Red Hat Product Errata RHSA-2021:1791 - Security Advisory

Issued:: 2021-05-18
Updated:: 2021-05-18

RHSA-2021:1791 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: spice-vdagent security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for spice-vdagent is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The spice-vdagent packages provide a SPICE agent for Linux guests.

Security Fix(es):

spice-vdagent: possible file transfer DoS and information leak via active_xfers hash map (CVE-2020-25651)
spice-vdagent: UNIX domain socket peer PID retrieved via SO_PEERCRED is subject to race condition (CVE-2020-25653)
spice-vdagent: memory DoS via arbitrary entries in active_xfers hash table (CVE-2020-25650)
spice-vdagent: possibility to exhaust file descriptors in vdagentd (CVE-2020-25652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
Red Hat Enterprise Linux Server - AUS 8.6 x86_64
Red Hat Enterprise Linux Server - AUS 8.4 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
Red Hat Enterprise Linux Server - TUS 8.6 x86_64
Red Hat Enterprise Linux Server - TUS 8.4 x86_64
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

BZ - 1790904 - [wayland] Multiple displays: mouse coordinates taken from the other display
BZ - 1824610 - [wayland] 3. and 4. spice display does not react to mouse interaction
BZ - 1886345 - CVE-2020-25650 spice-vdagent: memory DoS via arbitrary entries in active_xfers hash table
BZ - 1886359 - CVE-2020-25651 spice-vdagent: possible file transfer DoS and information leak via active_xfers hash map
BZ - 1886366 - CVE-2020-25652 spice-vdagent: possibility to exhaust file descriptors in vdagentd
BZ - 1886372 - CVE-2020-25653 spice-vdagent: UNIX domain socket peer PID retrieved via SO_PEERCRED is subject to race condition

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
x86_64
spice-vdagent-0.20.0-3.el8.x86_64.rpm	SHA-256: 5ebacdb098a53ad85efefd3a05664eed6c2db94939ee2094dcdadfcc8c6016df
spice-vdagent-debuginfo-0.20.0-3.el8.x86_64.rpm	SHA-256: c83ecb3f9b199bd2a38998f17d1ee1ee56c8bf1e1939cfe6d60fc9e753e1c42b
spice-vdagent-debugsource-0.20.0-3.el8.x86_64.rpm	SHA-256: dd85d8a0bea80544b75e82b0d6b4077885e0b5e60e87f0b0c762d98de1ad2633

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
x86_64
spice-vdagent-0.20.0-3.el8.x86_64.rpm	SHA-256: 5ebacdb098a53ad85efefd3a05664eed6c2db94939ee2094dcdadfcc8c6016df
spice-vdagent-debuginfo-0.20.0-3.el8.x86_64.rpm	SHA-256: c83ecb3f9b199bd2a38998f17d1ee1ee56c8bf1e1939cfe6d60fc9e753e1c42b
spice-vdagent-debugsource-0.20.0-3.el8.x86_64.rpm	SHA-256: dd85d8a0bea80544b75e82b0d6b4077885e0b5e60e87f0b0c762d98de1ad2633

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
x86_64
spice-vdagent-0.20.0-3.el8.x86_64.rpm	SHA-256: 5ebacdb098a53ad85efefd3a05664eed6c2db94939ee2094dcdadfcc8c6016df
spice-vdagent-debuginfo-0.20.0-3.el8.x86_64.rpm	SHA-256: c83ecb3f9b199bd2a38998f17d1ee1ee56c8bf1e1939cfe6d60fc9e753e1c42b
spice-vdagent-debugsource-0.20.0-3.el8.x86_64.rpm	SHA-256: dd85d8a0bea80544b75e82b0d6b4077885e0b5e60e87f0b0c762d98de1ad2633

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
x86_64
spice-vdagent-0.20.0-3.el8.x86_64.rpm	SHA-256: 5ebacdb098a53ad85efefd3a05664eed6c2db94939ee2094dcdadfcc8c6016df
spice-vdagent-debuginfo-0.20.0-3.el8.x86_64.rpm	SHA-256: c83ecb3f9b199bd2a38998f17d1ee1ee56c8bf1e1939cfe6d60fc9e753e1c42b
spice-vdagent-debugsource-0.20.0-3.el8.x86_64.rpm	SHA-256: dd85d8a0bea80544b75e82b0d6b4077885e0b5e60e87f0b0c762d98de1ad2633

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
x86_64
spice-vdagent-0.20.0-3.el8.x86_64.rpm	SHA-256: 5ebacdb098a53ad85efefd3a05664eed6c2db94939ee2094dcdadfcc8c6016df
spice-vdagent-debuginfo-0.20.0-3.el8.x86_64.rpm	SHA-256: c83ecb3f9b199bd2a38998f17d1ee1ee56c8bf1e1939cfe6d60fc9e753e1c42b
spice-vdagent-debugsource-0.20.0-3.el8.x86_64.rpm	SHA-256: dd85d8a0bea80544b75e82b0d6b4077885e0b5e60e87f0b0c762d98de1ad2633

