spice-gtk-0.37-1.el8.2, spice-0.14.2-1.el8.1

エラータID: AXSA:2020-681:04

Release date: 
Tuesday, October 13, 2020 - 08:18
Subject: 
spice-gtk-0.37-1.el8.2, spice-0.14.2-1.el8.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.

The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol.

Security Fix(es):

* spice: multiple buffer overflow vulnerabilities in QUIC decoding code (CVE-2020-14355)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-14355
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.

Solution: 

Update packages.

CVEs: 
CVE-2020-14355
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
Additional Info: 

N/A

Download: 

SRPMS
  1. spice-gtk-0.37-1.el8.2.src.rpm
    MD5: 5d9c796da474acb54cf941d2a3f77d36
    SHA-256: 260d06a7a5b44659f0abd2db0328f65b7d836a1d152af053325844467bc2c669
    Size: 1.29 MB
  2. spice-0.14.2-1.el8.1.src.rpm
    MD5: 20de1f16dad393d96265f400d236393b
    SHA-256: 5c63092f1281cc4f5eca58b3cf2cc755b0d249e8ac782d253b74c617f8be8872
    Size: 1.38 MB

Asianux Server 8 for x86_64
  1. spice-glib-0.37-1.el8.2.x86_64.rpm
    MD5: 2effe95b0f806abcfa60efd88ae54058
    SHA-256: 36949c021438f3e908b8fee236e512940e89441b58b6968bdf7f357ea599d868
    Size: 357.66 kB
  2. spice-glib-devel-0.37-1.el8.2.x86_64.rpm
    MD5: c7724794255125dc31ac9ecae59aa32a
    SHA-256: 1e28be0f2721b2aa6019d3a52ff8b99496fb6ab5e8cc8f868f996a165fee715d
    Size: 117.68 kB
  3. spice-gtk-0.37-1.el8.2.x86_64.rpm
    MD5: 30fae9e78d7448abd4cbf6432057224d
    SHA-256: 1913034d334d7576ed00bcc48682f160d72fe55ffdfe9f8b752780e7ccf4b865
    Size: 40.41 kB
  4. spice-gtk-tools-0.37-1.el8.2.x86_64.rpm
    MD5: 61933b9d922f1ee698fbdbf2fc249950
    SHA-256: 84a0e74b31e3fae6d20184f954064404a8c68db9dd121f4e45ebc5a4d1fd9378
    Size: 50.59 kB
  5. spice-gtk3-0.37-1.el8.2.x86_64.rpm
    MD5: 7b4d09b36f6677132df3984f7e3f9472
    SHA-256: 47c6084c97ccb2a2241726708a9791919af1167d5a403884025a185c169a49a8
    Size: 71.83 kB
  6. spice-gtk3-devel-0.37-1.el8.2.x86_64.rpm
    MD5: c638c17b06c3f339ba17ab8ae5f7fea2
    SHA-256: 8f8a72f441463c284bed983072f3dde4b50921b5d5ae955c4dcc8944b48f058f
    Size: 25.87 kB
  7. spice-gtk3-vala-0.37-1.el8.2.x86_64.rpm
    MD5: b898f0be31409d521df08ffc6e47e587
    SHA-256: a1875539d4a26e16c0caab8b06ae709bf202f7869a7a190a15744a9a8fdeb6ce
    Size: 24.18 kB
  8. spice-server-0.14.2-1.el8.1.x86_64.rpm
    MD5: 62448379816daff37e55b6e246f1666f
    SHA-256: 44fcf73ae2fc462ba498db7188a192c90dffa2a15b03ba873b80b27445ed5b8f
    Size: 402.99 kB
  9. spice-glib-0.37-1.el8.2.i686.rpm
    MD5: 4377ef768c86c43728b4a7e9b5bb24dc
    SHA-256: b7ad312bba7d58b02f64a586fb26af6f37bd36c9ed894e56ca94d02768cb2416
    Size: 379.05 kB
  10. spice-glib-devel-0.37-1.el8.2.i686.rpm
    MD5: 9d60b07a30d70eaa42eca9108c255d24
    SHA-256: b52b5760a52c6bdd4b38fa05f257fca1748af70fae5ec13870d2e90c5fc55207
    Size: 117.69 kB
  11. spice-gtk3-0.37-1.el8.2.i686.rpm
    MD5: 978e9d4d54f6ce8ee840104413caf9cc
    SHA-256: 8ac3a95fd8005eceef56586c327e551a564f9801678d638ced1bb8dd355f7459
    Size: 75.32 kB
  12. spice-gtk3-devel-0.37-1.el8.2.i686.rpm
    MD5: 6f2e65fd95305ffb79f242e5f0e65c50
    SHA-256: 6b2c226fa68dac9eb0190daaf84a4f98b0da522c3fa2a3d1cb9d7de3c32ff3ec
    Size: 25.90 kB
  13. spice-server-0.14.2-1.el8.1.i686.rpm
    MD5: da8983a847c1da3f7107386c0a2502a1
    SHA-256: fd92f0ba661db1fc8ff9937ded380f15e26cf7198588357af4ab72970fb4f831
    Size: 433.38 kB