AXSA:2019-4267:01

Release date: 
Thursday, September 12, 2019 - 09:08
Subject: 
libgovirt-0.3.4-3.el7, spice-gtk-0.35-4.el7, spice-vdagent-0.14.0-18.el7, virt-viewer-5.0-15.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol.

The libgovirt packages contain a library that allows applications to use the oVirt Representational State Transfer (REST) API to list virtual machines (VMs) managed by an oVirt instance. The library is also used to get the connection parameters needed to establish a connection to the VMs using Simple Protocol For Independent Computing Environments (SPICE) or Virtual Network Computing (VNC).

The spice-vdagent packages provide a SPICE agent for Linux guests.

The virt-viewer packages provide Virtual Machine Viewer, which is a lightweight interface for interacting with the graphical display of a virtualized guest.

Security Fix(es):

* spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows (CVE-2018-10893)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-10893
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. libgovirt-0.3.4-3.el7.src.rpm
    MD5: 38684633a5144b2055081dc0d274c8f0
    SHA-256: 536e555aa1580ef6a04ef0b3230568c7317eccb25741455b619fc10687a42f0f
    Size: 353.86 kB
  2. spice-gtk-0.35-4.el7.src.rpm
    MD5: f40c97d91f15fa19b4b86ec9c1b51cff
    SHA-256: 29fe21d1065eb3470b8def5ec9274ebb22f05132168aa5e34e7ddf6d5f683585
    Size: 1.40 MB
  3. spice-vdagent-0.14.0-18.el7.src.rpm
    MD5: 91b9ae4d6f8a90bc88567e29cc962f7d
    SHA-256: 33c47475bf46074e485051e5d1ec8290e95190dfa7160b2143a27ca2a3157254
    Size: 168.49 kB
  4. virt-viewer-5.0-15.el7.src.rpm
    MD5: 532b48adb7424881d0cbc91b4013e817
    SHA-256: 9ca53755582c0d9951f8d022f7353723d2cf69dfee35045a763f19f515b79005
    Size: 1.01 MB

Asianux Server 7 for x86_64
  1. libgovirt-0.3.4-3.el7.x86_64.rpm
    MD5: 109fbf9e7662c5f4f9469181e4596aa3
    SHA-256: 311048b297f3e9f32e503545a05f204a4449a26b03d7f3c2531d4af59bb12291
    Size: 73.40 kB
  2. libgovirt-0.3.4-3.el7.i686.rpm
    MD5: 2ba7a7d0c931e55911f90f31e60a54f6
    SHA-256: c06d7998f63ade1f7b4670d0a822d6f6e1a048fa55f92fdcb571f54e1c8cbbcc
    Size: 72.66 kB
  3. spice-glib-0.35-4.el7.x86_64.rpm
    MD5: 8c1999ae7d8f3192d2e1c1cbd78b477b
    SHA-256: b6b47b28047d1ea3ce07501a00bcb6cebe2e3a7b8a25c360ee5b8c6a86465c2c
    Size: 355.13 kB
  4. spice-gtk3-0.35-4.el7.x86_64.rpm
    MD5: 1c3c82d044308a93323503a462f3bb97
    SHA-256: 5251d693f1baeee64dbcf20a92d48ecd9c91e929714401e3ebbbbfff9327c232
    Size: 86.28 kB
  5. spice-glib-0.35-4.el7.i686.rpm
    MD5: 3d7b7acfcd04f013b875928e71d92d11
    SHA-256: 5804277453002daa06eb336f6baf6b90cf688aac42a759108952672bb5ca2034
    Size: 354.36 kB
  6. spice-gtk3-0.35-4.el7.i686.rpm
    MD5: c5595ca0ab44edda7811bb96aad2f2ff
    SHA-256: 0958da1db11cea13a3c54cdc9903bad416a1fa821abd3c80e099018cd538a5e0
    Size: 85.60 kB
  7. spice-vdagent-0.14.0-18.el7.x86_64.rpm
    MD5: 731222ca7a2754a08af0ac31ee3fa942
    SHA-256: 116711a541321b26aa1c923f3e0d18c95469392afbe680a69e90aaaa5cab7b3a
    Size: 69.67 kB
  8. virt-viewer-5.0-15.el7.x86_64.rpm
    MD5: e9deb100ee8e99049e7c3b8e15409ef7
    SHA-256: 6bf2e81060936838a3a48ea389095bfab2a2a651c494cfbb94b063c994076ae8
    Size: 392.48 kB
Copyright© 2007-2015 Asianux. All rights reserved.