[ubuntu/bionic-security] spice-vdagent 0.17.0-1ubuntu2.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Nov 4 11:42:15 UTC 2020
spice-vdagent (0.17.0-1ubuntu2.2) bionic-security; urgency=medium
* SECURITY UPDATE: Memory DoS via Arbitrary Entries in active_xfers Hash
Table
- debian/patches/CVE-2020-25650-1.patch: avoid agents allocating file
transfers in srcvdagentd.c.
- debian/patches/CVE-2020-25650-2.patch: avoid uncontrolled
active_xfers allocations in src/vdagentd.c.
- CVE-2020-25650
* SECURITY UPDATE: Possible File Transfer DoS and Information Leak via
active_xfers Hash Map
- debian/patches/CVE-2020-25651-1.patch: cleanup active_xfers when the
client disconnects in src/vdagentd.c.
- debian/patches/CVE-2020-25651-2.patch: do not allow using an already
used file-xfer id in src/vdagentd.c.
- CVE-2020-25651
* SECURITY UPDATE: Possibility to Exhaust File Descriptors in vdagentd
- debian/patches/CVE-2020-25652-1.patch: avoid unlimited agent
connections in src/udscs.c.
- debian/patches/CVE-2020-25652-2.patch: limit number of agents per
session to 1 in src/vdagentd.c.
- CVE-2020-25652
* SECURITY UPDATE: UNIX Domain Socket Peer PID Retrieved via SO_PEERCRED
is Subject to Race Condition
- debian/patches/CVE-2020-25653-1.patch: avoid user session hijacking
in src/udscs.c, src/udscs.h, src/vdagentd.c.
- debian/patches/CVE-2020-25653-2.patch: better check for sessions in
src/console-kit.c, src/dummy-session-info.c, src/session-info.h,
src/systemd-login.c, src/vdagentd.c.
- CVE-2020-25653
* Additional fixes:
- debian/patches/CVE-2020-2565x-1.patch: avoid calling chmod in
src/vdagentd.c.
Date: 2020-11-02 22:06:13.515000+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/spice-vdagent/0.17.0-1ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list