Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.882296 |
Kategorie: | CentOS Local Security Checks |
Titel: | CentOS Update for spice-server CESA-2015:1890 centos7 |
Zusammenfassung: | Check the version of spice-server |
Beschreibung: | Summary: Check the version of spice-server Vulnerability Insight: The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A heap-based buffer overflow flaw was found in the way SPICE handled certain guest QXL commands related to surface creation. A user in a guest could use this flaw to read and write arbitrary memory locations on the host. (CVE-2015-5261) A heap-based buffer overflow flaw was found in the way spice handled certain QXL commands related to the 'surface_id' parameter. A user in a guest could use this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. (CVE-2015-5260) These issues were discovered by Frediano Ziglio of Red Hat. All spice users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Affected Software/OS: spice-server on CentOS 7 Solution: Please install the updated packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-5260 BugTraq ID: 77019 http://www.securityfocus.com/bid/77019 Debian Security Information: DSA-3371 (Google Search) http://www.debian.org/security/2015/dsa-3371 https://security.gentoo.org/glsa/201606-05 http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html RedHat Security Advisories: RHSA-2015:1889 http://rhn.redhat.com/errata/RHSA-2015-1889.html RedHat Security Advisories: RHSA-2015:1890 http://rhn.redhat.com/errata/RHSA-2015-1890.html http://www.securitytracker.com/id/1033753 http://www.ubuntu.com/usn/USN-2766-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-5261 http://www.openwall.com/lists/oss-security/2015/10/06/4 |
Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |