CVE-2017-15108 (https://nvd.nist.gov/vuln/detail/CVE-2017-15108): spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2209aa7d8367d86752cd4c059b25951f4a20c597 commit 2209aa7d8367d86752cd4c059b25951f4a20c597 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2018-03-19 16:06:08 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2018-03-19 16:09:45 +0000 app-emulation/spice-vdagent: version bump to 0.17.0_p20180319 Bug: https://bugs.gentoo.org/650020 Package-Manager: Portage-2.3.24, Repoman-2.3.6 app-emulation/spice-vdagent/Manifest | 1 + .../spice-vdagent-0.17.0_p20180319.ebuild | 70 ++++++++++++++++++++++ 2 files changed, 71 insertions(+)}
Let's stabilize app-emulation/spice-vdagent-0.17.0_p20180319 that contains the upstream patches for CVE-2017-15108.
amd64 stable
An automated check of this bug failed - the following atom is unknown: app-emulation/spice-vdagent-0.17.0_p20180319 Please verify the atom list.
An automated check of this bug succeeded - the previous repoman errors are now resolved.
x86 stable
New GLSA Request filed, @Maintainers please remove vulnerable versions.
This issue was resolved and addressed in GLSA 201804-09 at https://security.gentoo.org/glsa/201804-09 by GLSA coordinator Aaron Bauman (b-man).
re-opened for cleanup
please clean
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a7d5d482ce1df9920ce0e34e5735ba2ea88107d0 commit a7d5d482ce1df9920ce0e34e5735ba2ea88107d0 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-05-22 23:05:48 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-05-22 23:06:08 +0000 app-emulation/spice-vdagent: drop vulnerable Bug: https://bugs.gentoo.org/650020 Package-Manager: Portage-2.3.38, Repoman-2.3.9 .../spice-vdagent/spice-vdagent-0.17.0.ebuild | 63 ---------------------- 1 file changed, 63 deletions(-)