Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2013:1192
HistorySep 03, 2013 - 12:00 a.m.

(RHSA-2013:1192) Moderate: spice-server security update

2013-09-0300:00:00
access.redhat.com
9

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.021 Low

EPSS

Percentile

87.5%

JSON

The Simple Protocol for Independent Computing Environments (SPICE) is a
remote display protocol for virtual environments. SPICE users can access a
virtualized desktop or server from the local system or any system with
network access to the server. SPICE is used in Red Hat Enterprise Linux for
viewing virtualized guests running on the Kernel-based Virtual Machine
(KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.

A flaw was found in the way concurrent access to the clients ring buffer
was performed in the spice-server library. A remote user able to initiate a
SPICE connection to an application acting as a SPICE server could use this
flaw to crash the application. (CVE-2013-4130)

This issue was discovered by David Gibson of Red Hat.

Users of spice-server are advised to upgrade to this updated package, which
contains a backported patch to correct this issue. Applications acting as a
SPICE server must be restarted for this update to take effect. Note that
QEMU-KVM guests providing SPICE console access must be restarted for this
update to take effect.

Related

openvas 14
mageia 1
cve 1
prion 1
nessus 10
fedora 2
ubuntucve 1
centos 1
debiancve 1
securityvulns 2
redhat 1
ubuntu 1
veracode 1
oraclelinux 1
osv 1
debian 2
openvas
openvas
CentOS Update for spice-server CESA-2013:1192 centos6
2013-09-06 00:00:00
Ubuntu: Security Advisory (USN-1926-1)
2013-08-16 00:00:00
RedHat Update for spice-server RHSA-2013:1192-01
2013-09-06 00:00:00
mageia
mageia
Updated spice packages fix CVE-2013-4130
2013-08-22 22:08:55
cve
cve
CVE-2013-4130
2013-08-20 22:55:00
prion
prion
Code injection
2013-08-20 22:55:00
nessus
nessus
Scientific Linux Security Update : spice-server on SL6.x x86_64 (20130903)
2013-09-05 00:00:00
CentOS 6 : spice-server (CESA-2013:1192)
2013-09-05 00:00:00
Oracle Linux 6 : spice-server (ELSA-2013-1192)
2013-09-04 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: spice-0.12.4-1.fc18
2013-08-15 02:58:49
[SECURITY] Fedora 19 Update: spice-0.12.4-1.fc19
2013-08-10 19:59:27
ubuntucve
ubuntucve
CVE-2013-4130
2013-07-15 00:00:00
centos
centos
spice security update
2013-09-03 21:44:42
debiancve
debiancve
CVE-2013-4130
2013-08-20 22:55:00
securityvulns
securityvulns
SPICE DoS
2013-08-28 00:00:00
[ MDVSA-2013:217 ] spice
2013-08-28 00:00:00
redhat
redhat
(RHSA-2013:1260) Moderate: rhev-hypervisor6 security and bug fix update
2013-09-23 00:00:00
ubuntu
ubuntu
SPICE vulnerability
2013-08-14 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:58:05
oraclelinux
oraclelinux
spice-server security update
2013-09-03 00:00:00
osv
osv
spice - denial of service
2014-01-08 00:00:00
debian
debian
[SECURITY] [DSA 2839-1] spice security update
2014-01-08 14:41:30
[SECURITY] [DSA 2839-1] spice security update
2014-01-08 14:41:30

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.021 Low

EPSS

Percentile

87.5%

JSON
Related for RHSA-2013:1192
openvas14mageia1cve1prion1nessus10fedora2ubuntucve1centos1debiancve1securityvulns2redhat1ubuntu1veracode1oraclelinux1osv1debian2