Bug 22847 - libvncserver new security issue CVE-2018-7225
Summary: libvncserver new security issue CVE-2018-7225
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA5TOO MGA6-64-OK MGA5-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2018-03-31 22:00 CEST by David Walser
Modified: 2018-04-08 23:38 CEST (History)
9 users (show)

See Also:
Source RPM: libvncserver-0.9.11-2.mga7.src.rpm
CVE:
Status comment:


Attachments

David Walser 2018-03-31 22:00:26 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 Marja Van Waes 2018-03-31 22:21:00 CEST
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC'ing some committers.

CC: (none) => cjw, geiger.david68210, lmenut, mageia, marja11, mrambo
Assignee: bugsquad => pkg-bugs

Comment 2 David GEIGER 2018-04-01 09:50:43 CEST
Done!
Comment 3 David Walser 2018-04-01 17:18:51 CEST
Advisory:
========================

Updated libvncserver packages fix security vulnerability:

An issue was discovered in LibVNCServer through 0.9.11.
rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length,
leading to access to uninitialized and potentially sensitive data or possibly
unspecified other impact (e.g., an integer overflow) via specially crafted VNC
packets (CVE-2018-7225).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7225
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YYNK6ZTW4QSUNWBL3YCZXRC3QMHW7FZK/
========================

Updated packages in core/updates_testing:
========================
libvncserver0-0.9.10-1.3.mga5
libvncserver-devel-0.9.10-1.3.mga5
libvncserver1-0.9.11-1.1.mga6
libvncserver-devel-0.9.11-1.1.mga6

from SRPMS:
libvncserver-0.9.10-1.3.mga5.src.rpm
libvncserver-0.9.11-1.1.mga6.src.rpm

Version: Cauldron => 6
Whiteboard: MGA6TOO => MGA5TOO

David Walser 2018-04-03 19:16:02 CEST

Assignee: pkg-bugs => qa-bugs

Comment 4 PC LX 2018-04-06 11:37:53 CEST
Installed and tested without issues.

Tested using x11vnc for the server, running locally and remotely (ssh forwarded), and krdc for the client.

System local server: Mageia 6, x86_64, Xorg, Plasma DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver.
System remove server: Mageia 6, x86_64, Xvfb, Openbox, Intel CPU, ssh forwarded.
System client: Mageia 6, x86_64, Xorg, Plasma DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver.

$ uname -a
Linux marte 4.14.30-desktop-3.mga6 #1 SMP Sun Mar 25 22:17:31 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ urpmq --whatrequires libvncserver1-0.9.11-1.1.mga6 | sort -u
krdc
krfb
libvncserver1
libvncserver-devel
linuxvnc
remmina-plugins-vnc
x11vnc

CC: (none) => mageia
Whiteboard: MGA5TOO => MGA5TOO MGA6-64-OK

Comment 5 Herman Viaene 2018-04-06 13:21:35 CEST
MGA5-32 on Dell Latitude D600 Xfce
No installation issues.
Used x11vnc for the server, vncviewer for the client.
I could connect locally as well as from desktop PC to the laptop (MGA6, AMD cpu, Plasma). 
OK to me.

Whiteboard: MGA5TOO MGA6-64-OK => MGA5TOO MGA6-64-OK MGA5-32-OK
CC: (none) => herman.viaene

Lewis Smith 2018-04-08 19:56:20 CEST

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

Comment 6 Mageia Robot 2018-04-08 23:38:35 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0198.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.