Oval Definition:oval:org.opensuse.security:def:74366
Revision Date:2021-08-05Version:1
Title:Security update for spice-vdagent (Important)
Description:

This update for spice-vdagent fixes the following issues:

- Update to version 0.21.0 - CVE-2020-25650: memory DoS via arbitrary entries in `active_xfers` hash table (bsc#1177780) - CVE-2020-25651: possible file transfer DoS and information leak via `active_xfers` hash map (bsc#1177781) - CVE-2020-25652: possibility to exhaust file descriptors in `vdagentd` (bsc#1177782) - CVE-2020-25653: UNIX domain socket peer PID retrieved via `SO_PEERCRED` is subject to race condition (bsc#1177783)
Family:unixClass:patch
Status:Reference(s):1115015
1115022
1115025
1138529
1145579
1145580
1145582
1152856
1154212
1173749
1177780
1177781
1177782
1177783
CVE-2018-16843
CVE-2018-16844
CVE-2018-16845
CVE-2019-2894
CVE-2019-2933
CVE-2019-2945
CVE-2019-2949
CVE-2019-2958
CVE-2019-2962
CVE-2019-2964
CVE-2019-2973
CVE-2019-2975
CVE-2019-2978
CVE-2019-2981
CVE-2019-2983
CVE-2019-2987
CVE-2019-2988
CVE-2019-2989
CVE-2019-2992
CVE-2019-2999
CVE-2019-9511
CVE-2019-9513
CVE-2019-9516
CVE-2020-25650
CVE-2020-25651
CVE-2020-25652
CVE-2020-25653
openSUSE-SU-2019:2120-1
openSUSE-SU-2019:2687-1
SUSE-SU-2021:2614-1
Platform(s):openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • nginx-1.14.2-lp151.4.3 is installed
  • OR nginx-source-1.14.2-lp151.4.3 is installed
  • OR vim-plugin-nginx-1.14.2-lp151.4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP3 is installed
  • AND spice-vdagent-0.21.0-3.3.1 is installed
    • BACK