Qspice - Red Hat ENTERPRISE LINUX 5.5 - TECHNICAL NOTES Manual

A buffer over-read flaw was found in the way PyXML's Expat parser handled malformed UTF-8
sequences when processing XML files. A specially-crafted XML file could cause Python applications
using PyXML's Expat parser to crash while parsing the file.
This update makes PyXML use the system Expat library rather than its own internal copy; therefore,
users must install the RHSA-2009:1625 expat update together with this PyXML update to resolve the
1764
CVE-2009-3720
issue.
All PyXML users should upgrade to this updated package, which changes PyXML to use the system
Expat library. After installing this update along with RHSA-2009:1625, applications using the PyXML
library must be restarted for the update to take effect.

1.170. qspice

1.170.1. RHBA-2009:1489: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:1489
Updated qspice packages that fix several bugs are now available.
The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol
designed for virtual environments. SPICE users can view a virtualized desktop or server from the
local system or any system with network access to the server. SPICE is available for a variety of
machine architectures and operating systems. SPICE is used in Red Hat Enterprise Linux for viewing
virtualized guests running on the KVM hypervisor or on Red Hat Enterprise Virtualization Hypervisors.
These updated packages fix the following bugs:
* the SPICE server uses a heuristic method for detecting video streams. Some sites, however, send
two video frame pixmaps: the actual size of the frame and a variant that measures from the top-left
of the web-page presenting the frame to the bottom-right of the video frame. Receiving two video
pixmaps caused the SPICE heuristic to fail to detect the video stream. This failure also caused a
dramatic increase in CPU use and network traffic. With this update, the heuristic detects dual-pixmap
video streams accurately; video playback occurs as expected and CPU use and network traffic no
longer spike. (BZ#521791
* previously the SPICE server used a fixed bit-rate for video streams. If external factors affected the
data stream, this fixed bit-rate resulted in dropped frames and low quality playback. With this update,
the SPICE server no longer uses a hard-coded bit-rate; instead it can choose a bit-rate that reflects
current network conditions, improving video playback in low-bandwidth conditions.
* on new client connections the SPICE server previously sent the client an uncompressed initial
screen image. In low bandwidth conditions this resulted in a long period of apparent inactivity, with
1763
https://www.redhat.com/security/data/cve/CVE-2009-3720.html
1764
https://www.redhat.com/security/data/cve/CVE-2009-3720.html
1766
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=521791
1767
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=521792
1765
1766
)
1763
(CVE-2009-3720 )
qspice
1767
(BZ#521792 )
219