Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.2317 Important: spice and spice-server security updates 4 September 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: spice spice-server Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2015-3247 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2015-1714.html https://rhn.redhat.com/errata/RHSA-2015-1715.html Comment: This bulletin contains two (2) security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: spice security update Advisory ID: RHSA-2015:1714-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1714.html Issue date: 2015-09-03 CVE Names: CVE-2015-3247 ===================================================================== 1. Summary: An updated spice package that fixes one security issue is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. (CVE-2015-3247) This issue was discovered by Frediano Ziglio of Red Hat. All spice users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1233238 - CVE-2015-3247 spice: memory corruption in worker_update_monitors_config() 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: spice-0.12.4-9.el7_1.1.src.rpm x86_64: spice-debuginfo-0.12.4-9.el7_1.1.x86_64.rpm spice-server-0.12.4-9.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: spice-debuginfo-0.12.4-9.el7_1.1.x86_64.rpm spice-server-devel-0.12.4-9.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: spice-0.12.4-9.el7_1.1.src.rpm x86_64: spice-debuginfo-0.12.4-9.el7_1.1.x86_64.rpm spice-server-0.12.4-9.el7_1.1.x86_64.rpm spice-server-devel-0.12.4-9.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: spice-0.12.4-9.el7_1.1.src.rpm x86_64: spice-debuginfo-0.12.4-9.el7_1.1.x86_64.rpm spice-server-0.12.4-9.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: spice-debuginfo-0.12.4-9.el7_1.1.x86_64.rpm spice-server-devel-0.12.4-9.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: spice-0.12.4-9.el7_1.1.src.rpm x86_64: spice-debuginfo-0.12.4-9.el7_1.1.x86_64.rpm spice-server-0.12.4-9.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: spice-debuginfo-0.12.4-9.el7_1.1.x86_64.rpm spice-server-devel-0.12.4-9.el7_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3247 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV6I5+XlSAg2UNWIIRArKHAKCTaDcVPz5f85T/ieGsNYEjROM+mwCgoc6d l2FElUHyHL7FS7LKp9veLGA= =bR5V - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: spice-server security update Advisory ID: RHSA-2015:1715-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1715.html Issue date: 2015-09-03 CVE Names: CVE-2015-3247 ===================================================================== 1. Summary: An updated spice-server package that fixes one security issue is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. (CVE-2015-3247) This issue was discovered by Frediano Ziglio of Red Hat. All spice-server users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1233238 - CVE-2015-3247 spice: memory corruption in worker_update_monitors_config() 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: spice-server-0.12.4-12.el6_7.1.src.rpm x86_64: spice-server-0.12.4-12.el6_7.1.x86_64.rpm spice-server-debuginfo-0.12.4-12.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: spice-server-debuginfo-0.12.4-12.el6_7.1.x86_64.rpm spice-server-devel-0.12.4-12.el6_7.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: spice-server-0.12.4-12.el6_7.1.src.rpm x86_64: spice-server-0.12.4-12.el6_7.1.x86_64.rpm spice-server-debuginfo-0.12.4-12.el6_7.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: spice-server-debuginfo-0.12.4-12.el6_7.1.x86_64.rpm spice-server-devel-0.12.4-12.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: spice-server-0.12.4-12.el6_7.1.src.rpm x86_64: spice-server-0.12.4-12.el6_7.1.x86_64.rpm spice-server-debuginfo-0.12.4-12.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): x86_64: spice-server-debuginfo-0.12.4-12.el6_7.1.x86_64.rpm spice-server-devel-0.12.4-12.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: spice-server-0.12.4-12.el6_7.1.src.rpm x86_64: spice-server-0.12.4-12.el6_7.1.x86_64.rpm spice-server-debuginfo-0.12.4-12.el6_7.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: spice-server-debuginfo-0.12.4-12.el6_7.1.x86_64.rpm spice-server-devel-0.12.4-12.el6_7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3247 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV6I6JXlSAg2UNWIIRAvcgAKCGsZhram/SKWWsxH6ZqP5D8nTqoACgv3/W QLr5/LvrNi6fv+TpKsCLJnc= =e4if - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVej4736ZAP0PgtI9AQLhuhAAydJ7QZweTY4qlB1y48mn305ISvoSAunI FPINSCYYZf2s1EXP4aRFKzjBeaJrbUtmVn9o6rFdITTgM2sQxw2R9rApHDrrSr/K w3edD/Ly9ka4NEwhoiJkLK5ziyqxWtW5AfHve2ArvCo2Q7kbzXLMjy41k372axez Oz+yJc+I8oUN11dhzdYKn4lcmMyFNH7FHdaZaW1UB+w9Zb6X1vaFEGDYB3DAvviQ LAATg8irFSsel82pjP4OJegezxYQGXPtWziluYM8a/kpbRa3dduKvFyRQUiquGSD 0dDWp8dq6kv4OqQ3zcGO+QTqhrrVTvgjTpKDyjrvBIPoJCARkdASPBzsuOcHL9Hq eem30H0j8+u9rS+3kx3V4aczK989CbxhGDCkI2ZosPlrOc/9/nRl4wopUqUIhHaI SaX6eCoRdEE4zNumw5nWSLDUiAYNhXnB2BI7BDpIS/kio9P5djNnpoBTpeAc3aZH V1UPFHMjT8iL4N1rWwD/XE0zyOuzfcf+rYDKHUcMiRh3rUe9hQsW3dcvn12DVm4Y LB2DUjvXGa2eRdIGop/52w9YEoDDA6EVdyAKIOj/HzScvyngfvxkSv7bcKjCWJqX dYyKwOHJ0dRfLnYyEszCsERwvPR9gvUmFN7IHR7+9dVfzChUy+eOwvTha5uN92z1 ruwwZqx9cXQ= =XBzQ -----END PGP SIGNATURE-----