Advisories, how to apply

these updates to your system and frequently asked questions can be

found at: https://www.debian.org/security/

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×