Debian-LTS has issued an advisory on November 29:
The upstream commit that fixed the issue is linked from here:
Mageia 7 is also affected.
Patched packages uploaded for Mageia 7 and Cauldron by David.
Updated libvncserver packages fix security vulnerability:
LibVNC contained a memory leak in VNC server code, which allowed an attacker to
read stack memory and could be abused for information disclosure. Combined with
another vulnerability, it could be used to leak stack memory and bypass ASLR.
This attack appeared to be exploitable via network connectivity
Updated packages in core/updates_testing:
QA-repo answers: "libvncserver1-0.9.12-2.1.mga7 not found in the remote repository"
Usually the Belgian mirror is one day behind, but not more, and tnef I just tested, loaded on the same day.
If you test 64bit, that would be:
MGA7-64 Plasma on Lenovo B50
No installation issues.
Installed x11vnc to test and connected from my desktop PC, works OK.
(In reply to Herman Viaene from comment #4)
> Grrrrrr, headbanging.
I've been there. QARepo is a really great tool for QA, but it was designed to use copy-and-paste to get the rpm list. When the rpms are listed so that won't work, it's a pain in the neck.
Validating. Advisory in Comment 1.
An update for this issue has been pushed to the Mageia Updates repository.