Oval Definition:
oval:com.ubuntu.disco:def:2017151080000000
Revision Date
:
2018-01-20
Version
:
1
Title
:
CVE-2017-15108 on Ubuntu 19.04 (disco) - medium.
Description
:
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
Family
:
unix
Class
:
vulnerability
Status
:
Reference(s)
:
CVE-2017-15108
Platform(s)
:
Ubuntu 19.04
Product(s)
:
Definition Synopsis
Ubuntu 19.04 (disco) is installed.
AND
spice-vdagent package in disco was vulnerable but has been fixed (note: '0.17.0-1ubuntu2').
BACK