RedHat has issued an advisory on February 6: https://rhn.redhat.com/errata/RHSA-2017-0254.html Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix security vulnerabilities: An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. (CVE-2016-9577) An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. (CVE-2016-9578) References: https://rhn.redhat.com/errata/RHSA-2017-0254.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9577 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578 ======================== Updated packages in core/updates_testing: ======================== spice-client-0.12.5-2.4.mga5 lib(64)spice-server1-0.12.5-2.4.mga5 lib(64)spice-server-devel-0.12.5-2.4.mga5 from SRPMS: spice-0.12.5-2.4.mga5.src.rpm
Status: NEW => ASSIGNEDCC: (none) => nicolas.salgueroVersion: Cauldron => 5Assignee: pkg-bugs => qa-bugsWhiteboard: MGA5TOO => (none)
CC: (none) => davidwhodginsWhiteboard: (none) => advisory
Trying to test with qemu ... qemu-kvm -net user -net nic,model=virtio -cdrom file:/s3/m4/Mageia-6-sta2-LiveDVD-Plasma-x86_64-DVD/Mageia-6-sta2-LiveDVD-Plasma-x86_64-DVD.iso -boot d -m 512 -spice port=7777,password=munged # netstat -tapn|grep qemu tcp 0 0 0.0.0.0:7777 0.0.0.0:* LISTEN 13251/qemu-kvm shows that qemu is listening. spicec -h 127.0.0.1 -p 7777 -w munged successfully connects to the guest although it's very slow. I'll try testing on an i586 host system later, if no one beats me to it.
Whiteboard: advisory => advisory MGA5-64-OK
Same testing on an i586 install done.
Keywords: (none) => validated_updateWhiteboard: advisory MGA5-64-OK => advisory MGA5-64-OK MGA5-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0062.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED