Red Hat Security Advisory 2013-1273-01 - The spice-gtk packages provide a GIMP Toolkit widget for SPICE clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. spice-gtk communicated with PolicyKit for authorization via an API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies spice-gtk to communicate with PolicyKit via a different API that is not vulnerable to the race condition.
07c72c42ad7d65ee017a1ca3182c241b7aea1fb50be1454c7aa0aa3ef86feee2