Lucene search

DebianDEBIAN:DSA-4375-1:BA137

HistoryJan 29, 2019 - 4:34 p.m.

[SECURITY] [DSA 4375-1] spice security update

2019-01-2916:34:12

lists.debian.org

5.4 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.8%

JSON

Debian Security Advisory DSA-4375-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
January 29, 2019 https://www.debian.org/security/faq

Package : spice
CVE ID : CVE-2019-3813
Debian Bug : 920762

Christophe Fergeau discovered an out-of-bounds read vulnerability in
spice, a SPICE protocol client and server library, which might result in
denial of service (spice server crash), or possibly, execution of
arbitrary code.

For the stable distribution (stretch), this problem has been fixed in
version 0.12.8-2.1+deb9u3.

We recommend that you upgrade your spice packages.

For the detailed security status of spice please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/spice

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9mips64ellibspice-server1-dbgsym< 0.12.8-2.1+deb9u3libspice-server1-dbgsym_0.12.8-2.1+deb9u3_mips64el.deb
Debian9amd64libspice-server1< 0.12.8-2.1+deb9u3libspice-server1_0.12.8-2.1+deb9u3_amd64.deb
Debian8amd64spice-client< 0.12.5-1+deb8u7spice-client_0.12.5-1+deb8u7_amd64.deb
Debian9i386libspice-server1-dbgsym< 0.12.8-2.1+deb9u3libspice-server1-dbgsym_0.12.8-2.1+deb9u3_i386.deb
Debian8amd64libspice-server1-dbg< 0.12.5-1+deb8u7libspice-server1-dbg_0.12.5-1+deb8u7_amd64.deb
Debian9armellibspice-server1< 0.12.8-2.1+deb9u3libspice-server1_0.12.8-2.1+deb9u3_armel.deb
Debian9i386libspice-server-dev< 0.12.8-2.1+deb9u3libspice-server-dev_0.12.8-2.1+deb9u3_i386.deb
Debian9ppc64ellibspice-server1< 0.12.8-2.1+deb9u3libspice-server1_0.12.8-2.1+deb9u3_ppc64el.deb
Debian9mipsellibspice-server1-dbgsym< 0.12.8-2.1+deb9u3libspice-server1-dbgsym_0.12.8-2.1+deb9u3_mipsel.deb
Debian8i386libspice-server1-dbg< 0.12.5-1+deb8u7libspice-server1-dbg_0.12.5-1+deb8u7_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	mips64el	libspice-server1-dbgsym	< 0.12.8-2.1+deb9u3	libspice-server1-dbgsym_0.12.8-2.1+deb9u3_mips64el.deb
Debian	9	amd64	libspice-server1	< 0.12.8-2.1+deb9u3	libspice-server1_0.12.8-2.1+deb9u3_amd64.deb
Debian	8	amd64	spice-client	< 0.12.5-1+deb8u7	spice-client_0.12.5-1+deb8u7_amd64.deb
Debian	9	i386	libspice-server1-dbgsym	< 0.12.8-2.1+deb9u3	libspice-server1-dbgsym_0.12.8-2.1+deb9u3_i386.deb
Debian	8	amd64	libspice-server1-dbg	< 0.12.5-1+deb8u7	libspice-server1-dbg_0.12.5-1+deb8u7_amd64.deb
Debian	9	armel	libspice-server1	< 0.12.8-2.1+deb9u3	libspice-server1_0.12.8-2.1+deb9u3_armel.deb
Debian	9	i386	libspice-server-dev	< 0.12.8-2.1+deb9u3	libspice-server-dev_0.12.8-2.1+deb9u3_i386.deb
Debian	9	ppc64el	libspice-server1	< 0.12.8-2.1+deb9u3	libspice-server1_0.12.8-2.1+deb9u3_ppc64el.deb
Debian	9	mipsel	libspice-server1-dbgsym	< 0.12.8-2.1+deb9u3	libspice-server1-dbgsym_0.12.8-2.1+deb9u3_mipsel.deb
Debian	8	i386	libspice-server1-dbg	< 0.12.5-1+deb8u7	libspice-server1-dbg_0.12.5-1+deb8u7_i386.deb