Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.2317
Important: spice and spice-server security updates
4 September 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: spice
spice-server
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux WS/Desktop 7
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux WS/Desktop 6
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2015-3247
Original Bulletin:
https://rhn.redhat.com/errata/RHSA-2015-1714.html
https://rhn.redhat.com/errata/RHSA-2015-1715.html
Comment: This bulletin contains two (2) security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: spice security update
Advisory ID: RHSA-2015:1714-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1714.html
Issue date: 2015-09-03
CVE Names: CVE-2015-3247
=====================================================================
1. Summary:
An updated spice package that fixes one security issue is now available for
Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The Simple Protocol for Independent Computing Environments (SPICE) is a
remote display protocol for virtual environments. SPICE users can access a
virtualized desktop or server from the local system or any system with
network access to the server. SPICE is used in Red Hat Enterprise Linux for
viewing virtualized guests running on the Kernel-based Virtual Machine
(KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.
A race condition flaw, leading to a heap-based memory corruption, was found
in spice's worker_update_monitors_config() function, which runs under the
QEMU-KVM context on the host. A user in a guest could leverage this flaw to
crash the host QEMU-KVM process or, possibly, execute arbitrary code with
the privileges of the host QEMU-KVM process. (CVE-2015-3247)
This issue was discovered by Frediano Ziglio of Red Hat.
All spice users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1233238 - CVE-2015-3247 spice: memory corruption in worker_update_monitors_config()
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
spice-0.12.4-9.el7_1.1.src.rpm
x86_64:
spice-debuginfo-0.12.4-9.el7_1.1.x86_64.rpm
spice-server-0.12.4-9.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
spice-debuginfo-0.12.4-9.el7_1.1.x86_64.rpm
spice-server-devel-0.12.4-9.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source:
spice-0.12.4-9.el7_1.1.src.rpm
x86_64:
spice-debuginfo-0.12.4-9.el7_1.1.x86_64.rpm
spice-server-0.12.4-9.el7_1.1.x86_64.rpm
spice-server-devel-0.12.4-9.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
spice-0.12.4-9.el7_1.1.src.rpm
x86_64:
spice-debuginfo-0.12.4-9.el7_1.1.x86_64.rpm
spice-server-0.12.4-9.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
x86_64:
spice-debuginfo-0.12.4-9.el7_1.1.x86_64.rpm
spice-server-devel-0.12.4-9.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
spice-0.12.4-9.el7_1.1.src.rpm
x86_64:
spice-debuginfo-0.12.4-9.el7_1.1.x86_64.rpm
spice-server-0.12.4-9.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
spice-debuginfo-0.12.4-9.el7_1.1.x86_64.rpm
spice-server-devel-0.12.4-9.el7_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-3247
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFV6I5+XlSAg2UNWIIRArKHAKCTaDcVPz5f85T/ieGsNYEjROM+mwCgoc6d
l2FElUHyHL7FS7LKp9veLGA=
=bR5V
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: spice-server security update
Advisory ID: RHSA-2015:1715-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1715.html
Issue date: 2015-09-03
CVE Names: CVE-2015-3247
=====================================================================
1. Summary:
An updated spice-server package that fixes one security issue is now
available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - x86_64
Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64
3. Description:
The Simple Protocol for Independent Computing Environments (SPICE) is a
remote display protocol for virtual environments. SPICE users can access a
virtualized desktop or server from the local system or any system with
network access to the server. SPICE is used in Red Hat Enterprise Linux for
viewing virtualized guests running on the Kernel-based Virtual Machine
(KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.
A race condition flaw, leading to a heap-based memory corruption, was found
in spice's worker_update_monitors_config() function, which runs under the
QEMU-KVM context on the host. A user in a guest could leverage this flaw to
crash the host QEMU-KVM process or, possibly, execute arbitrary code with
the privileges of the host QEMU-KVM process. (CVE-2015-3247)
This issue was discovered by Frediano Ziglio of Red Hat.
All spice-server users are advised to upgrade to this updated package,
which contains a backported patch to correct this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1233238 - CVE-2015-3247 spice: memory corruption in worker_update_monitors_config()
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
spice-server-0.12.4-12.el6_7.1.src.rpm
x86_64:
spice-server-0.12.4-12.el6_7.1.x86_64.rpm
spice-server-debuginfo-0.12.4-12.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
x86_64:
spice-server-debuginfo-0.12.4-12.el6_7.1.x86_64.rpm
spice-server-devel-0.12.4-12.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
spice-server-0.12.4-12.el6_7.1.src.rpm
x86_64:
spice-server-0.12.4-12.el6_7.1.x86_64.rpm
spice-server-debuginfo-0.12.4-12.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
spice-server-debuginfo-0.12.4-12.el6_7.1.x86_64.rpm
spice-server-devel-0.12.4-12.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
spice-server-0.12.4-12.el6_7.1.src.rpm
x86_64:
spice-server-0.12.4-12.el6_7.1.x86_64.rpm
spice-server-debuginfo-0.12.4-12.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
x86_64:
spice-server-debuginfo-0.12.4-12.el6_7.1.x86_64.rpm
spice-server-devel-0.12.4-12.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
spice-server-0.12.4-12.el6_7.1.src.rpm
x86_64:
spice-server-0.12.4-12.el6_7.1.x86_64.rpm
spice-server-debuginfo-0.12.4-12.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
x86_64:
spice-server-debuginfo-0.12.4-12.el6_7.1.x86_64.rpm
spice-server-devel-0.12.4-12.el6_7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-3247
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFV6I6JXlSAg2UNWIIRAvcgAKCGsZhram/SKWWsxH6ZqP5D8nTqoACgv3/W
QLr5/LvrNi6fv+TpKsCLJnc=
=e4if
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVej4736ZAP0PgtI9AQLhuhAAydJ7QZweTY4qlB1y48mn305ISvoSAunI
FPINSCYYZf2s1EXP4aRFKzjBeaJrbUtmVn9o6rFdITTgM2sQxw2R9rApHDrrSr/K
w3edD/Ly9ka4NEwhoiJkLK5ziyqxWtW5AfHve2ArvCo2Q7kbzXLMjy41k372axez
Oz+yJc+I8oUN11dhzdYKn4lcmMyFNH7FHdaZaW1UB+w9Zb6X1vaFEGDYB3DAvviQ
LAATg8irFSsel82pjP4OJegezxYQGXPtWziluYM8a/kpbRa3dduKvFyRQUiquGSD
0dDWp8dq6kv4OqQ3zcGO+QTqhrrVTvgjTpKDyjrvBIPoJCARkdASPBzsuOcHL9Hq
eem30H0j8+u9rS+3kx3V4aczK989CbxhGDCkI2ZosPlrOc/9/nRl4wopUqUIhHaI
SaX6eCoRdEE4zNumw5nWSLDUiAYNhXnB2BI7BDpIS/kio9P5djNnpoBTpeAc3aZH
V1UPFHMjT8iL4N1rWwD/XE0zyOuzfcf+rYDKHUcMiRh3rUe9hQsW3dcvn12DVm4Y
LB2DUjvXGa2eRdIGop/52w9YEoDDA6EVdyAKIOj/HzScvyngfvxkSv7bcKjCWJqX
dYyKwOHJ0dRfLnYyEszCsERwvPR9gvUmFN7IHR7+9dVfzChUy+eOwvTha5uN92z1
ruwwZqx9cXQ=
=XBzQ
-----END PGP SIGNATURE-----