| Revision Date: | 2020-12-01 | Version: | 1 |
| Title: | Security update for spice-vdagent (Important) |
| Description: |
This update for spice-vdagent fixes the following issues:
Security issues fixed:
- CVE-2020-25650: Fixed a memory DoS via arbitrary entries in `active_xfers` hash table (bsc#1177780). - CVE-2020-25651: Fixed a possible file transfer DoS and information leak via `active_xfers` hash map (bsc#1177781). - CVE-2020-25652: Fixed a possibility to exhaust file descriptors in `vdagentd` (bsc#1177782). - CVE-2020-25653: Fixed a race condition when the UNIX domain socket peer PID retrieved via `SO_PEERCRED` (bsc#1177783).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1173749
1177780
1177781
1177782
1177783
CVE-2020-25650
CVE-2020-25651
CVE-2020-25652
CVE-2020-25653
|
| Platform(s): | openSUSE Leap 15.2
| Product(s): | |
| Definition Synopsis |
| openSUSE Leap 15.2 is installed AND spice-vdagent-0.19.0-lp152.2.3 is installed
|