Thanks for the heads up! That's weird, repoclosure didn't complain...... Though, as I think about it, repoclosure just checks to see if it can be installed, and the required deps exist in 6.2 they just aren't the latest packages. blast I've got a 6.0 and a 6.3 box on hand for testing right now... I'll whip up a 6.2 box and test 6.3's virt-viewer a bit. Be worth checking on 6.1 too...... I installed it on 6.0 before pushing it out so I know it goes in there without the newer virt-viewer. I'll have to make sure it works right still. Anyone else out there able to test this too? Pat On 09/19/2012 12:36 PM, Stephan Wiesand wrote: > Hi Pat, > > this update is broken on 6.2 servers if virt-viewer is installed, because that requires the older spice-glib. Adding the virt-viewer from 6.3 makes the transaction work, wihout further dependencies, but I haven't tested virt-viewer itself yet. > > Regards, > Stephan > > On Sep 17, 2012, at 20:43 , Pat Riehecky wrote: > >> Synopsis: Moderate: spice-gtk security update >> Issue Date: 2012-09-17 >> CVE Numbers: CVE-2012-4425 >> >> The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE >> (Simple Protocol for Independent Computing Environments) clients. Both >> Virtual Machine Manager and Virtual Machine Viewer can make use of this >> widget to access virtual machines using the SPICE protocol. >> >> It was discovered that the spice-gtk setuid helper application, >> spice-client-glib-usb-acl-helper, did not clear the environment variables >> read by the libraries it uses. A local attacker could possibly use this >> flaw to escalate their privileges by setting specific environment variables >> before running the helper application. (CVE-2012-4425) >> >> All users of spice-gtk are advised to upgrade to these updated packages, >> which contain a backported patch to correct this issue. >> >> To resolve dependencies gtk2, libcacard, libusb1, and spice-protocol >> have been added to the necessary repositories. >> >> >> SL6 >> x86_64 >> spice-glib-0.11-11.el6_3.1.i686.rpm >> spice-glib-0.11-11.el6_3.1.x86_64.rpm >> spice-gtk-0.11-11.el6_3.1.i686.rpm >> spice-gtk-0.11-11.el6_3.1.x86_64.rpm >> spice-gtk-python-0.11-11.el6_3.1.x86_64.rpm >> spice-glib-devel-0.11-11.el6_3.1.i686.rpm >> spice-glib-devel-0.11-11.el6_3.1.x86_64.rpm >> spice-gtk-devel-0.11-11.el6_3.1.i686.rpm >> spice-gtk-devel-0.11-11.el6_3.1.x86_64.rpm >> spice-gtk-tools-0.11-11.el6_3.1.x86_64.rpm >> >> Dependencies: >> gtk2-2.18.9-10.el6.i686.rpm >> gtk2-2.18.9-10.el6.x86_64.rpm >> gtk2-devel-2.18.9-10.el6.i686.rpm >> gtk2-devel-2.18.9-10.el6.x86_64.rpm >> gtk2-devel-docs-2.18.9-10.el6.x86_64.rpm >> gtk2-immodules-2.18.9-10.el6.i686.rpm >> gtk2-immodules-2.18.9-10.el6.x86_64.rpm >> gtk2-immodule-xim-2.18.9-10.el6.i686.rpm >> gtk2-immodule-xim-2.18.9-10.el6.x86_64.rpm >> libcacard-0.15.0-2.el6.i686.rpm >> libcacard-0.15.0-2.el6.x86_64.rpm >> libcacard-devel-0.15.0-2.el6.i686.rpm >> libcacard-devel-0.15.0-2.el6.x86_64.rpm >> libcacard-tools-0.15.0-2.el6.x86_64.rpm >> libusb1-1.0.9-0.5.rc1.el6.i686.rpm >> libusb1-1.0.9-0.5.rc1.el6.x86_64.rpm >> libusb1-devel-1.0.9-0.5.rc1.el6.i686.rpm >> libusb1-devel-1.0.9-0.5.rc1.el6.x86_64.rpm >> libusb1-static-1.0.9-0.5.rc1.el6.x86_64.rpm >> spice-protocol-0.10.1-5.el6.noarch.rpm >> >> i386 >> spice-glib-0.11-11.el6_3.1.i686.rpm >> spice-gtk-0.11-11.el6_3.1.i686.rpm >> spice-gtk-python-0.11-11.el6_3.1.i686.rpm >> spice-glib-devel-0.11-11.el6_3.1.i686.rpm >> spice-gtk-devel-0.11-11.el6_3.1.i686.rpm >> spice-gtk-tools-0.11-11.el6_3.1.i686.rpm >> >> Dependencies: >> gtk2-2.18.9-10.el6.i686.rpm >> gtk2-devel-2.18.9-10.el6.i686.rpm >> gtk2-devel-docs-2.18.9-10.el6.i686.rpm >> gtk2-immodules-2.18.9-10.el6.i686.rpm >> gtk2-immodule-xim-2.18.9-10.el6.i686.rpm >> libcacard-0.15.0-2.el6.i686.rpm >> libcacard-devel-0.15.0-2.el6.i686.rpm >> libcacard-tools-0.15.0-2.el6.i686.rpm >> libusb1-1.0.9-0.5.rc1.el6.i686.rpm >> libusb1-devel-1.0.9-0.5.rc1.el6.i686.rpm >> libusb1-static-1.0.9-0.5.rc1.el6.i686.rpm >> spice-protocol-0.10.1-5.el6.noarch.rpm >> >> - Scientific Linux Development Team -- Pat Riehecky Scientific Linux Developer