Mageia: 2020-0408 Critical Advisory for Spice Buffer Overflow
mageia
November 10, 2020
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1
Summary
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding
process of the SPICE remote display system, before spice-0.14.2-1. Both the
SPICE client (spice-gtk) and server are affected by these flaws. These flaws
allow a malicious client or server to send specially crafted messages that,
when processed by the QUIC image compression algorithm, result in a process
crash or potential code execution.
(CVE-2020-14355)
References
- https://bugs.mageia.org/show_bug.cgi?id=27368
- https://access.redhat.com/errata/RHSA-2020:4186
- https://www.openwall.com/lists/oss-security/2020/10/06/10
- https://ubuntu.com/security/notices/USN-4572-1
- https://www.cve.org/CVERecord?id=CVE-202020-14355
Topics Covered
Resolution
SRPMS
- 7/core/spice-0.14.2-1.1.mga7
- 7/core/spice-gtk-0.37-1.mga7
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 10 Nov 2020
URL: https://advisories.mageia.org/MGASA-2020-0408.html
Type: security
CVE: CVE-202020-14355
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!