SCIENTIFIC-LINUX-ERRATA Archives

September 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: spice-server on SL6.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 4 Sep 2013 13:36:23 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (24 lines) 
Synopsis:          Moderate: spice-server security update
Advisory ID:       SLSA-2013:1192-1
Issue Date:        2013-09-03
CVE Numbers:       CVE-2013-4130
--

A flaw was found in the way concurrent access to the clients ring buffer
was performed in the spice-server library. A remote user able to initiate
a SPICE connection to an application acting as a SPICE server could use
this flaw to crash the application. (CVE-2013-4130)

Applications acting as a SPICE server must be restarted for this update to
take effect. Note that QEMU-KVM guests providing SPICE console access must
be restarted for this update to take effect.
--

SL6
  x86_64
    spice-server-0.12.0-12.el6_4.3.x86_64.rpm
    spice-server-debuginfo-0.12.0-12.el6_4.3.x86_64.rpm
    spice-server-devel-0.12.0-12.el6_4.3.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2