Gentoo Linux Security Advisory 201406-29 - A vulnerability in spice-gtk could allow local attackers to gain escalated privileges. Versions less than 0.14 are affected.
b9413874188c23654847ff370a14d42def91b36b4d09058318892334cd2315faRed Hat Security Advisory 2012-1284-01 - The spice-gtk packages provide a GIMP Toolkit widget for SPICE clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. It was discovered that the spice-gtk setuid helper application, spice-client-glib-usb-acl-helper, did not clear the environment variables read by the libraries it uses. A local attacker could possibly use this flaw to escalate their privileges by setting specific environment variables before running the helper application.
f2c0f0bb7859b916967ca5677435478e5dd6ca4702ec05db09d5b281423e0052
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed