Updated vino packages fix security vulnerability
Publication date: 10 Jun 2020Modification date: 06 Jun 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2014-6053 , CVE-2018-7225 , CVE-2019-15681
Description
Updated vino packages fix security vulnerabilities: The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer did not properly handle attempts to send a large amount of ClientCutText data, which allowed remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that was processed by using a single unchecked malloc (CVE-2014-6053). An issue was discovered in LibVNCServer. rfbProcessClientNormalMessage() in rfbserver.c did not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets (CVE-2018-7225). LibVNC contained a memory leak in VNC server code, which allowed an attacker to read stack memory and could be abused for information disclosure. Combined with another vulnerability, it could be used to leak stack memory and bypass ASLR. This attack appeared to be exploitable via network connectivity (CVE-2019-15681). The bundled libvncserver code in vino has been patched to fix these issues.
References
SRPMS
7/core
- vino-3.22.0-3.1.mga7