An update for spice-server is now available for Red Hat Enterprise Linux 6.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
The Simple Protocol for Independent Computing Environments (SPICE) is a remotedisplay protocol for virtual environments.
SPICE users can access a virtualizeddesktop or server from the local system or any system with network access to theserver.
SPICE is used in Red Hat Enterprise Linux for viewing virtualized guestsrunning on the Kernel-based Virtual Machine (KVM) hypervisor or on Red HatEnterprise Virtualization Hypervisors.Security Fix(es):* A memory allocation flaw, leading to a heap-based buffer overflow, was foundin spice’s smartcard interaction, which runs under the QEMU-KVM context on thehost.

A user connecting to a guest VM using spice could potentially use thisflaw to crash the QEMU-KVM process or execute arbitrary code with the privilegesof the host’s QEMU-KVM process. (CVE-2016-0749)* A memory access flaw was found in the way spice handled certain guests usingcrafted primary surface parameters.

A user in a guest could use this flaw toread from and write to arbitrary memory locations on the host. (CVE-2016-2150)The CVE-2016-0749 issue was discovered by Jing Zhao (Red Hat) and theCVE-2016-2150 issue was discovered by Frediano Ziglio (Red Hat).
For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258Applications acting as a SPICE server must be restarted for this update to takeeffect. Note that QEMU-KVM guests providing SPICE console access must berestarted for this update to take effect.Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
spice-server-0.12.4-13.el6.1.src.rpm
    MD5: b3f8e98369ffe2a12871cd096454d076SHA-256: d8bb9d53f30bfacd83374c41373aecf1f22b7a044e118905fc1fb820f95bf2c6
 
x86_64:
spice-server-0.12.4-13.el6.1.x86_64.rpm
    MD5: 14c5132e7ecc548d4127a1b9da1f0538SHA-256: 9dc528a7ff0e61ffe9504c2e633ece38c2c0f7656fbf6b5907195c07527ec737
spice-server-debuginfo-0.12.4-13.el6.1.x86_64.rpm
    MD5: 9947e8c8707408bafe91ed327503ac5dSHA-256: 030067f06dc95f77a27d33428296c3e6febad54c3cf6cb5d3909d0da502ed9f5
spice-server-devel-0.12.4-13.el6.1.x86_64.rpm
    MD5: 79d4a4d9c28a657b5df42c6424664255SHA-256: 5ca731677bebd967f6d9d356e37aeb822ee5202243c37eaa23249bd42d26c042
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
spice-server-0.12.4-13.el6.1.src.rpm
    MD5: b3f8e98369ffe2a12871cd096454d076SHA-256: d8bb9d53f30bfacd83374c41373aecf1f22b7a044e118905fc1fb820f95bf2c6
 
x86_64:
spice-server-0.12.4-13.el6.1.x86_64.rpm
    MD5: 14c5132e7ecc548d4127a1b9da1f0538SHA-256: 9dc528a7ff0e61ffe9504c2e633ece38c2c0f7656fbf6b5907195c07527ec737
spice-server-debuginfo-0.12.4-13.el6.1.x86_64.rpm
    MD5: 9947e8c8707408bafe91ed327503ac5dSHA-256: 030067f06dc95f77a27d33428296c3e6febad54c3cf6cb5d3909d0da502ed9f5
spice-server-devel-0.12.4-13.el6.1.x86_64.rpm
    MD5: 79d4a4d9c28a657b5df42c6424664255SHA-256: 5ca731677bebd967f6d9d356e37aeb822ee5202243c37eaa23249bd42d26c042
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
spice-server-0.12.4-13.el6.1.src.rpm
    MD5: b3f8e98369ffe2a12871cd096454d076SHA-256: d8bb9d53f30bfacd83374c41373aecf1f22b7a044e118905fc1fb820f95bf2c6
 
x86_64:
spice-server-0.12.4-13.el6.1.x86_64.rpm
    MD5: 14c5132e7ecc548d4127a1b9da1f0538SHA-256: 9dc528a7ff0e61ffe9504c2e633ece38c2c0f7656fbf6b5907195c07527ec737
spice-server-debuginfo-0.12.4-13.el6.1.x86_64.rpm
    MD5: 9947e8c8707408bafe91ed327503ac5dSHA-256: 030067f06dc95f77a27d33428296c3e6febad54c3cf6cb5d3909d0da502ed9f5
spice-server-devel-0.12.4-13.el6.1.x86_64.rpm
    MD5: 79d4a4d9c28a657b5df42c6424664255SHA-256: 5ca731677bebd967f6d9d356e37aeb822ee5202243c37eaa23249bd42d26c042
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
spice-server-0.12.4-13.el6.1.src.rpm
    MD5: b3f8e98369ffe2a12871cd096454d076SHA-256: d8bb9d53f30bfacd83374c41373aecf1f22b7a044e118905fc1fb820f95bf2c6
 
x86_64:
spice-server-0.12.4-13.el6.1.x86_64.rpm
    MD5: 14c5132e7ecc548d4127a1b9da1f0538SHA-256: 9dc528a7ff0e61ffe9504c2e633ece38c2c0f7656fbf6b5907195c07527ec737
spice-server-debuginfo-0.12.4-13.el6.1.x86_64.rpm
    MD5: 9947e8c8707408bafe91ed327503ac5dSHA-256: 030067f06dc95f77a27d33428296c3e6febad54c3cf6cb5d3909d0da502ed9f5
spice-server-devel-0.12.4-13.el6.1.x86_64.rpm
    MD5: 79d4a4d9c28a657b5df42c6424664255SHA-256: 5ca731677bebd967f6d9d356e37aeb822ee5202243c37eaa23249bd42d26c042
 
(The unlinked packages above are only available from the Red Hat Network)

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: