SUSE-SU-2021:2803-1 -- SLES spice-vdagent| ID: oval:org.secpod.oval:def:89045527 | Date: (C)2021-08-30 (M)2022-10-21 |
| Class: PATCH | Family: unix |
This update for spice-vdagent fixes the following issues: - CVE-2020-25650: memory DoS via arbitrary entries in `active_xfers` hash table - CVE-2020-25651: possible file transfer DoS and information leak via `active_xfers` hash map - CVE-2020-25652: possibility to exhaust file descriptors in `vdagentd` - CVE-2020-25653: UNIX domain socket peer PID retrieved via `SO_PEERCRED` is subject to race condition
| Platform: |
| SUSE Linux Enterprise Server 15 |
| SUSE Linux Enterprise Server 15 SP1 |
