RedHat: RHSA-2021-1791:01 Moderate: spice-vdagent security and bug ...

Advisories

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: spice-vdagent security and bug fix update
Advisory ID:       RHSA-2021:1791-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:1791
Issue date:        2021-05-18
CVE Names:         CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 
                   CVE-2020-25653 
=====================================================================

1. Summary:

An update for spice-vdagent is now available for Red Hat Enterprise Linux
8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The spice-vdagent packages provide a SPICE agent for Linux guests.

Security Fix(es):

* spice-vdagent: possible file transfer DoS and information leak via
active_xfers hash map (CVE-2020-25651)

* spice-vdagent: UNIX domain socket peer PID retrieved via SO_PEERCRED is
subject to race condition (CVE-2020-25653)

* spice-vdagent: memory DoS via arbitrary entries in active_xfers hash
table (CVE-2020-25650)

* spice-vdagent: possibility to exhaust file descriptors in vdagentd
(CVE-2020-25652)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.4 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1790904 - [wayland] Multiple displays: mouse coordinates taken from the other display
1824610 - [wayland] 3. and 4. spice display does not react to mouse interaction
1886345 - CVE-2020-25650 spice-vdagent: memory DoS via arbitrary entries in active_xfers hash table
1886359 - CVE-2020-25651 spice-vdagent: possible file transfer DoS and information leak via active_xfers hash map
1886366 - CVE-2020-25652 spice-vdagent: possibility to exhaust file descriptors in vdagentd
1886372 - CVE-2020-25653 spice-vdagent: UNIX domain socket peer PID retrieved via SO_PEERCRED is subject to race condition

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
spice-vdagent-0.20.0-3.el8.src.rpm

aarch64:
spice-vdagent-0.20.0-3.el8.aarch64.rpm
spice-vdagent-debuginfo-0.20.0-3.el8.aarch64.rpm
spice-vdagent-debugsource-0.20.0-3.el8.aarch64.rpm

ppc64le:
spice-vdagent-0.20.0-3.el8.ppc64le.rpm
spice-vdagent-debuginfo-0.20.0-3.el8.ppc64le.rpm
spice-vdagent-debugsource-0.20.0-3.el8.ppc64le.rpm

s390x:
spice-vdagent-0.20.0-3.el8.s390x.rpm
spice-vdagent-debuginfo-0.20.0-3.el8.s390x.rpm
spice-vdagent-debugsource-0.20.0-3.el8.s390x.rpm

x86_64:
spice-vdagent-0.20.0-3.el8.x86_64.rpm
spice-vdagent-debuginfo-0.20.0-3.el8.x86_64.rpm
spice-vdagent-debugsource-0.20.0-3.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25650
https://access.redhat.com/security/cve/CVE-2020-25651
https://access.redhat.com/security/cve/CVE-2020-25652
https://access.redhat.com/security/cve/CVE-2020-25653
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYKPvr9zjgjWX9erEAQhbJg//elDnwH6PazFM5ym2nvpki9p9ZFUoQzo/
4TWt06O64/gTikRkYShAAVMVUJ0TVA3gu79H7JkR/uib8Drj9puvJFIGGahvuPnH
3BA3HfnquOIhY2BfSVJkeYjzHETkgpwDS2GvUnDHHBSRi9KeAXWygwg7qX20qqUU
Xq1hAFY1ylynobchpQKUqvIosMWGMdarzCRYywDHlxLxwB7GwucYJiAVDCDMO6hn
QXTid9oOzGR6dKEKHB0zq4R61qlhjLucncl86S6CKMUtAnVHCGndy2VzaQOVJAFp
7vH2WS3ydsxZgyeFeqMW7Y4qUzZzgrp+yqAfhhiAO90iJl7fIaFnFjETZskOj0ZM
Wf3HozzBcky4dpd8XhDJ8Mdhs00SZGr83j55G6UbwoYCaHW9GrYn29GnLEK/Wfk4
x4i7B3u8//lMvSHZnP770WH0YUmSYRYpDudrU82qjPMjYGuKG5wG9tp0ctM/LvFE
m+/UM0WBiSBZ6zUlEkUGXMasgI+huxCmb3Klgy2LQO2QN4jVfkejZikHKc/Vtj5i
t5UcgKQYa7AXNVu1bfG9/iVpucKtByUciFv65PY2appflUw7byZLqVwheW5Na4RC
noe/6zGv0qmekkjR+q8PpzjseeEwVnnBLP/VblBiMwOtt/XvX21D2Lb4IeBYxF7q
zccjVjFXIbk=
=YyxH
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2021-1791:01 Moderate: spice-vdagent security and bug fix

An update for spice-vdagent is now available for Red Hat Enterprise Linux 8

Summary

The spice-vdagent packages provide a SPICE agent for Linux guests.
Security Fix(es):
* spice-vdagent: possible file transfer DoS and information leak via active_xfers hash map (CVE-2020-25651)
* spice-vdagent: UNIX domain socket peer PID retrieved via SO_PEERCRED is subject to race condition (CVE-2020-25653)
* spice-vdagent: memory DoS via arbitrary entries in active_xfers hash table (CVE-2020-25650)
* spice-vdagent: possibility to exhaust file descriptors in vdagentd (CVE-2020-25652)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changesdescribed in this advisory, refer to:https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2020-25650 https://access.redhat.com/security/cve/CVE-2020-25651 https://access.redhat.com/security/cve/CVE-2020-25652 https://access.redhat.com/security/cve/CVE-2020-25653 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: spice-vdagent-0.20.0-3.el8.src.rpm
aarch64: spice-vdagent-0.20.0-3.el8.aarch64.rpm spice-vdagent-debuginfo-0.20.0-3.el8.aarch64.rpm spice-vdagent-debugsource-0.20.0-3.el8.aarch64.rpm
ppc64le: spice-vdagent-0.20.0-3.el8.ppc64le.rpm spice-vdagent-debuginfo-0.20.0-3.el8.ppc64le.rpm spice-vdagent-debugsource-0.20.0-3.el8.ppc64le.rpm
s390x: spice-vdagent-0.20.0-3.el8.s390x.rpm spice-vdagent-debuginfo-0.20.0-3.el8.s390x.rpm spice-vdagent-debugsource-0.20.0-3.el8.s390x.rpm
x86_64: spice-vdagent-0.20.0-3.el8.x86_64.rpm spice-vdagent-debuginfo-0.20.0-3.el8.x86_64.rpm spice-vdagent-debugsource-0.20.0-3.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity
Advisory ID: RHSA-2021:1791-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1791
Issued Date: : 2021-05-18
CVE Names: CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653

Topic

An update for spice-vdagent is now available for Red Hat Enterprise Linux8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

1790904 - [wayland] Multiple displays: mouse coordinates taken from the other display

1824610 - [wayland] 3. and 4. spice display does not react to mouse interaction

1886345 - CVE-2020-25650 spice-vdagent: memory DoS via arbitrary entries in active_xfers hash table

1886359 - CVE-2020-25651 spice-vdagent: possible file transfer DoS and information leak via active_xfers hash map

1886366 - CVE-2020-25652 spice-vdagent: possibility to exhaust file descriptors in vdagentd

1886372 - CVE-2020-25653 spice-vdagent: UNIX domain socket peer PID retrieved via SO_PEERCRED is subject to race condition

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.