Debian Local Security Checks : Debian: Security Advisory (DSA-4319-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.704319

Category: Debian Local Security Checks

Title: Debian: Security Advisory (DSA-4319-1)

Summary: The remote host is missing an update for the Debian 'spice' package(s) announced via the DSA-4319-1 advisory.

Description: Summary:
The remote host is missing an update for the Debian 'spice' package(s) announced via the DSA-4319-1 advisory.

Vulnerability Insight:
Frediano Ziglio reported a missing check in the script to generate demarshalling code in the SPICE protocol client and server library. The generated demarshalling code is prone to multiple buffer overflows. An authenticated attacker can take advantage of this flaw to cause a denial of service (spice server crash), or possibly, execute arbitrary code.

For the stable distribution (stretch), this problem has been fixed in version 0.12.8-2.1+deb9u2.

We recommend that you upgrade your spice packages.

For the detailed security status of spice please refer to its security tracker page at: [link moved to references]

Affected Software/OS:
'spice' package(s) on Debian 9.

Solution:
Please install the updated package(s).

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-10873
BugTraq ID: 105152
http://www.securityfocus.com/bid/105152
Debian Security Information: DSA-4319 (Google Search)
https://www.debian.org/security/2018/dsa-4319
https://lists.debian.org/debian-lts-announce/2018/08/msg00037.html
https://lists.debian.org/debian-lts-announce/2018/08/msg00035.html
https://lists.debian.org/debian-lts-announce/2018/08/msg00038.html
RedHat Security Advisories: RHSA-2018:2731
https://access.redhat.com/errata/RHSA-2018:2731
RedHat Security Advisories: RHSA-2018:2732
https://access.redhat.com/errata/RHSA-2018:2732
RedHat Security Advisories: RHSA-2018:3470
https://access.redhat.com/errata/RHSA-2018:3470
https://usn.ubuntu.com/3751-1/

Copyright Copyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.704319
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-4319-1)
Summary:	The remote host is missing an update for the Debian 'spice' package(s) announced via the DSA-4319-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'spice' package(s) announced via the DSA-4319-1 advisory. Vulnerability Insight: Frediano Ziglio reported a missing check in the script to generate demarshalling code in the SPICE protocol client and server library. The generated demarshalling code is prone to multiple buffer overflows. An authenticated attacker can take advantage of this flaw to cause a denial of service (spice server crash), or possibly, execute arbitrary code. For the stable distribution (stretch), this problem has been fixed in version 0.12.8-2.1+deb9u2. We recommend that you upgrade your spice packages. For the detailed security status of spice please refer to its security tracker page at: [link moved to references] Affected Software/OS: 'spice' package(s) on Debian 9. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-10873 BugTraq ID: 105152 http://www.securityfocus.com/bid/105152 Debian Security Information: DSA-4319 (Google Search) https://www.debian.org/security/2018/dsa-4319 https://lists.debian.org/debian-lts-announce/2018/08/msg00037.html https://lists.debian.org/debian-lts-announce/2018/08/msg00035.html https://lists.debian.org/debian-lts-announce/2018/08/msg00038.html RedHat Security Advisories: RHSA-2018:2731 https://access.redhat.com/errata/RHSA-2018:2731 RedHat Security Advisories: RHSA-2018:2732 https://access.redhat.com/errata/RHSA-2018:2732 RedHat Security Advisories: RHSA-2018:3470 https://access.redhat.com/errata/RHSA-2018:3470 https://usn.ubuntu.com/3751-1/
Copyright	Copyright (C) 2018 Greenbone AG