Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2012:1284
HistorySep 17, 2012 - 12:00 a.m.

(RHSA-2012:1284) Moderate: spice-gtk security update

2012-09-1700:00:00
access.redhat.com
10

0.0004 Low

EPSS

Percentile

5.1%

JSON

The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE
(Simple Protocol for Independent Computing Environments) clients. Both
Virtual Machine Manager and Virtual Machine Viewer can make use of this
widget to access virtual machines using the SPICE protocol.

It was discovered that the spice-gtk setuid helper application,
spice-client-glib-usb-acl-helper, did not clear the environment variables
read by the libraries it uses. A local attacker could possibly use this
flaw to escalate their privileges by setting specific environment variables
before running the helper application. (CVE-2012-4425)

Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for
reporting this issue.

All users of spice-gtk are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

OSVersionArchitecturePackageVersionFilename
RedHat6x86_64spice-gtk< 0.11-11.el6_3.1spice-gtk-0.11-11.el6_3.1.x86_64.rpm
RedHat6x86_64spice-glib-devel< 0.11-11.el6_3.1spice-glib-devel-0.11-11.el6_3.1.x86_64.rpm
RedHat6i686spice-gtk-python< 0.11-11.el6_3.1spice-gtk-python-0.11-11.el6_3.1.i686.rpm
RedHat6i686spice-gtk-tools< 0.11-11.el6_3.1spice-gtk-tools-0.11-11.el6_3.1.i686.rpm
RedHat6x86_64spice-gtk-python< 0.11-11.el6_3.1spice-gtk-python-0.11-11.el6_3.1.x86_64.rpm
RedHat6i686spice-gtk< 0.11-11.el6_3.1spice-gtk-0.11-11.el6_3.1.i686.rpm
RedHat6x86_64spice-gtk-devel< 0.11-11.el6_3.1spice-gtk-devel-0.11-11.el6_3.1.x86_64.rpm
RedHat6i686spice-glib< 0.11-11.el6_3.1spice-glib-0.11-11.el6_3.1.i686.rpm
RedHat6srcspice-gtk< 0.11-11.el6_3.1spice-gtk-0.11-11.el6_3.1.src.rpm
RedHat6x86_64spice-gtk-debuginfo< 0.11-11.el6_3.1spice-gtk-debuginfo-0.11-11.el6_3.1.x86_64.rpm
Rows per page:
1-10 of 151

Related

nessus 8
openvas 10
fedora 8
cvelist 1
gentoo 1
nvd 1
cve 1
ubuntucve 1
debiancve 1
veracode 1
prion 1
centos 1
oraclelinux 1
nessus
nessus
GLSA-201406-29 : spice-gtk: Privilege escalation
2014-06-27 00:00:00
Fedora 16 : spice-gtk-0.11-5.fc16 (2012-14046)
2012-10-04 00:00:00
CentOS 6 : spice-gtk (CESA-2012:1284)
2012-09-19 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201406-29
2015-09-29 00:00:00
Fedora Update for spice-gtk FEDORA-2012-14046
2012-10-05 00:00:00
Fedora Update for spice-gtk FEDORA-2012-14107
2012-09-27 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: spice-0.11.3-1.fc18
2012-09-17 22:50:27
[SECURITY] Fedora 18 Update: spice-protocol-0.12.1-1.fc18
2012-09-17 22:50:27
[SECURITY] Fedora 18 Update: virt-viewer-0.5.3-6.fc18
2012-09-17 22:50:26
cvelist
cvelist
CVE-2012-4425
2012-09-18 17:00:00
gentoo
gentoo
spice-gtk: Privilege escalation
2014-06-26 00:00:00
nvd
nvd
CVE-2012-4425
2012-09-18 17:55:08
cve
cve
CVE-2012-4425
2012-09-18 17:55:08
ubuntucve
ubuntucve
CVE-2012-4425
2012-09-18 00:00:00
debiancve
debiancve
CVE-2012-4425
2012-09-18 17:55:08
veracode
veracode
Arbitrary Code Execution
2019-01-15 08:57:53
prion
prion
Code injection
2012-09-18 17:55:00
centos
centos
spice security update
2012-09-17 20:46:45
oraclelinux
oraclelinux
spice-gtk security update
2012-09-17 00:00:00

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for RHSA-2012:1284
nessus8openvas10fedora8cvelist1gentoo1nvd1cve1ubuntucve1debiancve1veracode1prion1centos1oraclelinux1