Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 624632 (CVE-2017-7506) - <app-emulation/spice-0.13.3-r2: Possible buffer overflow via invalid monitor configurations
Summary: <app-emulation/spice-0.13.3-r2: Possible buffer overflow via invalid monitor ...
Status: RESOLVED FIXED
Alias: CVE-2017-7506
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-12 03:26 UTC by Matthias Maier
Modified: 2018-01-20 14:59 UTC (History)
2 users (show)

See Also:
Package list:
app-emulation/spice-0.13.3-r2
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Maier gentoo-dev 2017-07-12 03:26:13 UTC
From ${URL}:

  A vulnerability was discovered in spice, in the server's protocol handling.
  An authenticated attacker could send specially crafted messages to the
  spice server, causing out-of-bounds memory accesses leading to parts of
  server memory being leaked or a crash.


Upstream patches on current 0.13* (aka "development") version:

https://cgit.freedesktop.org/spice/spice/commit/?id= ...
  fbbcdad773e2791cfb988f4748faa41943551ca6
  571cec91e71c2aae0d5f439ea2d8439d0c3d75eb
  111ab38611cef5012f1565a65fa2d8a8a05cce37


Fixed in: 0.13.3-r2
Vulnerable version left in tree: 0.13.3-r1


Security, please assign rating.
Comment 1 Matthias Maier gentoo-dev 2017-07-12 03:28:49 UTC
Arches, please test and mark stable
  =app-emulation/spice-0.13.3-r2


Keywords for app-emulation/spice:
             |                                 |   u   |  
             | a a         p s   a     n r     |   n   |  
             | l m   h i   p p   r m m i i s   | e u s | r
             | p d a p a p c a x m i 6 o s 3   | a s l | e
             | h 6 r p 6 p 6 r 8 6 p 8 s c 9 s | p e o | p
             | a 4 m a 4 c 4 c 6 4 s k 2 v 0 h | i d t | o
-------------+---------------------------------+-------+-------
   0.13.3-r1 | o + o o o o o o + ~ o o o o o o | 6 o 0 | gentoo
[I]0.13.3-r2 | o ~ o o o o o o ~ ~ o o o o o o | 6 o   | gentoo
     9999    | o o o o o o o o o o o o o o o o | 6 o   | gentoo
Comment 2 Tobias Klausmann gentoo-dev 2017-07-15 09:58:25 UTC
Stable on alpha.
Comment 3 Tobias Klausmann gentoo-dev 2017-07-15 10:03:40 UTC
(In reply to Tobias Klausmann from comment #2)
> Stable on alpha.

Bullshit. Amd64 stable.
Comment 4 Thomas Deutschmann gentoo-dev Security 2017-08-18 21:03:59 UTC
x86 stable
Comment 5 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-10-08 21:05:20 UTC
GLSA Vote: No

@maintainer, please cleanup the vulnerable version.