ArchLinux: 202107-12: spice: multiple issues | LinuxSecurity.com

Advisories

Arch Linux Security Advisory ASA-202107-12
==========================================

Severity: Critical
Date    : 2021-07-06
CVE-ID  : CVE-2020-14355 CVE-2021-20201
Package : spice
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1239

Summary
=======

The package spice before version 0.15.0-1 is vulnerable to multiple
issues including arbitrary code execution and denial of service.

Resolution
==========

Upgrade to 0.15.0-1.

# pacman -Syu "spice>=0.15.0-1"

The problems have been fixed upstream in version 0.15.0.

Workaround
==========

None.

Description
===========

- CVE-2020-14355 (arbitrary code execution)

Multiple buffer overflow vulnerabilities were found in the QUIC image
decoding process of the SPICE remote display system. More specifically,
these flaws reside in the spice-common shared code between the client
and server of SPICE. In other words, both the client (spice-gtk) and
server are affected by these flaws. A malicious client or server could
send specially crafted messages which could result in a process crash
or potential code execution scenario. The issues have been fixed in
spice (server) version 0.14.90 and spice-gtk (client) version 0.39.

- CVE-2021-20201 (denial of service)

An issue was discovered in SPICE server before version 0.15.0. There is
a vulnerability which might make it easier for remote attackers to
cause a denial of service (CPU consumption) by performing many
renegotiations within a single connection.

Impact
======

A remote attacker could execute arbitrary code on the SPICE server
using crafted messages, or cause high CPU consumption by performing
many renegotiations.

References
==========

https://bugs.archlinux.org/task/68166
https://www.openwall.com/lists/oss-security/2020/10/06/10
https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0abae36033ccde658fd52d3235887b60862d
https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d74782c8b5e57d146c5bf3118bb41bf3378e4
https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7b82e15d759e5415b8e35b92bb1a4c206
https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b66b86e601c725d30f00c37e684b6395b6
https://gitlab.freedesktop.org/spice/spice/-/commit/4f71d0cdb79d2f61da49d439a5b72e3ce0070313
https://gitlab.freedesktop.org/spice/spice-gtk/-/commit/df0d3f9d95fe8235b95fa291feb746ba5e3bd6aa
https://bugzilla.redhat.com/show_bug.cgi?id=1921846
https://gitlab.freedesktop.org/spice/spice/-/issues/49
https://gitlab.freedesktop.org/spice/spice/-/merge_requests/150
https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9
https://gitlab.freedesktop.org/spice/spice/-/commit/ca5bbc5692e052159bce1a75f55dc60b36078749
https://security.archlinux.org/CVE-2020-14355
https://security.archlinux.org/CVE-2021-20201

ArchLinux: 202107-12: spice: multiple issues

July 9, 2021
The package spice before version 0.15.0-1 is vulnerable to multiple issues including arbitrary code execution and denial of service

Summary

- CVE-2020-14355 (arbitrary code execution)
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. More specifically, these flaws reside in the spice-common shared code between the client and server of SPICE. In other words, both the client (spice-gtk) and server are affected by these flaws. A malicious client or server could send specially crafted messages which could result in a process crash or potential code execution scenario. The issues have been fixed in spice (server) version 0.14.90 and spice-gtk (client) version 0.39.
- CVE-2021-20201 (denial of service)
An issue was discovered in SPICE server before version 0.15.0. There is a vulnerability which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.

Resolution

Upgrade to 0.15.0-1.
# pacman -Syu "spice>=0.15.0-1"
The problems have been fixed upstream in version 0.15.0.

References

https://bugs.archlinux.org/task/68166 https://www.openwall.com/lists/oss-security/2020/10/06/10 https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0abae36033ccde658fd52d3235887b60862d https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d74782c8b5e57d146c5bf3118bb41bf3378e4 https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7b82e15d759e5415b8e35b92bb1a4c206 https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b66b86e601c725d30f00c37e684b6395b6 https://gitlab.freedesktop.org/spice/spice/-/commit/4f71d0cdb79d2f61da49d439a5b72e3ce0070313 https://gitlab.freedesktop.org/spice/spice-gtk/-/commit/df0d3f9d95fe8235b95fa291feb746ba5e3bd6aa https://bugzilla.redhat.com/show_bug.cgi?id=1921846 https://gitlab.freedesktop.org/spice/spice/-/issues/49 https://gitlab.freedesktop.org/spice/spice/-/merge_requests/150 https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9 https://gitlab.freedesktop.org/spice/spice/-/commit/ca5bbc5692e052159bce1a75f55dc60b36078749 https://security.archlinux.org/CVE-2020-14355 https://security.archlinux.org/CVE-2021-20201

Severity
CVE-ID : CVE-2020-14355 CVE-2021-20201
Package : spice
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1239

Impact

A remote attacker could execute arbitrary code on the SPICE server using crafted messages, or cause high CPU consumption by performing many renegotiations.

Workaround

None.

Related News

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.