GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Thu Jun 16, 2016 7:26 pm Post subject: [ GLSA 201606-05 ] spice |
|
|
Gentoo Linux Security Advisory
Title: spice: Multiple vulnerabilities (GLSA 201606-05)
Severity: normal
Exploitable: local, remote
Date: June 16, 2016
Bug(s): #560006, #562890, #584126
ID: 201606-05
Synopsis
Multiple vulnerabilities have been found in spice, the worst of
which may result in the remote execution of arbitrary code.
Background
Provides a complete open source solution for remote access to virtual
machines in a seamless way so you can play videos, record audio, share
usb devices and share folders without complications.
Affected Packages
Package: app-emulation/spice
Vulnerable: < 0.12.7-r1
Unaffected: >= 0.12.7-r1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in spice, please review
the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code. Additionally, a
local attacker could cause a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All spice users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/spice-0.12.7-r1"
|
References
CVE-2015-5260
CVE-2015-5260
CVE-2015-5261
CVE-2015-5261
CVE-2016-0749
CVE-2016-2150 |
|