Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Moderate Alert for Scientific Linux 6.x: spice-server Denial of Service

Scientific Large Esm H446
Moderate: spice-server security update
Date: Tue, 3 Sep 2013 08:50:38 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
boost-1.41.0-18.el6.i686.rpm
boost-date-time-1.41.0-18.el6.i686.rpm
boost-devel-1.41.0-18.el6.i686.rpm
boost-doc-1.41.0-18.el6.i686.rpm
boost-filesystem-1.41.0-18.el6.i686.rpm
boost-graph-1.41.0-18.el6.i686.rpm
boost-graph-mpich2-1.41.0-18.el6.i686.rpm
boost-graph-openmpi-1.41.0-18.el6.i686.rpm
boost-iostreams-1.41.0-18.el6.i686.rpm
boost-math-1.41.0-18.el6.i686.rpm
boost-mpich2-1.41.0-18.el6.i686.rpm
boost-mpich2-devel-1.41.0-18.el6.i686.rpm
boost-mpich2-python-1.41.0-18.el6.i686.rpm
boost-openmpi-1.41.0-18.el6.i686.rpm
boost-openmpi-devel-1.41.0-18.el6.i686.rpm
boost-openmpi-python-1.41.0-18.el6.i686.rpm
boost-program-options-1.41.0-18.el6.i686.rpm
boost-python-1.41.0-18.el6.i686.rpm
boost-regex-1.41.0-18.el6.i686.rpm
boost-serialization-1.41.0-18.el6.i686.rpm
boost-signals-1.41.0-18.el6.i686.rpm
boost-static-1.41.0-18.el6.i686.rpm
boost-system-1.41.0-18.el6.i686.rpm
boost-test-1.41.0-18.el6.i686.rpm
boost-thread-1.41.0-18.el6.i686.rpm
boost-wave-1.41.0-18.el6.i686.rpm
clusterlib-3.0.12.1-49.el6_4.2.i686.rpm
clusterlib-devel-3.0.12.1-49.el6_4.2.i686.rpm
cman-3.0.12.1-49.el6_4.2.i686.rpm
gfs2-utils-3.0.12.1-49.el6_4.2.i686.rpm
glibc-2.12-1.107.el6_4.4.i686.rpm
glibc-common-2.12-1.107.el6_4.4.i686.rpm
glibc-devel-2.12-1.107.el6_4.4.i686.rpm
glibc-headers-2.12-1.107.el6_4.4.i686.rpm
glibc-static-2.12-1.107.el6_4.4.i686.rpm
glibc-utils-2.12-1.107.el6_4.4.i686.rpm
neon-0.29.3-3.el6_4.i686.rpm
neon-devel-0.29.3-3.el6_4.i686.rpm
nscd-2.12-1.107.el6_4.4.i686.rpm
sos-2.2-38.el6_4.2.noarch.rpm

