| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| systemd_service_default_file.patch | Adjust the path to the default file | Laurent Bigonville <bigon@debian.org> | not-needed | |||
| vdagentd-work-around-GLib-s-fork-issues.patch | vdagentd: work around GLib's fork issues Creating threads is not compatible with forking as only the thread that calls fork() is inherited. Handlers registered with g_unix_signal_add() create a thread so move these calls after fork. Also call g_socket_service_start() after fork to avoid creation of new threads before it is necessary. Also see: https://gitlab.gnome.org/GNOME/glib/issues/2073 |
=?utf-8?q?Jakub_Jank=C5=AF?= <jjanku@redhat.com> | no | 2020-03-20 | ||
| systemd-login-Avoid-a-crash-on-container.patch | systemd-login: Avoid a crash on container On containers dbus could be not running. In this case dbus.system_connection is NULL and calling dbus_connection_close on it will cause a crash. This happens also under Gitlab CI. |
Frediano Ziglio <fziglio@redhat.com> | no | 2020-03-26 | ||
| CVE-2020-25650-1.patch | [PATCH 02/10] Avoids unchecked file transfer IDs allocation and usage Avoid agents allocating file transfers. The "active_xfers" entries are now inserted when client start sending files. Also different agents cannot mess with other agent transfers as a transfer is bound to a single agent. This issue was reported by SUSE security team. |
Frediano Ziglio <freddy77@gmail.com> | no | 2020-09-19 | ||
| CVE-2020-25650-2.patch | [PATCH 03/10] Avoids uncontrolled "active_xfers" allocations Limit the number of active file transfers possibly causing DoSes consuming memory in "active_xfers". This issue was reported by SUSE security team. |
Frediano Ziglio <freddy77@gmail.com> | no | 2020-10-02 | ||
| CVE-2020-25651-1.patch | [PATCH 08/10] cleanup active_xfers when the client disconnects | Uri Lublin <uril@redhat.com> | no | 2020-10-07 | ||
| CVE-2020-25651-2.patch | [PATCH 09/10] vdagentd: do not allow to use an already used file-xfer id | Uri Lublin <uril@redhat.com> | no | 2020-10-11 | ||
| CVE-2020-25653-1.patch | [PATCH 05/10] Avoids user session hijacking Avoids user hijacking sessions by reusing PID. In theory an attacker could: - open a connection to the daemon; - fork and exit the process but keep the file descriptor open (inheriting or duplicating it in forked process); - force OS to recycle the initial PID, by creating many short lived processes. Daemon would detect the old PID as having the new session. Check the user to avoid such replacements. This issue was reported by SUSE security team. |
Frediano Ziglio <freddy77@gmail.com> | no | 2020-09-20 | ||
| CVE-2020-25653-2.patch | [PATCH 06/10] Better check for sessions Do not allow other users to hijack a session checking that the process is launched by the owner of the session. |
Frediano Ziglio <freddy77@gmail.com> | no | 2020-09-21 | ||
| CVE-2020-25652-1.patch | [PATCH 04/10] Avoids unlimited agent connections Limit the number of agents that can be connected. Avoids reaching the maximum number of files in a process. Beside one file descriptor per agent the daemon open just some other fixed number of files. This issue was reported by SUSE security team. |
Frediano Ziglio <freddy77@gmail.com> | no | 2020-09-20 | ||
| CVE-2020-25652-2.patch | [PATCH 07/10] vdagentd: Limit number of agents per session to 1 | Frediano Ziglio <freddy77@gmail.com> | no | 2020-09-24 | ||
| CVE-2020-2565x-1.patch | [PATCH 01/10] vdagentd: Avoid calling chmod Create the socket with the right permissions using umask. This also prevents possible symlink exploitation in case socket path is not secure. |
Frediano Ziglio <freddy77@gmail.com> | no | 2020-09-24 |