File _patchinfo of Package patchinfo.20485

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.20485

<patchinfo incident="20485">
  <issue tracker="bnc" id="1177782">VUL-0: CVE-2020-25652: spice-vdagent: possibility to exhaust file descriptors in `vdagentd`</issue>
  <issue tracker="bnc" id="1177780">VUL-0: CVE-2020-25650: spice-vdagent: memory DoS via arbitrary entries in `active_xfers` hash table</issue>
  <issue tracker="bnc" id="1177783">VUL-0: CVE-2020-25653: spice-vdagent: UNIX domain socket peer PID retrieved via `SO_PEERCRED` is subject to race condition</issue>
  <issue tracker="bnc" id="1177781">VUL-0: CVE-2020-25651: spice-vdagent: possible file transfer DoS and information leak via `active_xfers` hash map</issue>
  <issue tracker="cve" id="2020-25651"/>
  <issue tracker="cve" id="2020-25652"/>
  <issue tracker="cve" id="2020-25650"/>
  <issue tracker="cve" id="2020-25653"/>
  <packager>charlesa</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for spice-vdagent</summary>
  <description>This update for spice-vdagent fixes the following issues:

- CVE-2020-25650: memory DoS via arbitrary entries in `active_xfers` hash table (bsc#1177780)
- CVE-2020-25651: possible file transfer DoS and information leak via `active_xfers` hash map (bsc#1177781)
- CVE-2020-25652: possibility to exhaust file descriptors in `vdagentd` (bsc#1177782) 
- CVE-2020-25653: UNIX domain socket peer PID retrieved via `SO_PEERCRED` is subject to race condition (bsc#1177783) 
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.20485

Places