File _patchinfo of Package patchinfo.17026

<patchinfo incident="17026">
  <issue tracker="bnc" id="1173749">AUDIT-0: EMBARGOED: spice-vdagent: spice-vdagentd.service can be implicitly started by default</issue>
  <issue tracker="bnc" id="1177780">VUL-0: CVE-2020-25650: EMBARGOED: spice-vdagent: memory DoS via arbitrary entries in `active_xfers` hash table</issue>
  <issue tracker="bnc" id="1177781">VUL-0: CVE-2020-25651: EMBARGOED: spice-vdagent: possible file transfer DoS and information leak via `active_xfers` hash map</issue>
  <issue tracker="bnc" id="1177782">VUL-0: CVE-2020-25652: EMBARGOED: spice-vdagent: possibility to exhaust file descriptors in `vdagentd`</issue>
  <issue tracker="bnc" id="1177783">VUL-0: CVE-2020-25653: EMBARGOED: spice-vdagent: UNIX domain socket peer PID retrieved via `SO_PEERCRED` is subject to race condition</issue>
  <issue tracker="cve" id="2020-25650"/>
  <issue tracker="cve" id="2020-25651"/>
  <issue tracker="cve" id="2020-25652"/>
  <issue tracker="cve" id="2020-25653"/>
  <packager>bfrogers</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for spice-vdagent</summary>
  <description>This update for spice-vdagent fixes the following issues:

Security issues fixed:

- CVE-2020-25650: Fixed a memory DoS via arbitrary entries in `active_xfers` hash table (bsc#1177780).
- CVE-2020-25651: Fixed a possible file transfer DoS and information leak via `active_xfers` hash map (bsc#1177781).
- CVE-2020-25652: Fixed a possibility to exhaust file descriptors in `vdagentd` (bsc#1177782).
- CVE-2020-25653: Fixed a race condition when the UNIX domain socket peer PID retrieved via `SO_PEERCRED` (bsc#1177783).
</description>
</patchinfo>