Skip to navigation

Security Advisory Moderate: qspice-client security update

Advisory: RHSA-2010:0632-3
Type: Security Advisory
Severity: Moderate
Issued on: 2010-08-25
Last updated on: 2010-08-25
Affected Products: RHEL Optional Productivity Applications (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2010-2792

Details

An updated qspice-client package that fixes one security issue is now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The Simple Protocol for Independent Computing Environments (SPICE) is a
remote display protocol used in Red Hat Enterprise Linux for viewing
virtualized guests running on the Kernel-based Virtual Machine (KVM)
hypervisor, or on Red Hat Enterprise Virtualization Hypervisor.

The qspice-client package provides the client side of the SPICE protocol.

A race condition was found in the way the SPICE Mozilla Firefox plug-in and
the SPICE client communicated. A local attacker could use this flaw to
trick the plug-in and the SPICE client into communicating over an
attacker-controlled socket, possibly gaining access to authentication
details, or resulting in a man-in-the-middle attack on the SPICE
connection. (CVE-2010-2792)

Users of qspice-client should upgrade to this updated package, which
contains a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Optional Productivity Applications (v. 5 server)

SRPMS:
qspice-client-0.3.0-4.el5_5.src.rpm     MD5: db9bb1287bf4e056717bdd7baac8d191
SHA-256: 9c264b1396ed789a617c0c642ff7e61ff5b273c6d790fd926f0b68cc428973d5
 
IA-32:
qspice-client-0.3.0-4.el5_5.i386.rpm     MD5: 4dc409012c0c326ef2c0bcc11bdc9d5c
SHA-256: c9f06d57ac2010d82d1fcdf3b1b82afc4e95c46da8cb125dcc2a2ee091a81df7
 
x86_64:
qspice-client-0.3.0-4.el5_5.x86_64.rpm     MD5: ba1acac78e8a307f2430d08383f361c8
SHA-256: f3bdc1dc58456bb2d0640235e23e9d9a24ddf2591cda75399dc9729fe3074e9e
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
qspice-client-0.3.0-4.el5_5.src.rpm     MD5: db9bb1287bf4e056717bdd7baac8d191
SHA-256: 9c264b1396ed789a617c0c642ff7e61ff5b273c6d790fd926f0b68cc428973d5
 
IA-32:
qspice-client-0.3.0-4.el5_5.i386.rpm     MD5: 4dc409012c0c326ef2c0bcc11bdc9d5c
SHA-256: c9f06d57ac2010d82d1fcdf3b1b82afc4e95c46da8cb125dcc2a2ee091a81df7
 
x86_64:
qspice-client-0.3.0-4.el5_5.x86_64.rpm     MD5: ba1acac78e8a307f2430d08383f361c8
SHA-256: f3bdc1dc58456bb2d0640235e23e9d9a24ddf2591cda75399dc9729fe3074e9e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

620350 - CVE-2010-2792 spice-xpi/qspice-client unix socket race


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/