| Revision Date: | 2020-11-10 | Version: | 1 |
| Title: | Security update for spice-vdagent (Important) |
| Description: |
This update for spice-vdagent fixes the following issues:
Security issues fixed:
- CVE-2020-25650: Fixed a memory DoS via arbitrary entries in `active_xfers` hash table (bsc#1177780). - CVE-2020-25651: Fixed a possible file transfer DoS and information leak via `active_xfers` hash map (bsc#1177781). - CVE-2020-25652: Fixed a possibility to exhaust file descriptors in `vdagentd` (bsc#1177782). - CVE-2020-25653: Fixed a race condition when the UNIX domain socket peer PID retrieved via `SO_PEERCRED` (bsc#1177783).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1173749
1177780
1177781
1177782
1177783
CVE-2020-25650
CVE-2020-25651
CVE-2020-25652
CVE-2020-25653
SUSE-SU-2020:3268-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP2 is installed AND spice-vdagent-0.19.0-3.3.1 is installed
|