[USN-2766-1] Spice vulnerabilities

Seth Arnold seth.arnold at canonical.com
Wed Oct 7 04:16:56 UTC 2015

Ubuntu Security Notice USN-2766-1
October 07, 2015

spice vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.04
- Ubuntu 14.04 LTS


Spice could be made to crash or run programs.

Software Description:
- spice: SPICE protocol client and server library


Frediano Ziglio discovered multiple buffer overflows, undefined behavior
signed integer operations, race conditions, memory leaks, and denial
of service issues in Spice. A malicious guest operating system could
potentially exploit these issues to escape virtualization. (CVE-2015-5260,

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  libspice-server1                0.12.5-1ubuntu0.2

Ubuntu 14.04 LTS:
  libspice-server1                0.12.4-0nocelt2ubuntu1.2

After a standard system update you need to restart qemu guests to make
all the necessary changes.

  CVE-2015-5260, CVE-2015-5261

Package Information:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20151006/19d7ca82/attachment.sig>

More information about the ubuntu-security-announce mailing list