Skip to navigation

Bug Fix Advisory qffmpeg bug fix update

Advisory: RHBA-2010:0559-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2010-07-26
Last updated on: 2010-07-26
Affected Products: RHEL Desktop Multi OS (v. 5 client)
RHEL Virtualization (v. 5 server)

Details

An updated qffmpeg package that fixes an SELinux incompatibility is
now available.

qffmpeg provides video codecs for the Spice remote desktop protocol.

This update addresses the following issue:

* shared libraries at /usr/lib/libqavcodec.so.51 required a text
relocation (a reference to an object with a variable address at
runtime using an absolute addressing mode). This is a potential
security problem and, consequently, when a Spice session attempted to
load these libraries an SELinux exception triggered and Spice failed
to launch with the following error:

spicec: error while loading shared libraries:
/usr/lib/libqavcodec.so.51:

cannot restore segment prot after reloc: Permission denied

This update corrects the affected qffmpeg assembly: text relocation is
no longer required and the exception is no longer triggered.
(BZ#576564)

Note: a workaround existed. The file context and default file context
of "/usr/lib/libqavcodec.so.51.71.0" could be changed as follows to
allow the library to load:

chcon -t textrel_shlib_t '/usr/lib/libqavcodec.so.51.71.0'

semanage fcontext -a -t textrel_shlib_t
'/usr/lib/libqavcodec.so.51.71.0'

This workaround is no longer necessary. If the workaround was used
prior to this update's release, undoing these changes is recommended.

All Spice users should install this updated package which fixes this
bug.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Multi OS (v. 5 client)

SRPMS:
qffmpeg-0.4.9-0.16.20080908.el5_5.src.rpm     MD5: 21848ff07456cfec9a724e6d03f64c72
SHA-256: c459dfc31c735a1e4751266fb3963b3e4da38e39e741f918ce8786dd882141dc
 
x86_64:
qffmpeg-devel-0.4.9-0.16.20080908.el5_5.i386.rpm     MD5: 77c03ebe6c31dee7f367ab8e79f80fa8
SHA-256: d61ef901b1e724cbfc25d38779ec39821d6844bed17994a63c178da578f5b59a
qffmpeg-devel-0.4.9-0.16.20080908.el5_5.x86_64.rpm     MD5: 19cbb5b42464d496a6ea1ab32c7f8538
SHA-256: 271bef34af9a60679b0ee2e434f32d819c33ecc3347ca15c5c5e89fede81e948
qffmpeg-libs-0.4.9-0.16.20080908.el5_5.i386.rpm     MD5: a5436a701b421f12e5b1fc4461ceb612
SHA-256: 34e599a15ae11efba29d18dcfd33a15a2dcd513bfc2d3a1a7404c051162f62db
qffmpeg-libs-0.4.9-0.16.20080908.el5_5.x86_64.rpm     MD5: f32c292e6b2f8de2e6ca84d1609c0f1c
SHA-256: cce5e7067b2f28b0d2e958598d104c2a9aa641ee3fb2ac51eec41a4589aa4eb8
 
RHEL Virtualization (v. 5 server)

SRPMS:
qffmpeg-0.4.9-0.16.20080908.el5_5.src.rpm     MD5: 21848ff07456cfec9a724e6d03f64c72
SHA-256: c459dfc31c735a1e4751266fb3963b3e4da38e39e741f918ce8786dd882141dc
 
x86_64:
qffmpeg-devel-0.4.9-0.16.20080908.el5_5.i386.rpm     MD5: 77c03ebe6c31dee7f367ab8e79f80fa8
SHA-256: d61ef901b1e724cbfc25d38779ec39821d6844bed17994a63c178da578f5b59a
qffmpeg-devel-0.4.9-0.16.20080908.el5_5.x86_64.rpm     MD5: 19cbb5b42464d496a6ea1ab32c7f8538
SHA-256: 271bef34af9a60679b0ee2e434f32d819c33ecc3347ca15c5c5e89fede81e948
qffmpeg-libs-0.4.9-0.16.20080908.el5_5.i386.rpm     MD5: a5436a701b421f12e5b1fc4461ceb612
SHA-256: 34e599a15ae11efba29d18dcfd33a15a2dcd513bfc2d3a1a7404c051162f62db
qffmpeg-libs-0.4.9-0.16.20080908.el5_5.x86_64.rpm     MD5: f32c292e6b2f8de2e6ca84d1609c0f1c
SHA-256: cce5e7067b2f28b0d2e958598d104c2a9aa641ee3fb2ac51eec41a4589aa4eb8
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

576564 - SPICE: RHEL54/55-i386 Client Cannot open spice session SELinux prevent loading shared libraries: /usr/lib/libqavcodec.so.51.



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/