Oval Definition:
oval:com.ubuntu.artful:def:201715108000
Revision Date
:
2018-01-19
Version
:
1
Title
:
CVE-2017-15108 on Ubuntu 17.10 (artful) - medium.
Description
:
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
Family
:
unix
Class
:
vulnerability
Status
:
Reference(s)
:
CVE-2017-15108
Platform(s)
:
Ubuntu 17.10
Product(s)
:
Definition Synopsis
Ubuntu 17.10 (artful) is installed.
AND
The 'spice-vdagent' package in artful is affected and needs fixing.
BACK