openSUSE-SU-2021:2614-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:2614-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2021:2614-1
- Related
- Published
- 2021-08-05T08:19:24Z
- Modified
- 2021-08-05T08:19:24Z
- Summary
- Security update for spice-vdagent
- Details
-
This update for spice-vdagent fixes the following issues:
- Update to version 0.21.0
- CVE-2020-25650: memory DoS via arbitrary entries in
active_xfershash table (bsc#1177780) - CVE-2020-25651: possible file transfer DoS and information leak via
active_xfershash map (bsc#1177781) - CVE-2020-25652: possibility to exhaust file descriptors in
vdagentd(bsc#1177782) - CVE-2020-25653: UNIX domain socket peer PID retrieved via
SO_PEERCREDis subject to race condition (bsc#1177783)
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UU4MAHRZUXACEK4PTFMFULLO5A7INQM5/
- https://bugzilla.suse.com/1173749
- https://bugzilla.suse.com/1177780
- https://bugzilla.suse.com/1177781
- https://bugzilla.suse.com/1177782
- https://bugzilla.suse.com/1177783
- https://www.suse.com/security/cve/CVE-2020-25650
- https://www.suse.com/security/cve/CVE-2020-25651
- https://www.suse.com/security/cve/CVE-2020-25652
- https://www.suse.com/security/cve/CVE-2020-25653