spice-vdagent 0.17.0-1ubuntu2.2 source package in Ubuntu
Changelog
spice-vdagent (0.17.0-1ubuntu2.2) bionic-security; urgency=medium
* SECURITY UPDATE: Memory DoS via Arbitrary Entries in active_xfers Hash
Table
- debian/patches/CVE-2020-25650-1.patch: avoid agents allocating file
transfers in srcvdagentd.c.
- debian/patches/CVE-2020-25650-2.patch: avoid uncontrolled
active_xfers allocations in src/vdagentd.c.
- CVE-2020-25650
* SECURITY UPDATE: Possible File Transfer DoS and Information Leak via
active_xfers Hash Map
- debian/patches/CVE-2020-25651-1.patch: cleanup active_xfers when the
client disconnects in src/vdagentd.c.
- debian/patches/CVE-2020-25651-2.patch: do not allow using an already
used file-xfer id in src/vdagentd.c.
- CVE-2020-25651
* SECURITY UPDATE: Possibility to Exhaust File Descriptors in vdagentd
- debian/patches/CVE-2020-25652-1.patch: avoid unlimited agent
connections in src/udscs.c.
- debian/patches/CVE-2020-25652-2.patch: limit number of agents per
session to 1 in src/vdagentd.c.
- CVE-2020-25652
* SECURITY UPDATE: UNIX Domain Socket Peer PID Retrieved via SO_PEERCRED
is Subject to Race Condition
- debian/patches/CVE-2020-25653-1.patch: avoid user session hijacking
in src/udscs.c, src/udscs.h, src/vdagentd.c.
- debian/patches/CVE-2020-25653-2.patch: better check for sessions in
src/console-kit.c, src/dummy-session-info.c, src/session-info.h,
src/systemd-login.c, src/vdagentd.c.
- CVE-2020-25653
* Additional fixes:
- debian/patches/CVE-2020-2565x-1.patch: avoid calling chmod in
src/vdagentd.c.
-- Marc Deslauriers <email address hidden> Mon, 02 Nov 2020 16:52:50 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Bionic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- x11
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Bionic | updates | main | x11 | |
| Bionic | security | main | x11 |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| spice-vdagent_0.17.0.orig.tar.bz2 | 127.4 KiB | f14a8bd8cdee10641aabd9ba32461a5844eab0fddb2a10c1d31386e7a9f7b33d |
| spice-vdagent_0.17.0-1ubuntu2.2.debian.tar.xz | 11.6 KiB | f6274231047ca63727a7485ff29d2a0965a010183bde276dddf3c41760adb5c3 |
| spice-vdagent_0.17.0-1ubuntu2.2.dsc | 2.2 KiB | cb9effb05619d3554c358d4e8fae01d6a1c141a4b7ad67735bf68685ee5ba06a |
Available diffs
- diff from 0.17.0-1ubuntu2.1 to 0.17.0-1ubuntu2.2 (957 bytes)
Binary packages built by this source
- spice-vdagent: Spice agent for Linux
spice-vdagent is the spice agent for Linux, it is used in conjunction with
spice-compitable hypervisor, its feature includs:
\* Client mouse mode (no need to grab mouse by client, no mouse lag)
this is handled by the daemon by feeding mouse events into the kernel
via uinput. This will only work if the active X-session is running a
spice-vdagent process so that its resolution can be determined.
\* Automatic adjustment of the X-session resolution to the client resolution
\* Support of copy and paste (text and images) between the active X-session
and the client
- spice-vdagent-dbgsym: debug symbols for spice-vdagent
