Your submission was sent successfully! Close

USN-3659-1: Spice vulnerability

23 May 2018

Spice could be made to crash or run programs if it received specially crafted network traffic.

Releases

Packages

Details

Frediano Ziglio discovered that Spice incorrectly handled certain client
messages. An attacker could possibly use this to cause Spice to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04
Ubuntu 17.10
Ubuntu 16.04
Ubuntu 14.04

After a standard system update you need to restart qemu guests to make all the
necessary changes.

References