x86_64:
boost-1.41.0-18.el6.x86_64.rpm
boost-date-time-1.41.0-18.el6.i686.rpm
boost-date-time-1.41.0-18.el6.x86_64.rpm
boost-devel-1.41.0-18.el6.i686.rpm
boost-devel-1.41.0-18.el6.x86_64.rpm
boost-doc-1.41.0-18.el6.x86_64.rpm
boost-filesystem-1.41.0-18.el6.i686.rpm
boost-filesystem-1.41.0-18.el6.x86_64.rpm
boost-graph-1.41.0-18.el6.i686.rpm
boost-graph-1.41.0-18.el6.x86_64.rpm
boost-graph-mpich2-1.41.0-18.el6.i686.rpm
boost-graph-mpich2-1.41.0-18.el6.x86_64.rpm
boost-graph-openmpi-1.41.0-18.el6.x86_64.rpm
boost-iostreams-1.41.0-18.el6.i686.rpm
boost-iostreams-1.41.0-18.el6.x86_64.rpm
boost-math-1.41.0-18.el6.x86_64.rpm
boost-mpich2-1.41.0-18.el6.i686.rpm
boost-mpich2-1.41.0-18.el6.x86_64.rpm
boost-mpich2-devel-1.41.0-18.el6.i686.rpm
boost-mpich2-devel-1.41.0-18.el6.x86_64.rpm
boost-mpich2-python-1.41.0-18.el6.i686.rpm
boost-mpich2-python-1.41.0-18.el6.x86_64.rpm
boost-openmpi-1.41.0-18.el6.x86_64.rpm
boost-openmpi-devel-1.41.0-18.el6.i686.rpm
boost-openmpi-devel-1.41.0-18.el6.x86_64.rpm
boost-openmpi-python-1.41.0-18.el6.x86_64.rpm
boost-program-options-1.41.0-18.el6.i686.rpm
boost-program-options-1.41.0-18.el6.x86_64.rpm
boost-python-1.41.0-18.el6.i686.rpm
boost-python-1.41.0-18.el6.x86_64.rpm
boost-regex-1.41.0-18.el6.i686.rpm
boost-regex-1.41.0-18.el6.x86_64.rpm
boost-serialization-1.41.0-18.el6.i686.rpm
boost-serialization-1.41.0-18.el6.x86_64.rpm
boost-signals-1.41.0-18.el6.i686.rpm
boost-signals-1.41.0-18.el6.x86_64.rpm
boost-static-1.41.0-18.el6.x86_64.rpm
boost-system-1.41.0-18.el6.i686.rpm
boost-system-1.41.0-18.el6.x86_64.rpm
boost-test-1.41.0-18.el6.i686.rpm
boost-test-1.41.0-18.el6.x86_64.rpm
boost-thread-1.41.0-18.el6.i686.rpm
boost-thread-1.41.0-18.el6.x86_64.rpm
boost-wave-1.41.0-18.el6.i686.rpm
boost-wave-1.41.0-18.el6.x86_64.rpm
clusterlib-3.0.12.1-49.el6_4.2.i686.rpm
clusterlib-3.0.12.1-49.el6_4.2.x86_64.rpm
clusterlib-devel-3.0.12.1-49.el6_4.2.i686.rpm
clusterlib-devel-3.0.12.1-49.el6_4.2.x86_64.rpm
cman-3.0.12.1-49.el6_4.2.x86_64.rpm
gfs2-utils-3.0.12.1-49.el6_4.2.x86_64.rpm
glibc-2.12-1.107.el6_4.4.i686.rpm
glibc-2.12-1.107.el6_4.4.x86_64.rpm
glibc-common-2.12-1.107.el6_4.4.x86_64.rpm
glibc-devel-2.12-1.107.el6_4.4.i686.rpm
glibc-devel-2.12-1.107.el6_4.4.x86_64.rpm
glibc-headers-2.12-1.107.el6_4.4.x86_64.rpm
glibc-static-2.12-1.107.el6_4.4.i686.rpm
glibc-static-2.12-1.107.el6_4.4.x86_64.rpm
glibc-utils-2.12-1.107.el6_4.4.x86_64.rpm
neon-0.29.3-3.el6_4.i686.rpm
neon-0.29.3-3.el6_4.x86_64.rpm
neon-devel-0.29.3-3.el6_4.i686.rpm
neon-devel-0.29.3-3.el6_4.x86_64.rpm
nscd-2.12-1.107.el6_4.4.x86_64.rpm
sos-2.2-38.el6_4.2.noarch.rpm
Date: Wed, 4 Sep 2013 13:36:23 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: spice-server on SL6.x x86_64
MIME-Version: 1.0

Synopsis: Moderate: spice-server security update
Advisory ID: SLSA-2013:1192-1
Issue Date: 2013-09-03
CVE Numbers: CVE-2013-4130
--

A flaw was found in the way concurrent access to the clients ring buffer
was performed in the spice-server library. A remote user able to initiate
a SPICE connection to an application acting as a SPICE server could use
this flaw to crash the application. (CVE-2013-4130)

Applications acting as a SPICE server must be restarted for this update to
take effect. Note that QEMU-KVM guests providing SPICE console access must
be restarted for this update to take effect.
--

SL6
 x86_64
 spice-server-0.12.0-12.el6_4.3.x86_64.rpm
 spice-server-debuginfo-0.12.0-12.el6_4.3.x86_64.rpm
 spice-server-devel-0.12.0-12.el6_4.3.x86_64.rpm

- Scientific Linux Development Team