RedHat has issued an advisory on September 3: https://rhn.redhat.com/errata/RHSA-2015-1714.html Patched packages uploaded for Mageia 4, Mageia 5, and Cauldron. Advisory: ======================== Updated spice packages fix security vulnerability: A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process (CVE-2015-3247). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3247 https://rhn.redhat.com/errata/RHSA-2015-1714.html ======================== Updated packages in core/updates_testing: ======================== spice-client-0.12.4-4.1.mga4 libspice-server1-0.12.4-4.1.mga4 libspice-server-devel-0.12.4-4.1.mga4 spice-client-0.12.5-2.1.mga5 libspice-server1-0.12.5-2.1.mga5 libspice-server-devel-0.12.5-2.1.mga5 from SRPMS: spice-0.12.4-4.1.mga4.src.rpm spice-0.12.5-2.1.mga5.src.rpm Reproducible: Steps to Reproduce:
Testing procedure in: https://bugs.mageia.org/show_bug.cgi?id=10987
Whiteboard: (none) => MGA4TOO has_procedure
host : mga5 x86_64 guest : cauldron x86_64 (virt-manager) Installed packages on host : spice-client-0.12.5-2.1.mga5 lib64spice-server1-0.12.5-2.1.mga5 On the host : spicec -h 127.0.0.1 -p 5900 - guest console display OK - start prefdm on guest, X display OK Update OK.
CC: (none) => yann.cantinWhiteboard: MGA4TOO has_procedure => MGA4TOO has_procedure MGA5-64-OK
Re-test after qemu update (https://bugs.mageia.org/show_bug.cgi?id=16604) : OK.
After installing spice client ... urpmi virt-manager The following packages can't be installed because they depend on packages that are older than the installed ones: lib64spice-client-glib-gir2.0-0.21-2.mga4 virt-manager-0.10.0-12.git1ffcc0cc.1.mga4 Are there more updates needed?
CC: (none) => davidwhodginsWhiteboard: MGA4TOO has_procedure MGA5-64-OK => MGA4TOO has_procedure MGA5-64-OK feedback
While virt-manager can be used to test this, those two packages you listed aren't involved in this update or affected by it. You must have something wrong on your system.
Whiteboard: MGA4TOO has_procedure MGA5-64-OK feedback => MGA4TOO has_procedure MGA5-64-OK
Testing complete mga4 32 In Vbox, very slow but works. Tested qemu at the same time, using virt-manager. Set Video to QXL and Display to Spice. Created a new machine with hdd and began installing a boot.iso.
Whiteboard: MGA4TOO has_procedure MGA5-64-OK => MGA4TOO has_procedure MGA5-64-OK mga4-32-ok
Validating. Advisory uploaded. Please push to 4 & 5 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA4TOO has_procedure MGA5-64-OK mga4-32-ok => MGA4TOO has_procedure advisory MGA5-64-OK mga4-32-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0373.html
Status: NEW => RESOLVEDResolution: (none) => FIXED