EUVD-2016-3251

Malware in sbrugna...

SUSE: Security Advisory (SUSE-SU-2016:1259-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:1559-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:1733-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary Code Execution

The Simple Protocol for Independent Computing Environments SPICE is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewi...

Security Bulletin: Vulnerability in spice affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-5261, CVE-2015-5260)

Summary Vulnerability spice affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance CVE-2015-5261, CVE-2015-5260. Vulnerability Details CVEID: CVE-2015-5261 DESCRIPTION: Red Hat spice is vulnerable to a heap-based buffer overflow. By sending specially crafted QXL command, a local...

SUSE SLED12 / SLES12 Security Update : spice (SUSE-SU-2016:1559-1)

spice was updated to fix four security issues. These security issues were fixed : - CVE-2016-2150: Guest escape using crafted primary surface parameters bsc982386. - CVE-2016-0749: Heap-based buffer overflow in smartcard interaction bsc982385. - CVE-2015-5260: Insufficient validation of surfaceid...

GLSA-201606-05 : spice: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201606-05 spice: Multiple vulnerabilities Multiple vulnerabilities have been discovered in spice, please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code...

Design/Logic Flaw

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261...

CVE-2016-2150

CVE-2016-2150 affects SPICE: a memory access flaw in handling crafted primary surface parameters allows a local guest OS user to read from or write to host memory. Root cause: improper handling of primary surface parameters in SPICE. Impact: confidentiality and integrity of host memory are HIGH, ...

CVE-2015-5261

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation...

CVE-2015-5261

CVE-2015-5261 is a heap-based buffer overflow in SPICE before 0.12.6 that allows local guest OS users to read from or write to arbitrary host memory via guest QXL surface-creation parameters. This is a local vulnerability affecting SPICE/QXL components used in virtualized environments. See connec...

SUSE SLES11 Security Update : spice (SUSE-SU-2016:1259-1)

Spice was updated to fix three security issues. The following vulnerabilities were fixed : - CVE-2015-3247: heap corruption in the spice server bsc944460 - CVE-2015-5261: Guest could have accessed host memory using crafted images bsc948976 - CVE-2015-5260: Insufficient validation of surfaceid...

Fedora 23 : mingw-spice-gtk-0.30-1.fc23 / mingw-spice-protocol-0.12.10-1.fc23 / spice-0.12.6-1.fc23 / etc (2015-a78ebcc142)

Update spice-gtk/spice-protocol/spice to new upstream releases. The spice update fixes CVE-2015-3247, CVE-2015-5260 and CVE-2015-5261. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automaticall...

Fedora 22 : mingw-spice-gtk-0.30-1.fc22 / mingw-spice-protocol-0.12.10-1.fc22 / spice-0.12.6-1.fc22 / etc (2015-7fcc957ba6)

Update spice-gtk/spice-protocol/spice to new upstream releases. The spice update fixes CVE-2015-3247, CVE-2015-5260 and CVE-2015-5261. ---- Update to spice- gtk 0.29 ---- Update to release 0.12.7 Note that Tenable Network Security has extracted the preceding description block directly from the...

Fedora Update for mingw-spice-protocol FEDORA-2015-7

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for spice FEDORA-2015-7

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 6 : spice-server (CESA-2015:1889)

An updated spice-server package that fixes two security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

CentOS 7 : spice (CESA-2015:1890)

Updated spice packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...

spice: multiple issues

CVE-2015-3247 race condition flaw: A race condition flaw was found in spice's workerupdatemonitorsconfig function, leading to a heap-based memory corruption. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of...