Bugzilla – Bug 1177158
VUL-0: CVE-2020-14355: spice,spice-gtk: multiple buffer overflow vulnerabilities in QUIC decoding code
Last modified: 2021-06-11 16:18:42 UTC
now public through https://www.openwall.com/lists/oss-security/2020/10/06/10 Hello, Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. More specifically, these flaws reside in the spice-common shared code between the client and server of SPICE. In other words, both the client (spice-gtk) and server are affected by these flaws. A malicious client or server could send specially crafted messages which could result in a process crash or potential code execution scenario. CVE-2020-14355 has been assigned for this flaw by Red Hat Inc. Upstream commits: * https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0aba * https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d7478 * https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7 * https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b6 Credit: Frediano Ziglio (Red Hat) Thank you,
Fixed spice and spice-gtk packages submitted to Factory.
SUSE-SU-2020:3070-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1177158 CVE References: CVE-2020-14355 JIRA References: Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): spice-0.14.2-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:3071-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1177158 CVE References: CVE-2020-14355 JIRA References: Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): spice-gtk-0.37-3.3.2 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): spice-gtk-0.37-3.3.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:3084-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1177158 CVE References: CVE-2020-14355 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): spice-0.12.8-15.1 SUSE OpenStack Cloud Crowbar 8 (src): spice-0.12.8-15.1 SUSE OpenStack Cloud 9 (src): spice-0.12.8-15.1 SUSE OpenStack Cloud 8 (src): spice-0.12.8-15.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): spice-0.12.8-15.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): spice-0.12.8-15.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): spice-0.12.8-15.1 SUSE Linux Enterprise Server 12-SP5 (src): spice-0.12.8-15.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): spice-0.12.8-15.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): spice-0.12.8-15.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): spice-0.12.8-15.1 SUSE Enterprise Storage 5 (src): spice-0.12.8-15.1 HPE Helion Openstack 8 (src): spice-0.12.8-15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:3085-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1177158 CVE References: CVE-2020-14355 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): spice-gtk-0.33-3.9.1 SUSE OpenStack Cloud Crowbar 8 (src): spice-gtk-0.33-3.9.1 SUSE OpenStack Cloud 9 (src): spice-gtk-0.33-3.9.1 SUSE OpenStack Cloud 8 (src): spice-gtk-0.33-3.9.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): spice-gtk-0.33-3.9.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): spice-gtk-0.33-3.9.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): spice-gtk-0.33-3.9.1 SUSE Linux Enterprise Server 12-SP5 (src): spice-gtk-0.33-3.9.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): spice-gtk-0.33-3.9.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): spice-gtk-0.33-3.9.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): spice-gtk-0.33-3.9.1 SUSE Enterprise Storage 5 (src): spice-gtk-0.33-3.9.1 HPE Helion Openstack 8 (src): spice-gtk-0.33-3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:1803-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1177158 CVE References: CVE-2020-14355 JIRA References: Sources used: openSUSE Leap 15.2 (src): spice-gtk-0.37-lp152.2.3.1
openSUSE-SU-2020:1802-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1177158 CVE References: CVE-2020-14355 JIRA References: Sources used: openSUSE Leap 15.2 (src): spice-0.14.2-lp152.2.3.1
I'll work on them. Lots to do, you know ;)
(In reply to Bruce Rogers from comment #16) > I'll work on them. Lots to do, you know ;) Thanks Bruce :)
Submitted for the missing distros.
SUSE-SU-2021:1901-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1177158,1181686 CVE References: CVE-2020-14355,CVE-2021-20201 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): spice-0.14.0-4.9.1 SUSE Linux Enterprise Server 15-LTSS (src): spice-0.14.0-4.9.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): spice-0.14.0-4.9.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): spice-0.14.0-4.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14744-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1177158,1181686,982386 CVE References: CVE-2016-2150,CVE-2020-14355,CVE-2021-20201 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): spice-0.12.4-21.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): spice-0.12.4-21.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1905-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1177158 CVE References: CVE-2020-14355 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): spice-gtk-0.31-9.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1902-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1177158,1181686 CVE References: CVE-2020-14355,CVE-2021-20201 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): spice-0.12.7-10.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Released.
SUSE-SU-2021:1911-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1177158 CVE References: CVE-2020-14355 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): spice-gtk-0.34-3.6.1 SUSE Linux Enterprise Server 15-LTSS (src): spice-gtk-0.34-3.6.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): spice-gtk-0.34-3.6.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): spice-gtk-0.34-3.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1928-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1177158 CVE References: CVE-2020-14355 JIRA References: Sources used: SUSE Manager Server 4.0 (src): spice-gtk-0.35-3.3.1 SUSE Manager Retail Branch Server 4.0 (src): spice-gtk-0.35-3.3.1 SUSE Manager Proxy 4.0 (src): spice-gtk-0.35-3.3.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): spice-gtk-0.35-3.3.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): spice-gtk-0.35-3.3.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): spice-gtk-0.35-3.3.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): spice-gtk-0.35-3.3.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): spice-gtk-0.35-3.3.1 SUSE Enterprise Storage 6 (src): spice-gtk-0.35-3.3.1 SUSE CaaS Platform 4.0 (src): spice-gtk-0.35-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1956-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1177158,1181686 CVE References: CVE-2020-14355,CVE-2021-20201 JIRA References: Sources used: SUSE Manager Server 4.0 (src): spice-0.14.1-4.3.1 SUSE Manager Retail Branch Server 4.0 (src): spice-0.14.1-4.3.1 SUSE Manager Proxy 4.0 (src): spice-0.14.1-4.3.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): spice-0.14.1-4.3.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): spice-0.14.1-4.3.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): spice-0.14.1-4.3.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): spice-0.14.1-4.3.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): spice-0.14.1-4.3.1 SUSE Enterprise Storage 6 (src): spice-0.14.1-4.3.1 SUSE CaaS Platform 4.0 (src): spice-0.14.1-4.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.