SUSE-SU-2021:2803-1

Details

This update for spice-vdagent fixes the following issues:

CVE-2020-25650: memory DoS via arbitrary entries in active_xfers hash table (bsc#1177780)
CVE-2020-25651: possible file transfer DoS and information leak via active_xfers hash map (bsc#1177781)
CVE-2020-25652: possibility to exhaust file descriptors in vdagentd (bsc#1177782)
CVE-2020-25653: UNIX domain socket peer PID retrieved via SO_PEERCRED is subject to race condition (bsc#1177783)

Affected Packages

spice-vdagent

SUSE Enterprise Storage 6SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP1-LTSSSUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSS

Fixed in:

0.17.0-4.3.1

References

REPORT

https://bugzilla.suse.com/1177780

REPORT

https://bugzilla.suse.com/1177781

REPORT

https://bugzilla.suse.com/1177782

REPORT

https://bugzilla.suse.com/1177783

WEB