Debian-LTS has issued an advisory on November 29: https://www.debian.org/lts/security/2019/dla-2014 The upstream commit that fixed the issue is linked from here: https://security-tracker.debian.org/tracker/CVE-2019-15681 Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Patched packages uploaded for Mageia 7 and Cauldron by David. Advisory: ======================== Updated libvncserver packages fix security vulnerability: LibVNC contained a memory leak in VNC server code, which allowed an attacker to read stack memory and could be abused for information disclosure. Combined with another vulnerability, it could be used to leak stack memory and bypass ASLR. This attack appeared to be exploitable via network connectivity (CVE-2019-15681). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15681 https://www.debian.org/lts/security/2019/dla-2014 ======================== Updated packages in core/updates_testing: ======================== libvncserver1-0.9.12-2.1.mga7 libvncserver-devel-0.9.12-2.1.mga7 from libvncserver-0.9.12-2.1.mga7.src.rpm
CC: (none) => geiger.david68210Assignee: bugsquad => qa-bugsWhiteboard: MGA7TOO => (none)Version: Cauldron => 7
QA-repo answers: "libvncserver1-0.9.12-2.1.mga7 not found in the remote repository" Usually the Belgian mirror is one day behind, but not more, and tnef I just tested, loaded on the same day.
CC: (none) => herman.viaene
If you test 64bit, that would be: lib64vncserver1-0.9.12-2.1.mga7
CC: (none) => tmb
Grrrrrr, headbanging.
MGA7-64 Plasma on Lenovo B50 No installation issues. Installed x11vnc to test and connected from my desktop PC, works OK.
Whiteboard: (none) => MGA7-64-OK
(In reply to Herman Viaene from comment #4) > Grrrrrr, headbanging. I've been there. QARepo is a really great tool for QA, but it was designed to use copy-and-paste to get the rpm list. When the rpms are listed so that won't work, it's a pain in the neck. Validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0368.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED