Red Hat Product Errata RHSA-2017:2471 - Security Advisory

Issued:: 2017-08-15
Updated:: 2017-08-15

RHSA-2017:2471 - Security Advisory

Overview
Updated Packages

Synopsis

Important: spice security update

Type/Severity

Security Advisory: Important

Topic

An update for spice is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.

Security Fix(es):

A vulnerability was discovered in spice server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses, leading to parts of server memory being leaked or a crash. (CVE-2017-7506)

This issue was discovered by Frediano Ziglio (Red Hat).

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All applications using SPICE (most notably all QEMU-KVM instances using the SPICE console) must be restarted for this update to take effect.

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 7.5 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 7.4 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64
Red Hat Enterprise Linux Server - AUS 7.6 x86_64
Red Hat Enterprise Linux Server - AUS 7.4 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux Server - TUS 7.6 x86_64
Red Hat Enterprise Linux Server - TUS 7.4 x86_64
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4 x86_64

Fixes

BZ - 1452606 - CVE-2017-7506 spice: Possible buffer overflow via invalid monitor configurations

CVEs

CVE-2017-7506

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
spice-0.12.8-2.el7.1.src.rpm	SHA-256: 17056f82855959cb64e33f4b7d00a6678f7dab0cd3f5488a7231cb42bfee8591
x86_64
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-server-0.12.8-2.el7.1.x86_64.rpm	SHA-256: f47ef76b50718480062e513cb10d45b00a802ca386d6eb268ff0b29eccf59c7b
spice-server-devel-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 7db5ae4189e87b9aaee6d4abbb997af9b1313853a625716a266b1aca1f62255e

Red Hat Enterprise Linux Server - Extended Update Support 7.6

SRPM
spice-0.12.8-2.el7.1.src.rpm	SHA-256: 17056f82855959cb64e33f4b7d00a6678f7dab0cd3f5488a7231cb42bfee8591
x86_64
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-server-0.12.8-2.el7.1.x86_64.rpm	SHA-256: f47ef76b50718480062e513cb10d45b00a802ca386d6eb268ff0b29eccf59c7b
spice-server-devel-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 7db5ae4189e87b9aaee6d4abbb997af9b1313853a625716a266b1aca1f62255e

Red Hat Enterprise Linux Server - Extended Update Support 7.5

SRPM
spice-0.12.8-2.el7.1.src.rpm	SHA-256: 17056f82855959cb64e33f4b7d00a6678f7dab0cd3f5488a7231cb42bfee8591
x86_64
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-server-0.12.8-2.el7.1.x86_64.rpm	SHA-256: f47ef76b50718480062e513cb10d45b00a802ca386d6eb268ff0b29eccf59c7b
spice-server-devel-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 7db5ae4189e87b9aaee6d4abbb997af9b1313853a625716a266b1aca1f62255e

Red Hat Enterprise Linux Server - Extended Update Support 7.4

SRPM
spice-0.12.8-2.el7.1.src.rpm	SHA-256: 17056f82855959cb64e33f4b7d00a6678f7dab0cd3f5488a7231cb42bfee8591
x86_64
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-server-0.12.8-2.el7.1.x86_64.rpm	SHA-256: f47ef76b50718480062e513cb10d45b00a802ca386d6eb268ff0b29eccf59c7b
spice-server-devel-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 7db5ae4189e87b9aaee6d4abbb997af9b1313853a625716a266b1aca1f62255e

Red Hat Enterprise Linux EUS Compute Node 7.5

SRPM
spice-0.12.8-2.el7.1.src.rpm	SHA-256: 17056f82855959cb64e33f4b7d00a6678f7dab0cd3f5488a7231cb42bfee8591
x86_64
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-server-0.12.8-2.el7.1.x86_64.rpm	SHA-256: f47ef76b50718480062e513cb10d45b00a802ca386d6eb268ff0b29eccf59c7b
spice-server-devel-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 7db5ae4189e87b9aaee6d4abbb997af9b1313853a625716a266b1aca1f62255e

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
spice-0.12.8-2.el7.1.src.rpm	SHA-256: 17056f82855959cb64e33f4b7d00a6678f7dab0cd3f5488a7231cb42bfee8591
x86_64
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-server-0.12.8-2.el7.1.x86_64.rpm	SHA-256: f47ef76b50718480062e513cb10d45b00a802ca386d6eb268ff0b29eccf59c7b
spice-server-devel-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 7db5ae4189e87b9aaee6d4abbb997af9b1313853a625716a266b1aca1f62255e

Red Hat Enterprise Linux Server - AUS 7.4

SRPM
spice-0.12.8-2.el7.1.src.rpm	SHA-256: 17056f82855959cb64e33f4b7d00a6678f7dab0cd3f5488a7231cb42bfee8591
x86_64
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-server-0.12.8-2.el7.1.x86_64.rpm	SHA-256: f47ef76b50718480062e513cb10d45b00a802ca386d6eb268ff0b29eccf59c7b
spice-server-devel-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 7db5ae4189e87b9aaee6d4abbb997af9b1313853a625716a266b1aca1f62255e

