Home Tags Secure Sockets Layer (SSL)

Tag: Secure Sockets Layer (SSL)

RHSA-2016:1205-1: Important: spice security update

An update for spice is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. The Simple Protocol for Independent Computing Environments (SPICE) is a remotedisplay system built for virtual environments which allows the user to view acomputing 'desktop' environment not only on the machine where it is running, butfrom anywhere on the Internet and from a wide variety of machine architectures.Security Fix(es):* A memory allocation flaw, leading to a heap-based buffer overflow, was foundin spice's smartcard interaction, which runs under the QEMU-KVM context on thehost.

A user connecting to a guest VM using spice could potentially use thisflaw to crash the QEMU-KVM process or execute arbitrary code with the privilegesof the host's QEMU-KVM process. (CVE-2016-0749)* A memory access flaw was found in the way spice handled certain guests usingcrafted primary surface parameters.

A user in a guest could use this flaw toread from and write to arbitrary memory locations on the host. (CVE-2016-2150)The CVE-2016-0749 issue was discovered by Jing Zhao (Red Hat) and theCVE-2016-2150 issue was discovered by Frediano Ziglio (Red Hat). For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258Applications acting as a SPICE server must be restarted for this update to takeeffect. Note that QEMU-KVM guests providing SPICE console access must berestarted for this update to take effect.Red Hat Enterprise Linux Desktop (v. 7) SRPMS: spice-0.12.4-15.el7_2.1.src.rpm     MD5: fa498221bcac8a0b6d7f5750b4d6106cSHA-256: 7f7d26048b3d202b50a0405b7de2cf51b4f0b25645723ff86b2484d381faf001   x86_64: spice-debuginfo-0.12.4-15.el7_2.1.x86_64.rpm     MD5: a846b173b0662df2d48f7ab38d9f1aa6SHA-256: cfdbf521f6edd70b9f0760eb8ff61c80b9eabcf875a99cb7ea203dd5546dc0f3 spice-server-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 86d5ac6bcf54a6e43b87e41ad875fce0SHA-256: 2456ef2cddf86fc496327c16f5d3784393d19d44c2d1614b97013ee241fd93df spice-server-devel-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 409a3c540f0f025c321ea6f1efff31ebSHA-256: afd2b0a278b7e62ef570c764e8d03cba6d925845e35bae78cd142fb7fffa1e8a   Red Hat Enterprise Linux HPC Node (v. 7) SRPMS: spice-0.12.4-15.el7_2.1.src.rpm     MD5: fa498221bcac8a0b6d7f5750b4d6106cSHA-256: 7f7d26048b3d202b50a0405b7de2cf51b4f0b25645723ff86b2484d381faf001   x86_64: spice-debuginfo-0.12.4-15.el7_2.1.x86_64.rpm     MD5: a846b173b0662df2d48f7ab38d9f1aa6SHA-256: cfdbf521f6edd70b9f0760eb8ff61c80b9eabcf875a99cb7ea203dd5546dc0f3 spice-server-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 86d5ac6bcf54a6e43b87e41ad875fce0SHA-256: 2456ef2cddf86fc496327c16f5d3784393d19d44c2d1614b97013ee241fd93df spice-server-devel-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 409a3c540f0f025c321ea6f1efff31ebSHA-256: afd2b0a278b7e62ef570c764e8d03cba6d925845e35bae78cd142fb7fffa1e8a   Red Hat Enterprise Linux HPC Node EUS (v. 7.2) SRPMS: spice-0.12.4-15.el7_2.1.src.rpm     MD5: fa498221bcac8a0b6d7f5750b4d6106cSHA-256: 7f7d26048b3d202b50a0405b7de2cf51b4f0b25645723ff86b2484d381faf001   x86_64: spice-debuginfo-0.12.4-15.el7_2.1.x86_64.rpm     MD5: a846b173b0662df2d48f7ab38d9f1aa6SHA-256: cfdbf521f6edd70b9f0760eb8ff61c80b9eabcf875a99cb7ea203dd5546dc0f3 