AXSA:2019-4267:01

Release date: 
Thursday, September 12, 2019 - 09:08
Subject: 
libgovirt-0.3.4-3.el7, spice-gtk-0.35-4.el7, spice-vdagent-0.14.0-18.el7, virt-viewer-5.0-15.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol.

The libgovirt packages contain a library that allows applications to use the oVirt Representational State Transfer (REST) API to list virtual machines (VMs) managed by an oVirt instance. The library is also used to get the connection parameters needed to establish a connection to the VMs using Simple Protocol For Independent Computing Environments (SPICE) or Virtual Network Computing (VNC).

The spice-vdagent packages provide a SPICE agent for Linux guests.

The virt-viewer packages provide Virtual Machine Viewer, which is a lightweight interface for interacting with the graphical display of a virtualized guest.

Security Fix(es):

* spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows (CVE-2018-10893)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-10893
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
1. libgovirt-0.3.4-3.el7.src.rpm
md5sum: 38684633a5144b2055081dc0d274c8f0
sha256sum: 536e555aa1580ef6a04ef0b3230568c7317eccb25741455b619fc10687a42f0f
Size: 354 Kb
2. spice-gtk-0.35-4.el7.src.rpm
md5sum: f40c97d91f15fa19b4b86ec9c1b51cff
sha256sum: 29fe21d1065eb3470b8def5ec9274ebb22f05132168aa5e34e7ddf6d5f683585
Size: 1,433 Kb
3. spice-vdagent-0.14.0-18.el7.src.rpm
md5sum: 91b9ae4d6f8a90bc88567e29cc962f7d
sha256sum: 33c47475bf46074e485051e5d1ec8290e95190dfa7160b2143a27ca2a3157254
Size: 168 Kb
4. virt-viewer-5.0-15.el7.src.rpm
md5sum: 532b48adb7424881d0cbc91b4013e817
sha256sum: 9ca53755582c0d9951f8d022f7353723d2cf69dfee35045a763f19f515b79005
Size: 1,035 Kb

Asianux Server 7.0 for x86_64
1. libgovirt-0.3.4-3.el7.x86_64.rpm
md5sum: 109fbf9e7662c5f4f9469181e4596aa3
sha256sum: 311048b297f3e9f32e503545a05f204a4449a26b03d7f3c2531d4af59bb12291
Size: 73 Kb
2. libgovirt-0.3.4-3.el7.i686.rpm
md5sum: 2ba7a7d0c931e55911f90f31e60a54f6
sha256sum: c06d7998f63ade1f7b4670d0a822d6f6e1a048fa55f92fdcb571f54e1c8cbbcc
Size: 73 Kb
3. spice-glib-0.35-4.el7.x86_64.rpm
md5sum: 8c1999ae7d8f3192d2e1c1cbd78b477b
sha256sum: b6b47b28047d1ea3ce07501a00bcb6cebe2e3a7b8a25c360ee5b8c6a86465c2c
Size: 355 Kb
4. spice-gtk3-0.35-4.el7.x86_64.rpm
md5sum: 1c3c82d044308a93323503a462f3bb97
sha256sum: 5251d693f1baeee64dbcf20a92d48ecd9c91e929714401e3ebbbbfff9327c232
Size: 86 Kb
5. spice-glib-0.35-4.el7.i686.rpm
md5sum: 3d7b7acfcd04f013b875928e71d92d11
sha256sum: 5804277453002daa06eb336f6baf6b90cf688aac42a759108952672bb5ca2034
Size: 354 Kb
6. spice-gtk3-0.35-4.el7.i686.rpm
md5sum: c5595ca0ab44edda7811bb96aad2f2ff
sha256sum: 0958da1db11cea13a3c54cdc9903bad416a1fa821abd3c80e099018cd538a5e0
Size: 86 Kb
7. spice-vdagent-0.14.0-18.el7.x86_64.rpm
md5sum: 731222ca7a2754a08af0ac31ee3fa942
sha256sum: 116711a541321b26aa1c923f3e0d18c95469392afbe680a69e90aaaa5cab7b3a
Size: 70 Kb
8. virt-viewer-5.0-15.el7.x86_64.rpm
md5sum: e9deb100ee8e99049e7c3b8e15409ef7
sha256sum: 6bf2e81060936838a3a48ea389095bfab2a2a651c494cfbb94b063c994076ae8
Size: 392 Kb
Copyright© 2007-2015 Asianux. All rights reserved.