What Are You Looking For?

Sign Up

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2428-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
November 01, 2020                           https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : spice-gtk
Version        : 0.33-3.3+deb9u2
CVE ID         : CVE-2020-14355
Debian Bug     : 971751

Multiple buffer overflow vulnerabilities were found in the QUIC
image decoding process of the SPICE remote display system.

Both the SPICE client (spice-gtk) and server are affected by
these flaws. These flaws allow a malicious client or server to
send specially crafted messages that, when processed by the
QUIC image compression algorithm, result in a process crash or
potential code execution.

For Debian 9 stretch, this problem has been fixed in version
0.33-3.3+deb9u2.

We recommend that you upgrade your spice-gtk packages.

For the detailed security status of spice-gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/spice-gtk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-2428-1: spice-gtk security update

November 1, 2020
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system

Summary

Both the SPICE client (spice-gtk) and server are affected by
these flaws. These flaws allow a malicious client or server to
send specially crafted messages that, when processed by the
QUIC image compression algorithm, result in a process crash or
potential code execution.

For Debian 9 stretch, this problem has been fixed in version
0.33-3.3+deb9u2.

We recommend that you upgrade your spice-gtk packages.

For the detailed security status of spice-gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/spice-gtk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : spice-gtk
Version : 0.33-3.3+deb9u2
CVE ID : CVE-2020-14355
Debian Bug : 971751

Related News

The Rust Foundation to Develop Training and Certification Program

Dec 3, 2023

Severe Chromium Bug Threatens Sensitive Data, System Availability

Nov 13, 2023

Widespread Xorg DoS, Privilege Escalation Vulns Fixed

Nov 13, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo