- Issued:
- 2010-07-26
- Updated:
- 2010-07-26
RHBA-2010:0559 - Bug Fix Advisory
Synopsis
qffmpeg bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated qffmpeg package that fixes an SELinux incompatibility is
now available.
Description
qffmpeg provides video codecs for the Spice remote desktop protocol.
This update addresses the following issue:
- shared libraries at /usr/lib/libqavcodec.so.51 required a text
relocation (a reference to an object with a variable address at
runtime using an absolute addressing mode). This is a potential
security problem and, consequently, when a Spice session attempted to
load these libraries an SELinux exception triggered and Spice failed
to launch with the following error:
spicec: error while loading shared libraries:
/usr/lib/libqavcodec.so.51:
cannot restore segment prot after reloc: Permission denied
This update corrects the affected qffmpeg assembly: text relocation is
no longer required and the exception is no longer triggered.
(BZ#576564)
Note: a workaround existed. The file context and default file context
of "/usr/lib/libqavcodec.so.51.71.0" could be changed as follows to
allow the library to load:
chcon -t textrel_shlib_t '/usr/lib/libqavcodec.so.51.71.0'
semanage fcontext -a -t textrel_shlib_t
'/usr/lib/libqavcodec.so.51.71.0'
This workaround is no longer necessary. If the workaround was used
prior to this update's release, undoing these changes is recommended.
All Spice users should install this updated package which fixes this
bug.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Workstation 5 x86_64
Fixes
- BZ - 576564 - SPICE: RHEL54/55-i386 Client Cannot open spice session SELinux prevent loading shared libraries: /usr/lib/libqavcodec.so.51.
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
qffmpeg-0.4.9-0.16.20080908.el5_5.src.rpm | SHA-256: c459dfc31c735a1e4751266fb3963b3e4da38e39e741f918ce8786dd882141dc |
x86_64 | |
qffmpeg-devel-0.4.9-0.16.20080908.el5_5.i386.rpm | SHA-256: d61ef901b1e724cbfc25d38779ec39821d6844bed17994a63c178da578f5b59a |
qffmpeg-devel-0.4.9-0.16.20080908.el5_5.x86_64.rpm | SHA-256: 271bef34af9a60679b0ee2e434f32d819c33ecc3347ca15c5c5e89fede81e948 |
qffmpeg-libs-0.4.9-0.16.20080908.el5_5.i386.rpm | SHA-256: 34e599a15ae11efba29d18dcfd33a15a2dcd513bfc2d3a1a7404c051162f62db |
qffmpeg-libs-0.4.9-0.16.20080908.el5_5.x86_64.rpm | SHA-256: cce5e7067b2f28b0d2e958598d104c2a9aa641ee3fb2ac51eec41a4589aa4eb8 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
qffmpeg-0.4.9-0.16.20080908.el5_5.src.rpm | SHA-256: c459dfc31c735a1e4751266fb3963b3e4da38e39e741f918ce8786dd882141dc |
x86_64 | |
qffmpeg-devel-0.4.9-0.16.20080908.el5_5.i386.rpm | SHA-256: d61ef901b1e724cbfc25d38779ec39821d6844bed17994a63c178da578f5b59a |
qffmpeg-devel-0.4.9-0.16.20080908.el5_5.x86_64.rpm | SHA-256: 271bef34af9a60679b0ee2e434f32d819c33ecc3347ca15c5c5e89fede81e948 |
qffmpeg-libs-0.4.9-0.16.20080908.el5_5.i386.rpm | SHA-256: 34e599a15ae11efba29d18dcfd33a15a2dcd513bfc2d3a1a7404c051162f62db |
qffmpeg-libs-0.4.9-0.16.20080908.el5_5.x86_64.rpm | SHA-256: cce5e7067b2f28b0d2e958598d104c2a9aa641ee3fb2ac51eec41a4589aa4eb8 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.