12266 – spice new security issue CVE-2013-4282

Bug 12266 - spice new security issue CVE-2013-4282

Summary: spice new security issue CVE-2013-4282

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	3
Hardware:	i586 Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	has_procedure advisory mga3-64-ok mga...
Keywords:	validated_update

Depends on:
Blocks:

Reported:	2014-01-10 18:55 CET by David Walser
Modified:	2014-01-21 17:44 CET (History)
CC List:	3 users (show)

See Also:
Source RPM:	spice-0.12.2-5.1.mga3.src.rpm
CVE:	CVE-2013-4282
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2014-01-10 18:55:25 CET

RedHat has issued an advisory on October 29:
https://rhn.redhat.com/errata/RHSA-2013-1473.html

Patch added in Mageia 3 and Cauldron SVN.  Freeze push requested for Cauldron.

More details on this issue are here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728314

Reproducible: 

Steps to Reproduce:

David Walser 2014-01-10 19:00:51 CET

Whiteboard: (none) => MGA3TOO

Comment 1 David Walser 2014-01-11 03:07:47 CET

Patched packages uploaded for Mageia 3 and Cauldron.

Advisory:
========================

Updated spice packages fix security vulnerability:

A stack-based buffer overflow flaw was found in the way the
reds_handle_ticket() function in the spice-server library handled
decryption of ticket data provided by the client. A remote user able to
initiate a SPICE connection to an application acting as a SPICE server
could use this flaw to crash the application (CVE-2013-4282).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4282
https://rhn.redhat.com/errata/RHSA-2013-1473.html
========================

Updated packages in core/updates_testing:
========================
spice-client-0.12.2-5.2.mga3
libspice-server1-0.12.2-5.2.mga3
libspice-server-devel-0.12.2-5.2.mga3

from spice-0.12.2-5.2.mga3.src.rpm

Version: Cauldron => 3
Assignee: bugsquad => qa-bugs
Whiteboard: MGA3TOO => (none)

Comment 2 Shlomi Fish 2014-01-17 15:22:52 CET

It's not clear how to setup a SPICE service that the client can connect to. The documentation in the spice-client package is almost entirely non-existent. I did spice-client --host localhost and was asked for a port. The wikipedia page on the SPICE protocol does not provide a lot of info.

Are the spice package in question provided for people who are intimately familiar with them? What should be done?

CC: (none) => shlomif
Whiteboard: (none) => feedback

Comment 3 David Walser 2014-01-17 15:25:10 CET

The feedback tag is when feedback is needed from packagers.  I don't know how to test this, but maybe you can search for previous times we've updated this in Bugzilla and can find some details there.

Whiteboard: feedback => (none)

Comment 4 claire robinson 2014-01-20 16:49:54 CET

Testing complete mga3 64

Procedure in bug 10987

Whiteboard: (none) => has_procedure mga3-64-ok

Comment 5 claire robinson 2014-01-20 16:56:04 CET

Testing complete mga3 32

Whiteboard: has_procedure mga3-64-ok => has_procedure mga3-64-ok mga3-32-ok

Comment 6 claire robinson 2014-01-20 17:25:20 CET

Advisory uploaded. Validating.

Could sysadmin please push from 3 core/updates_testing to updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure mga3-64-ok mga3-32-ok => has_procedure advisory mga3-64-ok mga3-32-ok
CC: (none) => sysadmin-bugs

Comment 7 Thomas Backlund 2014-01-21 17:44:04 CET

Update pushed:
http://advisories.mageia.org/MGASA-2014-0022.html

Status: NEW => RESOLVED
CC: (none) => tmb
CVE: (none) => CVE-2013-4282
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.