MGASA-2020-0408

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0408.html

Import Source

https://advisories.mageia.org/MGASA-2020-0408.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0408

Related

CVE-2020-14355

Published

2020-11-10T15:20:00Z

Modified

2022-01-25T20:46:01Z

Summary

Updated spice and spice-gtk packages fix a security vulnerability

Details

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. (CVE-2020-14355)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / spice

Package

Name: spice
Purl: pkg:rpm/mageia/spice?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.14.2-1.1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / spice-gtk

Package

Name: spice-gtk
Purl: pkg:rpm/mageia/spice-gtk?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.37-1.mga7

Ecosystem specific

{
    "section": "core"
}