Oval Definition:	oval:org.opensuse.security:def:70281
Revision Date: 2021-08-20 Version: 1 Title: Security update for spice-vdagent (Moderate) Description: This update for spice-vdagent fixes the following issues: - CVE-2020-25650: memory DoS via arbitrary entries in `active_xfers` hash table (bsc#1177780) - CVE-2020-25651: possible file transfer DoS and information leak via `active_xfers` hash map (bsc#1177781) - CVE-2020-25652: possibility to exhaust file descriptors in `vdagentd` (bsc#1177782) - CVE-2020-25653: UNIX domain socket peer PID retrieved via `SO_PEERCRED` is subject to race condition (bsc#1177783) Family: unix Class: patch Status: Reference(s): 1010979 1010980 1020451 1020456 1020458 1020460 1045450 1057152 1088278 1114498 1115637 1117328 1120805 1120807 1177780 1177781 1177782 1177783 CVE-2013-2186 CVE-2014-0050 CVE-2016-9398 CVE-2016-9399 CVE-2017-14132 CVE-2017-5499 CVE-2017-5503 CVE-2017-5504 CVE-2017-5505 CVE-2017-9782 CVE-2018-18873 CVE-2018-19139 CVE-2018-19543 CVE-2018-20570 CVE-2018-20622 CVE-2018-9252 CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653 SUSE-SU-2020:2689-1 SUSE-SU-2021:2803-1 Platform(s): SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Web Scripting 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 Product(s): Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND Package Information jasper-2.0.14-3.16 is installed OR libjasper4-2.0.14-3.16 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 15 SP2 is installed AND apache-commons-fileupload-1.4-1 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 15 is installed AND spice-vdagent-0.17.0-4.3.1 is installed
BACK