Oval Definition:oval:org.opensuse.security:def:69717
Revision Date:2021-08-20Version:1
Title:Security update for spice-vdagent (Moderate)
Description:

This update for spice-vdagent fixes the following issues:

- CVE-2020-25650: memory DoS via arbitrary entries in `active_xfers` hash table (bsc#1177780) - CVE-2020-25651: possible file transfer DoS and information leak via `active_xfers` hash map (bsc#1177781) - CVE-2020-25652: possibility to exhaust file descriptors in `vdagentd` (bsc#1177782) - CVE-2020-25653: UNIX domain socket peer PID retrieved via `SO_PEERCRED` is subject to race condition (bsc#1177783)
Family:unixClass:patch
Status:Reference(s):1177780
1177781
1177782
1177783
CVE-2016-1567
CVE-2017-5884
CVE-2017-5885
CVE-2020-25650
CVE-2020-25651
CVE-2020-25652
CVE-2020-25653
SUSE-SU-2021:2803-1
Platform(s):SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Server 15 SP1-BCL
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND Package Information
  • chrony-3.2-9.12 is installed
  • OR chrony-pool-empty-3.2-9.12 is installed
  • OR chrony-pool-suse-3.2-9.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 15 SP1-BCL is installed
  • AND spice-vdagent-0.17.0-4.3.1 is installed
    • BACK