Debian has issued an advisory on November 28: https://www.debian.org/security/2020/dsa-4799 Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
In the absence of any consistent maintainer for x11vnc, must assign this globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated package fixes a security vulnerability: scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user. (CVE-2020-29074) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29074 https://www.debian.org/security/2020/dsa-4799 ======================== Updated package in core/updates_testing: ======================== x11vnc-0.9.16-1.1.mga7 from SRPM: x11vnc-0.9.16-1.1.mga7.src.rpm
Assignee: pkg-bugs => qa-bugsSource RPM: x11vnc-0.9.16-3.mga8.src.rpm => x11vnc-0.9.16-1.mga7.src.rpmWhiteboard: MGA7TOO => (none)Status: NEW => ASSIGNEDCC: (none) => nicolas.salgueroVersion: Cauldron => 7CVE: (none) => CVE-2020-29074
Installed and tested without issue. Tested with vncviewer, krdc and novnc_server clients. System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia-current proprietary driver. $ uname -a Linux marte 5.7.19-desktop-3.mga7 #1 SMP Sun Oct 18 15:46:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ rpm -q x11vnc x11vnc-0.9.16-1.1.mga7 $ x11vnc -display :0 <SNIP> The VNC desktop is: marte:0 PORT=5900 <SNIP> $ vncviewer localhost:0 <SNIP> CConn: Conectado ao host marte porta 5900 <SNIP>
CC: (none) => mageia
This update has been in use for almost a week without issues so I'm OKing this for x86_64 (see comment 3). Please unOK if you think its appropriate.
Whiteboard: (none) => MGA7-64-OK
Validating. Advisory pushed to SVN.
Keywords: (none) => advisory, validated_updateCC: (none) => ouaurelien, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0454.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED