CVE-2013-4130
First published: Mon Jul 15 2013(Updated: )
Currently, both red_channel_pipes_add_type() and red_channel_pipes_add_empty_msg() use plaing RING_FOREACH() which is not safe versus removals from the ring within the loop body. Yet, when (network) error does occur, the current item could be removed from the ring down the road and the assertion in RING_FOREACH()'s ring_next() could trip, causing the process containing the spice server to abort. An user able to initiate spice connection to the guest could use this flaw to crash the guest. Upstream fix: <a href="http://cgit.freedesktop.org/spice/spice/commit/?id=53488f0275d6c8a121af49f7ac817d09ce68090d">http://cgit.freedesktop.org/spice/spice/commit/?id=53488f0275d6c8a121af49f7ac817d09ce68090d</a> Acknowledgements: This issue was discovered by David Gibson of Red Hat.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Spice Project Spice | <=0.12.3 | |
| Spice Project Spice | =0.5.2 | |
| Spice Project Spice | =0.5.3 | |
| Spice Project Spice | =0.6.0 | |
| Spice Project Spice | =0.6.1 | |
| Spice Project Spice | =0.6.2 | |
| Spice Project Spice | =0.6.3 | |
| Spice Project Spice | =0.6.4 | |
| Spice Project Spice | =0.7.0 | |
| Spice Project Spice | =0.7.1 | |
| Spice Project Spice | =0.7.2 | |
| Spice Project Spice | =0.7.3 | |
| Spice Project Spice | =0.8.0 | |
| Spice Project Spice | =0.8.1 | |
| Spice Project Spice | =0.8.2 | |
| Spice Project Spice | =0.8.3 | |
| Spice Project Spice | =0.9.0 | |
| Spice Project Spice | =0.9.1 | |
| Spice Project Spice | =0.10.0 | |
| Spice Project Spice | =0.10.1 | |
| Spice Project Spice | =0.11.0 | |
| Spice Project Spice | =0.11.3 | |
| Spice Project Spice | =0.12.0 | |
| Spice Project Spice | =0.12.2 | |
| Canonical Ubuntu Linux | =13.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://cgit.freedesktop.org/spice/spice/commit/?id=53488f0275d6c8a121af49f7ac817d09ce68090d
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=984802
- https://rhn.redhat.com/errata/RHSA-2013-1192.html
- https://rhn.redhat.com/errata/RHSA-2013-1260.html
- https://bugzilla.redhat.com/show_bug.cgi?id=984769
- http://rhn.redhat.com/errata/RHSA-2013-1260.html
- http://seclists.org/oss-sec/2013/q3/115
- http://www.debian.org/security/2014/dsa-2839
- http://www.ubuntu.com/usn/USN-1926-1
- collector/redhat-bugzilla
- alias/CVE-2013-4130
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- vendor/spice project
- canonical/spice project spice
- version/spice project spice/0.12.3
- version/spice project spice/0.5.2
- version/spice project spice/0.5.3
- version/spice project spice/0.6.0
- version/spice project spice/0.6.1
- version/spice project spice/0.6.2
- version/spice project spice/0.6.3
- version/spice project spice/0.6.4
- version/spice project spice/0.7.0
- version/spice project spice/0.7.1
- version/spice project spice/0.7.2
- version/spice project spice/0.7.3
- version/spice project spice/0.8.0
- version/spice project spice/0.8.1
- version/spice project spice/0.8.2
- version/spice project spice/0.8.3
- version/spice project spice/0.9.0
- version/spice project spice/0.9.1
- version/spice project spice/0.10.0
- version/spice project spice/0.10.1
- version/spice project spice/0.11.0
- version/spice project spice/0.11.3
- version/spice project spice/0.12.0
- version/spice project spice/0.12.2
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/13.04