MGASA-2020-0474

Source
https://advisories.mageia.org/MGASA-2020-0474.html
Import Source
https://advisories.mageia.org/MGASA-2020-0474.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2020-0474
Related
Published
2020-12-29T11:57:17Z
Modified
2020-12-29T10:44:21Z
Summary
Updated spice-vdagent package fixes security vulnerabilities
Details

Matthias Gerstner discovered that SPICE vdagent incorrectly handled the active_xfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service (CVE-2020-25650).

Matthias Gerstner discovered that SPICE vdagent incorrectly handled the active_xfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service, or obtain sensitive file contents (CVE-2020-25651).

Matthias Gerstner discovered that SPICE vdagent incorrectly handled a large number of client connections. A local attacker could possibly use this issue to cause SPICE vdagent to consume resources, resulting in a denial of service (CVE-2020-25652).

Matthias Gerstner discovered that SPICE vdagent incorrectly handled client connections. A local attacker could possibly use this issue to obtain sensitive information, paste clipboard contents, and transfer files into the active session (CVE-2020-25653).

References
Credits

Affected packages

Mageia:7 / spice-vdagent

Package

Name
spice-vdagent
Purl
pkg:rpm/mageia/spice-vdagent?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.19.0-1.1.mga7

Ecosystem specific

{
    "section": "core"
}