Test ID:	1.3.6.1.4.1.25623.1.0.842804
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3014-1)
Summary:	The remote host is missing an update for the 'spice' package(s) announced via the USN-3014-1 advisory.
Description:	Summary: The remote host is missing an update for the 'spice' package(s) announced via the USN-3014-1 advisory. Vulnerability Insight: Jing Zhao discovered that the Spice smartcard support incorrectly handled memory. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-0749) Frediano Ziglio discovered that Spice incorrectly handled certain primary surface parameters. A malicious guest operating system could potentially exploit this issue to escape virtualization. (CVE-2016-2150) Affected Software/OS: 'spice' package(s) on Ubuntu 14.04, Ubuntu 15.10, Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-0749 DSA-3596 http://www.debian.org/security/2016/dsa-3596 GLSA-201606-05 https://security.gentoo.org/glsa/201606-05 RHSA-2016:1204 https://access.redhat.com/errata/RHSA-2016:1204 RHSA-2016:1205 https://access.redhat.com/errata/RHSA-2016:1205 USN-3014-1 http://www.ubuntu.com/usn/USN-3014-1 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html openSUSE-SU-2016:1725 http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html openSUSE-SU-2016:1726 http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html Common Vulnerability Exposure (CVE) ID: CVE-2016-2150 https://bugzilla.redhat.com/show_bug.cgi?id=1313496
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.