logo
DATABASE RESOURCES PRICING ABOUT US

[USN-2027-1] SPICE vulnerability

Description

========================================================================== Ubuntu Security Notice USN-2027-1 November 12, 2013 spice vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 Summary: SPICE could be made to crash if it received specially crafted network traffic. Software Description: - spice: SPICE protocol client and server library Details: Tomas Jamrisko discovered that SPICE incorrectly handled long passwords in SPICE tickets. An attacker could use this issue to cause the SPICE server to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libspice-server1 0.12.4-0nocelt1ubuntu0.1 Ubuntu 13.04: libspice-server1 0.12.2-0nocelt2expubuntu1.2 After a standard system update you need to restart applications using the SPICE protocol, such as QEMU, to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2027-1 CVE-2013-4282 Package Information: https://launchpad.net/ubuntu/+source/spice/0.12.4-0nocelt1ubuntu0.1 https://launchpad.net/ubuntu/+source/spice/0.12.2-0nocelt2expubuntu1.2 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


Related