Ubuntu
spice-vdagent package

spice-vdagent 0.19.0-2ubuntu0.2 source package in Ubuntu

Changelog

spice-vdagent (0.19.0-2ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: Memory DoS via Arbitrary Entries in active_xfers Hash
    Table
    - debian/patches/CVE-2020-25650-1.patch: avoid agents allocating file
      transfers in src/vdagentd/vdagentd.c.
    - debian/patches/CVE-2020-25650-2.patch: avoid uncontrolled
      active_xfers allocations in src/vdagentd/vdagentd.c.
    - CVE-2020-25650
  * SECURITY UPDATE: Possible File Transfer DoS and Information Leak via
    active_xfers Hash Map
    - debian/patches/CVE-2020-25651-1.patch: cleanup active_xfers when the
      client disconnects in src/vdagentd/vdagentd.c.
    - debian/patches/CVE-2020-25651-2.patch: do not allow using an already
      used file-xfer id in src/vdagentd/vdagentd.c.
    - CVE-2020-25651
  * SECURITY UPDATE: Possibility to Exhaust File Descriptors in vdagentd
    - debian/patches/CVE-2020-25652-1.patch: avoid unlimited agent
      connections in src/udscs.c.
    - debian/patches/CVE-2020-25652-2.patch: limit number of agents per
      session to 1 in src/vdagentd/vdagentd.c.
    - CVE-2020-25652
  * SECURITY UPDATE: UNIX Domain Socket Peer PID Retrieved via SO_PEERCRED
    is Subject to Race Condition
    - debian/patches/CVE-2020-25653-1.patch: avoid user session hijacking
      in src/udscs.c, src/udscs.h, src/vdagentd/vdagentd.c.
    - debian/patches/CVE-2020-25653-2.patch: better check for sessions in
      src/vdagentd/console-kit.c, src/vdagentd/dummy-session-info.c,
      src/vdagentd/session-info.h, src/vdagentd/systemd-login.c,
      src/vdagentd/vdagentd.c.
    - CVE-2020-25653
  * Additional fixes:
    - debian/patches/CVE-2020-2565x-1.patch: avoid calling chmod in
      src/vdagentd/vdagentd.c.

 -- Marc Deslauriers <email address hidden>  Mon, 02 Nov 2020 16:27:12 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
x11
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal updates main x11
Focal security main x11

Downloads

File Size SHA-256 Checksum
spice-vdagent_0.19.0.orig.tar.bz2 147.8 KiB c1caca8c2ece781cc624a62f3f1d01cf16d4269041a1bc85345d59f2444be305
spice-vdagent_0.19.0-2ubuntu0.2.debian.tar.xz 20.1 KiB 101d76b530c5a38a2083e682dc535f9d08f546e60d61023373b79c9895590154
spice-vdagent_0.19.0-2ubuntu0.2.dsc 2.2 KiB a9d334fdbeb6af8a18a1a9d548b3b32e08b128d8676fc122a73a20ae00b0ebfd

View changes file

Binary packages built by this source

spice-vdagent: Spice agent for Linux

 spice-vdagent is the spice agent for Linux, it is used in conjunction with
 spice-compatible hypervisor, its feature includes:
  - Client mouse mode (no need to grab mouse by client, no mouse lag)
    this is handled by the daemon by feeding mouse events into the kernel
    via uinput. This will only work if the active X-session is running a
    spice-vdagent process so that its resolution can be determined.
  - Automatic adjustment of the X-session resolution to the client resolution
  - Support of copy and paste (text and images) between the active X-session
    and the client

spice-vdagent-dbgsym: debug symbols for spice-vdagent