What Are You Looking For?

Sign Up
MGASA-2020-0408 - Updated spice and spice-gtk packages fix a security vulnerability

Publication date: 10 Nov 2020
URL: https://advisories.mageia.org/MGASA-2020-0408.html
Type: security
Affected Mageia releases: 7
CVE: CVE-202020-14355

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding
process of the SPICE remote display system, before spice-0.14.2-1. Both the
SPICE client (spice-gtk) and server are affected by these flaws. These flaws
allow a malicious client or server to send specially crafted messages that,
when processed by the QUIC image compression algorithm, result in a process
crash or potential code execution.
(CVE-2020-14355)

References:
- https://bugs.mageia.org/show_bug.cgi?id=27368
- https://access.redhat.com/errata/RHSA-2020:4186
- https://www.openwall.com/lists/oss-security/2020/10/06/10
- https://ubuntu.com/security/notices/USN-4572-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-202020-14355

SRPMS:
- 7/core/spice-0.14.2-1.1.mga7
- 7/core/spice-gtk-0.37-1.mga7

Mageia 2020-0408: spice and spice-gtk security update

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1

Summary

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. (CVE-2020-14355)

References

- https://bugs.mageia.org/show_bug.cgi?id=27368

- https://access.redhat.com/errata/RHSA-2020:4186

- https://www.openwall.com/lists/oss-security/2020/10/06/10

- https://ubuntu.com/security/notices/USN-4572-1

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-202020-14355

Resolution

MGASA-2020-0408 - Updated spice and spice-gtk packages fix a security vulnerability

SRPMS

- 7/core/spice-0.14.2-1.1.mga7

- 7/core/spice-gtk-0.37-1.mga7

Severity
Publication date: 10 Nov 2020
URL: https://advisories.mageia.org/MGASA-2020-0408.html
Type: security
CVE: CVE-202020-14355

Related News

The Rust Foundation to Develop Training and Certification Program

Dec 3, 2023

Severe Chromium Bug Threatens Sensitive Data, System Availability

Nov 13, 2023

Widespread Xorg DoS, Privilege Escalation Vulns Fixed

Nov 13, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo