Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#37767 - [spice] security patch for CVE-2013-4282
Attached to Project:
Arch Linux
Opened by RbN (RbN) - Thursday, 14 November 2013, 20:58 GMT
Last edited by Tobias Powalowski (tpowa) - Monday, 18 November 2013, 07:37 GMT
Opened by RbN (RbN) - Thursday, 14 November 2013, 20:58 GMT
Last edited by Tobias Powalowski (tpowa) - Monday, 18 November 2013, 07:37 GMT
|
DetailsDescription (from RedHat bugzilla [0]):
"reds_handle_ticket uses a fixed size 'password' buffer for the decrypted password whose size is SPICE_MAX_PASSWORD_LENGTH. However, RSA_private_decrypt which we call for the decryption expects the destination buffer to be at least RSA_size(link->tiTicketing.rsa) bytes long. An remote attacker able to initiate spice connection to the guest could use this flaw to crash the guest." Resolution: [1] upstream patch Ressources: [0] https://bugzilla.redhat.com/show_bug.cgi?id=1000443 [1] http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2 |
This task depends upon
Closed by Tobias Powalowski (tpowa)
Monday, 18 November 2013, 07:37 GMT
Reason for closing: Fixed
Additional comments about closing: 0.12.4-3
Monday, 18 November 2013, 07:37 GMT
Reason for closing: Fixed
Additional comments about closing: 0.12.4-3