UbuntuUpdates.org

Package "spice"

Name: spice

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Implements the client side of the SPICE protocol
Latest version: 0.12.4-0nocelt2ubuntu1.8
Release: trusty (14.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "spice" in Trusty

Repository Area Version
security universe 0.12.4-0nocelt2ubuntu1.8
security main 0.12.4-0nocelt2ubuntu1.8
updates main 0.12.4-0nocelt2ubuntu1.8

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.12.4-0nocelt2ubuntu1.3 2016-06-21 15:06:31 UTC

  spice (0.12.4-0nocelt2ubuntu1.3) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    memory allocation flaw in smartcard interaction
    - debian/patches/CVE-2016-0749/*.patch: add a ref to item and allocate
      msg with the expected size in server/smartcard.c.
    - CVE-2016-0749
  * SECURITY UPDATE: host memory access from guest with invalid primary
    surface parameters
    - debian/patches/CVE-2016-2150/*.patch: create a function to validate
      surface parameters in server/red_parse_qxl.*, improve primary surface
      parameter checks in server/red_worker.c.
    - CVE-2016-2150
  * Added two extra commits to previous security update:
    - 0001-worker-validate-correctly-surfaces.patch
    - 0002-worker-avoid-double-free-or-double-create-of-surface.patch

 -- Marc Deslauriers <email address hidden> Fri, 10 Jun 2016 10:58:27 -0400
Source diff to previous version
CVE-2016-0749 The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code v
CVE-2016-2150 SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to

Version: 0.12.4-0nocelt2ubuntu1.2 2015-10-07 04:06:35 UTC

  spice (0.12.4-0nocelt2ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-2015-526x/*.patch: apply series of patches from
      Red Hat to fix overflows, race conditions, memory leaks and denial of
      service issues.
    - CVE-2015-5260
    - CVE-2015-5261

 -- Marc Deslauriers Thu, 01 Oct 2015 07:37:43 -0400
Source diff to previous version
CVE-2015-5260 Insufficient validation of surface_id parameter can cause crash
CVE-2015-5261 host memory access from guest using crafted images

Version: 0.12.4-0nocelt2ubuntu1.1 2015-09-08 16:06:21 UTC

  spice (0.12.4-0nocelt2ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: heap corruption via monitor configs
    - debian/patches/CVE-2015-3247.patch: only read count once in
      server/red_worker.c.
    - CVE-2015-3247

 -- Marc Deslauriers Tue, 08 Sep 2015 08:03:35 -0400
Source diff to previous version
CVE-2015-3247 memory corruption in worker_update_monitors_config()

Version: 0.12.4-0nocelt2ubuntu1 2015-05-22 02:44:33 UTC

  spice (0.12.4-0nocelt2ubuntu1) trusty-proposed; urgency=medium

  [Gregory Boyce]
  * Fix newline-damaged patch (LP: #1450043)

 -- Serge Hallyn <email address hidden> Mon, 04 May 2015 10:47:58 -0500
1450043 spice package for trusty contains a malformed patch


About   -   Send Feedback to @ubuntu_updates