 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2019.0099 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2019-0099) |
| Resumen: | The remote host is missing an update for the 'spice-gtk' package(s) announced via the MGASA-2019-0099 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'spice-gtk' package(s) announced via the MGASA-2019-0099 advisory. Vulnerability Insight: A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable. (CVE-2017-12194) A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. (CVE-2018-10873) Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. (CVE-2018-10893) Affected Software/OS: 'spice-gtk' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-12194 103413 http://www.securityfocus.com/bid/103413 GLSA-201811-20 https://security.gentoo.org/glsa/201811-20 USN-3659-1 https://usn.ubuntu.com/3659-1/ https://bugzilla.redhat.com/show_bug.cgi?id=1501200 Common Vulnerability Exposure (CVE) ID: CVE-2018-10873 BugTraq ID: 105152 http://www.securityfocus.com/bid/105152 Debian Security Information: DSA-4319 (Google Search) https://www.debian.org/security/2018/dsa-4319 https://lists.debian.org/debian-lts-announce/2018/08/msg00037.html https://lists.debian.org/debian-lts-announce/2018/08/msg00035.html https://lists.debian.org/debian-lts-announce/2018/08/msg00038.html RedHat Security Advisories: RHSA-2018:2731 https://access.redhat.com/errata/RHSA-2018:2731 RedHat Security Advisories: RHSA-2018:2732 https://access.redhat.com/errata/RHSA-2018:2732 RedHat Security Advisories: RHSA-2018:3470 https://access.redhat.com/errata/RHSA-2018:3470 https://usn.ubuntu.com/3751-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-10893 RHSA-2019:2229 https://access.redhat.com/errata/RHSA-2019:2229 RHSA-2020:0471 https://access.redhat.com/errata/RHSA-2020:0471 [spice-devel] 20180703 [PATCH spice-common v3] lz: Avoid buffer reading overflow checking for image type https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |