LibVNCServer 0.9.12 has been released on January 6: https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.12 It says that it fixed multiple security issues in LibVNCClient. Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
Fixed both mga6 and Cauldron!
CC: (none) => geiger.david68210
Thanks! Advisory: ======================== Updated libvncserver packages fix security vulnerabilities: A heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity (CVE-2018-6307). A heap out-of-bound write vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity (CVE-2018-15127). Multiple heap out-of-bound write vulnerabilities in VNC client code, which can result in remote code execution (CVE-2018-20019). Heap out-of-bound write vulnerability in a structure in VNC client code, which can result in remote code execution (CVE-2018-20020). Infinite Loop vulnerability in VNC client code. The vulnerability could allow an attacker to consume an excessive amount of resources, such as CPU and RAM (CVE-2018-20021). Improper Initialization weaknesses in VNC client code, which could allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and bypass ASLR (CVE-2018-20022). Improper Initialization vulnerability in VNC Repeater client code, which could allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and bypass ASLR (CVE-2018-20023). A null pointer dereference in VNC client code, which can result in DoS (CVE-2018-20024). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024 https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.12 https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html ======================== Updated packages in core/updates_testing: ======================== libvncserver1-0.9.12-1.mga6 libvncserver-devel-0.9.12-1.mga6 from libvncserver-0.9.12-1.mga6.src.rpm
Assignee: bugsquad => qa-bugsWhiteboard: MGA6TOO => (none)Version: Cauldron => 6
Missed one CVE in the advisory. Advisory: ======================== Updated libvncserver packages fix security vulnerabilities: A heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity (CVE-2018-6307). A heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity (CVE-2018-15126). A heap out-of-bound write vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity (CVE-2018-15127). Multiple heap out-of-bound write vulnerabilities in VNC client code, which can result in remote code execution (CVE-2018-20019). Heap out-of-bound write vulnerability in a structure in VNC client code, which can result in remote code execution (CVE-2018-20020). Infinite Loop vulnerability in VNC client code. The vulnerability could allow an attacker to consume an excessive amount of resources, such as CPU and RAM (CVE-2018-20021). Improper Initialization weaknesses in VNC client code, which could allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and bypass ASLR (CVE-2018-20022). Improper Initialization vulnerability in VNC Repeater client code, which could allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and bypass ASLR (CVE-2018-20023). A null pointer dereference in VNC client code, which can result in DoS (CVE-2018-20024). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024 https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.12 https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html https://lists.opensuse.org/opensuse-updates/2019-01/msg00027.html
x11vnc is also affected by these issues. Advisory: ======================== Updated libvncserver and x11vnc packages fix security vulnerabilities: A heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity (CVE-2018-6307). A heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity (CVE-2018-15126). A heap out-of-bound write vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity (CVE-2018-15127). Multiple heap out-of-bound write vulnerabilities in VNC client code, which can result in remote code execution (CVE-2018-20019). Heap out-of-bound write vulnerability in a structure in VNC client code, which can result in remote code execution (CVE-2018-20020). Infinite Loop vulnerability in VNC client code. The vulnerability could allow an attacker to consume an excessive amount of resources, such as CPU and RAM (CVE-2018-20021). Improper Initialization weaknesses in VNC client code, which could allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and bypass ASLR (CVE-2018-20022). Improper Initialization vulnerability in VNC Repeater client code, which could allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and bypass ASLR (CVE-2018-20023). A null pointer dereference in VNC client code, which can result in DoS (CVE-2018-20024). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024 https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.12 https://github.com/LibVNC/x11vnc/releases/tag/0.9.15 https://github.com/LibVNC/x11vnc/releases/tag/0.9.16 https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html https://lists.opensuse.org/opensuse-updates/2019-01/msg00027.html ======================== Updated packages in core/updates_testing: ======================== libvncserver1-0.9.12-1.mga6 libvncserver-devel-0.9.12-1.mga6 x11vnc-0.9.16-1.mga6 from SRPMS: libvncserver-0.9.12-1.mga6.src.rpm x11vnc-0.9.16-1.mga6.src.rpm
Summary: libvncserver new security issues fixed upstream in 0.9.12 => libvncserver, x11vnc new security issues fixed upstream in 0.9.12, 0.9.16
Severity: normal => critical
Installed and tested without issues. Tested using krdc and tigervnc clients. System: Mageia 6, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver. $ uname -a Linux marte 4.14.89-desktop-1.mga6 #1 SMP Mon Dec 17 13:14:48 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | egrep -i 'vnc|krdc' | sort krdc-17.12.2-1.mga6 krdc-handbook-17.12.2-1.mga6 lib64krdccore5-17.12.2-1.mga6 lib64vncserver1-0.9.12-1.mga6 tigervnc-1.8.0-1.mga6 x11vnc-0.9.16-1.mga6
Severity: critical => normalCC: (none) => mageiaWhiteboard: (none) => MGA6-64-OK
(In reply to PC LX from comment #5) > Installed and tested without issues. Super work, and not easy. Advisory done from comment 4; validating.
Keywords: (none) => advisory, validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0037.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
Ubuntu has issued an advisory for this on January 31: https://usn.ubuntu.com/3877-1/ This update also fixed CVE-2018-20748 and CVE-2018-20749. We missed CVE-2018-20750, however.
This update also fixed CVE-2017-18922: https://ubuntu.com/security/notices/USN-4407-1