spice-gtk-0.37-1.el8.2, spice-0.14.2-1.el8.1
エラータID: AXSA:2020-681:04
The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.
The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol.
Security Fix(es):
* spice: multiple buffer overflow vulnerabilities in QUIC decoding code (CVE-2020-14355)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-14355
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
Update packages.
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
N/A
SRPMS
- spice-gtk-0.37-1.el8.2.src.rpm
MD5: 5d9c796da474acb54cf941d2a3f77d36
SHA-256: 260d06a7a5b44659f0abd2db0328f65b7d836a1d152af053325844467bc2c669
Size: 1.29 MB - spice-0.14.2-1.el8.1.src.rpm
MD5: 20de1f16dad393d96265f400d236393b
SHA-256: 5c63092f1281cc4f5eca58b3cf2cc755b0d249e8ac782d253b74c617f8be8872
Size: 1.38 MB
Asianux Server 8 for x86_64
- spice-glib-0.37-1.el8.2.x86_64.rpm
MD5: 2effe95b0f806abcfa60efd88ae54058
SHA-256: 36949c021438f3e908b8fee236e512940e89441b58b6968bdf7f357ea599d868
Size: 357.66 kB - spice-glib-devel-0.37-1.el8.2.x86_64.rpm
MD5: c7724794255125dc31ac9ecae59aa32a
SHA-256: 1e28be0f2721b2aa6019d3a52ff8b99496fb6ab5e8cc8f868f996a165fee715d
Size: 117.68 kB - spice-gtk-0.37-1.el8.2.x86_64.rpm
MD5: 30fae9e78d7448abd4cbf6432057224d
SHA-256: 1913034d334d7576ed00bcc48682f160d72fe55ffdfe9f8b752780e7ccf4b865
Size: 40.41 kB - spice-gtk-tools-0.37-1.el8.2.x86_64.rpm
MD5: 61933b9d922f1ee698fbdbf2fc249950
SHA-256: 84a0e74b31e3fae6d20184f954064404a8c68db9dd121f4e45ebc5a4d1fd9378
Size: 50.59 kB - spice-gtk3-0.37-1.el8.2.x86_64.rpm
MD5: 7b4d09b36f6677132df3984f7e3f9472
SHA-256: 47c6084c97ccb2a2241726708a9791919af1167d5a403884025a185c169a49a8
Size: 71.83 kB - spice-gtk3-devel-0.37-1.el8.2.x86_64.rpm
MD5: c638c17b06c3f339ba17ab8ae5f7fea2
SHA-256: 8f8a72f441463c284bed983072f3dde4b50921b5d5ae955c4dcc8944b48f058f
Size: 25.87 kB - spice-gtk3-vala-0.37-1.el8.2.x86_64.rpm
MD5: b898f0be31409d521df08ffc6e47e587
SHA-256: a1875539d4a26e16c0caab8b06ae709bf202f7869a7a190a15744a9a8fdeb6ce
Size: 24.18 kB - spice-server-0.14.2-1.el8.1.x86_64.rpm
MD5: 62448379816daff37e55b6e246f1666f
SHA-256: 44fcf73ae2fc462ba498db7188a192c90dffa2a15b03ba873b80b27445ed5b8f
Size: 402.99 kB - spice-glib-0.37-1.el8.2.i686.rpm
MD5: 4377ef768c86c43728b4a7e9b5bb24dc
SHA-256: b7ad312bba7d58b02f64a586fb26af6f37bd36c9ed894e56ca94d02768cb2416
Size: 379.05 kB - spice-glib-devel-0.37-1.el8.2.i686.rpm
MD5: 9d60b07a30d70eaa42eca9108c255d24
SHA-256: b52b5760a52c6bdd4b38fa05f257fca1748af70fae5ec13870d2e90c5fc55207
Size: 117.69 kB - spice-gtk3-0.37-1.el8.2.i686.rpm
MD5: 978e9d4d54f6ce8ee840104413caf9cc
SHA-256: 8ac3a95fd8005eceef56586c327e551a564f9801678d638ced1bb8dd355f7459
Size: 75.32 kB - spice-gtk3-devel-0.37-1.el8.2.i686.rpm
MD5: 6f2e65fd95305ffb79f242e5f0e65c50
SHA-256: 6b2c226fa68dac9eb0190daaf84a4f98b0da522c3fa2a3d1cb9d7de3c32ff3ec
Size: 25.90 kB - spice-server-0.14.2-1.el8.1.i686.rpm
MD5: da8983a847c1da3f7107386c0a2502a1
SHA-256: fd92f0ba661db1fc8ff9937ded380f15e26cf7198588357af4ab72970fb4f831
Size: 433.38 kB