Уязвимость CVE-2020-25653: Информация
Описание
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.
Важность: MEDIUM (6,3) Вектор: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
|---|---|---|---|---|---|---|
| spice-vdagent | sisyphus | 0.21.0-alt1 | 0.22.1-alt2 | ALT-PU-2021-1106-1 | 265014 | Исправлено |
| spice-vdagent | p10 | 0.21.0-alt1 | 0.22.1-alt1.1 | ALT-PU-2021-1106-1 | 265014 | Исправлено |
| spice-vdagent | p9 | 0.21.0-alt1 | 0.21.0-alt1 | ALT-PU-2021-1155-1 | 265015 | Исправлено |
| spice-vdagent | c10f2 | 0.21.0-alt1 | 0.21.0-alt3 | ALT-PU-2021-1106-1 | 265014 | Исправлено |
| spice-vdagent | c9f2 | 0.21.0-alt3 | 0.21.0-alt3 | ALT-PU-2023-1838-1 | 321199 | Исправлено |
| spice-vdagent | p11 | 0.21.0-alt1 | 0.22.1-alt2 | ALT-PU-2021-1106-1 | 265014 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1886372 |
|
| https://bugzilla.redhat.com/show_bug.cgi?id=1886372 |
|
| [debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update |
|
| [debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update |
|
| FEDORA-2021-510977db25 | |
| FEDORA-2021-510977db25 | |
| FEDORA-2021-09ce0cdfac | |
| FEDORA-2021-09ce0cdfac | |
| https://www.openwall.com/lists/oss-security/2020/11/04/1 |
|
| https://www.openwall.com/lists/oss-security/2020/11/04/1 |
|