Skip to content
  • Peter Korsgaard's avatar
    spice: security bump to version 0.12.6 · 622ff3d6
    Peter Korsgaard authored
    Fixes the following security issues:
    
    CVE-2015-3247: Race condition in the worker_update_monitors_config function
    in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial
    of service (heap-based memory corruption and QEMU-KVM crash) or possibly
    execute arbitrary code on the host via unspecified vectors.
    
    CVE-2015-5260: Heap-based buffer overflow in SPICE before 0.12.6 allows
    guest OS users to cause a denial of service (heap-based memory corruption
    and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL
    commands related to the surface_id parameter.
    
    CVE-2015
    
    -5261: Heap-based buffer overflow in SPICE before 0.12.6 allows
    guest OS users to read and write to arbitrary memory locations on the host
    via guest QXL commands related to surface creation.
    
    Client/gui support is gone upstream (moved to spice-gtk / virt-viewer), so
    add Config.in.legacy handling for them.
    
    Lz4 is a new optional dependency, so handle it.
    
    The spice protocol definition is no longer included and instead used from
    spice-protocol.  The build system uses pkg-config --variable=codegendir to
    find the build time path of this, which doesn't take our STAGING_DIR prefix
    into consideration, so it needs some help.  The installed protocol
    definition will likewise be newer than the generated files, so we need to
    workaround that to ensure they are not regenerated (which needs host python
    / pyparsing).
    
    Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
    Reviewed-by: default avatar"Yann E. MORIN" <yann.morin.1998@free.fr>
    Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
    622ff3d6