SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Spice Vendors:   Red Hat
(Oracle Issues Fix for Oracle Linux) Spice Race Condition and Buffer Overflows Let Local Guest System Users Crash the Host or Execute Arbitrary Code on the Host System
SecurityTracker Alert ID:  1033791
SecurityTracker URL:  http://securitytracker.com/id/1033791
CVE Reference:   CVE-2015-5260, CVE-2015-5261   (Links to External Site)
Date:  Oct 13 2015
Impact:   Denial of service via network, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.12.6
Description:   Three vulnerabilities were reported in Spice. A local user on the guest system can cause denial of service conditions on the host system. A local user on the guest system can gain elevated privileges on the host system.

A local user on the guest system can supply specially crafted QXL command 'surface_id' parameter values to trigger a heap overflow and cause the target QEMU-KVM process on the host system to crash [CVE-2015-5260].

A local user on the guest system can supply specially crafted QXL commands to trigger a heap overflow and read or write arbitrary memory locations on the target host system [CVE-2015-5261]. This can be exploited to gain elevated privileges on the host system.

A local user on the guest system can trigger a race condition in the worker_update_monitors_config() function to cause the target QEMU-KVM process on the host system to crash [CVE-2015-3247].

Frediano Ziglio of Red Hat reported these vulnerabilities.

Impact:   A local user on the guest system can cause denial of service conditions on the host system.

A local user on the guest system can gain elevated privileges on the host system.

Solution:   Oracle has issued a fix for CVE-2015-5260 and CVE-2015-5261.

The Oracle Linux advisory is available at:

http://linux.oracle.com/errata/ELSA-2015-1889.html

Vendor URL:  linux.oracle.com/errata/ELSA-2015-1889.html (Links to External Site)
Cause:   Access control error, Boundary error, State error
Underlying OS:  Linux (Oracle)
Underlying OS Comments:  6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Oct 7 2015 Spice Race Condition and Buffer Overflows Let Local Guest System Users Crash the Host or Execute Arbitrary Code on the Host System



 Source Message Contents

Subject:  [El-errata] ELSA-2015-1889 Important: Oracle Linux 6 spice-server security update

Oracle Linux Security Advisory ELSA-2015-1889

http://linux.oracle.com/errata/ELSA-2015-1889.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
spice-server-0.12.4-12.el6_7.3.x86_64.rpm
spice-server-devel-0.12.4-12.el6_7.3.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/spice-server-0.12.4-12.el6_7.3.src.rpm



Description of changes:

[0.12.4-12.3]
- CVE-2015-5260 CVE-2015-5261 fixed various security flaws
   Resolves: rhbz#1262769

[0.12.4-12.2]
- Validate surface_id
   Resolves: rhbz#1262769


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC