spice-gtk-0.37-1.el8.2, spice-0.14.2-1.el8.1
エラータID: AXSA:2020-681:04
リリース日:
2020/10/13 Tuesday - 08:18
題名:
spice-gtk-0.37-1.el8.2, spice-0.14.2-1.el8.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- spiceのQUIC画像デコード処理には、複数のバッファーオーバーフローの問題が存在しており、
悪意をもったクライアントもしくはサーバーから送信された巧妙に細工されたメッセージを
QUIC画像圧縮アルゴリズムによって処理した際、プロセスがクラッシュしたりコードが
実行される可能性のある脆弱性があります。(CVE-2020-14355)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-14355
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
追加情報:
N/A
ダウンロード:
SRPMS
- spice-gtk-0.37-1.el8.2.src.rpm
MD5: 5d9c796da474acb54cf941d2a3f77d36
SHA-256: 260d06a7a5b44659f0abd2db0328f65b7d836a1d152af053325844467bc2c669
Size: 1.29 MB - spice-0.14.2-1.el8.1.src.rpm
MD5: 20de1f16dad393d96265f400d236393b
SHA-256: 5c63092f1281cc4f5eca58b3cf2cc755b0d249e8ac782d253b74c617f8be8872
Size: 1.38 MB
Asianux Server 8 for x86_64
- spice-glib-0.37-1.el8.2.x86_64.rpm
MD5: 2effe95b0f806abcfa60efd88ae54058
SHA-256: 36949c021438f3e908b8fee236e512940e89441b58b6968bdf7f357ea599d868
Size: 357.66 kB - spice-glib-devel-0.37-1.el8.2.x86_64.rpm
MD5: c7724794255125dc31ac9ecae59aa32a
SHA-256: 1e28be0f2721b2aa6019d3a52ff8b99496fb6ab5e8cc8f868f996a165fee715d
Size: 117.68 kB - spice-gtk-0.37-1.el8.2.x86_64.rpm
MD5: 30fae9e78d7448abd4cbf6432057224d
SHA-256: 1913034d334d7576ed00bcc48682f160d72fe55ffdfe9f8b752780e7ccf4b865
Size: 40.41 kB - spice-gtk-tools-0.37-1.el8.2.x86_64.rpm
MD5: 61933b9d922f1ee698fbdbf2fc249950
SHA-256: 84a0e74b31e3fae6d20184f954064404a8c68db9dd121f4e45ebc5a4d1fd9378
Size: 50.59 kB - spice-gtk3-0.37-1.el8.2.x86_64.rpm
MD5: 7b4d09b36f6677132df3984f7e3f9472
SHA-256: 47c6084c97ccb2a2241726708a9791919af1167d5a403884025a185c169a49a8
Size: 71.83 kB - spice-gtk3-devel-0.37-1.el8.2.x86_64.rpm
MD5: c638c17b06c3f339ba17ab8ae5f7fea2
SHA-256: 8f8a72f441463c284bed983072f3dde4b50921b5d5ae955c4dcc8944b48f058f
Size: 25.87 kB - spice-gtk3-vala-0.37-1.el8.2.x86_64.rpm
MD5: b898f0be31409d521df08ffc6e47e587
SHA-256: a1875539d4a26e16c0caab8b06ae709bf202f7869a7a190a15744a9a8fdeb6ce
Size: 24.18 kB - spice-server-0.14.2-1.el8.1.x86_64.rpm
MD5: 62448379816daff37e55b6e246f1666f
SHA-256: 44fcf73ae2fc462ba498db7188a192c90dffa2a15b03ba873b80b27445ed5b8f
Size: 402.99 kB - spice-glib-0.37-1.el8.2.i686.rpm
MD5: 4377ef768c86c43728b4a7e9b5bb24dc
SHA-256: b7ad312bba7d58b02f64a586fb26af6f37bd36c9ed894e56ca94d02768cb2416
Size: 379.05 kB - spice-glib-devel-0.37-1.el8.2.i686.rpm
MD5: 9d60b07a30d70eaa42eca9108c255d24
SHA-256: b52b5760a52c6bdd4b38fa05f257fca1748af70fae5ec13870d2e90c5fc55207
Size: 117.69 kB - spice-gtk3-0.37-1.el8.2.i686.rpm
MD5: 978e9d4d54f6ce8ee840104413caf9cc
SHA-256: 8ac3a95fd8005eceef56586c327e551a564f9801678d638ced1bb8dd355f7459
Size: 75.32 kB - spice-gtk3-devel-0.37-1.el8.2.i686.rpm
MD5: 6f2e65fd95305ffb79f242e5f0e65c50
SHA-256: 6b2c226fa68dac9eb0190daaf84a4f98b0da522c3fa2a3d1cb9d7de3c32ff3ec
Size: 25.90 kB - spice-server-0.14.2-1.el8.1.i686.rpm
MD5: da8983a847c1da3f7107386c0a2502a1
SHA-256: fd92f0ba661db1fc8ff9937ded380f15e26cf7198588357af4ab72970fb4f831
Size: 433.38 kB
English