A issue was discovered in spice v0.14.91 and before. There is a DoS Vulnerability which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection. Upstream issue: https://gitlab.freedesktop.org/spice/spice/-/issues/49 References: https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
Created spice tracking bugs for this issue: Affects: fedora-all [bug 1921847]
Upstream commits: https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9 https://gitlab.freedesktop.org/spice/spice/-/commit/ca5bbc5692e052159bce1a75f55dc60b36078749
External References: https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1924 https://access.redhat.com/errata/RHSA-2021:1924
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-20201