SUSE: Security Advisory (SUSE-SU-2016:1259-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:1559-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:1733-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary Code Execution

The Simple Protocol for Independent Computing Environments SPICE is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewi...

Security Bulletin: Vulnerability in spice affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-5261, CVE-2015-5260)

Summary Vulnerability spice affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance CVE-2015-5261, CVE-2015-5260. Vulnerability Details CVEID: CVE-2015-5261 DESCRIPTION: Red Hat spice is vulnerable to a heap-based buffer overflow. By sending specially crafted QXL command, a local...

SUSE SLED12 / SLES12 Security Update : spice (SUSE-SU-2016:1559-1)

spice was updated to fix four security issues. These security issues were fixed : - CVE-2016-2150: Guest escape using crafted primary surface parameters bsc982386. - CVE-2016-0749: Heap-based buffer overflow in smartcard interaction bsc982385. - CVE-2015-5260: Insufficient validation of surfaceid...

GLSA-201606-05 : spice: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201606-05 spice: Multiple vulnerabilities Multiple vulnerabilities have been discovered in spice, please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code...

CVE-2015-5260

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service heap-based memory corruption and QEMU-KVM crash or possibly execute arbitrary code on the host via QXL commands related to the surfaceid parameter...

CVE-2015-5260

SPICE vulnerability CVE-2015-5260 is a heap-based buffer overflow in SPICE prior to 0.12.6 caused by improper bounds handling of certain QXL commands related to the surface_id parameter. A local attacker could cause a denial of service (heap corruption and QEMU-KVM crash) or possibly execute code...

SUSE SLES11 Security Update : spice (SUSE-SU-2016:1259-1)

Spice was updated to fix three security issues. The following vulnerabilities were fixed : - CVE-2015-3247: heap corruption in the spice server bsc944460 - CVE-2015-5261: Guest could have accessed host memory using crafted images bsc948976 - CVE-2015-5260: Insufficient validation of surfaceid...

Fedora 23 : mingw-spice-gtk-0.30-1.fc23 / mingw-spice-protocol-0.12.10-1.fc23 / spice-0.12.6-1.fc23 / etc (2015-a78ebcc142)

Update spice-gtk/spice-protocol/spice to new upstream releases. The spice update fixes CVE-2015-3247, CVE-2015-5260 and CVE-2015-5261. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automaticall...

Fedora 22 : mingw-spice-gtk-0.30-1.fc22 / mingw-spice-protocol-0.12.10-1.fc22 / spice-0.12.6-1.fc22 / etc (2015-7fcc957ba6)

Update spice-gtk/spice-protocol/spice to new upstream releases. The spice update fixes CVE-2015-3247, CVE-2015-5260 and CVE-2015-5261. ---- Update to spice- gtk 0.29 ---- Update to release 0.12.7 Note that Tenable Network Security has extracted the preceding description block directly from the...

Fedora Update for mingw-spice-protocol FEDORA-2015-7

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for spice FEDORA-2015-7

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 6 : spice-server (CESA-2015:1889)

An updated spice-server package that fixes two security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

CentOS 7 : spice (CESA-2015:1890)

Updated spice packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...

spice: multiple issues

CVE-2015-3247 race condition flaw: A race condition flaw was found in spice's workerupdatemonitorsconfig function, leading to a heap-based memory corruption. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of...

Mageia: Security Advisory (MGASA-2015-0394)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED12 / SLES12 Security Update : spice (SUSE-SU-2015:1733-1)

Spice was updated to fix three security issues. The following vulnerabilities were fixed : - CVE-2015-3247: heap corruption in the spice server bsc944460 - CVE-2015-5261: Guest could have accessed host memory using crafted images bsc948976 - CVE-2015-5260: Insufficient validation of surfaceid...

openSUSE Security Update : spice (openSUSE-2015-657)

Spice was updated to fix four security issues. The following vulnerabilities were fixed : - CVE-2015-3247: heap corruption in the spice server bsc944460 - CVE-2015-5261: Guest could have accessed host memory using crafted images bsc948976 - CVE-2015-5260: Insufficient validation of surfaceid...