Scientific Linux Security Update : spice-server on SL6.x x86_64

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security Fix(es) :

- A vulnerability was discovered in spice in the server's
protocol handling. An authenticated attacker could send
crafted messages to the spice server causing a heap
overflow leading to a crash or possible code execution.
(CVE-2016-9577)

- A vulnerability was discovered in spice in the server's
protocol handling. An attacker able to connect to the
spice server could send crafted messages which would
cause the process to crash. (CVE-2016-9578)

See also :

http://www.nessus.org/u?018a3e7f

Solution :

Update the affected spice-server, spice-server-debuginfo and / or
spice-server-devel packages.

Risk factor :

High

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 97038 ()

Bugtraq ID:

CVE ID: CVE-2016-9577
CVE-2016-9578

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now