spice-vdagent 0.20.0-1ubuntu0.1 source package in Ubuntu
Changelog
spice-vdagent (0.20.0-1ubuntu0.1) groovy-security; urgency=medium * SECURITY UPDATE: Memory DoS via Arbitrary Entries in active_xfers Hash Table - debian/patches/CVE-2020-25650-1.patch: avoid agents allocating file transfers in src/vdagentd/vdagentd.c. - debian/patches/CVE-2020-25650-2.patch: avoid uncontrolled active_xfers allocations in src/vdagentd/vdagentd.c. - CVE-2020-25650 * SECURITY UPDATE: Possible File Transfer DoS and Information Leak via active_xfers Hash Map - debian/patches/CVE-2020-25651-1.patch: cleanup active_xfers when the client disconnects in src/vdagentd/vdagentd.c. - debian/patches/CVE-2020-25651-2.patch: do not allow using an already used file-xfer id in src/vdagentd/vdagentd.c. - CVE-2020-25651 * SECURITY UPDATE: Possibility to Exhaust File Descriptors in vdagentd - debian/patches/CVE-2020-25652-1.patch: avoid unlimited agent connections in src/udscs.c. - debian/patches/CVE-2020-25652-2.patch: limit number of agents per session to 1 in src/vdagentd/vdagentd.c. - CVE-2020-25652 * SECURITY UPDATE: UNIX Domain Socket Peer PID Retrieved via SO_PEERCRED is Subject to Race Condition - debian/patches/CVE-2020-25653-1.patch: avoid user session hijacking in src/vdagent-connection.c, src/vdagent-connection.h, src/vdagentd/vdagentd.c. - debian/patches/CVE-2020-25653-2.patch: better check for sessions in src/vdagentd/console-kit.c, src/vdagentd/dummy-session-info.c, src/vdagentd/session-info.h, src/vdagentd/systemd-login.c, src/vdagentd/vdagentd.c. - CVE-2020-25653 * Additional fixes: - debian/patches/CVE-2020-2565x-1.patch: avoid calling chmod in src/vdagentd/vdagentd.c. -- Marc Deslauriers <email address hidden> Thu, 29 Oct 2020 13:53:06 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Groovy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- x11
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
spice-vdagent_0.20.0.orig.tar.bz2 | 148.9 KiB | 2e6b7222675ee19ea38c52165abe4d836c2ac5d5bf902d4dfca13da1ec143359 |
spice-vdagent_0.20.0.orig.tar.bz2.asc | 833 bytes | d2863154dac77d3ab3cfe87b139429041bdad4ff8bf73d75c3726ab248fce340 |
spice-vdagent_0.20.0-1ubuntu0.1.debian.tar.xz | 20.6 KiB | 8067ec1ea28802a9800e19af93c7ea55815e4a5cc6bc7ce4b3824e8b6becff64 |
spice-vdagent_0.20.0-1ubuntu0.1.dsc | 2.5 KiB | 85fd6b7b35064588db1607ba61d588dd027024b5d4062a4832c090a243c40233 |
Available diffs
Binary packages built by this source
- spice-vdagent: No summary available for spice-vdagent in ubuntu groovy.
No description available for spice-vdagent in ubuntu groovy.
- spice-vdagent-dbgsym: No summary available for spice-vdagent-dbgsym in ubuntu hirsute.
No description available for spice-vdagent-
dbgsym in ubuntu hirsute.