Bug 12266 - spice new security issue CVE-2013-4282
: spice new security issue CVE-2013-4282
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 3
: i586 Linux
: Normal Severity: critical
: ---
Assigned To: QA Team
: Sec team
:
: has_procedure advisory mga3-64-ok mga...
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2014-01-10 18:55 CET by David Walser
Modified: 2014-01-21 17:44 CET (History)
3 users (show)

See Also:
Source RPM: spice-0.12.2-5.1.mga3.src.rpm
CVE: CVE-2013-4282


Attachments

Description David Walser 2014-01-10 18:55:25 CET
RedHat has issued an advisory on October 29:
https://rhn.redhat.com/errata/RHSA-2013-1473.html

Patch added in Mageia 3 and Cauldron SVN.  Freeze push requested for Cauldron.

More details on this issue are here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728314

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2014-01-11 03:07:47 CET
Patched packages uploaded for Mageia 3 and Cauldron.

Advisory:
========================

Updated spice packages fix security vulnerability:

A stack-based buffer overflow flaw was found in the way the
reds_handle_ticket() function in the spice-server library handled
decryption of ticket data provided by the client. A remote user able to
initiate a SPICE connection to an application acting as a SPICE server
could use this flaw to crash the application (CVE-2013-4282).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4282
https://rhn.redhat.com/errata/RHSA-2013-1473.html
========================

Updated packages in core/updates_testing:
========================
spice-client-0.12.2-5.2.mga3
libspice-server1-0.12.2-5.2.mga3
libspice-server-devel-0.12.2-5.2.mga3

from spice-0.12.2-5.2.mga3.src.rpm
Comment 2 Shlomi Fish 2014-01-17 15:22:52 CET
It's not clear how to setup a SPICE service that the client can connect to. The documentation in the spice-client package is almost entirely non-existent. I did spice-client --host localhost and was asked for a port. The wikipedia page on the SPICE protocol does not provide a lot of info.

Are the spice package in question provided for people who are intimately familiar with them? What should be done?
Comment 3 David Walser 2014-01-17 15:25:10 CET
The feedback tag is when feedback is needed from packagers.  I don't know how to test this, but maybe you can search for previous times we've updated this in Bugzilla and can find some details there.
Comment 4 claire robinson 2014-01-20 16:49:54 CET
Testing complete mga3 64

Procedure in bug 10987
Comment 5 claire robinson 2014-01-20 16:56:04 CET
Testing complete mga3 32
Comment 6 claire robinson 2014-01-20 17:25:20 CET
Advisory uploaded. Validating.

Could sysadmin please push from 3 core/updates_testing to updates

Thanks
Comment 7 Thomas Backlund 2014-01-21 17:44:04 CET
Update pushed:
http://advisories.mageia.org/MGASA-2014-0022.html

Note You need to log in before you can comment on or make changes to this bug.