spice-xpi-2.4-1.AXS4.2

エラータID: AXSA:2011-154:01

リリース日: 
2011/04/19 Tuesday - 20:13
題名: 
spice-xpi-2.4-1.AXS4.2
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

SPICE extension for mozilla allows the client to be used from a web browser.
Security issues fixed with this release:
CVE-2011-0012
CVE-2011-1179
No description available at the time of writing, see CVE links below.

解決策: 

Update packages.

CVE: 
CVE-2011-0012
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.
CVE-2011-1179
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) plugin/nsScriptablePeer.cpp and (2) plugin/plugin.cpp, which trigger multiple uses of an uninitialized pointer.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. spice-xpi-2.4-1.AXS4.2.src.rpm
    MD5: dc9fcb0fe4b9f7cca5860c9534809f50
    SHA-256: 794dbe9aa5fdb2c7254b2ff18802388ed917d2068196a2c79788e87ac1cf6e20
    Size: 46.84 kB

Asianux Server 4 for x86
  1. spice-xpi-2.4-1.AXS4.2.i686.rpm
    MD5: 2e96630b8f1cc90c4ae5f8bb116bd2c6
    SHA-256: 6a9d7746ac85425e22f6eec9e5ec1c2e2e42f128be15638a5741664a3a52948d
    Size: 40.98 kB

Asianux Server 4 for x86_64
  1. spice-xpi-2.4-1.AXS4.2.x86_64.rpm
    MD5: 8df3c80d7e74434e91bfc3a2554fd8d4
    SHA-256: 10a31101f109bbf8b0768379c8cdc05302e471b8acfcd4a7c1196064902bc5c4
    Size: 39.80 kB