TigerVNC 1.10.1 has been released today (December 20), fixing security issues: https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1 More details are here: https://www.openwall.com/lists/oss-security/2019/12/20/2 It sounds like there will be more CVEs forthcoming. Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
No registered maintainer. Assigning to Stig as just having upated this; DavidG for a couple of recent commits. Hope this is OK.
Assignee: bugsquad => smelrorCC: (none) => geiger.david68210
Done for mga7 updating to latest 1.10.1 release!
Advisory: ======================== Updated tigervnc packages fix security vulnerabilities: The tigervnc package has been updated to version 1.10.1 to fix multiple unspecified security issues. These issues affect both the client and server and could theoretically allow an malicious peer to take control over the software on the other side. No working exploit is known at this time, and the issues require the peer to first be authenticated (CVE-2019-15691, CVE-2019-15692, CVE-2019-15693, CVE-2019-15694, CVE-2019-15695). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15692 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15693 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15694 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15695 https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1 https://www.openwall.com/lists/oss-security/2019/12/20/2 ======================== Updated packages in core/updates_testing: ======================== tigervnc-1.10.1-1.mga7 tigervnc-server-1.10.1-1.mga7 tigervnc-server-module-1.10.1-1.mga7 tigervnc-java-1.10.1-1.mga7 from tigervnc-1.10.1-1.mga7.src.rpm
Whiteboard: MGA7TOO => (none)Assignee: smelror => qa-bugsVersion: Cauldron => 7
MGA7-64 Plasma on Lenovo B50 No installation issues # systemctl -l status vncserver ● vncserver.service - LSB: Start TigerVNC server at boot time Loaded: loaded (/etc/rc.d/init.d/vncserver; generated) Active: inactive (dead) Docs: man:systemd-sysv-generator(8) # systemctl -l start vncserver # systemctl -l status vncserver ● vncserver.service - LSB: Start TigerVNC server at boot time Loaded: loaded (/etc/rc.d/init.d/vncserver; generated) Active: active (exited) since Sat 2020-01-04 15:09:42 CET; 7s ago Docs: man:systemd-sysv-generator(8) Process: 27164 ExecStart=/etc/rc.d/init.d/vncserver start (code=exited, status=0/SUCCESS) jan 04 15:09:42 mach5.hviaene.thuis systemd[1]: Starting LSB: Start TigerVNC server at boot time... jan 04 15:09:42 mach5.hviaene.thuis vncserver[27164]: Starting vncserver: [ OK ] jan 04 15:09:42 mach5.hviaene.thuis systemd[1]: Started LSB: Start TigerVNC server at boot time. [root@mach5 ~]# vncpasswd Password: Verify: Would you like to enter a view-only password (y/n)? n Opened up firewall, and then tried vncviewer from deesktop PC, but I keep running into "unable connect to socket: connection refused". I've never been able to get a connection to tigervnc. Over to someone more knowledgeable.
CC: (none) => herman.viaene
Do you see tigervnc listening when you check with the following?: netstat -ntlp
Installed without issues but can't get it to work. Both the x0vncserver and vncserver seem to start correctly but I always get a "Invalid display size" error message from the vncviewer client, whatever I try. I'm probably doing something wrong but I just can't solve it. $ x0vncserver -PasswordFile=.vnc/passwd -localhost -geometry 1920x1080 Mon Jan 6 10:50:19 2020 Geometry: Desktop geometry is set to 1920x1080+0+0 XDesktop: Using evdev codemap XDesktop: XDesktop: XTest extension present - version 2.2 Main: Listening on port 5900 Mon Jan 6 10:50:25 2020 Connections: accepted: 127.0.0.1::46556 SConnection: Client needs protocol version 3.8 SConnection: Client requests security type VeNCrypt(19) SVeNCrypt: Client requests security type TLSVnc (258) Mon Jan 6 10:50:28 2020 XDesktop: Enabling 8 buttons of X pointer device XDesktop: Allocated shared memory image VNCSConnST: Server default pixel format depth 24 (32bpp) little-endian rgb888 VNCSConnST: closing 127.0.0.1::46556: Clean disconnection EncodeManager: Framebuffer updates: 0 EncodeManager: Total: 0 rects, 0 pixels EncodeManager: 0 B (1:-nan ratio) TLS: TLS session wasn't terminated gracefully TcpSocket: unable to get peer name for socket