Linux Security
    Linux Security
    Linux Security

    Debian LTS: DLA-2524-1: spice-vdagent security update

    Date 13 Jan 2021
    382
    Posted By LinuxSecurity Advisories
    Several vulnerabilities were discovered in spice-vdagent, a spice guest agent for enchancing SPICE integeration and experience. CVE-2017-15108
    -------------------------------------------------------------------------
    Debian LTS Advisory DLA-2524-1                This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/lts/security/                          Abhijith PA
    January 13, 2021                              https://wiki.debian.org/LTS
    -------------------------------------------------------------------------
    
    Package        : spice-vdagent
    Version        : 0.17.0-1+deb9u1
    CVE ID         : CVE-2017-15108 CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 
                     CVE-2020-25653
    Debian Bug     : 883238 973769
    
    Several vulnerabilities were discovered in spice-vdagent, a spice 
    guest agent for enchancing SPICE integeration and experience.
    
    CVE-2017-15108
    
        spice-vdagent does not properly escape save directory before 
        passing to shell, allowing local attacker with access to the
        session the agent runs in to inject arbitrary commands to be
        executed.
    
    CVE-2020-25650
    
        A flaw was found in the way the spice-vdagentd daemon handled file 
        transfers from the host system to the virtual machine. Any 
        unprivileged local guest user with access to the UNIX domain 
        socket path `/run/spice-vdagentd/spice-vdagent-sock` could use 
        this flaw to perform a memory denial of service for spice-vdagentd 
        or even other processes in the VM system. The highest threat from 
        this vulnerability is to system availability. This flaw affects 
        spice-vdagent versions 0.20 and previous versions.
    
    CVE-2020-25651
    
        A flaw was found in the SPICE file transfer protocol. File data 
        from the host system can end up in full or in parts in the client 
        connection of an illegitimate local user in the VM system. Active 
        file transfers from other users could also be interrupted, 
        resulting in a denial of service. The highest threat from this 
        vulnerability is to data confidentiality as well as system 
        availability.
    
    CVE-2020-25652
    
        A flaw was found in the spice-vdagentd daemon, where it did not 
        properly handle client connections that can be established via the 
        UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. 
        Any unprivileged local guest user could use this flaw to prevent 
        legitimate agents from connecting to the spice-vdagentd daemon, 
        resulting in a denial of service. The highest threat from this 
        vulnerability is to system availability. 
    
    CVE-2020-25653
    
        A race condition vulnerability was found in the way the 
        spice-vdagentd daemon handled new client connections. This flaw 
        may allow an unprivileged local guest user to become the active 
        agent for spice-vdagentd, possibly resulting in a denial of 
        service or information leakage from the host. The highest threat 
        from this vulnerability is to data confidentiality as well as 
        system availability.
    
    For Debian 9 stretch, these problems have been fixed in version
    0.17.0-1+deb9u1.
    
    We recommend that you upgrade your spice-vdagent packages.
    
    For the detailed security status of spice-vdagent please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/spice-vdagent
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    

    Advisories

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.