spice-gtk-0.35-5.el7.1, spice-0.14.0-9.el7.1
エラータID: AXSA:2020-682:05
リリース日:
2020/10/13 Tuesday - 08:20
題名:
spice-gtk-0.35-5.el7.1, spice-0.14.0-9.el7.1
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
- spice の QUIC 画像デコード処理には、複数のバッファーオーバーフローの問題が存在しており、
悪意をもったクライアントもしくはサーバーから送信された巧妙に細工されたメッセージを
QUIC 画像圧縮アルゴリズムによって処理した際、プロセスがクラッシュしたり
コードが実行される可能性のある脆弱性があります。(CVE-2020-14355)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-14355
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
追加情報:
N/A
ダウンロード:
SRPMS
- spice-gtk-0.35-5.el7.1.src.rpm
MD5: d0bc6e2ffbf45320ce03574135789921
SHA-256: d10eab1b995fac8a69ab7e879a64b796e39f3642afbff07302db374f47b49b07
Size: 1.40 MB - spice-0.14.0-9.el7.1.src.rpm
MD5: d676f9eae62fb31ef544031c3bb9f0ed
SHA-256: 0892df8a20bdb0557bb1dcc25c2ffd03c3803819cabe214eebb68f4dea318f72
Size: 1.33 MB
Asianux Server 7 for x86_64
- spice-glib-0.35-5.el7.1.x86_64.rpm
MD5: 849a82270376f76cff8d721fe9bd05d7
SHA-256: 6089012df1546fffc496203e82b9405a96778771a0cedd31d54ab5fc4d61be53
Size: 355.93 kB - spice-gtk3-0.35-5.el7.1.x86_64.rpm
MD5: 54ff9608a1f089aaa097fa4ecaf7c4a3
SHA-256: 6b1e7070631fed34194213d92c958b2861f207098c0b69dd2796a3ef7a34a69a
Size: 86.57 kB - spice-server-0.14.0-9.el7.1.x86_64.rpm
MD5: 4257c2cc7851e569607c6593ea5d5c00
SHA-256: 191e6ac93f83690300bc6159fc9db22aa088e5c504785f5a7e64e82db03d8000
Size: 403.43 kB - spice-glib-0.35-5.el7.1.i686.rpm
MD5: 6efcb2f4222e83bf922ea719bc28d182
SHA-256: 4b0375796a2f36e49f8d1e67b862e1a2d0ad2cf1e8384e791ee1625e6db00142
Size: 354.61 kB - spice-gtk3-0.35-5.el7.1.i686.rpm
MD5: 0d6c0319dfce92fd0a1a4668507adb59
SHA-256: df4b21de73ab4b38bf2224172af04c63f1bf32624e38136763c4b06a8ecf6c2a
Size: 85.91 kB - spice-glib-0.35-5.el7.1.i686.rpm
MD5: 6efcb2f4222e83bf922ea719bc28d182
SHA-256: 4b0375796a2f36e49f8d1e67b862e1a2d0ad2cf1e8384e791ee1625e6db00142
Size: 354.61 kB - spice-gtk3-0.35-5.el7.1.i686.rpm
MD5: 0d6c0319dfce92fd0a1a4668507adb59
SHA-256: df4b21de73ab4b38bf2224172af04c63f1bf32624e38136763c4b06a8ecf6c2a
Size: 85.91 kB