Mageia 2020-0280: libvncserver security update
Summary
Updated libvncserver packages fix security vulnerabilities:
libvncclient/sockets.c in LibVNCServer had a buffer overflow via a long
socket filename (CVE-2019-20839).
libvncserver/rfbregion.c had a NULL pointer dereference (CVE-2020-14397).
Byte-aligned data was accessed through uint32_t pointers in
libvncclient/rfbproto.c (CVE-2020-14399).
Byte-aligned data was accessed through uint16_t pointers in
libvncserver/translate.c (CVE-2020-14400).
libvncserver/scale.c had a pixel_value integer overflow (CVE-2020-14401).
libvncserver/corre.c allowed out-of-bounds access via encodings
(CVE-2020-14402).
libvncserver/hextile.c allowed out-of-bounds access via encodings
(CVE-2020-14403).
libvncserver/rre.c allowed out-of-bounds access via encodings
(CVE-2020-14404).
libvncclient/rfbproto.c does not limit TextChat size (CVE-2020-14405).
The libvncserver package has been updated to version 0.9.13, fixing these
issues and several others. See the release announcement for details.
References
- https://bugs.mageia.org/show_bug.cgi?id=26881
- https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.13
- https://www.debian.org/lts/security/2020/dla-2264
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20839
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14397
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14398
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14399
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14400
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14401
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14402
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14403
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14404
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14405
Resolution
MGASA-2020-0280 - Updated libvncserver packages fix security vulnerability
SRPMS
- 7/core/libvncserver-0.9.13-1.mga7
