[ASA-202107-12] spice: multiple issues
Arch Linux Security Advisory ASA-202107-12 ========================================== Severity: Critical Date : 2021-07-06 CVE-ID : CVE-2020-14355 CVE-2021-20201 Package : spice Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1239 Summary ======= The package spice before version 0.15.0-1 is vulnerable to multiple issues including arbitrary code execution and denial of service. Resolution ========== Upgrade to 0.15.0-1. # pacman -Syu "spice>=0.15.0-1" The problems have been fixed upstream in version 0.15.0. Workaround ========== None. Description =========== - CVE-2020-14355 (arbitrary code execution) Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. More specifically, these flaws reside in the spice-common shared code between the client and server of SPICE. In other words, both the client (spice-gtk) and server are affected by these flaws. A malicious client or server could send specially crafted messages which could result in a process crash or potential code execution scenario. The issues have been fixed in spice (server) version 0.14.90 and spice-gtk (client) version 0.39. - CVE-2021-20201 (denial of service) An issue was discovered in SPICE server before version 0.15.0. There is a vulnerability which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection. Impact ====== A remote attacker could execute arbitrary code on the SPICE server using crafted messages, or cause high CPU consumption by performing many renegotiations. References ========== https://bugs.archlinux.org/task/68166 https://www.openwall.com/lists/oss-security/2020/10/06/10 https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0abae36033ccd... https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d74782c8b5e57d... https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7b82e15d75... https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b66b86e601c... https://gitlab.freedesktop.org/spice/spice/-/commit/4f71d0cdb79d2f61da49d439... https://gitlab.freedesktop.org/spice/spice-gtk/-/commit/df0d3f9d95fe8235b95f... https://bugzilla.redhat.com/show_bug.cgi?id=1921846 https://gitlab.freedesktop.org/spice/spice/-/issues/49 https://gitlab.freedesktop.org/spice/spice/-/merge_requests/150 https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65... https://gitlab.freedesktop.org/spice/spice/-/commit/ca5bbc5692e052159bce1a75... https://security.archlinux.org/CVE-2020-14355 https://security.archlinux.org/CVE-2021-20201
participants (1)
-
Jonas Witschel