SUSE has issued an advisory today (May 4): http://lists.suse.com/pipermail/sle-security-updates/2020-May/006771.html It's not clear if we fixed this in Bug 25918. If not, Mageia 7 is also affected.
Don't know why but security CVE-2019-20788 is same as CVE-2019-15690 already fixed: libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.
Looking at the SUSE bug, we are missing this commit: https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365
Done for Cauldron and mga7!
Advisory: ======================== Updated libvncserver packages fix security vulnerability: libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value (CVE-2019-20788). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20788 http://lists.suse.com/pipermail/sle-security-updates/2020-May/006771.html ======================== Updated packages in core/updates_testing: ======================== libvncserver1-0.9.12-2.3.mga7 libvncserver-devel-0.9.12-2.3.mga7 from libvncserver-0.9.12-2.3.mga7.src.rpm
Version: Cauldron => 7Assignee: geiger.david68210 => qa-bugsSource RPM: libvncserver-0.9.12-5.mga8.src.rpm => libvncserver-0.9.12-2.2.mga7.src.rpmCC: (none) => geiger.david68210
Installed and tested without issues. Tested using x11vnc, krfb and linuxvnc along with krdc client. No issues noticed. System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver. $ uname -a Linux marte 5.6.8-desktop-1.mga7 #1 SMP Thu Apr 30 06:12:53 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ rpm -q lib64vncserver1 lib64vncserver1-0.9.12-2.3.mga7 $ rpm -q krdc krfb x11vnc linuxvnc krdc-19.04.0-1.mga7 krfb-19.04.0-1.mga7 x11vnc-0.9.16-1.mga7 linuxvnc-0.9.10-4.mga7 $ urpmq --whatrequires lib64vncserver1 | sort -u krdc krfb lib64vncserver1 lib64vncserver-devel linuxvnc remmina-plugins-vnc x11vnc
CC: (none) => mageiaWhiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 4.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0207.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED