[ubuntu/groovy-security] spice-vdagent 0.20.0-1ubuntu0.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Nov 4 11:42:14 UTC 2020

spice-vdagent (0.20.0-1ubuntu0.1) groovy-security; urgency=medium

  * SECURITY UPDATE: Memory DoS via Arbitrary Entries in active_xfers Hash
    - debian/patches/CVE-2020-25650-1.patch: avoid agents allocating file
      transfers in src/vdagentd/vdagentd.c.
    - debian/patches/CVE-2020-25650-2.patch: avoid uncontrolled
      active_xfers allocations in src/vdagentd/vdagentd.c.
    - CVE-2020-25650
  * SECURITY UPDATE: Possible File Transfer DoS and Information Leak via
    active_xfers Hash Map
    - debian/patches/CVE-2020-25651-1.patch: cleanup active_xfers when the
      client disconnects in src/vdagentd/vdagentd.c.
    - debian/patches/CVE-2020-25651-2.patch: do not allow using an already
      used file-xfer id in src/vdagentd/vdagentd.c.
    - CVE-2020-25651
  * SECURITY UPDATE: Possibility to Exhaust File Descriptors in vdagentd
    - debian/patches/CVE-2020-25652-1.patch: avoid unlimited agent
      connections in src/udscs.c.
    - debian/patches/CVE-2020-25652-2.patch: limit number of agents per
      session to 1 in src/vdagentd/vdagentd.c.
    - CVE-2020-25652
  * SECURITY UPDATE: UNIX Domain Socket Peer PID Retrieved via SO_PEERCRED
    is Subject to Race Condition
    - debian/patches/CVE-2020-25653-1.patch: avoid user session hijacking
      in src/vdagent-connection.c, src/vdagent-connection.h,
    - debian/patches/CVE-2020-25653-2.patch: better check for sessions in
      src/vdagentd/console-kit.c, src/vdagentd/dummy-session-info.c,
      src/vdagentd/session-info.h, src/vdagentd/systemd-login.c,
    - CVE-2020-25653
  * Additional fixes:
    - debian/patches/CVE-2020-2565x-1.patch: avoid calling chmod in

Date: 2020-10-30 18:41:14.427397+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Groovy-changes mailing list