Ubuntu Local Security Checks : Ubuntu Update for spice USN-3014-1

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.842804

Kategorie: Ubuntu Local Security Checks

Titel: Ubuntu Update for spice USN-3014-1

Zusammenfassung: The remote host is missing an update for the 'spice'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'spice'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Jing Zhao discovered that the Spice
smartcard support incorrectly handled memory. A remote attacker could use this
issue to cause Spice to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only applied to Ubuntu 15.10 and Ubuntu
16.04 LTS. (CVE-2016-0749)

Frediano Ziglio discovered that Spice incorrectly handled certain primary
surface parameters. A malicious guest operating system could potentially
exploit this issue to escape virtualization. (CVE-2016-2150)

Affected Software/OS:
spice on Ubuntu 16.04 LTS,
Ubuntu 15.10,
Ubuntu 14.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-0749
Debian Security Information: DSA-3596 (Google Search)
http://www.debian.org/security/2016/dsa-3596
https://security.gentoo.org/glsa/201606-05
RedHat Security Advisories: RHSA-2016:1204
https://access.redhat.com/errata/RHSA-2016:1204
RedHat Security Advisories: RHSA-2016:1205
https://access.redhat.com/errata/RHSA-2016:1205
SuSE Security Announcement: openSUSE-SU-2016:1725 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html
SuSE Security Announcement: openSUSE-SU-2016:1726 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html
http://www.ubuntu.com/usn/USN-3014-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-2150

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.842804
Kategorie:	Ubuntu Local Security Checks
Titel:	Ubuntu Update for spice USN-3014-1
Zusammenfassung:	The remote host is missing an update for the 'spice'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'spice' package(s) announced via the referenced advisory. Vulnerability Insight: Jing Zhao discovered that the Spice smartcard support incorrectly handled memory. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-0749) Frediano Ziglio discovered that Spice incorrectly handled certain primary surface parameters. A malicious guest operating system could potentially exploit this issue to escape virtualization. (CVE-2016-2150) Affected Software/OS: spice on Ubuntu 16.04 LTS, Ubuntu 15.10, Ubuntu 14.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-0749 Debian Security Information: DSA-3596 (Google Search) http://www.debian.org/security/2016/dsa-3596 https://security.gentoo.org/glsa/201606-05 RedHat Security Advisories: RHSA-2016:1204 https://access.redhat.com/errata/RHSA-2016:1204 RedHat Security Advisories: RHSA-2016:1205 https://access.redhat.com/errata/RHSA-2016:1205 SuSE Security Announcement: openSUSE-SU-2016:1725 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html SuSE Security Announcement: openSUSE-SU-2016:1726 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html http://www.ubuntu.com/usn/USN-3014-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-2150
Copyright	Copyright (C) 2016 Greenbone Networks GmbH