RedHat has issued an advisory on May 18:
The issue is fixed upstream in 0.14.92.
Mageia 7 is also affected.
Fixed upstream in 0.14.92
Assigning to Thierry: you did in Cauldron the 0.14.3 update, and the recent 0.15.0 one.
@DavidW : will that do the job of 0.14.92 ?
openSUSE has issued an advisory for this on June 17:
Removing Mageia 7 from whiteboard due to EOL:
Fixed package pushed in mga8:
Fixed upstream in 0.14.92 =>
MGA8-64 Plasmaon Lenovo B50
No installation issues.
This laptop is not sufficuently equipped to run VM's.
Updated spice packages fix a security vulnerability:
A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection (CVE-2021-20201).
Updated packages in core/updates_testing:
Created attachment 12901 [details]
Log of installation/upgrade
Tested Spice with Virt-Manager, Qemu/KVM
Host is Mageia 8 KDE Plasma, guest also Mageia 8 KDE Plasma
Shared folder, ok
Clipboard sharing, both directions ok
USB redirection, created and deleted files on an usb flash drive - ok.
I will give details of host and guest configuration later.
I documented the needs and proceedings to get it running in the international forum
Setting the bug report to ok! Finally!
An update for this issue has been pushed to the Mageia Updates repository.