Red Hat Local Security Checks : RedHat Update for qspice RHSA-2013:1474-01

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.871067

Kategorie: Red Hat Local Security Checks

Titel: RedHat Update for qspice RHSA-2013:1474-01

Zusammenfassung: The remote host is missing an update for the 'qspice'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'qspice'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The Simple Protocol for Independent Computing Environments (SPICE) is a
remote display protocol for virtual environments. SPICE users can access a
virtualized desktop or server from the local system or any system with
network access to the server. SPICE is used in Red Hat Enterprise Linux for
viewing virtualized guests running on the Kernel-based Virtual Machine
(KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.

A stack-based buffer overflow flaw was found in the way the
reds_handle_ticket() function in the spice-server library handled
decryption of ticket data provided by the client. A remote user able to
initiate a SPICE connection to an application acting as a SPICE server
could use this flaw to crash the application. (CVE-2013-4282)

This issue was discovered by Tomas Jamrisko of Red Hat.

All qspice users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

Affected Software/OS:
qspice on Red Hat Enterprise Linux (v. 5 server)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-4282
63408
http://www.securityfocus.com/bid/63408
DSA-2839
http://www.debian.org/security/2014/dsa-2839
RHSA-2013:1460
http://rhn.redhat.com/errata/RHSA-2013-1460.html
RHSA-2013:1473
http://rhn.redhat.com/errata/RHSA-2013-1473.html
RHSA-2013:1474
http://rhn.redhat.com/errata/RHSA-2013-1474.html
SUSE-SU-2015:0884
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00008.html
USN-2027-1
http://www.ubuntu.com/usn/USN-2027-1
http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2

Copyright Copyright (C) 2013 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.871067
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Update for qspice RHSA-2013:1474-01
Zusammenfassung:	The remote host is missing an update for the 'qspice'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'qspice' package(s) announced via the referenced advisory. Vulnerability Insight: The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. (CVE-2013-4282) This issue was discovered by Tomas Jamrisko of Red Hat. All qspice users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Affected Software/OS: qspice on Red Hat Enterprise Linux (v. 5 server) Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4282 63408 http://www.securityfocus.com/bid/63408 DSA-2839 http://www.debian.org/security/2014/dsa-2839 RHSA-2013:1460 http://rhn.redhat.com/errata/RHSA-2013-1460.html RHSA-2013:1473 http://rhn.redhat.com/errata/RHSA-2013-1473.html RHSA-2013:1474 http://rhn.redhat.com/errata/RHSA-2013-1474.html SUSE-SU-2015:0884 http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00008.html USN-2027-1 http://www.ubuntu.com/usn/USN-2027-1 http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2
Copyright	Copyright (C) 2013 Greenbone AG