Debian-LTS has issued an advisory on June 30: https://www.debian.org/lts/security/2020/dla-2264 vino is affected due to bundled libvncserver code. Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Another bug for a parentless SRPM, so assigning it globally. > vino is affected due to bundled libvncserver code See also bug 26881, libvncserver. Should this one depend on that?
Assignee: bugsquad => pkg-bugs
Bundled, so no.
There is no "scale.c" in the embed libvncserver so CVE-2020-14401 does not seem to affect vino.
CC: (none) => nicolas.salgueroSummary: vino new security issues CVE-2020-14397 and CVE-2020-1440[0-4] => vino new security issues CVE-2020-14397 and CVE-2020-1440[0234]
Suggested advisory: ======================== The updated package fixes security vulnerabilities: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. (CVE-2020-14397) An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. (CVE-2020-14400) An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. (CVE-2020-14402) An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. (CVE-2020-14403) An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. (CVE-2020-14404) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14397 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14400 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14402 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14403 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14404 https://www.debian.org/lts/security/2020/dla-2264 ======================== Updated package in core/updates_testing: ======================== vino-3.22.0-3.2.mga7 from SRPM: vino-3.22.0-3.2.mga7.src.rpm
CVE: (none) => CVE-2020-14397, CVE-2020-14400, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404Source RPM: vino-3.22.0-6.mga8.src.rpm => vino-3.22.0-3.1.mga7.src.rpmVersion: Cauldron => 7Status: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugsWhiteboard: MGA7TOO => (none)
MGA7-64 Plasma on Lenovo B50 No installation issues Ref bug 25786 for info. As this laptop has also MATE installed, used dconf to set a password for vnc (same as the my user's password). Then launched vino by # /usr/libexec/vino-server and used vinagre to connect vnc protocol to localhost. This brings in a black screen (there is no gnome desktop on this laptop), but the disconnect button and menu is enabled, thus presuming something happened. In the CLI of the server I see: 07/07/2020 15:51:33 Autoprobing TCP port in (all) network interface 07/07/2020 15:51:33 Listening IPv6://[::]:5900 07/07/2020 15:51:33 Listening IPv4://0.0.0.0:5900 07/07/2020 15:51:33 Autoprobing selected port 5900 07/07/2020 15:51:33 Advertising security type: 'TLS' (18) 07/07/2020 15:51:33 Re-binding socket to listen for VNC connections on TCP port 5900 in (all) interface 07/07/2020 15:51:33 Listening IPv6://[::]:5900 07/07/2020 15:51:33 Listening IPv4://0.0.0.0:5900 07/07/2020 15:51:33 Clearing securityTypes 07/07/2020 15:51:33 Advertising security type: 'TLS' (18) 07/07/2020 15:51:33 Clearing securityTypes 07/07/2020 15:51:33 Advertising security type: 'TLS' (18) 07/07/2020 15:51:33 Advertising authentication type: 'No Authentication' (1) 07/07/2020 15:51:33 Re-binding socket to listen for VNC connections on TCP port 5900 in (all) interface 07/07/2020 15:51:33 Listening IPv6://[::]:5900 07/07/2020 15:51:33 Listening IPv4://0.0.0.0:5900 07/07/2020 15:54:58 [IPv6] Got connection from client localhost 07/07/2020 15:54:58 other clients: 07/07/2020 15:54:58 Client Protocol Version 3.7 07/07/2020 15:54:58 Advertising security type 18 07/07/2020 15:54:58 Client returned security type 18 07/07/2020 15:54:58 Advertising authentication type 1 07/07/2020 15:54:58 Client returned authentication type 1 So, the server seems to be happy, and so am I. And also: $ netstat -nl | grep 5900 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN tcp6 0 0 :::5900 :::* LISTEN So I'll OK it, unless someone else has a better idea.
CC: (none) => herman.viaene
Whiteboard: (none) => MGA7-64-OK
I'm happy if you're happy, Herman. Validating. Advisory in Comment 4.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => mageia
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0288.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED