Bug 1230118
Summary: | Possible security escalation in spice-server | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Frediano Ziglio <fziglio> | ||||
Component: | spice | Assignee: | Default Assignee for SPICE Bugs <rh-spice-bugs> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | SPICE QE bug list <spice-qe-bugs> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 7.3 | CC: | astepano, bsanford, cfergeau, fidencio, security-response-team, uril, vkaigoro | ||||
Target Milestone: | rc | Keywords: | Security | ||||
Target Release: | 7.3 | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-09-07 14:23:36 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1233238 | ||||||
Attachments: |
|
Description
Frediano Ziglio
2015-06-10 09:40:13 UTC
Created attachment 1037193 [details]
proposed patch
Also, the patch protects memory access by calling get_virt the second time to protect access to 'count' heads (instead of a single head before). I guess this bug could be marked as a duplicate of rhbz#1239128 ? *** This bug has been marked as a duplicate of bug 1233238 *** |