Several security issues were fixed in SPICE vdagent.
Software Description:
- spice-vdagent: Spice agent for Linux
Details:
Matthias Gerstner discovered that SPICE vdagent incorrectly handled the
active_xfers hash table. A local attacker could possibly use this issue to
cause SPICE vdagent to consume memory, resulting in a denial of service.
(CVE-2020-25650)
Matthias Gerstner discovered that SPICE vdagent incorrectly handled the
active_xfers hash table. A local attacker could possibly use this issue to
cause SPICE vdagent to consume memory, resulting in a denial of service, or
obtain sensitive file contents. (CVE-2020-25651)
Matthias Gerstner discovered that SPICE vdagent incorrectly handled a large
number of client connections. A local attacker could possibly use this
issue to cause SPICE vdagent to consume resources, resulting in a denial of
service. (CVE-2020-25652)
Matthias Gerstner discovered that SPICE vdagent incorrectly handled client
connection...
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: spice-vdagent 0.20.0-1ubuntu0.1 Ubuntu 20.04 LTS: spice-vdagent 0.19.0-2ubuntu0.2 Ubuntu 18.04 LTS: spice-vdagent 0.17.0-1ubuntu2.2 After a standard system update you need to reboot your computer to make all the necessary changes.
https://ubuntu.com/security/notices/USN-4617-1
CVE-2020-25650, CVE-2020-25651, CVE-2020-25652, CVE-2020-25653
Get the latest Linux and open source security news straight to your inbox.