SCIENTIFIC-LINUX-DEVEL Archives

September 2012

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Security ERRATA Moderate: spice-gtk on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Pat Riehecky <[log in to unmask]>
Date:
Wed, 19 Sep 2012 13:56:22 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (118 lines) 
Thanks for the heads up!

That's weird, repoclosure didn't complain......

Though, as I think about it, repoclosure just checks to see if it can be 
installed, and the required deps exist in 6.2 they just aren't the 
latest packages.

blast

I've got a 6.0 and a 6.3 box on hand for testing right now... I'll whip 
up a 6.2 box and test 6.3's virt-viewer a bit.

Be worth checking on 6.1 too......  I installed it on 6.0 before pushing 
it out so I know it goes in there without the newer virt-viewer.  I'll 
have to make sure it works right still.

Anyone else out there able to test this too?

Pat


On 09/19/2012 12:36 PM, Stephan Wiesand wrote:
> Hi Pat,
>
> this update is broken on 6.2 servers if virt-viewer is installed, because that requires the older spice-glib. Adding the virt-viewer from 6.3 makes the transaction work, wihout further dependencies, but I haven't tested virt-viewer itself yet.
>
> Regards,
> 	Stephan
>
> On Sep 17, 2012, at 20:43 , Pat Riehecky wrote:
>
>> Synopsis:          Moderate: spice-gtk security update
>> Issue Date:        2012-09-17
>> CVE Numbers:       CVE-2012-4425
>>
>> The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE
>> (Simple Protocol for Independent Computing Environments) clients. Both
>> Virtual Machine Manager and Virtual Machine Viewer can make use of this
>> widget to access virtual machines using the SPICE protocol.
>>
>> It was discovered that the spice-gtk setuid helper application,
>> spice-client-glib-usb-acl-helper, did not clear the environment variables
>> read by the libraries it uses. A local attacker could possibly use this
>> flaw to escalate their privileges by setting specific environment variables
>> before running the helper application. (CVE-2012-4425)
>>
>> All users of spice-gtk are advised to upgrade to these updated packages,
>> which contain a backported patch to correct this issue.
>>
>> To resolve dependencies gtk2, libcacard, libusb1, and spice-protocol
>> have been added to the necessary repositories.
>>
>>
>> SL6
>>   x86_64
>>     spice-glib-0.11-11.el6_3.1.i686.rpm
>>     spice-glib-0.11-11.el6_3.1.x86_64.rpm
>>     spice-gtk-0.11-11.el6_3.1.i686.rpm
>>     spice-gtk-0.11-11.el6_3.1.x86_64.rpm
>>     spice-gtk-python-0.11-11.el6_3.1.x86_64.rpm
>>     spice-glib-devel-0.11-11.el6_3.1.i686.rpm
>>     spice-glib-devel-0.11-11.el6_3.1.x86_64.rpm
>>     spice-gtk-devel-0.11-11.el6_3.1.i686.rpm
>>     spice-gtk-devel-0.11-11.el6_3.1.x86_64.rpm
>>     spice-gtk-tools-0.11-11.el6_3.1.x86_64.rpm
>>
>>     Dependencies:
>>     gtk2-2.18.9-10.el6.i686.rpm
>>     gtk2-2.18.9-10.el6.x86_64.rpm
>>     gtk2-devel-2.18.9-10.el6.i686.rpm
>>     gtk2-devel-2.18.9-10.el6.x86_64.rpm
>>     gtk2-devel-docs-2.18.9-10.el6.x86_64.rpm
>>     gtk2-immodules-2.18.9-10.el6.i686.rpm
>>     gtk2-immodules-2.18.9-10.el6.x86_64.rpm
>>     gtk2-immodule-xim-2.18.9-10.el6.i686.rpm
>>     gtk2-immodule-xim-2.18.9-10.el6.x86_64.rpm
>>     libcacard-0.15.0-2.el6.i686.rpm
>>     libcacard-0.15.0-2.el6.x86_64.rpm
>>     libcacard-devel-0.15.0-2.el6.i686.rpm
>>     libcacard-devel-0.15.0-2.el6.x86_64.rpm
>>     libcacard-tools-0.15.0-2.el6.x86_64.rpm
>>     libusb1-1.0.9-0.5.rc1.el6.i686.rpm
>>     libusb1-1.0.9-0.5.rc1.el6.x86_64.rpm
>>     libusb1-devel-1.0.9-0.5.rc1.el6.i686.rpm
>>     libusb1-devel-1.0.9-0.5.rc1.el6.x86_64.rpm
>>     libusb1-static-1.0.9-0.5.rc1.el6.x86_64.rpm
>>     spice-protocol-0.10.1-5.el6.noarch.rpm
>>
>>   i386
>>     spice-glib-0.11-11.el6_3.1.i686.rpm
>>     spice-gtk-0.11-11.el6_3.1.i686.rpm
>>     spice-gtk-python-0.11-11.el6_3.1.i686.rpm
>>     spice-glib-devel-0.11-11.el6_3.1.i686.rpm
>>     spice-gtk-devel-0.11-11.el6_3.1.i686.rpm
>>     spice-gtk-tools-0.11-11.el6_3.1.i686.rpm
>>
>>     Dependencies:
>>     gtk2-2.18.9-10.el6.i686.rpm
>>     gtk2-devel-2.18.9-10.el6.i686.rpm
>>     gtk2-devel-docs-2.18.9-10.el6.i686.rpm
>>     gtk2-immodules-2.18.9-10.el6.i686.rpm
>>     gtk2-immodule-xim-2.18.9-10.el6.i686.rpm
>>     libcacard-0.15.0-2.el6.i686.rpm
>>     libcacard-devel-0.15.0-2.el6.i686.rpm
>>     libcacard-tools-0.15.0-2.el6.i686.rpm
>>     libusb1-1.0.9-0.5.rc1.el6.i686.rpm
>>     libusb1-devel-1.0.9-0.5.rc1.el6.i686.rpm
>>     libusb1-static-1.0.9-0.5.rc1.el6.i686.rpm
>>     spice-protocol-0.10.1-5.el6.noarch.rpm
>>
>> - Scientific Linux Development Team


-- 
Pat Riehecky
Scientific Linux Developer

ATOM RSS1 RSS2