spice-server-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 86d5ac6bcf54a6e43b87e41ad875fce0SHA-256: 2456ef2cddf86fc496327c16f5d3784393d19d44c2d1614b97013ee241fd93df spice-server-devel-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 409a3c540f0f025c321ea6f1efff31ebSHA-256: afd2b0a278b7e62ef570c764e8d03cba6d925845e35bae78cd142fb7fffa1e8a   Red Hat Enterprise Linux Server (v. 7) SRPMS: spice-0.12.4-15.el7_2.1.src.rpm     MD5: fa498221bcac8a0b6d7f5750b4d6106cSHA-256: 7f7d26048b3d202b50a0405b7de2cf51b4f0b25645723ff86b2484d381faf001   x86_64: spice-debuginfo-0.12.4-15.el7_2.1.x86_64.rpm     MD5: a846b173b0662df2d48f7ab38d9f1aa6SHA-256: cfdbf521f6edd70b9f0760eb8ff61c80b9eabcf875a99cb7ea203dd5546dc0f3 spice-server-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 86d5ac6bcf54a6e43b87e41ad875fce0SHA-256: 2456ef2cddf86fc496327c16f5d3784393d19d44c2d1614b97013ee241fd93df spice-server-devel-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 409a3c540f0f025c321ea6f1efff31ebSHA-256: afd2b0a278b7e62ef570c764e8d03cba6d925845e35bae78cd142fb7fffa1e8a   Red Hat Enterprise Linux Server AUS (v. 7.2) SRPMS: spice-0.12.4-15.el7_2.1.src.rpm     MD5: fa498221bcac8a0b6d7f5750b4d6106cSHA-256: 7f7d26048b3d202b50a0405b7de2cf51b4f0b25645723ff86b2484d381faf001   x86_64: spice-debuginfo-0.12.4-15.el7_2.1.x86_64.rpm     MD5: a846b173b0662df2d48f7ab38d9f1aa6SHA-256: cfdbf521f6edd70b9f0760eb8ff61c80b9eabcf875a99cb7ea203dd5546dc0f3 spice-server-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 86d5ac6bcf54a6e43b87e41ad875fce0SHA-256: 2456ef2cddf86fc496327c16f5d3784393d19d44c2d1614b97013ee241fd93df spice-server-devel-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 409a3c540f0f025c321ea6f1efff31ebSHA-256: afd2b0a278b7e62ef570c764e8d03cba6d925845e35bae78cd142fb7fffa1e8a   Red Hat Enterprise Linux Server EUS (v. 7.2) SRPMS: spice-0.12.4-15.el7_2.1.src.rpm     MD5: fa498221bcac8a0b6d7f5750b4d6106cSHA-256: 7f7d26048b3d202b50a0405b7de2cf51b4f0b25645723ff86b2484d381faf001   x86_64: spice-debuginfo-0.12.4-15.el7_2.1.x86_64.rpm     MD5: a846b173b0662df2d48f7ab38d9f1aa6SHA-256: cfdbf521f6edd70b9f0760eb8ff61c80b9eabcf875a99cb7ea203dd5546dc0f3 spice-server-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 86d5ac6bcf54a6e43b87e41ad875fce0SHA-256: 2456ef2cddf86fc496327c16f5d3784393d19d44c2d1614b97013ee241fd93df spice-server-devel-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 409a3c540f0f025c321ea6f1efff31ebSHA-256: afd2b0a278b7e62ef570c764e8d03cba6d925845e35bae78cd142fb7fffa1e8a   Red Hat Enterprise Linux Workstation (v. 7) SRPMS: spice-0.12.4-15.el7_2.1.src.rpm     MD5: fa498221bcac8a0b6d7f5750b4d6106cSHA-256: 7f7d26048b3d202b50a0405b7de2cf51b4f0b25645723ff86b2484d381faf001   x86_64: spice-debuginfo-0.12.4-15.el7_2.1.x86_64.rpm     MD5: a846b173b0662df2d48f7ab38d9f1aa6SHA-256: cfdbf521f6edd70b9f0760eb8ff61c80b9eabcf875a99cb7ea203dd5546dc0f3 spice-server-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 86d5ac6bcf54a6e43b87e41ad875fce0SHA-256: 2456ef2cddf86fc496327c16f5d3784393d19d44c2d1614b97013ee241fd93df spice-server-devel-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 409a3c540f0f025c321ea6f1efff31ebSHA-256: afd2b0a278b7e62ef570c764e8d03cba6d925845e35bae78cd142fb7fffa1e8a   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

