Bug 26587 - libvncserver new security issue CVE-2019-20788
Summary: libvncserver new security issue CVE-2019-20788
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-05-04 20:20 CEST by David Walser
Modified: 2020-05-08 12:59 CEST (History)
5 users (show)

See Also:
Source RPM: libvncserver-0.9.12-2.2.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2020-05-04 20:20:37 CEST
SUSE has issued an advisory today (May 4):
http://lists.suse.com/pipermail/sle-security-updates/2020-May/006771.html

It's not clear if we fixed this in Bug 25918.  If not, Mageia 7 is also affected.
Comment 1 David GEIGER 2020-05-05 07:08:13 CEST
Don't know why but security CVE-2019-20788 is same as CVE-2019-15690 already fixed:

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.
Comment 2 David Walser 2020-05-05 16:13:51 CEST
Looking at the SUSE bug, we are missing this commit:
https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365
Comment 3 David GEIGER 2020-05-05 17:19:11 CEST
Done for Cauldron and mga7!
Comment 4 David Walser 2020-05-05 19:03:20 CEST
Advisory:
========================

Updated libvncserver packages fix security vulnerability:

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape
integer overflow and heap-based buffer overflow via a large height or width
value (CVE-2019-20788).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20788
http://lists.suse.com/pipermail/sle-security-updates/2020-May/006771.html
========================

Updated packages in core/updates_testing:
========================
libvncserver1-0.9.12-2.3.mga7
libvncserver-devel-0.9.12-2.3.mga7

from libvncserver-0.9.12-2.3.mga7.src.rpm

Version: Cauldron => 7
Assignee: geiger.david68210 => qa-bugs
Source RPM: libvncserver-0.9.12-5.mga8.src.rpm => libvncserver-0.9.12-2.2.mga7.src.rpm
CC: (none) => geiger.david68210

Comment 5 PC LX 2020-05-06 12:49:41 CEST
Installed and tested without issues.

Tested using x11vnc, krfb and linuxvnc along with krdc client. No issues noticed.


System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver.


$ uname -a
Linux marte 5.6.8-desktop-1.mga7 #1 SMP Thu Apr 30 06:12:53 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q lib64vncserver1
lib64vncserver1-0.9.12-2.3.mga7
$ rpm -q krdc krfb x11vnc linuxvnc
krdc-19.04.0-1.mga7
krfb-19.04.0-1.mga7
x11vnc-0.9.16-1.mga7
linuxvnc-0.9.10-4.mga7
$ urpmq --whatrequires lib64vncserver1 | sort -u
krdc
krfb
lib64vncserver1
lib64vncserver-devel
linuxvnc
remmina-plugins-vnc
x11vnc

CC: (none) => mageia
Whiteboard: (none) => MGA7-64-OK

Comment 6 Thomas Andrews 2020-05-06 13:55:46 CEST
Validating. Advisory in Comment 4.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Thomas Backlund 2020-05-08 12:05:41 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 7 Mageia Robot 2020-05-08 12:59:19 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0207.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.