Oval Definition:	oval:org.mitre.oval:def:21168
Revision Date: 2014-02-17 Version: 11 Title: RHSA-2013:1273: spice-gtk security update (Important) Description: spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. Family: unix Class: patch Status: ACCEPTED Reference(s): CESA-2013:1273 CVE-2013-4324 RHSA-2013:1273-00 Platform(s): CentOS Linux 6 Red Hat Enterprise Linux 6 Product(s): spice-gtk Definition Synopsis Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 OR The operating system installed on the system is CentOS Linux 6.x AND Packages section spice-gtk-devel is earlier than 0:0.14-7.el6_4.3 OR spice-glib-devel is earlier than 0:0.14-7.el6_4.3 OR spice-gtk-python is earlier than 0:0.14-7.el6_4.3 OR spice-gtk is earlier than 0:0.14-7.el6_4.3 OR spice-gtk-tools is earlier than 0:0.14-7.el6_4.3 OR spice-glib is earlier than 0:0.14-7.el6_4.3
BACK