18 matches found
SUSE CVE-2013-4324
spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkitunixprocessnew API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a 1 setuid process or 2 pkexec process...
Oracle: Security Advisory (ELSA-2013-1273)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : spice-gtk (openSUSE-SU-2013:1562-1)
spice-gtk received fixes for the acl helper policy kit checks that had a race condition in PID checking. CVE-2013-4324, bnc844967. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
Fedora Update for spice-gtk FEDORA-2013-17195
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 18 : spice-gtk-0.18-3.fc18 (2013-17195)
Fix CVE-2013-4324 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Networ...
CVE-2013-4324
spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkitunixprocessnew API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a 1 setuid process or 2 pkexec process...
DEBIAN-CVE-2013-4324
spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkitunixprocessnew API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a 1 setuid process or 2 pkexec process...
CVE-2013-4324
CVE-2013-4324 affects spice-gtk 0.14 (and possibly other versions) by invoking polkit authority via the insecure polkit_unix_process_new API. This creates a PolkitUnixProcess PolkitSubject race condition exploitable by a local attacker through a setuid process or a pkexec process, allowing bypass...
Fedora Update for spice-gtk FEDORA-2013-17109
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 19 : spice-gtk-0.20-6.fc19 (2013-17109)
Fix CVE-2013-4324 Insecure calling of polkit via polkitunixprocessnew Add a few upstream patches fixing bugs in spice-gtk 0.20 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean...
CentOS Update for spice-glib CESA-2013:1273 centos6
Check for the Version of spice-glib OpenVAS Vulnerability Test CentOS Update for spice-glib CESA-2013:1273 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
CentOS Update for spice-glib CESA-2013:1273 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
spice security update
CentOS Errata and Security Advisory CESA-2013:1273 Updated spice-gtk packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base...
Oracle Linux 6 : spice-gtk (ELSA-2013-1273)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-1273 advisory. - New build with correct patch for CVE-2013-4324 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note th...
CentOS 6 : spice-gtk (CESA-2013:1273)
Updated spice-gtk packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Scientific Linux Security Update : spice-gtk on SL6.x i386/x86_64 (20130919)
spice-gtk communicated with PolicyKit for authorization via an API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies spice-gtk to communicate with PolicyKit via a different API that is not vulnerable to the race...
RHEL 6 : spice-gtk (RHSA-2013:1273)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:1273 advisory. The spice-gtk packages provide a GIMP Toolkit GTK+ widget for SPICE Simple Protocol for Independent Computing Environments clients. Both Virtual...
spice-gtk security update
0.14-7.3 - New build with correct patch for CVE-2013-4324 0.14-7.2 - Fix race condition in policykit use CVE-2013-4324 Resolves: CVE-2013-4324...