| Summary: | spice-gtk new security issue CVE-2017-12194 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | All Packagers <pkg-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | bequimao.de, bruno, marja11, nicolas.salguero |
| Version: | 6 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://bugs.mageia.org/show_bug.cgi?id=23466 | ||
| Whiteboard: | |||
| Source RPM: | spice-gtk-0.33-3.mga6.src.rpm | CVE: | CVE-2017-12194 |
| Status comment: | Patch available from openSUSE | ||
| Bug Depends on: | 23466 | ||
| Bug Blocks: | |||
|
Description
David Walser
2018-04-08 02:32:34 CEST
David Walser
2018-04-08 02:32:42 CEST
Whiteboard:
(none) =>
MGA6TOO Assigning to all packagers collectively, since there is no registered maintainer for this package. Assignee:
bugsquad =>
pkg-bugs
David Walser
2018-05-04 08:30:57 CEST
Status comment:
(none) =>
Patch available from openSUSE Ubuntu has issued an advisory for this on May 23: https://usn.ubuntu.com/3659-1/
David Walser
2018-09-04 20:10:35 CEST
See Also:
(none) =>
https://bugs.mageia.org/show_bug.cgi?id=23466 I used patches from Red Hat (https://bugzilla.redhat.com/show_bug.cgi?id=1240165) to update spice-gtk-0.35-3.mga7 Assignee:
pkg-bugs =>
bruno
David Walser
2018-10-29 01:58:03 CET
Whiteboard:
MGA6TOO =>
(none) For mga6 patches do not apply on our current version 0.33. So I suggest that we move to the same version as cauldron, which also means updating spice-protocol if that doesn't create too many issues.
Ulrich Beckmann
2018-10-29 21:22:52 CET
CC:
(none) =>
bequimao.de
David Walser
2019-01-01 05:34:39 CET
Depends on:
(none) =>
23466 I add advisory for bug 23466 too: Suggested advisory: ======================== The updated packages fix a security vulnerability: A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable. (CVE-2017-12194) A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. (CVE-2018-10873) Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. (CVE-2018-10893) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12194 https://lists.opensuse.org/opensuse-updates/2018-04/msg00011.html https://usn.ubuntu.com/3659-1/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10873 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10893 http://openwall.com/lists/oss-security/2018/08/17/1 https://lists.opensuse.org/opensuse-updates/2018-09/msg00007.html https://lists.opensuse.org/opensuse-updates/2018-09/msg00010.html Updated packages in core/updates_testing: ======================== spice-gtk-0.33-3.1.mga6 lib(64)spice-client-glib2.0_8-0.33-3.1.mga6 lib(64)spice-client-glib-gir2.0-0.33-3.1.mga6 lib(64)spice-client-gtk3.0_5-0.33-3.1.mga6 lib(64)spice-client-gtk-gir3.0-0.33-3.1.mga6 lib(64)spice-controller0-0.33-3.1.mga6 lib(64)spice-gtk-devel-0.33-3.1.mga6 from SRPMS: spice-gtk-0.33-3.1.mga6.src.rpm Assignee:
bruno =>
qa-bugs
Nicolas Salguero
2019-02-14 13:29:28 CET
Severity:
normal =>
critical Can't assign two bugs to QA for the same package, QA bug should generally be the newer (blocking) bug, which is Bug 23466 for spice-gtk and Bug 24257 for spice. Assignee:
qa-bugs =>
pkg-bugs Fixed in: https://advisories.mageia.org/MGASA-2019-0099.html Status:
ASSIGNED =>
RESOLVED |