{"id":"MGASA-2020-0474","summary":"Updated spice-vdagent package fixes security vulnerabilities","details":"Matthias Gerstner discovered that SPICE vdagent incorrectly handled the\nactive_xfers hash table. A local attacker could possibly use this issue to\ncause SPICE vdagent to consume memory, resulting in a denial of service\n(CVE-2020-25650).\n\nMatthias Gerstner discovered that SPICE vdagent incorrectly handled the\nactive_xfers hash table. A local attacker could possibly use this issue to\ncause SPICE vdagent to consume memory, resulting in a denial of service, or\nobtain sensitive file contents (CVE-2020-25651).\n\nMatthias Gerstner discovered that SPICE vdagent incorrectly handled a large\nnumber of client connections. A local attacker could possibly use this\nissue to cause SPICE vdagent to consume resources, resulting in a denial of\nservice (CVE-2020-25652).\n\nMatthias Gerstner discovered that SPICE vdagent incorrectly handled client\nconnections. A local attacker could possibly use this issue to obtain\nsensitive information, paste clipboard contents, and transfer files into\nthe active session (CVE-2020-25653).\n","modified":"2026-02-04T03:55:50.622333Z","published":"2020-12-29T11:57:17Z","related":["CVE-2020-25650","CVE-2020-25651","CVE-2020-25652","CVE-2020-25653"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0474.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=27568"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-4617-1"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2020/11/04/1"}],"affected":[{"package":{"name":"spice-vdagent","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/spice-vdagent?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.19.0-1.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0474.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}