AVG-1303 log

Package spice-vdagent
Status Fixed
Severity Medium
Type multiple issues
Affected 0.20.0+6+g8adf50d-1
Fixed 0.21.0-1
Current 0.22.1-4 [extra]
Ticket FS#68531
Created Thu Nov 26 09:57:20 2020
Issue Severity Remote Type Description
CVE-2020-25653 Medium No Information disclosure
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local...
CVE-2020-25652 Low No Denial of service
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in...
CVE-2020-25651 Medium No Information disclosure
A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an...
CVE-2020-25650 Low No Denial of service
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user...
References
https://www.openwall.com/lists/oss-security/2020/11/04/1