Bug 1177158 (CVE-2020-14355)

Summary: VUL-0: CVE-2020-14355: spice,spice-gtk: multiple buffer overflow vulnerabilities in QUIC decoding code
Product: [Novell Products] SUSE Security Incidents Reporter: Wolfgang Frisch <wolfgang.frisch>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: atoptsoglou, carnold
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/268559/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-14355:6.6:(AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 6 Alexandros Toptsoglou 2020-10-06 14:36:26 UTC
now public through https://www.openwall.com/lists/oss-security/2020/10/06/10

Hello,

Multiple buffer overflow vulnerabilities were found in the QUIC image
decoding process of the SPICE remote display system. More
specifically, these flaws reside in the spice-common shared code
between the client and server of SPICE. In other words, both the
client (spice-gtk) and server are affected by these flaws. A malicious
client or server could send specially crafted messages which could
result in a process crash or potential code execution scenario.

CVE-2020-14355 has been assigned for this flaw by Red Hat Inc.

Upstream commits:
* https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0aba
* https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d7478
* https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7
* https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b6

Credit: Frediano Ziglio (Red Hat)

Thank you,
Comment 7 Bruce Rogers 2020-10-06 15:07:49 UTC
Fixed spice and spice-gtk packages submitted to Factory.
Comment 8 Swamp Workflow Management 2020-10-28 14:13:59 UTC
SUSE-SU-2020:3070-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1177158
CVE References: CVE-2020-14355
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    spice-0.14.2-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2020-10-28 14:19:25 UTC
SUSE-SU-2020:3071-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1177158
CVE References: CVE-2020-14355
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    spice-gtk-0.37-3.3.2
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    spice-gtk-0.37-3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2020-10-29 14:21:35 UTC
SUSE-SU-2020:3084-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1177158
CVE References: CVE-2020-14355
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    spice-0.12.8-15.1
SUSE OpenStack Cloud Crowbar 8 (src):    spice-0.12.8-15.1
SUSE OpenStack Cloud 9 (src):    spice-0.12.8-15.1
SUSE OpenStack Cloud 8 (src):    spice-0.12.8-15.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    spice-0.12.8-15.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    spice-0.12.8-15.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    spice-0.12.8-15.1
SUSE Linux Enterprise Server 12-SP5 (src):    spice-0.12.8-15.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    spice-0.12.8-15.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    spice-0.12.8-15.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    spice-0.12.8-15.1
SUSE Enterprise Storage 5 (src):    spice-0.12.8-15.1
HPE Helion Openstack 8 (src):    spice-0.12.8-15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2020-10-29 14:29:18 UTC
SUSE-SU-2020:3085-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1177158
CVE References: CVE-2020-14355
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    spice-gtk-0.33-3.9.1
SUSE OpenStack Cloud Crowbar 8 (src):    spice-gtk-0.33-3.9.1
SUSE OpenStack Cloud 9 (src):    spice-gtk-0.33-3.9.1
SUSE OpenStack Cloud 8 (src):    spice-gtk-0.33-3.9.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    spice-gtk-0.33-3.9.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    spice-gtk-0.33-3.9.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    spice-gtk-0.33-3.9.1
SUSE Linux Enterprise Server 12-SP5 (src):    spice-gtk-0.33-3.9.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    spice-gtk-0.33-3.9.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    spice-gtk-0.33-3.9.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    spice-gtk-0.33-3.9.1
SUSE Enterprise Storage 5 (src):    spice-gtk-0.33-3.9.1
HPE Helion Openstack 8 (src):    spice-gtk-0.33-3.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2020-11-01 11:15:00 UTC
openSUSE-SU-2020:1803-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1177158
CVE References: CVE-2020-14355
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    spice-gtk-0.37-lp152.2.3.1
Comment 13 Swamp Workflow Management 2020-11-01 11:17:19 UTC
openSUSE-SU-2020:1802-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1177158
CVE References: CVE-2020-14355
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    spice-0.14.2-lp152.2.3.1
Comment 16 Bruce Rogers 2020-11-03 13:34:30 UTC
I'll work on them. Lots to do, you know ;)
Comment 17 Alexandros Toptsoglou 2020-11-03 13:39:19 UTC
(In reply to Bruce Rogers from comment #16)
> I'll work on them. Lots to do, you know ;)

Thanks Bruce :)
Comment 19 Charles Arnold 2021-06-03 22:09:41 UTC
Submitted for the missing distros.
Comment 20 Swamp Workflow Management 2021-06-08 22:21:02 UTC
SUSE-SU-2021:1901-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1177158,1181686
CVE References: CVE-2020-14355,CVE-2021-20201
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    spice-0.14.0-4.9.1
SUSE Linux Enterprise Server 15-LTSS (src):    spice-0.14.0-4.9.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    spice-0.14.0-4.9.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    spice-0.14.0-4.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Swamp Workflow Management 2021-06-08 22:30:31 UTC
SUSE-SU-2021:14744-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1177158,1181686,982386
CVE References: CVE-2016-2150,CVE-2020-14355,CVE-2021-20201
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    spice-0.12.4-21.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    spice-0.12.4-21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2021-06-08 22:31:55 UTC
SUSE-SU-2021:1905-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1177158
CVE References: CVE-2020-14355
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    spice-gtk-0.31-9.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 Swamp Workflow Management 2021-06-08 22:33:05 UTC
SUSE-SU-2021:1902-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1177158,1181686
CVE References: CVE-2020-14355,CVE-2021-20201
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    spice-0.12.7-10.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Wolfgang Frisch 2021-06-09 11:45:44 UTC
Released.
Comment 25 Swamp Workflow Management 2021-06-09 13:17:44 UTC
SUSE-SU-2021:1911-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1177158
CVE References: CVE-2020-14355
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    spice-gtk-0.34-3.6.1
SUSE Linux Enterprise Server 15-LTSS (src):    spice-gtk-0.34-3.6.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    spice-gtk-0.34-3.6.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    spice-gtk-0.34-3.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2021-06-10 10:27:28 UTC
SUSE-SU-2021:1928-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1177158
CVE References: CVE-2020-14355
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    spice-gtk-0.35-3.3.1
SUSE Manager Retail Branch Server 4.0 (src):    spice-gtk-0.35-3.3.1
SUSE Manager Proxy 4.0 (src):    spice-gtk-0.35-3.3.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    spice-gtk-0.35-3.3.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    spice-gtk-0.35-3.3.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    spice-gtk-0.35-3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    spice-gtk-0.35-3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    spice-gtk-0.35-3.3.1
SUSE Enterprise Storage 6 (src):    spice-gtk-0.35-3.3.1
SUSE CaaS Platform 4.0 (src):    spice-gtk-0.35-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2021-06-11 16:18:42 UTC
SUSE-SU-2021:1956-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1177158,1181686
CVE References: CVE-2020-14355,CVE-2021-20201
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    spice-0.14.1-4.3.1
SUSE Manager Retail Branch Server 4.0 (src):    spice-0.14.1-4.3.1
SUSE Manager Proxy 4.0 (src):    spice-0.14.1-4.3.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    spice-0.14.1-4.3.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    spice-0.14.1-4.3.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    spice-0.14.1-4.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    spice-0.14.1-4.3.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    spice-0.14.1-4.3.1
SUSE Enterprise Storage 6 (src):    spice-0.14.1-4.3.1
SUSE CaaS Platform 4.0 (src):    spice-0.14.1-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.