CentOS Local Security Checks : CentOS Update for spice-server CESA-2016:1205 centos7

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.882502

Categoría: CentOS Local Security Checks

Título: CentOS Update for spice-server CESA-2016:1205 centos7

Resumen: Check the version of spice-server

Descripción: Summary:
Check the version of spice-server

Vulnerability Insight:
The Simple Protocol for Independent
Computing Environments (SPICE) is a remote display system built for virtual
environments which allows the user to view a computing 'desktop' environment
not only on the machine where it is running, but from anywhere on the Internet
and from a wide variety of machine architectures.

Security Fix(es):

* A memory allocation flaw, leading to a heap-based buffer overflow, was
found in spice's smartcard interaction, which runs under the QEMU-KVM
context on the host. A user connecting to a guest VM using spice could
potentially use this flaw to crash the QEMU-KVM process or execute
arbitrary code with the privileges of the host's QEMU-KVM process.
(CVE-2016-0749)

* A memory access flaw was found in the way spice handled certain guests
using crafted primary surface parameters. A user in a guest could use this
flaw to read from and write to arbitrary memory locations on the host.
(CVE-2016-2150)

The CVE-2016-0749 issue was discovered by Jing Zhao (Red Hat) and the
CVE-2016-2150 issue was discovered by Frediano Ziglio (Red Hat).

Affected Software/OS:
spice-server on CentOS 7

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-0749
DSA-3596
http://www.debian.org/security/2016/dsa-3596
GLSA-201606-05
https://security.gentoo.org/glsa/201606-05
RHSA-2016:1204
https://access.redhat.com/errata/RHSA-2016:1204
RHSA-2016:1205
https://access.redhat.com/errata/RHSA-2016:1205
USN-3014-1
http://www.ubuntu.com/usn/USN-3014-1
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
openSUSE-SU-2016:1725
http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html
openSUSE-SU-2016:1726
http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-2150
https://bugzilla.redhat.com/show_bug.cgi?id=1313496

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.882502
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for spice-server CESA-2016:1205 centos7
Resumen:	Check the version of spice-server
Descripción:	Summary: Check the version of spice-server Vulnerability Insight: The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Security Fix(es): * A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code with the privileges of the host's QEMU-KVM process. (CVE-2016-0749) * A memory access flaw was found in the way spice handled certain guests using crafted primary surface parameters. A user in a guest could use this flaw to read from and write to arbitrary memory locations on the host. (CVE-2016-2150) The CVE-2016-0749 issue was discovered by Jing Zhao (Red Hat) and the CVE-2016-2150 issue was discovered by Frediano Ziglio (Red Hat). Affected Software/OS: spice-server on CentOS 7 Solution: Please Install the Updated Packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-0749 DSA-3596 http://www.debian.org/security/2016/dsa-3596 GLSA-201606-05 https://security.gentoo.org/glsa/201606-05 RHSA-2016:1204 https://access.redhat.com/errata/RHSA-2016:1204 RHSA-2016:1205 https://access.redhat.com/errata/RHSA-2016:1205 USN-3014-1 http://www.ubuntu.com/usn/USN-3014-1 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html openSUSE-SU-2016:1725 http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html openSUSE-SU-2016:1726 http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html Common Vulnerability Exposure (CVE) ID: CVE-2016-2150 https://bugzilla.redhat.com/show_bug.cgi?id=1313496
Copyright	Copyright (C) 2016 Greenbone AG