| Summary: | gtk-vnc new security issues CVE-2017-5884 and CVE-2017-5885 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, herman.viaene, marja11, mhrambo3501, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://lwn.net/Vulnerabilities/714260/ | ||
| Whiteboard: | advisory MGA5-32-OK MGA5-64-OK | ||
| Source RPM: | gtk-vnc-0.6.0-2.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2017-02-05 15:39:53 CET
David Walser
2017-02-05 15:40:03 CET
Whiteboard:
(none) =>
MGA5TOO Assigning to all packagers collectively, since there is no registered maintainer for this package. CC:
(none) =>
marja11 Updated package uploaded and built for cauldron. I could not find any previous test procedures for this package but did find that the vinagre VNC client uses some of these packages. That would probably be a good place to start testing if you have (or can set up) a VNC server you can connect to. Updated package uploaded for Mageia 5. Advisory: ======================== Updated gtk-vnc package fixes security vulnerabilities: It was found that gtk-vnc code does not properly check boundaries of subrectangle-containing tiles. A malicious server can use this to overwrite parts of the client memory (CVE-2017-5884). In addition, the vnc_connection_server_message() and vnc_color_map_set() functions do not check for integer overflow properly, leading to a malicious server being able to overwrite parts of the client memory (CVE-2017-5885). References: http://openwall.com/lists/oss-security/2017/02/05/5 https://bugzilla.gnome.org/show_bug.cgi?id=778048 https://bugzilla.gnome.org/show_bug.cgi?id=778050 ======================== Updated packages in core/updates_testing: ======================== gtk-vnc-0.5.3-6.1.mga5.x86_64.rpm gtk-vnc-debuginfo-0.5.3-6.1.mga5.x86_64.rpm lib64gtk-vnc1.0_0-0.5.3-6.1.mga5.x86_64.rpm lib64gtk-vnc1.0-devel-0.5.3-6.1.mga5.x86_64.rpm lib64gtk-vnc2.0_0-0.5.3-6.1.mga5.x86_64.rpm lib64gtk-vnc2.0-devel-0.5.3-6.1.mga5.x86_64.rpm lib64gtkvnc-gir1.0-0.5.3-6.1.mga5.x86_64.rpm lib64gtkvnc-gir2.0-0.5.3-6.1.mga5.x86_64.rpm lib64gvnc1.0_0-0.5.3-6.1.mga5.x86_64.rpm lib64gvnc1.0-devel-0.5.3-6.1.mga5.x86_64.rpm lib64gvnc-gir1.0-0.5.3-6.1.mga5.x86_64.rpm python-gtk-vnc-0.5.3-6.1.mga5.x86_64.rpm gtk-vnc-i18n-0.5.3-6.1.mga5.noarch.rpm from gtk-vnc-0.5.3-6.1.mga5.src.rpm CC:
(none) =>
mrambo
Dave Hodgins
2017-02-11 22:53:11 CET
CC:
(none) =>
davidwhodgins Fedora has issued an advisory for this on February 10: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK/ URL:
(none) =>
https://lwn.net/Vulnerabilities/714260/ MGA5-32 on Asus A6000VM Xfce
No installation issues
Installed vinagre to test at CLI
$ strace -o vnc.txt vinagre
and found: open("/lib/libgtk-vnc-2.0.so.0", O_RDONLY|O_CLOEXEC) = 3CC:
(none) =>
herman.viaene Started vncserver on one system, setting a password. Used gvncviewer to connect to that system ok from the system testing the update. Validating the update Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0057.html Status:
NEW =>
RESOLVED |