A vulnerability in SPICE VDAgent could allow local attackers to execute arbitrary commands.
|Package||app-emulation/spice-vdagent on all architectures|
|Affected versions||< 0.17.0_p20180319|
|Unaffected versions||>= 0.17.0_p20180319|
Provides a complete open source solution for remote access to virtual machines in a seamless way so you can play videos, record audio, share USB devices and share folders without complications.
SPICE VDAgent does not properly escape save directory before passing to shell.
A local attacker could execute arbitrary commands.
There is no known workaround at this time.
All SPICE VDAgent users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/spice-vdagent-0.17.0_p20180319"
April 08, 2018
April 08, 2018: 1