Connections: closed: ::0 ComparingUpdateTracker: 0 pixels in / 0 pixels out ComparingUpdateTracker: (1:-nan ratio) ^C Mon Jan 6 10:50:35 2020 Main: Terminated $ vncviewer localhost:0 Visualizador TigerVNC 64 bits v1.10.1 Compilado em: 2019-12-22 07:52 Copyright (C) 1999-2019 Equipe TigerVNC e muitos outros (veja README.rst) Veja https://www.tigervnc.org para informação sobre o TigerVNC. Mon Jan 6 10:50:25 2020 DecodeManager: Detected 4 CPU core(s) DecodeManager: Creating 4 decoder thread(s) CConn: Conectado ao host localhost porta 5900 CConnection: Server supports RFB protocol version 3.8 CConnection: Using RFB protocol version 3.8 CConnection: Choosing security type VeNCrypt(19) CVeNCrypt: Choosing security type TLSVnc (258) Mon Jan 6 10:50:28 2020 CConn: Invalid display size
CC: (none) => mageia
@ David # systemctl -l start vncserver # systemctl -l status vncserver ● vncserver.service - LSB: Start TigerVNC server at boot time Loaded: loaded (/etc/rc.d/init.d/vncserver; generated) Active: active (exited) since Mon 2020-01-06 13:47:10 CET; 7s ago Docs: man:systemd-sysv-generator(8) Process: 12602 ExecStart=/etc/rc.d/init.d/vncserver start (code=exited, status=0/SUCCESS) jan 06 13:47:10 mach5.hviaene.thuis systemd[1]: Starting LSB: Start TigerVNC server at boot time... jan 06 13:47:10 mach5.hviaene.thuis vncserver[12602]: Starting vncserver: [ OK ] jan 06 13:47:10 mach5.hviaene.thuis systemd[1]: Started LSB: Start TigerVNC server at boot time. # netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 1444/cupsd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3366/master tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 3366/master tcp6 0 0 :::631 :::* LISTEN 1444/cupsd tcp6 0 0 ::1:25 :::* LISTEN 3366/master
Well that's not good.
Used ssh to connect from source system running konsole under X to a dest system as the user running X on the dest system over, my local lan. In the ssh session ran the following script ... $ cat bin/myvnctiger #!/bin/bash killall x0vncserver x0vncserver display=:0 -SecurityTypes=None & sleep 4 vncviewer -compresslevel 9 localhost:0 killall x0vncserver Working fine here. Did the same in the other direction as the one computer has the updates installed while the other doesn't. Working ok in both directions, so that tests both the server and guest functions.
CC: (none) => davidwhodginsWhiteboard: (none) => MGA7-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => tmb, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0042.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
@ Dave The way you describe works. But if I understand and see this correctly, this uses the tigervncserver as the x11vncserver: i.e. connect to an existing session. But I think the purpose of vnc is to connect remotely to a vnc server and run there a session which is different from the users/sessions running at that time. And that's what I've never been able to get going and your procedure does not demonstrate either.
No, VNC is typically used to connect to an existing session.
openSUSE has issued an advisory for this on January 21: https://lists.opensuse.org/opensuse-updates/2020-01/msg00087.html
Exactly the same for tigervnc. vncviewer from the same machine works, vncviewer over network gives "Invalid display size".
CC: (none) => spam
After revert from tigervnc-1.10.1-1 to tigervnc-1.9.0 vncviewer works perfectly with server side of version 1.10.1-1
Identical problem for me as well, using 1.10, I get the "Invalid Display Size" error. Reverting to 1.9.0 cures the problem.
CC: (none) => tim
I now have the need to connect to the desktop on my computer at work and am seeing the same "Invalid Display Size" error with 1.10. I ran across this bug while researching the problem and have found that dropping back down to tigervnc-1.9.0-3.mga7 fixes the problem. There is something wrong with this update.
CC: (none) => mramboResolution: FIXED => (none)Status: RESOLVED => REOPENED
This update has been pushed. There should be a bug for the new issue (I believe there already is one).
Resolution: (none) => FIXEDStatus: REOPENED => RESOLVED
Or maybe we a new bug for this. Dave got this to work it looks like by not specifying a screen size on the command line. If you file a bug, please say how you are running it.
Blocks: (none) => 26419