CVE-2015-5261: Buffer Overflow
First published: Thu Sep 10 2015(Updated: )
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu | =14.04 | |
| Ubuntu | =15.04 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux HPC Node | =6.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =6.7.z | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux HPC Node | =7.0 | |
| Red Hat Enterprise Linux HPC Node | =7.1 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =7.1 | |
| Red Hat Enterprise Linux Workstation | =7.0 | |
| Debian | =7.0 | |
| Debian | =8.0 | |
| SPICE | <=0.12.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://rhn.redhat.com/errata/RHSA-2015-1889.html
- https://rhn.redhat.com/errata/RHSA-2015-1890.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1261889
- http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html
- http://rhn.redhat.com/errata/RHSA-2015-1889.html
- http://rhn.redhat.com/errata/RHSA-2015-1890.html
- http://www.debian.org/security/2015/dsa-3371
- http://www.openwall.com/lists/oss-security/2015/10/06/4
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securitytracker.com/id/1033753
- http://www.ubuntu.com/usn/USN-2766-1
- https://security.gentoo.org/glsa/201606-05
Frequently Asked Questions
What is the severity of CVE-2015-5261?
CVE-2015-5261 is classified as a high severity vulnerability due to its potential for arbitrary memory access.
How do I fix CVE-2015-5261?
To fix CVE-2015-5261, update SPICE to version 0.12.6 or later.
What systems are affected by CVE-2015-5261?
CVE-2015-5261 affects multiple versions of Ubuntu, Red Hat Enterprise Linux, and Debian.
What type of vulnerability is CVE-2015-5261?
CVE-2015-5261 is a heap-based buffer overflow vulnerability.
Can CVE-2015-5261 be exploited remotely?
Yes, CVE-2015-5261 can be exploited remotely by a guest OS user via QXL commands.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-5261
- agent/trending
- agent/weakness
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/15.04
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- canonical/red hat enterprise linux hpc node
- version/red hat enterprise linux hpc node/6.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/6.7.z
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0
- version/red hat enterprise linux desktop/7.0
- version/red hat enterprise linux hpc node/7.0
- version/red hat enterprise linux hpc node/7.1
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/7.1
- version/red hat enterprise linux workstation/7.0
- vendor/debian
- canonical/debian
- version/debian/7.0
- version/debian/8.0
- vendor/spice project
- canonical/spice
- version/spice/0.12.5