Skip to navigation

Security Advisory Important: qspice security update

Advisory: RHSA-2010:0633-1
Type: Security Advisory
Severity: Important
Issued on: 2010-08-19
Last updated on: 2010-08-19
Affected Products: RHEL Desktop Multi OS (v. 5 client)
RHEL Virtualization (v. 5 server)
CVEs (cve.mitre.org): CVE-2010-0428
CVE-2010-0429

Details

Updated qspice packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The Simple Protocol for Independent Computing Environments (SPICE) is a
remote display protocol used in Red Hat Enterprise Linux for viewing
virtualized guests running on the Kernel-based Virtual Machine (KVM)
hypervisor, or on Red Hat Enterprise Virtualization Hypervisor.

It was found that the libspice component of QEMU-KVM on the host did not
validate all pointers provided from a guest system's QXL graphics card
driver. A privileged guest user could use this flaw to cause the host to
dereference an invalid pointer, causing the guest to crash (denial of
service) or, possibly, resulting in the privileged guest user escalating
their privileges on the host. (CVE-2010-0428)

It was found that the libspice component of QEMU-KVM on the host could be
forced to perform certain memory management operations on memory addresses
controlled by a guest. A privileged guest user could use this flaw to crash
the guest (denial of service) or, possibly, escalate their privileges on
the host. (CVE-2010-0429)

All qspice users should upgrade to these updated packages, which contain
backported patches to correct these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Multi OS (v. 5 client)

SRPMS:
qspice-0.3.0-54.el5_5.2.src.rpm
File outdated by:  RHSA-2013:1474
    MD5: 8dd4e07fcd59ee84f600576aea28979e
SHA-256: a52b5cf47cd462a778c89788a519f991c42687478067fe9598773b21f37ffd29
 
x86_64:
qspice-0.3.0-54.el5_5.2.x86_64.rpm
File outdated by:  RHSA-2013:1474
    MD5: ba6397ec28aa1569116e5ebbef60f70d
SHA-256: fb6a54d3c344a53b66fcfc0db251a6ee7ab64cffa1680b4978d8d4558e795b61
qspice-libs-0.3.0-54.el5_5.2.x86_64.rpm     MD5: ce74d602cfda15f123cbe4e03f516ae9
SHA-256: 43056756c7acf99501d2544994c9281e040982f48eb9db34123f3c60b73d865b
qspice-libs-devel-0.3.0-54.el5_5.2.x86_64.rpm
File outdated by:  RHSA-2013:1474
    MD5: 70268ab117800e1badc95526fee810d2
SHA-256: cbbdfebed09cc131a0c40ee6c11be021c8fb367c6f7e388c795733c42c9fc694
 
RHEL Virtualization (v. 5 server)

SRPMS:
qspice-0.3.0-54.el5_5.2.src.rpm
File outdated by:  RHSA-2013:1474
    MD5: 8dd4e07fcd59ee84f600576aea28979e
SHA-256: a52b5cf47cd462a778c89788a519f991c42687478067fe9598773b21f37ffd29
 
x86_64:
qspice-0.3.0-54.el5_5.2.x86_64.rpm
File outdated by:  RHSA-2013:1474
    MD5: ba6397ec28aa1569116e5ebbef60f70d
SHA-256: fb6a54d3c344a53b66fcfc0db251a6ee7ab64cffa1680b4978d8d4558e795b61
qspice-libs-0.3.0-54.el5_5.2.x86_64.rpm     MD5: ce74d602cfda15f123cbe4e03f516ae9
SHA-256: 43056756c7acf99501d2544994c9281e040982f48eb9db34123f3c60b73d865b
qspice-libs-devel-0.3.0-54.el5_5.2.x86_64.rpm
File outdated by:  RHSA-2013:1474
    MD5: 70268ab117800e1badc95526fee810d2
SHA-256: cbbdfebed09cc131a0c40ee6c11be021c8fb367c6f7e388c795733c42c9fc694
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

568699 - CVE-2010-0428 libspice: Insufficient guest provided pointers validation
568701 - CVE-2010-0429 libspice: Relying on guest provided data structures to indicate memory allocation


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/