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
s390x
spice-vdagent-0.20.0-3.el8.s390x.rpm	SHA-256: ec4c882823dad2475081307a5f94bca1782732e4b7a260ea49068afa108097fa
spice-vdagent-debuginfo-0.20.0-3.el8.s390x.rpm	SHA-256: 0bf3cc39cc669fa3afe0cf2d7462224cbebdbcaf8872881c635cb858e057cfc8
spice-vdagent-debugsource-0.20.0-3.el8.s390x.rpm	SHA-256: 2a5cad969eb7dc080b11577e8327ba3fb9151f037bc6af5b7b7237e9fca99334

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
s390x
spice-vdagent-0.20.0-3.el8.s390x.rpm	SHA-256: ec4c882823dad2475081307a5f94bca1782732e4b7a260ea49068afa108097fa
spice-vdagent-debuginfo-0.20.0-3.el8.s390x.rpm	SHA-256: 0bf3cc39cc669fa3afe0cf2d7462224cbebdbcaf8872881c635cb858e057cfc8
spice-vdagent-debugsource-0.20.0-3.el8.s390x.rpm	SHA-256: 2a5cad969eb7dc080b11577e8327ba3fb9151f037bc6af5b7b7237e9fca99334

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
s390x
spice-vdagent-0.20.0-3.el8.s390x.rpm	SHA-256: ec4c882823dad2475081307a5f94bca1782732e4b7a260ea49068afa108097fa
spice-vdagent-debuginfo-0.20.0-3.el8.s390x.rpm	SHA-256: 0bf3cc39cc669fa3afe0cf2d7462224cbebdbcaf8872881c635cb858e057cfc8
spice-vdagent-debugsource-0.20.0-3.el8.s390x.rpm	SHA-256: 2a5cad969eb7dc080b11577e8327ba3fb9151f037bc6af5b7b7237e9fca99334

Red Hat Enterprise Linux for Power, little endian 8

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
ppc64le
spice-vdagent-0.20.0-3.el8.ppc64le.rpm	SHA-256: 467349f54ab66293553099a6207f95e2d80e2a5fdb9a288f5f2883745c08a6d2
spice-vdagent-debuginfo-0.20.0-3.el8.ppc64le.rpm	SHA-256: 4aa4c824dda32af66adb73e29bc7a2bac2283a6e32565f70cefc5e52740c293b
spice-vdagent-debugsource-0.20.0-3.el8.ppc64le.rpm	SHA-256: 10d4442738baac043e9d6665bfc9ec3394eaadf082bfbf9cbf7f284d6756e0fa

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
ppc64le
spice-vdagent-0.20.0-3.el8.ppc64le.rpm	SHA-256: 467349f54ab66293553099a6207f95e2d80e2a5fdb9a288f5f2883745c08a6d2
spice-vdagent-debuginfo-0.20.0-3.el8.ppc64le.rpm	SHA-256: 4aa4c824dda32af66adb73e29bc7a2bac2283a6e32565f70cefc5e52740c293b
spice-vdagent-debugsource-0.20.0-3.el8.ppc64le.rpm	SHA-256: 10d4442738baac043e9d6665bfc9ec3394eaadf082bfbf9cbf7f284d6756e0fa

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
ppc64le
spice-vdagent-0.20.0-3.el8.ppc64le.rpm	SHA-256: 467349f54ab66293553099a6207f95e2d80e2a5fdb9a288f5f2883745c08a6d2
spice-vdagent-debuginfo-0.20.0-3.el8.ppc64le.rpm	SHA-256: 4aa4c824dda32af66adb73e29bc7a2bac2283a6e32565f70cefc5e52740c293b
spice-vdagent-debugsource-0.20.0-3.el8.ppc64le.rpm	SHA-256: 10d4442738baac043e9d6665bfc9ec3394eaadf082bfbf9cbf7f284d6756e0fa

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
x86_64
spice-vdagent-0.20.0-3.el8.x86_64.rpm	SHA-256: 5ebacdb098a53ad85efefd3a05664eed6c2db94939ee2094dcdadfcc8c6016df
spice-vdagent-debuginfo-0.20.0-3.el8.x86_64.rpm	SHA-256: c83ecb3f9b199bd2a38998f17d1ee1ee56c8bf1e1939cfe6d60fc9e753e1c42b
spice-vdagent-debugsource-0.20.0-3.el8.x86_64.rpm	SHA-256: dd85d8a0bea80544b75e82b0d6b4077885e0b5e60e87f0b0c762d98de1ad2633

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
x86_64
spice-vdagent-0.20.0-3.el8.x86_64.rpm	SHA-256: 5ebacdb098a53ad85efefd3a05664eed6c2db94939ee2094dcdadfcc8c6016df
spice-vdagent-debuginfo-0.20.0-3.el8.x86_64.rpm	SHA-256: c83ecb3f9b199bd2a38998f17d1ee1ee56c8bf1e1939cfe6d60fc9e753e1c42b
spice-vdagent-debugsource-0.20.0-3.el8.x86_64.rpm	SHA-256: dd85d8a0bea80544b75e82b0d6b4077885e0b5e60e87f0b0c762d98de1ad2633

