spice: memory corruption in worker_update_monitors_config() (CVE-2015-3247)
Race condition in the worker_update_monitors_config function in SPICE
0.12.4
allows a remote authenticated guest user to cause a denial of service
(heap-based memory corruption and QEMU-KVM crash)
or possibly execute arbitrary code on the host via unspecified vectors.
(0.12.5 is also vulnerable)
References
https://security-tracker.debian.org/tracker/CVE-2015-3247
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-3247
Patch:
http://cgit.freedesktop.org/spice/spice/commit/?id=bd6ea0db84949ac903c27708166604de892f4671
(from redmine: issue id 4670, created on 2015-09-29, closed on 2015-10-14)
- Relations:
- relates #4762 (closed)
- child #4671 (closed)
- child #4672 (closed)
- child #4673 (closed)
- child #4674 (closed)
- child #4675 (closed)
- Changesets:
- Revision a8876452 by Natanael Copa on 2015-10-13T09:01:43Z:
main/spice: security upgrade to 0.12.6
CVE-2015-3247
CVE-2015-5260
CVE-2015-5261
ref #4670
fixes #4672
ref #4762
fixes #4763
- Revision 1f85f43a by Natanael Copa on 2015-10-13T12:04:11Z:
main/spice: security upgrade to 0.12.6
CVE-2015-3247
CVE-2015-5260
CVE-2015-5261
ref #4670
fixes #4674
ref #4762
fixes #4766
- Revision 73bbe97f by Natanael Copa on 2015-10-13T12:04:56Z:
main/spice: security upgrade to 0.12.6
CVE-2015-3247
CVE-2015-5260
CVE-2015-5261
ref #4670
fixes #4673
ref #4762
fixes #4765
- Revision 7ed15a61 by Natanael Copa on 2015-10-13T13:37:31Z:
main/spice: security upgrade to 0.12.6
CVE-2015-3247
CVE-2015-5260
CVE-2015-5261
ref #4670
fixes #4675
ref #4762
fixes #4767