jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
cvrf2cusa/cvrf/2021/cvrf-openEuler-SA-2021-1081.xml
Jia Chao 0b34274085 git mv 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-25 09:57:37 +08:00

220 lines
14 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for spice-vdagent is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2021-1081</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2021-03-05</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2021-03-05</InitialReleaseDate>
<CurrentReleaseDate>2021-03-05</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2021-03-05</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">spice-vdagent security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for spice-vdagent is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">spice-vdagent is an optional component for enhancing user experience and performing guest-oriented management tasks. Its features includes: client mouse mode (no need to grab mouse by client, no mouse lag), automatic adjustment of screen resolution, copy and paste (text and image) between client and domU. It also requires vdagent service installed on domU o.s. to work. The default is 0.
Security Fix(es):
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.(CVE-2020-25653)
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.(CVE-2020-25652)
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.(CVE-2020-25650)
A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.(CVE-2020-25651)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for spice-vdagent is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">Medium</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">spice-vdagent</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1081</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-25653</URL>
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-25652</URL>
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-25650</URL>
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-25651</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-25653</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-25652</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-25650</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-25651</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-20.03-LTS" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">openEuler-20.03-LTS</FullProductName>
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="spice-vdagent-debugsource-0.20.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">spice-vdagent-debugsource-0.20.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="spice-vdagent-0.20.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">spice-vdagent-0.20.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="spice-vdagent-debuginfo-0.20.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">spice-vdagent-debuginfo-0.20.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="spice-vdagent-debugsource-0.20.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">spice-vdagent-debugsource-0.20.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="spice-vdagent-0.20.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">spice-vdagent-0.20.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="spice-vdagent-debuginfo-0.20.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">spice-vdagent-debuginfo-0.20.0-2.oe1.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="noarch">
<FullProductName ProductID="spice-vdagent-help-0.20.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">spice-vdagent-help-0.20.0-2.oe1.noarch.rpm</FullProductName>
<FullProductName ProductID="spice-vdagent-help-0.20.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">spice-vdagent-help-0.20.0-2.oe1.noarch.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="spice-vdagent-0.20.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">spice-vdagent-0.20.0-2.oe1.src.rpm</FullProductName>
<FullProductName ProductID="spice-vdagent-0.20.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">spice-vdagent-0.20.0-2.oe1.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="spice-vdagent-debugsource-0.20.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">spice-vdagent-debugsource-0.20.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="spice-vdagent-debuginfo-0.20.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">spice-vdagent-debuginfo-0.20.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="spice-vdagent-0.20.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">spice-vdagent-0.20.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="spice-vdagent-debugsource-0.20.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">spice-vdagent-debugsource-0.20.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="spice-vdagent-debuginfo-0.20.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">spice-vdagent-debuginfo-0.20.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="spice-vdagent-0.20.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">spice-vdagent-0.20.0-2.oe1.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.</Note>
</Notes>
<ReleaseDate>2021-03-05</ReleaseDate>
<CVE>CVE-2020-25653</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS</ProductID>
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.3</BaseScore>
<Vector>AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>spice-vdagent security update</Description>
<DATE>2021-03-05</DATE>
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1081</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en">A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.</Note>
</Notes>
<ReleaseDate>2021-03-05</ReleaseDate>
<CVE>CVE-2020-25652</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS</ProductID>
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.5</BaseScore>
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>spice-vdagent security update</Description>
<DATE>2021-03-05</DATE>
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1081</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="3" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="3" xml:lang="en">A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.</Note>
</Notes>
<ReleaseDate>2021-03-05</ReleaseDate>
<CVE>CVE-2020-25650</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS</ProductID>
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.5</BaseScore>
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>spice-vdagent security update</Description>
<DATE>2021-03-05</DATE>
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1081</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="4" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="4" xml:lang="en">A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.</Note>
</Notes>
<ReleaseDate>2021-03-05</ReleaseDate>
<CVE>CVE-2020-25651</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS</ProductID>
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.4</BaseScore>
<Vector>AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>spice-vdagent security update</Description>
<DATE>2021-03-05</DATE>
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1081</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue View Git Blame Copy Permalink