ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0100
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0100)
Resumen:	The remote host is missing an update for the 'spice' package(s) announced via the MGASA-2019-0100 advisory.
Descripción:	Summary: The remote host is missing an update for the 'spice' package(s) announced via the MGASA-2019-0100 advisory. Vulnerability Insight: Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. (CVE-2019-3813) A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. (CVE-2018-10873) Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. (CVE-2018-10893) Affected Software/OS: 'spice' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-10873 BugTraq ID: 105152 http://www.securityfocus.com/bid/105152 Debian Security Information: DSA-4319 (Google Search) https://www.debian.org/security/2018/dsa-4319 https://lists.debian.org/debian-lts-announce/2018/08/msg00037.html https://lists.debian.org/debian-lts-announce/2018/08/msg00035.html https://lists.debian.org/debian-lts-announce/2018/08/msg00038.html RedHat Security Advisories: RHSA-2018:2731 https://access.redhat.com/errata/RHSA-2018:2731 RedHat Security Advisories: RHSA-2018:2732 https://access.redhat.com/errata/RHSA-2018:2732 RedHat Security Advisories: RHSA-2018:3470 https://access.redhat.com/errata/RHSA-2018:3470 https://usn.ubuntu.com/3751-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-10893 RHSA-2019:2229 https://access.redhat.com/errata/RHSA-2019:2229 RHSA-2020:0471 https://access.redhat.com/errata/RHSA-2020:0471 [spice-devel] 20180703 [PATCH spice-common v3] lz: Avoid buffer reading overflow checking for image type https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893 Common Vulnerability Exposure (CVE) ID: CVE-2019-3813 BugTraq ID: 106801 http://www.securityfocus.com/bid/106801 Debian Security Information: DSA-4375 (Google Search) https://www.debian.org/security/2019/dsa-4375 https://security.gentoo.org/glsa/202007-30 https://lists.debian.org/debian-lts-announce/2019/01/msg00026.html RedHat Security Advisories: RHSA-2019:0231 https://access.redhat.com/errata/RHSA-2019:0231 RedHat Security Advisories: RHSA-2019:0232 https://access.redhat.com/errata/RHSA-2019:0232 RedHat Security Advisories: RHSA-2019:0457 https://access.redhat.com/errata/RHSA-2019:0457 https://usn.ubuntu.com/3870-1/
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.