USN-2766-1: Spice vulnerabilities
7 October 2015
Spice could be made to crash or run programs.
- spice - SPICE protocol client and server library
Frediano Ziglio discovered multiple buffer overflows, undefined behavior
signed integer operations, race conditions, memory leaks, and denial
of service issues in Spice. A malicious guest operating system could
potentially exploit these issues to escape virtualization. (CVE-2015-5260,
The problem can be corrected by updating your system to the following package versions:
After a standard system update you need to restart qemu guests to make
all the necessary changes.