4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.7%
The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE
(Simple Protocol for Independent Computing Environments) clients. Both
Virtual Machine Manager and Virtual Machine Viewer can make use of this
widget to access virtual machines using the SPICE protocol.
spice-gtk communicated with PolicyKit for authorization via an API that is
vulnerable to a race condition. This could lead to intended PolicyKit
authorizations being bypassed. This update modifies spice-gtk to
communicate with PolicyKit via a different API that is not vulnerable to
the race condition. (CVE-2013-4324)
All users of spice-gtk are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | src | spice-gtk | < 0.14-7.el6_4.3 | spice-gtk-0.14-7.el6_4.3.src.rpm |
RedHat | 6 | i686 | spice-gtk-python | < 0.14-7.el6_4.3 | spice-gtk-python-0.14-7.el6_4.3.i686.rpm |
RedHat | 6 | x86_64 | spice-gtk-debuginfo | < 0.14-7.el6_4.3 | spice-gtk-debuginfo-0.14-7.el6_4.3.x86_64.rpm |
RedHat | 6 | x86_64 | spice-gtk-devel | < 0.14-7.el6_4.3 | spice-gtk-devel-0.14-7.el6_4.3.x86_64.rpm |
RedHat | 6 | x86_64 | spice-gtk-python | < 0.14-7.el6_4.3 | spice-gtk-python-0.14-7.el6_4.3.x86_64.rpm |
RedHat | 6 | x86_64 | spice-glib-devel | < 0.14-7.el6_4.3 | spice-glib-devel-0.14-7.el6_4.3.x86_64.rpm |
RedHat | 6 | i686 | spice-gtk | < 0.14-7.el6_4.3 | spice-gtk-0.14-7.el6_4.3.i686.rpm |
RedHat | 6 | i686 | spice-gtk-tools | < 0.14-7.el6_4.3 | spice-gtk-tools-0.14-7.el6_4.3.i686.rpm |
RedHat | 6 | x86_64 | spice-gtk | < 0.14-7.el6_4.3 | spice-gtk-0.14-7.el6_4.3.x86_64.rpm |
RedHat | 6 | i686 | spice-glib | < 0.14-7.el6_4.3 | spice-glib-0.14-7.el6_4.3.i686.rpm |