vulnerability
SUSE: CVE-2020-14355: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | 2020-10-06 | 2020-10-31 | 2021-10-22 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
2020-10-06
Added
2020-10-31
Modified
2021-10-22
Description
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
Solution(s)
suse-upgrade-libspice-client-glib-2_0-8suse-upgrade-libspice-client-glib-helpersuse-upgrade-libspice-client-gtk-2_0-4suse-upgrade-libspice-client-gtk-3_0-4suse-upgrade-libspice-client-gtk-3_0-5suse-upgrade-libspice-controller0suse-upgrade-libspice-server-develsuse-upgrade-libspice-server1suse-upgrade-spice-gtksuse-upgrade-spice-gtk-develsuse-upgrade-spice-gtk-langsuse-upgrade-typelib-1_0-spiceclientglib-2_0suse-upgrade-typelib-1_0-spiceclientgtk-3_0
References
- SUSE-SUSE-SU-2020:3070-1
- SUSE-SUSE-SU-2020:3071-1
- SUSE-SUSE-SU-2020:3084-1
- SUSE-SUSE-SU-2020:3085-1
- SUSE-SUSE-SU-2021:14744-1
- SUSE-SUSE-SU-2021:1901-1
- SUSE-SUSE-SU-2021:1902-1
- SUSE-SUSE-SU-2021:1905-1
- SUSE-SUSE-SU-2021:1911-1
- SUSE-SUSE-SU-2021:1928-1
- SUSE-SUSE-SU-2021:1956-1
- UBUNTU-USN-4572-1
- UBUNTU-USN-4572-2
- NVD-CVE-2020-14355
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.