SUSE-SU-2021:2766-1 -- SLES spice-vdagentID: oval:org.secpod.oval:def:89045521 | Date: (C)2021-08-23 (M)2022-10-21 |
Class: PATCH | Family: unix |
This update for spice-vdagent fixes the following issues: - CVE-2020-25650: memory DoS via arbitrary entries in `active_xfers` hash table - CVE-2020-25651: possible file transfer DoS and information leak via `active_xfers` hash map - CVE-2020-25652: possibility to exhaust file descriptors in `vdagentd` - CVE-2020-25653: UNIX domain socket peer PID retrieved via `SO_PEERCRED` is subject to race condition
Platform: |
SUSE Linux Enterprise Server 12 SP5 |