spice-0.14.3-4.el8

エラータID: AXSA:2021-2114:09

Release date: 
Wednesday, June 30, 2021 - 10:24
Subject: 
spice-0.14.3-4.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Low
Description: 

The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.

Security Fix(es):

* spice: Client initiated renegotiation denial of service (CVE-2021-20201)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-20201
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2021-20201
A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.
Additional Info: 

N/A

Download: 

SRPMS
  1. spice-0.14.3-4.el8.src.rpm
    MD5: 0541aafd7e547054c1be642805ef18da
    SHA-256: cf2e5f4f4565db69e94583d3e896d5c529d5a3873cef81606eb779acecc480fe
    Size: 1.48 MB

Asianux Server 8 for x86_64
  1. spice-server-0.14.3-4.el8.x86_64.rpm
    MD5: 753155aa00da88d951be759f67e0f475
    SHA-256: c6a6bd06e73c32fdbbf91db23c1d7ed3fec85953ee899c925973f47bf83873ec
    Size: 407.39 kB
  2. spice-server-0.14.3-4.el8.i686.rpm
    MD5: e8e448c528b3c147f71eef47ba45a6a9
    SHA-256: 939f0d5585f8ce9ba8c9250522c68b7a540b7bbd6368a2721cb98742c4c6815d
    Size: 438.28 kB