 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.871627 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Update for spice RHSA-2016:1205-01 |
| Resumen: | The remote host is missing an update for the 'spice'; package(s) announced via the referenced advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'spice' package(s) announced via the referenced advisory. Vulnerability Insight: The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Security Fix(es): * A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code with the privileges of the host's QEMU-KVM process. (CVE-2016-0749) * A memory access flaw was found in the way spice handled certain guests using crafted primary surface parameters. A user in a guest could use this flaw to read from and write to arbitrary memory locations on the host. (CVE-2016-2150) The CVE-2016-0749 issue was discovered by Jing Zhao (Red Hat) and the CVE-2016-2150 issue was discovered by Frediano Ziglio (Red Hat). Affected Software/OS: spice on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-0749 DSA-3596 http://www.debian.org/security/2016/dsa-3596 GLSA-201606-05 https://security.gentoo.org/glsa/201606-05 RHSA-2016:1204 https://access.redhat.com/errata/RHSA-2016:1204 RHSA-2016:1205 https://access.redhat.com/errata/RHSA-2016:1205 USN-3014-1 http://www.ubuntu.com/usn/USN-3014-1 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html openSUSE-SU-2016:1725 http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html openSUSE-SU-2016:1726 http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html Common Vulnerability Exposure (CVE) ID: CVE-2016-2150 https://bugzilla.redhat.com/show_bug.cgi?id=1313496 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |