| Revision Date: | 2016-02-08 | Version: | 2 |
| Title: | DSA-3371-1 -- spice -- security update |
| Description: | Frediano Ziglio of Red Hat discovered several vulnerabilities in spice, a SPICE protocol client and server library. A malicious guest can exploit these flaws to cause a denial of service (QEMU process crash), execute arbitrary code on the host with the privileges of the hosting QEMU process or read and write arbitrary memory locations on the host. |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2015-5260
CVE-2015-5261
DSA-3371-1
|
| Platform(s): | Debian 8
Debian GNU/kFreeBSD 7.0
Debian GNU/Linux 7.0
| Product(s): | spice
|
| Definition Synopsis |
| Debian 7 Debian 7 is installed
AND GNU/Linux or GNU/kFreeBSD kernel
Debian GNU/Linux is installed
OR Debian GNU/kFreeBSD is installed
AND spice is earlier than 0:0.11.0-1+deb7u2
OR Debian 8
Debian 8 is installed
AND spice is earlier than 0:0.12.5-1+deb8u2
|