Bug 16700 - spice new security issue CVE-2015-3247
Summary: spice new security issue CVE-2015-3247
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: i586 Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/656656/
Whiteboard: MGA4TOO has_procedure advisory MGA5-6...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-09-04 16:33 CEST by David Walser
Modified: 2015-09-15 16:56 CEST (History)
3 users (show)

See Also:
Source RPM: spice-0.12.5-2.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2015-09-04 16:33:39 CEST
RedHat has issued an advisory on September 3:
https://rhn.redhat.com/errata/RHSA-2015-1714.html

Patched packages uploaded for Mageia 4, Mageia 5, and Cauldron.

Advisory:
========================

Updated spice packages fix security vulnerability:

A race condition flaw, leading to a heap-based memory corruption, was found
in spice's worker_update_monitors_config() function, which runs under the
QEMU-KVM context on the host. A user in a guest could leverage this flaw to
crash the host QEMU-KVM process or, possibly, execute arbitrary code with
the privileges of the host QEMU-KVM process (CVE-2015-3247).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3247
https://rhn.redhat.com/errata/RHSA-2015-1714.html
========================

Updated packages in core/updates_testing:
========================
spice-client-0.12.4-4.1.mga4
libspice-server1-0.12.4-4.1.mga4
libspice-server-devel-0.12.4-4.1.mga4
spice-client-0.12.5-2.1.mga5
libspice-server1-0.12.5-2.1.mga5
libspice-server-devel-0.12.5-2.1.mga5

from SRPMS:
spice-0.12.4-4.1.mga4.src.rpm
spice-0.12.5-2.1.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-09-04 16:34:45 CEST
Testing procedure in:
https://bugs.mageia.org/show_bug.cgi?id=10987

Whiteboard: (none) => MGA4TOO has_procedure

Comment 2 Yann Cantin 2015-09-04 18:41:50 CEST
host  : mga5 x86_64
guest : cauldron x86_64 (virt-manager)

Installed packages on host :
 spice-client-0.12.5-2.1.mga5
 lib64spice-server1-0.12.5-2.1.mga5

On the host : spicec -h 127.0.0.1 -p 5900
- guest console display OK
- start prefdm on guest, X display OK

Update OK.

CC: (none) => yann.cantin
Whiteboard: MGA4TOO has_procedure => MGA4TOO has_procedure MGA5-64-OK

Comment 3 Yann Cantin 2015-09-11 22:28:22 CEST
Re-test after qemu update (https://bugs.mageia.org/show_bug.cgi?id=16604) : OK.
Comment 4 Dave Hodgins 2015-09-15 01:10:20 CEST
After installing spice client ...

urpmi virt-manager
The following packages can't be installed because they depend on packages
that are older than the installed ones:
lib64spice-client-glib-gir2.0-0.21-2.mga4
virt-manager-0.10.0-12.git1ffcc0cc.1.mga4

Are there more updates needed?

CC: (none) => davidwhodgins
Whiteboard: MGA4TOO has_procedure MGA5-64-OK => MGA4TOO has_procedure MGA5-64-OK feedback

Comment 5 David Walser 2015-09-15 02:59:00 CEST
While virt-manager can be used to test this, those two packages you listed aren't involved in this update or affected by it.  You must have something wrong on your system.

Whiteboard: MGA4TOO has_procedure MGA5-64-OK feedback => MGA4TOO has_procedure MGA5-64-OK

Comment 6 claire robinson 2015-09-15 14:23:22 CEST
Testing complete mga4 32

In Vbox, very slow but works.

Tested qemu at the same time, using virt-manager. Set Video to QXL and Display to Spice. Created a new machine with hdd and began installing a boot.iso.

Whiteboard: MGA4TOO has_procedure MGA5-64-OK => MGA4TOO has_procedure MGA5-64-OK mga4-32-ok

Comment 7 claire robinson 2015-09-15 15:03:02 CEST
Validating. Advisory uploaded.

Please push to 4 & 5 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: MGA4TOO has_procedure MGA5-64-OK mga4-32-ok => MGA4TOO has_procedure advisory MGA5-64-OK mga4-32-ok
CC: (none) => sysadmin-bugs

Comment 8 Mageia Robot 2015-09-15 16:56:20 CEST
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0373.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.