Bug 2925 - [UPDATE REQUEST] [UPSTREAM UPDATE] spice-gtk
: [UPDATE REQUEST] [UPSTREAM UPDATE] spice-gtk
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-18 14:46 MSD by Andrew Lukoshko
Modified: 2013-11-19 12:39 MSK (History)
2 users (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
alexander.petryakov: qa_verified+
andrew.lukoshko: published_server+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2013-10-18 14:46:44 MSD
spice-gtk communicated with PolicyKit for authorization via an API that is
vulnerable to a race condition. This could lead to intended PolicyKit
authorizations being bypassed. This update modifies spice-gtk to
communicate with PolicyKit via a different API that is not vulnerable to
the race condition. (CVE-2013-4324)

http://rhn.redhat.com/errata/RHSA-2013-1273.html

https://abf.rosalinux.ru/build_lists/1335784
https://abf.rosalinux.ru/build_lists/1335785
Comment 1 Vladimir Potapov 2013-10-25 10:07:10 MSD
Error 404
Page not found
Comment 3 Alexander Petryakov 2013-11-15 02:27:41 MSK
spice-gtk-0.14-7.res6.3.src.rpm
*********************** RHEL Advisory *************************
spice-gtk communicated with PolicyKit for authorization via an API that is
vulnerable to a race condition. This could lead to intended PolicyKit
authorizations being bypassed. This update modifies spice-gtk to
communicate with PolicyKit via a different API that is not vulnerable to
the race condition. (CVE-2013-4324)

http://rhn.redhat.com/errata/RHSA-2013-1273.html
***************************************************************
QA Verified