Advisories ยป MGASA-2020-0242

Updated vino packages fix security vulnerability

Publication date: 10 Jun 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2014-6053 , CVE-2018-7225 , CVE-2019-15681


Updated vino packages fix security vulnerabilities:

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in
LibVNCServer did not properly handle attempts to send a large amount of
ClientCutText data, which allowed remote attackers to cause a denial of
service (memory consumption or daemon crash) via a crafted message that
was processed by using a single unchecked malloc (CVE-2014-6053).

An issue was discovered in LibVNCServer. rfbProcessClientNormalMessage()
in rfbserver.c did not sanitize msg.cct.length, leading to access to
uninitialized and potentially sensitive data or possibly unspecified other
impact (e.g., an integer overflow) via specially crafted VNC packets

LibVNC contained a memory leak in VNC server code, which allowed an
attacker to read stack memory and could be abused for information
disclosure. Combined with another vulnerability, it could be used to
leak stack memory and bypass ASLR. This attack appeared to be exploitable
via network connectivity (CVE-2019-15681).

The bundled libvncserver code in vino has been patched to fix these issues.