Bug 12266 - spice new security issue CVE-2013-4282
Summary: spice new security issue CVE-2013-4282
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 3
Hardware: i586 Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: has_procedure advisory mga3-64-ok mga...
Keywords: validated_update
Depends on:
Reported: 2014-01-10 18:55 CET by David Walser
Modified: 2014-01-21 17:44 CET (History)
3 users (show)

See Also:
Source RPM: spice-0.12.2-5.1.mga3.src.rpm
CVE: CVE-2013-4282
Status comment:


Description David Walser 2014-01-10 18:55:25 CET
RedHat has issued an advisory on October 29:

Patch added in Mageia 3 and Cauldron SVN.  Freeze push requested for Cauldron.

More details on this issue are here:


Steps to Reproduce:
David Walser 2014-01-10 19:00:51 CET

Whiteboard: (none) => MGA3TOO

Comment 1 David Walser 2014-01-11 03:07:47 CET
Patched packages uploaded for Mageia 3 and Cauldron.


Updated spice packages fix security vulnerability:

A stack-based buffer overflow flaw was found in the way the
reds_handle_ticket() function in the spice-server library handled
decryption of ticket data provided by the client. A remote user able to
initiate a SPICE connection to an application acting as a SPICE server
could use this flaw to crash the application (CVE-2013-4282).


Updated packages in core/updates_testing:

from spice-0.12.2-5.2.mga3.src.rpm

Version: Cauldron => 3
Assignee: bugsquad => qa-bugs
Whiteboard: MGA3TOO => (none)

Comment 2 Shlomi Fish 2014-01-17 15:22:52 CET
It's not clear how to setup a SPICE service that the client can connect to. The documentation in the spice-client package is almost entirely non-existent. I did spice-client --host localhost and was asked for a port. The wikipedia page on the SPICE protocol does not provide a lot of info.

Are the spice package in question provided for people who are intimately familiar with them? What should be done?

CC: (none) => shlomif
Whiteboard: (none) => feedback

Comment 3 David Walser 2014-01-17 15:25:10 CET
The feedback tag is when feedback is needed from packagers.  I don't know how to test this, but maybe you can search for previous times we've updated this in Bugzilla and can find some details there.

Whiteboard: feedback => (none)

Comment 4 claire robinson 2014-01-20 16:49:54 CET
Testing complete mga3 64

Procedure in bug 10987

Whiteboard: (none) => has_procedure mga3-64-ok

Comment 5 claire robinson 2014-01-20 16:56:04 CET
Testing complete mga3 32

Whiteboard: has_procedure mga3-64-ok => has_procedure mga3-64-ok mga3-32-ok

Comment 6 claire robinson 2014-01-20 17:25:20 CET
Advisory uploaded. Validating.

Could sysadmin please push from 3 core/updates_testing to updates


Keywords: (none) => validated_update
Whiteboard: has_procedure mga3-64-ok mga3-32-ok => has_procedure advisory mga3-64-ok mga3-32-ok
CC: (none) => sysadmin-bugs

Comment 7 Thomas Backlund 2014-01-21 17:44:04 CET
Update pushed:

CC: (none) => tmb
CVE: (none) => CVE-2013-4282
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.