1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • Spice vulnerability

    From boo_ubuntu@21:4/110 to Ubuntu Users on Tuesday, October 06, 2020 12:10:07
    spice vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Spice could be made to crash or run programs if it received
    specially crafted network traffic.

    Software Description

    * spice - SPICE protocol client and server library

    Details

    Frediano Ziglio discovered that Spice incorrectly handled QUIC
    image decoding. A remote attacker could use this to cause Spice to
    crash, resulting in a denial of service, or possibly execute
    arbitrary code.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    libspice-server1 - 0.14.2-4ubuntu3.1

    Ubuntu 18.04 LTS
    libspice-server1 - 0.14.0-1ubuntu2.5

    Ubuntu 16.04 LTS
    libspice-server1 - 0.12.6-4ubuntu0.5

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to restart qemu guests to
    make all the necessary changes.

    References

    * CVE-2020-14355

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From boo_ubuntu@21:4/110 to Ubuntu Users on Wednesday, October 07, 2020 12:10:01
    spice vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 14.04 ESM

    Summary

    Spice could be made to crash or run programs if it received
    specially crafted network traffic.

    Software Description

    * spice - SPICE protocol client and server library

    Details

    USN-4572-1 fixed a vulnerability in Spice. This update provides
    the corresponding update for Ubuntu 14.04 ESM.

    Original advisory details:

    Frediano Ziglio discovered that Spice incorrectly handled QUIC
    image decoding. A remote attacker could use this to cause Spice to
    crash, resulting in a denial of service, or possibly execute
    arbitrary code.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 14.04 ESM
    libspice-server1 - 0.12.4-0nocelt2ubuntu1.8+esm1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to restart qemu guests to
    make all the necessary changes.

    References

    * USN-4572-1
    * CVE-2020-14355

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)