An update to virt-viewer has been added for all versions as well. This should resolve any dependency issues related to updating spice-glib on systems with virt-viewer. Pat On 09/17/2012 01:43 PM, Pat Riehecky wrote: > Synopsis: Moderate: spice-gtk security update > Issue Date: 2012-09-17 > CVE Numbers: CVE-2012-4425 > > The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE > (Simple Protocol for Independent Computing Environments) clients. Both > Virtual Machine Manager and Virtual Machine Viewer can make use of this > widget to access virtual machines using the SPICE protocol. > > It was discovered that the spice-gtk setuid helper application, > spice-client-glib-usb-acl-helper, did not clear the environment variables > read by the libraries it uses. A local attacker could possibly use this > flaw to escalate their privileges by setting specific environment > variables > before running the helper application. (CVE-2012-4425) > > All users of spice-gtk are advised to upgrade to these updated packages, > which contain a backported patch to correct this issue. > > To resolve dependencies gtk2, libcacard, libusb1, and spice-protocol > have been added to the necessary repositories. > > > SL6 > x86_64 > spice-glib-0.11-11.el6_3.1.i686.rpm > spice-glib-0.11-11.el6_3.1.x86_64.rpm > spice-gtk-0.11-11.el6_3.1.i686.rpm > spice-gtk-0.11-11.el6_3.1.x86_64.rpm > spice-gtk-python-0.11-11.el6_3.1.x86_64.rpm > spice-glib-devel-0.11-11.el6_3.1.i686.rpm > spice-glib-devel-0.11-11.el6_3.1.x86_64.rpm > spice-gtk-devel-0.11-11.el6_3.1.i686.rpm > spice-gtk-devel-0.11-11.el6_3.1.x86_64.rpm > spice-gtk-tools-0.11-11.el6_3.1.x86_64.rpm > > Dependencies: > gtk2-2.18.9-10.el6.i686.rpm > gtk2-2.18.9-10.el6.x86_64.rpm > gtk2-devel-2.18.9-10.el6.i686.rpm > gtk2-devel-2.18.9-10.el6.x86_64.rpm > gtk2-devel-docs-2.18.9-10.el6.x86_64.rpm > gtk2-immodules-2.18.9-10.el6.i686.rpm > gtk2-immodules-2.18.9-10.el6.x86_64.rpm > gtk2-immodule-xim-2.18.9-10.el6.i686.rpm > gtk2-immodule-xim-2.18.9-10.el6.x86_64.rpm > libcacard-0.15.0-2.el6.i686.rpm > libcacard-0.15.0-2.el6.x86_64.rpm > libcacard-devel-0.15.0-2.el6.i686.rpm > libcacard-devel-0.15.0-2.el6.x86_64.rpm > libcacard-tools-0.15.0-2.el6.x86_64.rpm > libusb1-1.0.9-0.5.rc1.el6.i686.rpm > libusb1-1.0.9-0.5.rc1.el6.x86_64.rpm > libusb1-devel-1.0.9-0.5.rc1.el6.i686.rpm > libusb1-devel-1.0.9-0.5.rc1.el6.x86_64.rpm > libusb1-static-1.0.9-0.5.rc1.el6.x86_64.rpm > spice-protocol-0.10.1-5.el6.noarch.rpm > > i386 > spice-glib-0.11-11.el6_3.1.i686.rpm > spice-gtk-0.11-11.el6_3.1.i686.rpm > spice-gtk-python-0.11-11.el6_3.1.i686.rpm > spice-glib-devel-0.11-11.el6_3.1.i686.rpm > spice-gtk-devel-0.11-11.el6_3.1.i686.rpm > spice-gtk-tools-0.11-11.el6_3.1.i686.rpm > > Dependencies: > gtk2-2.18.9-10.el6.i686.rpm > gtk2-devel-2.18.9-10.el6.i686.rpm > gtk2-devel-docs-2.18.9-10.el6.i686.rpm > gtk2-immodules-2.18.9-10.el6.i686.rpm > gtk2-immodule-xim-2.18.9-10.el6.i686.rpm > libcacard-0.15.0-2.el6.i686.rpm > libcacard-devel-0.15.0-2.el6.i686.rpm > libcacard-tools-0.15.0-2.el6.i686.rpm > libusb1-1.0.9-0.5.rc1.el6.i686.rpm > libusb1-devel-1.0.9-0.5.rc1.el6.i686.rpm > libusb1-static-1.0.9-0.5.rc1.el6.i686.rpm > spice-protocol-0.10.1-5.el6.noarch.rpm > > - Scientific Linux Development Team -- Pat Riehecky Scientific Linux Developer