Ubuntu has issued an advisory on October 6: http://www.ubuntu.com/usn/usn-2766-1/ Patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated spice packages fix security vulnerabilities: Frediano Ziglio discovered multiple buffer overflows, undefined behavior signed integer operations, race conditions, memory leaks, and denial of service issues in Spice. A malicious guest operating system could potentially exploit these issues to escape virtualization (CVE-2015-5260, CVE-2015-5261). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5260 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5261 http://www.ubuntu.com/usn/usn-2766-1/ ======================== Updated packages in core/updates_testing: ======================== spice-client-0.12.5-2.2.mga5 libspice-server1-0.12.5-2.2.mga5 libspice-server-devel-0.12.5-2.2.mga5 from spice-0.12.5-2.2.mga5.src.rpm Reproducible: Steps to Reproduce:
Testing procedure in: https://bugs.mageia.org/show_bug.cgi?id=10987
Whiteboard: (none) => has_procedure
CC: (none) => davidwhodginsWhiteboard: has_procedure => has_procedure advisory
Testing complete mga5 64 connecting to a VM set up to use spice in virt-manager. HowTo: To use virt-manager first install it along with qemu and libvirt-utils, then start libvirtd service. When you start virt-manager (in system tools in the menu) it asks for root password and should show local qemu to connect to. Create a new VM, it's mostly like Vbox. On the last step tick the box to customise the machine before install. On the Video Default tab select QXL as the Model and apply it. In the Display Default tab select Spice Server as the Default Server and apply it again. You can then click Begin Installation. When the machine starts you should be able to close the display and then test spice with.. $ spicec -h 127.0.0.1 -p 5900 It should display the VM.
Keywords: (none) => validated_updateWhiteboard: has_procedure advisory => has_procedure mga5-64-ok advisoryCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0394.html
Status: NEW => RESOLVEDResolution: (none) => FIXED