An update for spice-vdagent is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1081 Final 1.0 1.0 2021-03-05 Initial 2021-03-05 2021-03-05 openEuler SA Tool V1.0 2021-03-05 spice-vdagent security update An update for spice-vdagent is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1. spice-vdagent is an optional component for enhancing user experience and performing guest-oriented management tasks. Its features includes: client mouse mode (no need to grab mouse by client, no mouse lag), automatic adjustment of screen resolution, copy and paste (text and image) between client and domU. It also requires vdagent service installed on domU o.s. to work. The default is 0. Security Fix(es): A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.(CVE-2020-25653) A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.(CVE-2020-25652) A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.(CVE-2020-25650) A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.(CVE-2020-25651) An update for spice-vdagent is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium spice-vdagent https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1081 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-25653 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-25652 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-25650 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-25651 https://nvd.nist.gov/vuln/detail/CVE-2020-25653 https://nvd.nist.gov/vuln/detail/CVE-2020-25652 https://nvd.nist.gov/vuln/detail/CVE-2020-25650 https://nvd.nist.gov/vuln/detail/CVE-2020-25651 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 spice-vdagent-debugsource-0.20.0-2.oe1.aarch64.rpm spice-vdagent-0.20.0-2.oe1.aarch64.rpm spice-vdagent-debuginfo-0.20.0-2.oe1.aarch64.rpm spice-vdagent-debugsource-0.20.0-2.oe1.aarch64.rpm spice-vdagent-0.20.0-2.oe1.aarch64.rpm spice-vdagent-debuginfo-0.20.0-2.oe1.aarch64.rpm spice-vdagent-help-0.20.0-2.oe1.noarch.rpm spice-vdagent-help-0.20.0-2.oe1.noarch.rpm spice-vdagent-0.20.0-2.oe1.src.rpm spice-vdagent-0.20.0-2.oe1.src.rpm spice-vdagent-debugsource-0.20.0-2.oe1.x86_64.rpm spice-vdagent-debuginfo-0.20.0-2.oe1.x86_64.rpm spice-vdagent-0.20.0-2.oe1.x86_64.rpm spice-vdagent-debugsource-0.20.0-2.oe1.x86_64.rpm spice-vdagent-debuginfo-0.20.0-2.oe1.x86_64.rpm spice-vdagent-0.20.0-2.oe1.x86_64.rpm A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior. 2021-03-05 CVE-2020-25653 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 Medium 6.3 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H spice-vdagent security update 2021-03-05 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1081 A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior. 2021-03-05 CVE-2020-25652 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H spice-vdagent security update 2021-03-05 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1081 A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions. 2021-03-05 CVE-2020-25650 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H spice-vdagent security update 2021-03-05 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1081 A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior. 2021-03-05 CVE-2020-25651 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 Medium 6.4 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L spice-vdagent security update 2021-03-05 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1081