Advisories » MGASA-2019-0368

Updated libvncserver packages fix security vulnerability

Publication date: 06 Dec 2019
Modification date: 06 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-15681

Description

Updated libvncserver packages fix security vulnerability:

LibVNC contained a memory leak in VNC server code, which allowed an
attacker to read stack memory and could be abused for information
disclosure. Combined with another vulnerability, it could be used to
leak stack memory and bypass ASLR. This attack appeared to be
exploitable via network connectivity (CVE-2019-15681).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25788
• https://www.debian.org/lts/security/2019/dla-2014
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15681

SRPMS

7/core

• libvncserver-0.9.12-2.1.mga7