Community Packages

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#68531 - [spice-vdagent] CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653

Attached to Project: Community Packages
Opened by loqs (loqs) - Wednesday, 04 November 2020, 23:52 GMT
Last edited by Balló György (City-busz) - Sunday, 14 March 2021, 16:29 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Balló György (City-busz)
Levente Polyak (anthraxx)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


Memory DoS via Arbitrary Entries in active_xfers Hash Table. Fixed by [2] [3]

Possible File Transfer DoS and Information Leak via active_xfers Hash Map. Fixed by [8] [9]

Possibility to Exhaust File Descriptors in vdagentd. Fixed by [4] [7].

UNIX Doman Socket Peer PID Retrieved via SO_PEERCRED is Subject to Race Condition [5] [6]

As the backports from Ubuntu [10] do not apply cleanly, I would suggest moving the commit to [11], cuurent master [12] adds a test that fails on this system.
This would require spice-protocol being updated to 0.14.3.

Additional info:
* spice-vdagent 0.20.0+6+g8adf50d-1
[1] CVE-2020-2565x-1.patch
[2] CVE-2020-25650-1.patch
[3] CVE-2020-25650-2.patch
[4] CVE-2020-25652-1.patch
[5] CVE-2020-25653-1.patch
[6] CVE-2020-25653-2.patch
[7] CVE-2020-25652-2.patch
[8] CVE-2020-25651-1.patch
[9] CVE-2020-25651-2.patch
This task depends upon

Closed by  Balló György (City-busz)
Sunday, 14 March 2021, 16:29 GMT
Reason for closing:  Fixed
Additional comments about closing:  spice-vdagent 0.21.0-1