Red Hat Enterprise Linux Workstation 7

SRPM
spice-0.12.8-2.el7.1.src.rpm	SHA-256: 17056f82855959cb64e33f4b7d00a6678f7dab0cd3f5488a7231cb42bfee8591
x86_64
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-server-0.12.8-2.el7.1.x86_64.rpm	SHA-256: f47ef76b50718480062e513cb10d45b00a802ca386d6eb268ff0b29eccf59c7b
spice-server-devel-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 7db5ae4189e87b9aaee6d4abbb997af9b1313853a625716a266b1aca1f62255e

Red Hat Enterprise Linux Desktop 7

SRPM
spice-0.12.8-2.el7.1.src.rpm	SHA-256: 17056f82855959cb64e33f4b7d00a6678f7dab0cd3f5488a7231cb42bfee8591
x86_64
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-server-0.12.8-2.el7.1.x86_64.rpm	SHA-256: f47ef76b50718480062e513cb10d45b00a802ca386d6eb268ff0b29eccf59c7b
spice-server-devel-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 7db5ae4189e87b9aaee6d4abbb997af9b1313853a625716a266b1aca1f62255e

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
spice-0.12.8-2.el7.1.src.rpm	SHA-256: 17056f82855959cb64e33f4b7d00a6678f7dab0cd3f5488a7231cb42bfee8591
x86_64
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-server-0.12.8-2.el7.1.x86_64.rpm	SHA-256: f47ef76b50718480062e513cb10d45b00a802ca386d6eb268ff0b29eccf59c7b
spice-server-devel-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 7db5ae4189e87b9aaee6d4abbb997af9b1313853a625716a266b1aca1f62255e

Red Hat Enterprise Linux EUS Compute Node 7.6

SRPM
spice-0.12.8-2.el7.1.src.rpm	SHA-256: 17056f82855959cb64e33f4b7d00a6678f7dab0cd3f5488a7231cb42bfee8591
x86_64
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-server-0.12.8-2.el7.1.x86_64.rpm	SHA-256: f47ef76b50718480062e513cb10d45b00a802ca386d6eb268ff0b29eccf59c7b
spice-server-devel-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 7db5ae4189e87b9aaee6d4abbb997af9b1313853a625716a266b1aca1f62255e

Red Hat Enterprise Linux EUS Compute Node 7.4

SRPM
spice-0.12.8-2.el7.1.src.rpm	SHA-256: 17056f82855959cb64e33f4b7d00a6678f7dab0cd3f5488a7231cb42bfee8591
x86_64
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-server-0.12.8-2.el7.1.x86_64.rpm	SHA-256: f47ef76b50718480062e513cb10d45b00a802ca386d6eb268ff0b29eccf59c7b
spice-server-devel-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 7db5ae4189e87b9aaee6d4abbb997af9b1313853a625716a266b1aca1f62255e

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
spice-0.12.8-2.el7.1.src.rpm	SHA-256: 17056f82855959cb64e33f4b7d00a6678f7dab0cd3f5488a7231cb42bfee8591
x86_64
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-server-0.12.8-2.el7.1.x86_64.rpm	SHA-256: f47ef76b50718480062e513cb10d45b00a802ca386d6eb268ff0b29eccf59c7b
spice-server-devel-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 7db5ae4189e87b9aaee6d4abbb997af9b1313853a625716a266b1aca1f62255e

Red Hat Enterprise Linux Server - TUS 7.4

SRPM
spice-0.12.8-2.el7.1.src.rpm	SHA-256: 17056f82855959cb64e33f4b7d00a6678f7dab0cd3f5488a7231cb42bfee8591
x86_64
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-server-0.12.8-2.el7.1.x86_64.rpm	SHA-256: f47ef76b50718480062e513cb10d45b00a802ca386d6eb268ff0b29eccf59c7b
spice-server-devel-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 7db5ae4189e87b9aaee6d4abbb997af9b1313853a625716a266b1aca1f62255e

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6

SRPM
spice-0.12.8-2.el7.1.src.rpm	SHA-256: 17056f82855959cb64e33f4b7d00a6678f7dab0cd3f5488a7231cb42bfee8591
x86_64
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-server-0.12.8-2.el7.1.x86_64.rpm	SHA-256: f47ef76b50718480062e513cb10d45b00a802ca386d6eb268ff0b29eccf59c7b
spice-server-devel-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 7db5ae4189e87b9aaee6d4abbb997af9b1313853a625716a266b1aca1f62255e

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4

SRPM
spice-0.12.8-2.el7.1.src.rpm	SHA-256: 17056f82855959cb64e33f4b7d00a6678f7dab0cd3f5488a7231cb42bfee8591
x86_64
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 508cf0410e340951021957aa2fa6ddd769ba2e171c3bfbc9e403039ac4cf2772
spice-server-0.12.8-2.el7.1.x86_64.rpm	SHA-256: f47ef76b50718480062e513cb10d45b00a802ca386d6eb268ff0b29eccf59c7b
spice-server-devel-0.12.8-2.el7.1.x86_64.rpm	SHA-256: 7db5ae4189e87b9aaee6d4abbb997af9b1313853a625716a266b1aca1f62255e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.