Bug 2925

Summary: [UPDATE REQUEST] [UPSTREAM UPDATE] spice-gtk
Product: Server Bugs Reporter: Andrew Lukoshko <andrew.lukoshko>
Component: Main PackagesAssignee: Andrew Lukoshko <andrew.lukoshko>
Status: RESOLVED FIXED QA Contact: ROSA Server Bugs <server-bugs>
Severity: normal    
Priority: Normal CC: alexander.petryakov, v.potapov
Version: unspecifiedFlags: alexander.petryakov: qa_verified+
andrew.lukoshko: published_server+
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Platform: --- ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Andrew Lukoshko 2013-10-18 14:46:44 MSK 
spice-gtk communicated with PolicyKit for authorization via an API that is
vulnerable to a race condition. This could lead to intended PolicyKit
authorizations being bypassed. This update modifies spice-gtk to
communicate with PolicyKit via a different API that is not vulnerable to
the race condition. (CVE-2013-4324)

http://rhn.redhat.com/errata/RHSA-2013-1273.html

https://abf.rosalinux.ru/build_lists/1335784
https://abf.rosalinux.ru/build_lists/1335785
Comment 1 Vladimir Potapov 2013-10-25 10:07:10 MSK 
Error 404
Page not found
Comment 3 Alexander Petryakov 2013-11-15 02:27:41 MSK 
spice-gtk-0.14-7.res6.3.src.rpm
*********************** RHEL Advisory *************************
spice-gtk communicated with PolicyKit for authorization via an API that is
vulnerable to a race condition. This could lead to intended PolicyKit
authorizations being bypassed. This update modifies spice-gtk to
communicate with PolicyKit via a different API that is not vulnerable to
the race condition. (CVE-2013-4324)

http://rhn.redhat.com/errata/RHSA-2013-1273.html
***************************************************************
QA Verified