Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

spice vulnerabilities

Related Vulnerabilities: CVE-2015-5260   CVE-2015-5261  

Spice could be made to crash or run programs.

Frediano Ziglio discovered multiple buffer overflows, undefined behavior signed integer operations, race conditions, memory leaks, and denial of service issues in Spice. A malicious guest operating system could potentially exploit these issues to escape virtualization. (CVE-2015-5260, CVE-2015-5261)

Source

7 October 2015

spice vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS

Summary

Spice could be made to crash or run programs.

Software Description

  • spice - SPICE protocol client and server library

Details

Frediano Ziglio discovered multiple buffer overflows, undefined behavior signed integer operations, race conditions, memory leaks, and denial of service issues in Spice. A malicious guest operating system could potentially exploit these issues to escape virtualization. (CVE-2015-5260, CVE-2015-5261)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04
libspice-server1 - 0.12.5-1ubuntu0.2
Ubuntu 14.04 LTS
libspice-server1 - 0.12.4-0nocelt2ubuntu1.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart qemu guests to make all the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started