Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu: 4617-1 Moderate: SPICE Vdagent Memory Error and DoS Risks

ubuntu
Calendar Grey November 4, 2020
Dist Ubuntu Esm H88
Multiple security issues were addressed in SPICE vdagent impacting Ubuntu environments, which included threats related to denial of service.
Several security issues were fixed in SPICE vdagent.

Summary

Several security issues were fixed in SPICE vdagent.

Software Description:

- spice-vdagent: Spice agent for Linux

Details:

Matthias Gerstner discovered that SPICE vdagent incorrectly handled the

active_xfers hash table. A local attacker could possibly use this issue to

cause SPICE vdagent to consume memory, resulting in a denial of service.

(CVE-2020-25650)

Matthias Gerstner discovered that SPICE vdagent incorrectly handled the

active_xfers hash table. A local attacker could possibly use this issue to

cause SPICE vdagent to consume memory, resulting in a denial of service, or

obtain sensitive file contents. (CVE-2020-25651)

Matthias Gerstner discovered that SPICE vdagent incorrectly handled a large

number of client connections. A local attacker could possibly use this

issue to cause SPICE vdagent to consume resources, resulting in a denial of

service. (CVE-2020-25652)

Matthias Gerstner discovered that SPICE vdagent incorrectly handled client

connection...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  spice-vdagent                   0.20.0-1ubuntu0.1

Ubuntu 20.04 LTS:
  spice-vdagent                   0.19.0-2ubuntu0.2

Ubuntu 18.04 LTS:
  spice-vdagent                   0.17.0-1ubuntu2.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4617-1

CVE-2020-25650, CVE-2020-25651, CVE-2020-25652, CVE-2020-25653

Severity
important
Lowest
Low
Medium
High
Critical

November 04, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here