Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 33 FEDORA-2021-09ce0cdfac Critical: Spice-Vdagent Memory DoS

fedora
Calendar Grey February 11, 2021
Dist Fedora Esm H88
Fedora 33 resolves major security vulnerabilities linked to spice-vdagent, focusing on mitigating risks associated with memory usage and file management.
Update to spice-vdagent 0.21.0: security fixes: CVE-2020-25650, CVE-2020-25651, CVE-2020-25652, CVE-2020-25653

Summary

Spice agent for Linux guests offering the following features:

Features:

* Client mouse mode (no need to grab mouse by client, no mouse lag)

this is handled by the daemon by feeding mouse events into the kernel

via uinput. This will only work if the active X-session is running a

spice-vdagent process so that its resolution can be determined.

* Automatic adjustment of the X-session resolution to the client resolution

* Support of copy and paste (text and images) between the active X-session

and the client

Update to spice-vdagent 0.21.0: security fixes: CVE-2020-25650, CVE-2020-25651,

CVE-2020-25652, CVE-2020-25653

* Mon Feb 8 2021 Victor Toso 0.21.0-1

- Update to spice-vdagent 0.21.0

[ 1 ] Bug #1886345 - CVE-2020-25650 spice-vdagent: memory DoS via arbitrary entries in `active_xfers` hash table

https://bugzilla.redhat.com/show_bug.cgi?id=1886345

[ 2 ] Bug #1886359 - CVE-2020-25651 spice-vdagent: possible file transfer DoS and information leak via `active_xfers` hash map

https://bugzilla.redhat.com/show_bug.cgi?id=1886359

[ 3 ] Bug #1886366 - CVE-2020-25652 spice-vdagent: possibility to exhaust file descriptors in `vdagentd`

https://bugzilla.redhat.com/show_bug.cgi?id=1886366

[ 4 ] Bug #1886372 - CVE-2020-25653 spice-vdagent: UNIX domain socket peer PID retrieved via `SO_PEERCRED` is subject to race condition

https://bugzilla.redhat.com/show_bug.cgi?id=1886372

su -c 'dnf upgrade --advisory FEDORA-2021-09ce0cdfac' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory information leak Fedora file handling file transfer memory DoS spice-vdagent

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 33
Version: 0.21.0
Release: 1.fc33
URL: https://spice-space.org/
Summary: Agent for Spice guests

Topics%20covered

Topics Covered

security advisory information leak Fedora file handling file transfer memory DoS spice-vdagent

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here