spice-vdagent 0.20.0-1ubuntu0.1 source package in Ubuntu


spice-vdagent (0.20.0-1ubuntu0.1) groovy-security; urgency=medium

  * SECURITY UPDATE: Memory DoS via Arbitrary Entries in active_xfers Hash
    - debian/patches/CVE-2020-25650-1.patch: avoid agents allocating file
      transfers in src/vdagentd/vdagentd.c.
    - debian/patches/CVE-2020-25650-2.patch: avoid uncontrolled
      active_xfers allocations in src/vdagentd/vdagentd.c.
    - CVE-2020-25650
  * SECURITY UPDATE: Possible File Transfer DoS and Information Leak via
    active_xfers Hash Map
    - debian/patches/CVE-2020-25651-1.patch: cleanup active_xfers when the
      client disconnects in src/vdagentd/vdagentd.c.
    - debian/patches/CVE-2020-25651-2.patch: do not allow using an already
      used file-xfer id in src/vdagentd/vdagentd.c.
    - CVE-2020-25651
  * SECURITY UPDATE: Possibility to Exhaust File Descriptors in vdagentd
    - debian/patches/CVE-2020-25652-1.patch: avoid unlimited agent
      connections in src/udscs.c.
    - debian/patches/CVE-2020-25652-2.patch: limit number of agents per
      session to 1 in src/vdagentd/vdagentd.c.
    - CVE-2020-25652
  * SECURITY UPDATE: UNIX Domain Socket Peer PID Retrieved via SO_PEERCRED
    is Subject to Race Condition
    - debian/patches/CVE-2020-25653-1.patch: avoid user session hijacking
      in src/vdagent-connection.c, src/vdagent-connection.h,
    - debian/patches/CVE-2020-25653-2.patch: better check for sessions in
      src/vdagentd/console-kit.c, src/vdagentd/dummy-session-info.c,
      src/vdagentd/session-info.h, src/vdagentd/systemd-login.c,
    - CVE-2020-25653
  * Additional fixes:
    - debian/patches/CVE-2020-2565x-1.patch: avoid calling chmod in

 -- Marc Deslauriers <email address hidden>  Thu, 29 Oct 2020 13:53:06 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Groovy updates main x11
Groovy security main x11


File Size SHA-256 Checksum
spice-vdagent_0.20.0.orig.tar.bz2 148.9 KiB 2e6b7222675ee19ea38c52165abe4d836c2ac5d5bf902d4dfca13da1ec143359
spice-vdagent_0.20.0.orig.tar.bz2.asc 833 bytes d2863154dac77d3ab3cfe87b139429041bdad4ff8bf73d75c3726ab248fce340
spice-vdagent_0.20.0-1ubuntu0.1.debian.tar.xz 20.6 KiB 8067ec1ea28802a9800e19af93c7ea55815e4a5cc6bc7ce4b3824e8b6becff64
spice-vdagent_0.20.0-1ubuntu0.1.dsc 2.5 KiB 85fd6b7b35064588db1607ba61d588dd027024b5d4062a4832c090a243c40233

View changes file

Binary packages built by this source

spice-vdagent: Spice agent for Linux

 spice-vdagent is the spice agent for Linux, it is used in conjunction with
 spice-compatible hypervisor, its feature includes:
  - Client mouse mode (no need to grab mouse by client, no mouse lag)
    this is handled by the daemon by feeding mouse events into the kernel
    via uinput. This will only work if the active X-session is running a
    spice-vdagent process so that its resolution can be determined.
  - Automatic adjustment of the X-session resolution to the client resolution
  - Support of copy and paste (text and images) between the active X-session
    and the client

spice-vdagent-dbgsym: debug symbols for spice-vdagent