Bugzilla – Bug 944460
VUL-0: CVE-2015-3247 spice: memory corruption in worker_update_monitors_config()
Last modified: 2016-05-07 11:08:01 UTC
rh#1233238 It was reported that function worker_update_monitors_config in spice-server contains a race condition which can be exploited as a heap corruption from the guest. Suggested patch: https://bugzilla.redhat.com/attachment.cgi?id=1037193 Acknowledgements: This issue was discovered by Frediano Ziglio of Red Hat. References: https://bugzilla.redhat.com/show_bug.cgi?id=1233238 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3247 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3247.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3247
bugbot adjusting priority
I don't have access to the patch you pointed to. Could you paste it here? Is it embargoed?
Created attachment 646436 [details] CVE-2015-3247.patch taken from https://git.centos.org/blob/rpms!spice.git/11e32f6dd156a3c4847da29d989837437e973ccc/SOURCES!0038-Avoid-race-conditions-reading-monitor-configs-from-g.patch
Created attachment 646440 [details] CVE-2015-3247.patch This one from https://bugzilla.redhat.com/attachment.cgi?id=1037193 almost identical
This is an autogenerated message for OBS integration: This bug (944460) was mentioned in https://build.opensuse.org/request/show/329575 13.2 / spice https://build.opensuse.org/request/show/329576 Leap:42.1 / spice
Patches propagating to distros
openSUSE-SU-2015:1566-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 944460 CVE References: CVE-2015-3247 Sources used: openSUSE 13.2 (src): spice-0.12.4-4.3.1
SUSE-SU-2015:1733-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 944460,948976 CVE References: CVE-2015-3247,CVE-2015-5260,CVE-2015-5261 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): spice-0.12.4-8.5.1 SUSE Linux Enterprise Server 12 (src): spice-0.12.4-8.5.1 SUSE Linux Enterprise Desktop 12 (src): spice-0.12.4-8.5.1
openSUSE-SU-2015:1750-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 848279,944460,944787,948976 CVE References: CVE-2013-4282,CVE-2015-3247,CVE-2015-5260,CVE-2015-5261 Sources used: openSUSE 13.2 (src): spice-0.12.4-4.6.1 openSUSE 13.1 (src): spice-0.12.4-2.3.1
released
SUSE-SU-2016:1259-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 944460,944787,948976 CVE References: CVE-2015-3247,CVE-2015-5260,CVE-2015-5261 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): spice-0.12.4-5.1 SUSE Linux Enterprise Server 11-SP4 (src): spice-0.12.4-5.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): spice-0.12.4-5.1