RHSA-2016:1204-1: Important: spice-server security update

An update for spice-server is now available for Red Hat Enterprise Linux 6.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. The Simple Protocol for Independent Computing Environments (SPICE) is a remotedisplay protocol for virtual environments.
SPICE users can access a virtualizeddesktop or server from the local system or any system with network access to theserver.
SPICE is used in Red Hat Enterprise Linux for viewing virtualized guestsrunning on the Kernel-based Virtual Machine (KVM) hypervisor or on Red HatEnterprise Virtualization Hypervisors.Security Fix(es):* A memory allocation flaw, leading to a heap-based buffer overflow, was foundin spice's smartcard interaction, which runs under the QEMU-KVM context on thehost.

A user connecting to a guest VM using spice could potentially use thisflaw to crash the QEMU-KVM process or execute arbitrary code with the privilegesof the host's QEMU-KVM process. (CVE-2016-0749)* A memory access flaw was found in the way spice handled certain guests usingcrafted primary surface parameters.

A user in a guest could use this flaw toread from and write to arbitrary memory locations on the host. (CVE-2016-2150)The CVE-2016-0749 issue was discovered by Jing Zhao (Red Hat) and theCVE-2016-2150 issue was discovered by Frediano Ziglio (Red Hat). For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258Applications acting as a SPICE server must be restarted for this update to takeeffect. Note that QEMU-KVM guests providing SPICE console access must berestarted for this update to take effect.Red Hat Enterprise Linux Desktop (v. 6) SRPMS: spice-server-0.12.4-13.el6.1.src.rpm     MD5: b3f8e98369ffe2a12871cd096454d076SHA-256: d8bb9d53f30bfacd83374c41373aecf1f22b7a044e118905fc1fb820f95bf2c6   x86_64: spice-server-0.12.4-13.el6.1.x86_64.rpm     MD5: 14c5132e7ecc548d4127a1b9da1f0538SHA-256: 9dc528a7ff0e61ffe9504c2e633ece38c2c0f7656fbf6b5907195c07527ec737 spice-server-debuginfo-0.12.4-13.el6.1.x86_64.rpm     MD5: 9947e8c8707408bafe91ed327503ac5dSHA-256: 030067f06dc95f77a27d33428296c3e6febad54c3cf6cb5d3909d0da502ed9f5 spice-server-devel-0.12.4-13.el6.1.x86_64.rpm     MD5: 79d4a4d9c28a657b5df42c6424664255SHA-256: 5ca731677bebd967f6d9d356e37aeb822ee5202243c37eaa23249bd42d26c042   Red Hat Enterprise Linux HPC Node (v. 6) SRPMS: spice-server-0.12.4-13.el6.1.src.rpm     MD5: b3f8e98369ffe2a12871cd096454d076SHA-256: d8bb9d53f30bfacd83374c41373aecf1f22b7a044e118905fc1fb820f95bf2c6   x86_64: spice-server-0.12.4-13.el6.1.x86_64.rpm     MD5: 14c5132e7ecc548d4127a1b9da1f0538SHA-256: 9dc528a7ff0e61ffe9504c2e633ece38c2c0f7656fbf6b5907195c07527ec737 spice-server-debuginfo-0.12.4-13.el6.1.x86_64.rpm     MD5: 9947e8c8707408bafe91ed327503ac5dSHA-256: 030067f06dc95f77a27d33428296c3e6febad54c3cf6cb5d3909d0da502ed9f5 spice-server-devel-0.12.4-13.el6.1.x86_64.rpm     MD5: 79d4a4d9c28a657b5df42c6424664255SHA-256: 5ca731677bebd967f6d9d356e37aeb822ee5202243c37eaa23249bd42d26c042   Red Hat Enterprise Linux Server (v. 6) SRPMS: spice-server-0.12.4-13.el6.1.src.rpm     MD5: b3f8e98369ffe2a12871cd096454d076SHA-256: d8bb9d53f30bfacd83374c41373aecf1f22b7a044e118905fc1fb820f95bf2c6   x86_64: spice-server-0.12.4-13.el6.1.x86_64.rpm     MD5: 14c5132e7ecc548d4127a1b9da1f0538SHA-256: 9dc528a7ff0e61ffe9504c2e633ece38c2c0f7656fbf6b5907195c07527ec737 spice-server-debuginfo-0.12.4-13.el6.1.x86_64.rpm     MD5: 9947e8c8707408bafe91ed327503ac5dSHA-256: 030067f06dc95f77a27d33428296c3e6febad54c3cf6cb5d3909d0da502ed9f5 spice-server-devel-0.12.4-13.el6.1.x86_64.rpm     MD5: 79d4a4d9c28a657b5df42c6424664255SHA-256: 5ca731677bebd967f6d9d356e37aeb822ee5202243c37eaa23249bd42d26c042   Red Hat Enterprise Linux Workstation (v. 6) SRPMS: spice-server-0.12.4-13.el6.1.src.rpm     MD5: b3f8e98369ffe2a12871cd096454d076SHA-256: d8bb9d53f30bfacd83374c41373aecf1f22b7a044e118905fc1fb820f95bf2c6   x86_64: spice-server-0.12.4-13.el6.1.x86_64.rpm     MD5: 14c5132e7ecc548d4127a1b9da1f0538SHA-256: 9dc528a7ff0e61ffe9504c2e633ece38c2c0f7656fbf6b5907195c07527ec737 spice-server-debuginfo-0.12.4-13.el6.1.x86_64.rpm     MD5: 9947e8c8707408bafe91ed327503ac5dSHA-256: 030067f06dc95f77a27d33428296c3e6febad54c3cf6cb5d3909d0da502ed9f5 spice-server-devel-0.12.4-13.el6.1.x86_64.rpm     MD5: 79d4a4d9c28a657b5df42c6424664255SHA-256: 5ca731677bebd967f6d9d356e37aeb822ee5202243c37eaa23249bd42d26c042   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: