Lucene search
CentOS Update for spice-server CESA-2013:1192 centos6
🗓️ 06 Sep 2013 00:00:00Reported by Copyright (c) 2013 Greenbone Networks GmbHType 
openvas🔗 plugins.openvas.org👁 16 Views
Update for spice-server CESA-2013:1192 centos
Show more
| Reporter | Title | Published | Views | Family All 45 |
|---|---|---|---|---|
 | [SECURITY] Fedora 19 Update: spice-0.12.4-1.fc19 | 10 Aug 201319:59 | – | fedora |
| [SECURITY] Fedora 18 Update: spice-0.12.4-1.fc18 | 15 Aug 201302:58 | – | fedora |
| Fedora Update for spice FEDORA-2013-14110 | 20 Aug 201300:00 | – | openvas |
| RedHat Update for spice-server RHSA-2013:1192-01 | 6 Sep 201300:00 | – | openvas |
| Ubuntu: Security Advisory (USN-1926-1) | 16 Aug 201300:00 | – | openvas |
| RedHat Update for spice-server RHSA-2013:1192-01 | 6 Sep 201300:00 | – | openvas |
| Fedora Update for spice FEDORA-2013-14362 | 16 Aug 201300:00 | – | openvas |
| CentOS Update for spice-server CESA-2013:1192 centos6 | 6 Sep 201300:00 | – | openvas |
| Fedora Update for spice FEDORA-2013-14362 | 16 Aug 201300:00 | – | openvas |
| Oracle: Security Advisory (ELSA-2013-1192) | 6 Oct 201500:00 | – | openvas |
10
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for spice-server CESA-2013:1192 centos6
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "The Simple Protocol for Independent Computing Environments (SPICE) is a
remote display protocol for virtual environments. SPICE users can access a
virtualized desktop or server from the local system or any system with
network access to the server. SPICE is used in Red Hat Enterprise Linux for
viewing virtualized guests running on the Kernel-based Virtual Machine
(KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.
A flaw was found in the way concurrent access to the clients ring buffer
was performed in the spice-server library. A remote user able to initiate a
SPICE connection to an application acting as a SPICE server could use this
flaw to crash the application. (CVE-2013-4130)
This issue was discovered by David Gibson of Red Hat.
Users of spice-server are advised to upgrade to this updated package, which
contains a backported patch to correct this issue. Applications acting as a
SPICE server must be restarted for this update to take effect. Note that
QEMU-KVM guests providing SPICE console access must be restarted for this
update to take effect.";
if(description)
{
script_id(881787);
script_version("$Revision: 6655 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $");
script_tag(name:"creation_date", value:"2013-09-06 09:36:57 +0530 (Fri, 06 Sep 2013)");
script_cve_id("CVE-2013-4130");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_name("CentOS Update for spice-server CESA-2013:1192 centos6 ");
tag_affected = "spice-server on CentOS 6";
tag_solution = "Please Install the Updated Packages.";
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name: "CESA", value: "2013:1192");
script_xref(name: "URL" , value: "http://lists.centos.org/pipermail/centos-announce/2013-September/019923.html");
script_summary("Check for the Version of spice-server");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "CentOS6")
{
if ((res = isrpmvuln(pkg:"spice-server", rpm:"spice-server~0.12.0~12.el6_4.3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"spice-server-devel", rpm:"spice-server-devel~0.12.0~12.el6_4.3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo06 Sep 2013 00:00Current
6.3Medium risk
Vulners AI Score6.3
EPSS0.021