AVG-1303 log
| Package | spice-vdagent |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 0.20.0+6+g8adf50d-1 |
| Fixed | 0.21.0-1 |
| Current | 0.22.1-3 [extra] |
| Ticket | FS#68531 |
| Created | Thu Nov 26 09:57:20 2020 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2020-25653 | Medium | No | Information disclosure | A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local... |
| CVE-2020-25652 | Low | No | Denial of service | A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in... |
| CVE-2020-25651 | Medium | No | Information disclosure | A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an... |
| CVE-2020-25650 | Low | No | Denial of service | A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user... |
| References |
|---|
https://www.openwall.com/lists/oss-security/2020/11/04/1 |