It was discovered that the spice-gtk setuid helper application, spice-client-glib-usb-acl-helper, did not clear the environment variables read by the libraries it uses. A local attacker could possibly use this flaw to escalate their privileges by setting specific environment variables before running the helper application.
This flaw is similar to CVE-2012-3524
Created spice-gtk tracking bugs for this issue
Affects: fedora-all [bug 857228]
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for
reporting this issue.
Created glib2 tracking bugs for this issue
Affects: fedora-all [bug 857227]
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2012:1284 https://rhn.redhat.com/errata/RHSA-2012-1284.html