Advisories ยป MGASA-2020-0280

Updated libvncserver packages fix security vulnerability

Publication date: 05 Jul 2020
Modification date: 05 Jul 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-20839 , CVE-2020-14397 , CVE-2020-14398 , CVE-2020-14399 , CVE-2020-14400 , CVE-2020-14401 , CVE-2020-14402 , CVE-2020-14403 , CVE-2020-14404 , CVE-2020-14405

Description

Updated libvncserver packages fix security vulnerabilities:

libvncclient/sockets.c in LibVNCServer had a buffer overflow via a long
socket filename (CVE-2019-20839).

libvncserver/rfbregion.c had a NULL pointer dereference (CVE-2020-14397).

Byte-aligned data was accessed through uint32_t pointers in
libvncclient/rfbproto.c (CVE-2020-14399).

Byte-aligned data was accessed through uint16_t pointers in
libvncserver/translate.c (CVE-2020-14400).

libvncserver/scale.c had a pixel_value integer overflow (CVE-2020-14401).

libvncserver/corre.c allowed out-of-bounds access via encodings
(CVE-2020-14402).

libvncserver/hextile.c allowed out-of-bounds access via encodings
(CVE-2020-14403).

libvncserver/rre.c allowed out-of-bounds access via encodings
(CVE-2020-14404).

libvncclient/rfbproto.c does not limit TextChat size (CVE-2020-14405).

The libvncserver package has been updated to version 0.9.13, fixing these
issues and several others.  See the release announcement for details.

References

SRPMS

7/core