CentOS Local Security Checks : CentOS Update for spice-server CESA-2015:1714 centos7

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.882279

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for spice-server CESA-2015:1714 centos7

Zusammenfassung: Check the version of spice-server

Beschreibung: Summary:
Check the version of spice-server

Vulnerability Insight:
The Simple Protocol for Independent Computing Environments (SPICE) is a
remote display protocol for virtual environments. SPICE users can access a
virtualized desktop or server from the local system or any system with
network access to the server. SPICE is used in Red Hat Enterprise Linux for
viewing virtualized guests running on the Kernel-based Virtual Machine
(KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.

A race condition flaw, leading to a heap-based memory corruption, was found
in spice's worker_update_monitors_config() function, which runs under the
QEMU-KVM context on the host. A user in a guest could leverage this flaw to
crash the host QEMU-KVM process or, possibly, execute arbitrary code with
the privileges of the host QEMU-KVM process. (CVE-2015-3247)

This issue was discovered by Frediano Ziglio of Red Hat.

All spice users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

Affected Software/OS:
spice-server on CentOS 7

Solution:
Please install the updated packages.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-3247
1033459
http://www.securitytracker.com/id/1033459
1033460
http://www.securitytracker.com/id/1033460
1033753
http://www.securitytracker.com/id/1033753
DSA-3354
http://www.debian.org/security/2015/dsa-3354
RHSA-2015:1713
http://rhn.redhat.com/errata/RHSA-2015-1713.html
RHSA-2015:1714
http://rhn.redhat.com/errata/RHSA-2015-1714.html
RHSA-2015:1715
http://rhn.redhat.com/errata/RHSA-2015-1715.html
USN-2736-1
http://www.ubuntu.com/usn/USN-2736-1
[Spice-devel] 20151006 Announcing spice 0.12.6
http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html
openSUSE-SU-2015:1566
http://lists.opensuse.org/opensuse-updates/2015-09/msg00018.html

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.882279
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for spice-server CESA-2015:1714 centos7
Zusammenfassung:	Check the version of spice-server
Beschreibung:	Summary: Check the version of spice-server Vulnerability Insight: The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. (CVE-2015-3247) This issue was discovered by Frediano Ziglio of Red Hat. All spice users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. Affected Software/OS: spice-server on CentOS 7 Solution: Please install the updated packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3247 1033459 http://www.securitytracker.com/id/1033459 1033460 http://www.securitytracker.com/id/1033460 1033753 http://www.securitytracker.com/id/1033753 DSA-3354 http://www.debian.org/security/2015/dsa-3354 RHSA-2015:1713 http://rhn.redhat.com/errata/RHSA-2015-1713.html RHSA-2015:1714 http://rhn.redhat.com/errata/RHSA-2015-1714.html RHSA-2015:1715 http://rhn.redhat.com/errata/RHSA-2015-1715.html USN-2736-1 http://www.ubuntu.com/usn/USN-2736-1 [Spice-devel] 20151006 Announcing spice 0.12.6 http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html openSUSE-SU-2015:1566 http://lists.opensuse.org/opensuse-updates/2015-09/msg00018.html
Copyright	Copyright (C) 2015 Greenbone AG