Red Hat Enterprise Linux for ARM 64 8

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
aarch64
spice-vdagent-0.20.0-3.el8.aarch64.rpm	SHA-256: c8c51e299511bdd7388de0d8e33e0c5435ed6a7eaefe0efbf8c96ef0efeaff33
spice-vdagent-debuginfo-0.20.0-3.el8.aarch64.rpm	SHA-256: 90e9a4773fdc45a6b7b1033c1a25aec1608008c0b4eddd425fe8a7b0b99a81f0
spice-vdagent-debugsource-0.20.0-3.el8.aarch64.rpm	SHA-256: 76b6cc48d50dc3a685ade1526086fe080f9b1a22ed35b6a363e9ffc519b68a03

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
aarch64
spice-vdagent-0.20.0-3.el8.aarch64.rpm	SHA-256: c8c51e299511bdd7388de0d8e33e0c5435ed6a7eaefe0efbf8c96ef0efeaff33
spice-vdagent-debuginfo-0.20.0-3.el8.aarch64.rpm	SHA-256: 90e9a4773fdc45a6b7b1033c1a25aec1608008c0b4eddd425fe8a7b0b99a81f0
spice-vdagent-debugsource-0.20.0-3.el8.aarch64.rpm	SHA-256: 76b6cc48d50dc3a685ade1526086fe080f9b1a22ed35b6a363e9ffc519b68a03

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
aarch64
spice-vdagent-0.20.0-3.el8.aarch64.rpm	SHA-256: c8c51e299511bdd7388de0d8e33e0c5435ed6a7eaefe0efbf8c96ef0efeaff33
spice-vdagent-debuginfo-0.20.0-3.el8.aarch64.rpm	SHA-256: 90e9a4773fdc45a6b7b1033c1a25aec1608008c0b4eddd425fe8a7b0b99a81f0
spice-vdagent-debugsource-0.20.0-3.el8.aarch64.rpm	SHA-256: 76b6cc48d50dc3a685ade1526086fe080f9b1a22ed35b6a363e9ffc519b68a03

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
ppc64le
spice-vdagent-0.20.0-3.el8.ppc64le.rpm	SHA-256: 467349f54ab66293553099a6207f95e2d80e2a5fdb9a288f5f2883745c08a6d2
spice-vdagent-debuginfo-0.20.0-3.el8.ppc64le.rpm	SHA-256: 4aa4c824dda32af66adb73e29bc7a2bac2283a6e32565f70cefc5e52740c293b
spice-vdagent-debugsource-0.20.0-3.el8.ppc64le.rpm	SHA-256: 10d4442738baac043e9d6665bfc9ec3394eaadf082bfbf9cbf7f284d6756e0fa

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
ppc64le
spice-vdagent-0.20.0-3.el8.ppc64le.rpm	SHA-256: 467349f54ab66293553099a6207f95e2d80e2a5fdb9a288f5f2883745c08a6d2
spice-vdagent-debuginfo-0.20.0-3.el8.ppc64le.rpm	SHA-256: 4aa4c824dda32af66adb73e29bc7a2bac2283a6e32565f70cefc5e52740c293b
spice-vdagent-debugsource-0.20.0-3.el8.ppc64le.rpm	SHA-256: 10d4442738baac043e9d6665bfc9ec3394eaadf082bfbf9cbf7f284d6756e0fa

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
x86_64
spice-vdagent-0.20.0-3.el8.x86_64.rpm	SHA-256: 5ebacdb098a53ad85efefd3a05664eed6c2db94939ee2094dcdadfcc8c6016df
spice-vdagent-debuginfo-0.20.0-3.el8.x86_64.rpm	SHA-256: c83ecb3f9b199bd2a38998f17d1ee1ee56c8bf1e1939cfe6d60fc9e753e1c42b
spice-vdagent-debugsource-0.20.0-3.el8.x86_64.rpm	SHA-256: dd85d8a0bea80544b75e82b0d6b4077885e0b5e60e87f0b0c762d98de1ad2633

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM
spice-vdagent-0.20.0-3.el8.src.rpm	SHA-256: a2bf5d1fa307dc33bb9c30be4927ceeab32d4cd6ddca4c8d0ae2f60601daa5a6
x86_64
spice-vdagent-0.20.0-3.el8.x86_64.rpm	SHA-256: 5ebacdb098a53ad85efefd3a05664eed6c2db94939ee2094dcdadfcc8c6016df
spice-vdagent-debuginfo-0.20.0-3.el8.x86_64.rpm	SHA-256: c83ecb3f9b199bd2a38998f17d1ee1ee56c8bf1e1939cfe6d60fc9e753e1c42b
spice-vdagent-debugsource-0.20.0-3.el8.x86_64.rpm	SHA-256: dd85d8a0bea80544b75e82b0d6b4077885e0b5e60e87f0b0c762d98de1ad2633

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation