Updated libvncserver & x11vnc packages fix security vulnerabilities
Publication date: 15 Jan 2019Modification date: 15 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-6307 , CVE-2018-15126 , CVE-2018-15127 , CVE-2018-20019 , CVE-2018-20020 , CVE-2018-20021 , CVE-2018-20022 , CVE-2018-20023 , CVE-2018-20024
Description
A heap use-after-free vulnerability in the server code of the file
transfer extension, which can result in remote code execution. This
attack appears to be exploitable via network connectivity
(CVE-2018-6307).
A heap use-after-free vulnerability in the server code of the file
transfer extension, which can result in remote code execution. This
attack appears to be exploitable via network connectivity
(CVE-2018-15126).
A heap out-of-bound write vulnerability in the server code of the file
transfer extension, which can result in remote code execution. This
attack appears to be exploitable via network connectivity
(CVE-2018-15127).
Multiple heap out-of-bound write vulnerabilities in VNC client code,
which can result in remote code execution (CVE-2018-20019).
Heap out-of-bound write vulnerability in a structure in VNC client code,
which can result in remote code execution (CVE-2018-20020).
Infinite Loop vulnerability in VNC client code. The vulnerability could
allow an attacker to consume an excessive amount of resources, such as
CPU and RAM (CVE-2018-20021).
Improper Initialization weaknesses in VNC client code, which could allow
an attacker to read stack memory and can be abused for information
disclosure. Combined with another vulnerability, it can be used to leak
stack memory layout and bypass ASLR (CVE-2018-20022).
Improper Initialization vulnerability in VNC Repeater client code, which
could allow an attacker to read stack memory and can be abused for
information disclosure. Combined with another vulnerability, it can be
used to leak stack memory layout and bypass ASLR (CVE-2018-20023).
A null pointer dereference in VNC client code, which can result in DoS
(CVE-2018-20024).
References
- https://bugs.mageia.org/show_bug.cgi?id=24177
- https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.12
- https://github.com/LibVNC/x11vnc/releases/tag/0.9.15
- https://github.com/LibVNC/x11vnc/releases/tag/0.9.16
- https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html
- https://lists.opensuse.org/opensuse-updates/2019-01/msg00027.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024
SRPMS
6/core
- libvncserver-0.9.12-1.mga6
- x11vnc-0.9.16-1.mga6