Linux News Today: Spice Vulnerability Closes in Ubuntu 15.04 and Ubuntu 14.04 LTS
A Spice vulnerability has been found and repaired in Ubuntu 15.04 and Ubuntu 14.04 LTS, and a new patch has been made available in the official repositories.
The maintainers have been quick to upgrade the Spice package (the SPICE protocol client and server library). From the looks of it, Spice could have been made to crash or run programs.
“Frediano Ziglio discovered that Spice incorrectly handled monitor configs. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile,” said the maintainers in the security notification.
For a more detailed description of the issues, you can see Canonical’s security notification. Users should upgrade their Linux distribution in order to correct this issue. The vulnerability can be fixed if you upgrade your system(s) to the latest package specific to each distribution. To apply the patch, users can simply run the Update Manager application.
If you don’t want to use the Software Updater, you can open a terminal and enter the following commands (you will need to be root):
sudo apt-get update
sudo apt-get dist-upgrade
The updating process should be very short, if this is the only upgrade that you need to perform. It might take longer if you haven’t upgraded your system for some time.