Описание
Security update for spice
This update for spice fixes the following issues:
- CVE-2021-20201: client initiated renegotiation causing denial of service (bsc#1181686)
Список пакетов
SUSE Linux Enterprise Micro 5.0
libspice-server1-0.14.2-3.6.1
SUSE Linux Enterprise Module for Server Applications 15 SP2
libspice-server-devel-0.14.2-3.6.1
libspice-server1-0.14.2-3.6.1
Ссылки
- Link for SUSE-SU-2021:1927-1
- E-Mail link for SUSE-SU-2021:1927-1
- SUSE Security Ratings
- SUSE Bug 1181686
- SUSE CVE CVE-2021-20201 page
Описание
A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.
Затронутые продукты
SUSE Linux Enterprise Micro 5.0:libspice-server1-0.14.2-3.6.1
SUSE Linux Enterprise Module for Server Applications 15 SP2:libspice-server-devel-0.14.2-3.6.1
SUSE Linux Enterprise Module for Server Applications 15 SP2:libspice-server1-0.14.2-3.6.1
Ссылки
- CVE-2021-20201
- SUSE Bug 1181686