denisse-dev/ASA-202103-10

## ASA-202103-10
Arch Linux Security Advisory ASA-202103-10
=========================================

Severity: Critical
Date    : 2021-03-24
CVE-ID  : CVE-2020-14355, CVE-2021-20201
Package : spice
Type    : arbitrary code execution, denial of service
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1239

Summary
=======

The package spice before version 0.14.3-3 is vulnerable to arbitrary
code execution and denial of service.

Resolution
==========

Upgrade to 0.14.91.

# pacman -Syu "spice>=0.14.91"

The problem has been fixed upstream in version 0.14.91.

Workaround
==========

None.

Description
===========

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding
process of the SPICE remote display system. These flaws reside in the
spice-common shared code between the client and the Spice server.

A denial of service vulnerability was found in the OpenSSL implementation of
Spice. This vulnerability allows for a remote attacker to perform many TLS
renegotiations within a single connection resulting in a denial of service.

Impact
======

An attacker might be able to cause a denial of service or execute arbitrary code
using a specially crafted message.

References
==========

https://www.openwall.com/lists/oss-security/2020/10/06/10
https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0aba
https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d7478
https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7
https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b6
https://bugzilla.redhat.com/show_bug.cgi?id=1921846
https://gitlab.freedesktop.org/spice/spice/-/issues/49
https://gitlab.freedesktop.org/spice/spice/-/merge_requests/150
https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9
https://gitlab.freedesktop.org/spice/spice/-/commit/ca5bbc5692e052159bce1a75f55dc60b36078749
	Arch Linux Security Advisory ASA-202103-10
	=========================================

	Severity: Critical
	Date : 2021-03-24
	CVE-ID : CVE-2020-14355, CVE-2021-20201
	Package : spice
	Type : arbitrary code execution, denial of service
	Remote : Yes
	Link : https://security.archlinux.org/AVG-1239

	Summary
	=======

	The package spice before version 0.14.3-3 is vulnerable to arbitrary
	code execution and denial of service.

	Resolution
	==========

	Upgrade to 0.14.91.

	# pacman -Syu "spice>=0.14.91"

	The problem has been fixed upstream in version 0.14.91.

	Workaround
	==========

	None.

	Description
	===========

	Multiple buffer overflow vulnerabilities were found in the QUIC image decoding
	process of the SPICE remote display system. These flaws reside in the
	spice-common shared code between the client and the Spice server.

	A denial of service vulnerability was found in the OpenSSL implementation of
	Spice. This vulnerability allows for a remote attacker to perform many TLS
	renegotiations within a single connection resulting in a denial of service.

	Impact
	======

	An attacker might be able to cause a denial of service or execute arbitrary code
	using a specially crafted message.

	References
	==========

	https://www.openwall.com/lists/oss-security/2020/10/06/10
	https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0aba
	https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d7478
	https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7
	https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b6
	https://bugzilla.redhat.com/show_bug.cgi?id=1921846
	https://gitlab.freedesktop.org/spice/spice/-/issues/49
	https://gitlab.freedesktop.org/spice/spice/-/merge_requests/150
	https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9
	https://gitlab.freedesktop.org/spice/spice/-/commit/ca5bbc5692e052159bce1a75f55dc60b36078749