Bug 24281 - libvncserver new security issue CVE-2018-20750
Summary: libvncserver new security issue CVE-2018-20750
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-02-01 19:22 CET by David Walser
Modified: 2019-02-13 12:10 CET (History)
5 users (show)

See Also:
Source RPM: libvncserver-0.9.12-1.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2019-02-01 19:22:05 CET 
Ubuntu has issued an advisory on January 31:
https://usn.ubuntu.com/3877-1/

The upstream fix is linked from:
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20750.html
Comment 1 David GEIGER 2019-02-02 07:14:59 CET 
Fixed both Cauldron and mga6!
Comment 2 David Walser 2019-02-02 17:23:57 CET 
Thanks!  I don't see the affected code in x11vnc.

Advisory:
========================

Updated libvncserver packages fix security vulnerability:

LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in
libvncserver/rfbserver.c (CVE-2018-20750).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20750
https://usn.ubuntu.com/usn/usn-3877-1
========================

Updated packages in core/updates_testing:
========================
libvncserver1-0.9.12-1.1.mga6
libvncserver-devel-0.9.12-1.1.mga6

from libvncserver-0.9.12-1.1.mga6.src.rpm

Assignee: geiger.david68210 => qa-bugs
Source RPM: libvncserver-0.9.12-1.mga6.src.rpm, x11vnc-0.9.16-1.mga6.src.rpm => libvncserver-0.9.12-1.mga6.src.rpm
CC: (none) => geiger.david68210
Summary: libvncserver, x11vnc new security issue CVE-2018-20750 => libvncserver new security issue CVE-2018-20750

Comment 3 PC LX 2019-02-03 03:54:55 CET 
Installed and tested without issues.

Tested using x11vnc server and tigervnc and krdc clients.

System: Mageia 6, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver.

$ uname -a
Linux marte 4.14.89-desktop-1.mga6 #1 SMP Mon Dec 17 13:14:48 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q lib64vncserver1 krdc tigervnc
lib64vncserver1-0.9.12-1.1.mga6
krdc-17.12.2-1.mga6
tigervnc-1.8.0-1.mga6
$ strace -o x11vnc.log x11vnc -quiet
<SNIP>
The VNC desktop is:      marte:0
PORT=5900
$ grep libvncserver x11vnc.log 
open("/lib64/libvncserver.so.1", O_RDONLY|O_CLOEXEC) = 3

Whiteboard: (none) => MGA6-64-OK
CC: (none) => mageia

Comment 4 Thomas Andrews 2019-02-11 00:42:37 CET 
Validating. Advisory in Comment 2.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2019-02-13 03:22:49 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 5 Mageia Robot 2019-02-13 12:10:37 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0070.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.