Bug 20251

Summary: spice new security issues CVE-2016-9577 and CVE-2016-9578
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: davidwhodgins, marja11, nicolas.salguero, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://lwn.net/Vulnerabilities/713771/
Whiteboard: advisory MGA5-64-OK MGA5-32-OK
Source RPM: spice-0.13.3-2.mga6.src.rpm CVE:
Status comment:

Description David Walser 2017-02-07 12:07:43 CET 
RedHat has issued an advisory on February 6:
https://rhn.redhat.com/errata/RHSA-2017-0254.html

Mageia 5 is also affected.
David Walser 2017-02-07 12:07:52 CET

Whiteboard: (none) => MGA5TOO

Comment 1 Marja Van Waes 2017-02-08 09:50:28 CET 
Assigning to all packagers collectively, since there is no registered maintainer for this package.

CC: (none) => marja11
Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2017-02-16 15:41:30 CET 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. (CVE-2016-9577)

An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. (CVE-2016-9578)

References:
https://rhn.redhat.com/errata/RHSA-2017-0254.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9577
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578
========================

Updated packages in core/updates_testing:
========================
spice-client-0.12.5-2.4.mga5
lib(64)spice-server1-0.12.5-2.4.mga5
lib(64)spice-server-devel-0.12.5-2.4.mga5

from SRPMS:
spice-0.12.5-2.4.mga5.src.rpm

Status: NEW => ASSIGNED
CC: (none) => nicolas.salguero
Version: Cauldron => 5
Assignee: pkg-bugs => qa-bugs
Whiteboard: MGA5TOO => (none)

Dave Hodgins 2017-02-19 21:51:50 CET

CC: (none) => davidwhodgins
Whiteboard: (none) => advisory

Comment 3 Dave Hodgins 2017-02-20 05:48:37 CET 
Trying to test with qemu ...

qemu-kvm -net user -net nic,model=virtio -cdrom file:/s3/m4/Mageia-6-sta2-LiveDVD-Plasma-x86_64-DVD/Mageia-6-sta2-LiveDVD-Plasma-x86_64-DVD.iso -boot d -m 512 -spice port=7777,password=munged

# netstat -tapn|grep qemu
tcp        0      0 0.0.0.0:7777            0.0.0.0:*               LISTEN      13251/qemu-kvm

shows that qemu is listening.

spicec -h 127.0.0.1 -p 7777 -w munged
successfully connects to the guest although it's very slow.

I'll try testing on an i586 host system later, if no one beats me to it.

Whiteboard: advisory => advisory MGA5-64-OK

Comment 4 Dave Hodgins 2017-02-22 02:38:30 CET 
Same testing on an i586 install done.

Keywords: (none) => validated_update
Whiteboard: advisory MGA5-64-OK => advisory MGA5-64-OK MGA5-32-OK
CC: (none) => sysadmin-bugs

Comment 5 Mageia Robot 2017-02-23 15:59:42 CET 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0062.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED