Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.882502
Categoría:CentOS Local Security Checks
Título:CentOS Update for spice-server CESA-2016:1205 centos7
Resumen:Check the version of spice-server
Descripción:Summary:
Check the version of spice-server

Vulnerability Insight:
The Simple Protocol for Independent
Computing Environments (SPICE) is a remote display system built for virtual
environments which allows the user to view a computing 'desktop' environment
not only on the machine where it is running, but from anywhere on the Internet
and from a wide variety of machine architectures.

Security Fix(es):

* A memory allocation flaw, leading to a heap-based buffer overflow, was
found in spice's smartcard interaction, which runs under the QEMU-KVM
context on the host. A user connecting to a guest VM using spice could
potentially use this flaw to crash the QEMU-KVM process or execute
arbitrary code with the privileges of the host's QEMU-KVM process.
(CVE-2016-0749)

* A memory access flaw was found in the way spice handled certain guests
using crafted primary surface parameters. A user in a guest could use this
flaw to read from and write to arbitrary memory locations on the host.
(CVE-2016-2150)

The CVE-2016-0749 issue was discovered by Jing Zhao (Red Hat) and the
CVE-2016-2150 issue was discovered by Frediano Ziglio (Red Hat).

Affected Software/OS:
spice-server on CentOS 7

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-0749
Debian Security Information: DSA-3596 (Google Search)
http://www.debian.org/security/2016/dsa-3596
https://security.gentoo.org/glsa/201606-05
RedHat Security Advisories: RHSA-2016:1204
https://access.redhat.com/errata/RHSA-2016:1204
RedHat Security Advisories: RHSA-2016:1205
https://access.redhat.com/errata/RHSA-2016:1205
SuSE Security Announcement: openSUSE-SU-2016:1725 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html
SuSE Security Announcement: openSUSE-SU-2016:1726 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html
http://www.ubuntu.com/usn/USN-3014-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-2150
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.