Oval Definition:	oval:org.opensuse.security:def:69916
Revision Date: 2021-08-20 Version: 1 Title: Security update for spice-vdagent (Moderate) Description: This update for spice-vdagent fixes the following issues: - CVE-2020-25650: memory DoS via arbitrary entries in `active_xfers` hash table (bsc#1177780) - CVE-2020-25651: possible file transfer DoS and information leak via `active_xfers` hash map (bsc#1177781) - CVE-2020-25652: possibility to exhaust file descriptors in `vdagentd` (bsc#1177782) - CVE-2020-25653: UNIX domain socket peer PID retrieved via `SO_PEERCRED` is subject to race condition (bsc#1177783) Family: unix Class: patch Status: Reference(s): 1177780 1177781 1177782 1177783 CVE-2015-7995 CVE-2015-9019 CVE-2016-4738 CVE-2017-5029 CVE-2017-7436 CVE-2017-9269 CVE-2019-11068 CVE-2019-13117 CVE-2019-13118 CVE-2019-18197 CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653 SUSE-SU-2021:2803-1 Platform(s): SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Server 15 SP1-LTSS Product(s): Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND Package Information libxslt-devel-1.1.32-3.8 is installed OR libxslt-tools-1.1.32-3.8 is installed OR libxslt1-1.1.32-3.8 is installed Definition Synopsis SUSE Linux Enterprise Server 15 SP1-LTSS is installed AND spice-vdagent-0.17.0-4.3.1 is installed
BACK