Summary: | <app-emulation/spice-0.12.3-r1: unsafe clients ring access abort (CVE-2013-4130) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | dev-zero, virtualization |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=984769 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-07-16 05:10:22 UTC
Fixed in spice-0.12.3-r1. Please stabilize that version. TARGET KEYWORDS: amd64 x86 (In reply to Doug Goldstein from comment #1) > Fixed in spice-0.12.3-r1. Please stabilize that version. > > TARGET KEYWORDS: amd64 x86 Having twins apparently makes you fall asleep at the keyboard while typing so let me fix that. "Please stable that version." amd64 stable x86 stable GLSA vote: no. CVE-2013-4130 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4130): The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error. GLSA vote: no Closing as noglsa |