CVE-2014-6053 (https://nvd.nist.gov/vuln/detail/CVE-2014-6053): The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. CVE-2018-7225 (https://nvd.nist.gov/vuln/detail/CVE-2018-7225): An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. CVE-2019-15681 (https://nvd.nist.gov/vuln/detail/CVE-2019-15681): LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56b1a55f56872459376e4f24cdf272477844123c commit 56b1a55f56872459376e4f24cdf272477844123c Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2020-02-16 13:03:12 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2020-02-16 17:27:50 +0000 net-misc/vino: apply 3 security fixes and misc upstream fixes Adds patchset for a plethora of translation updates and a couple bug fixes pending in master without any releases for years. The security fixes are not found in upstream and are ported separately from libvncserver commits. Bug: https://bugs.gentoo.org/701836 Package-Manager: Portage-2.3.84, Repoman-2.3.20 Signed-off-by: Mart Raudsepp <leio@gentoo.org> net-misc/vino/Manifest | 1 + net-misc/vino/files/CVE-2014-6053.patch | 31 +++++++++++++ net-misc/vino/files/CVE-2018-7225.patch | 64 +++++++++++++++++++++++++++ net-misc/vino/files/CVE-2019-15681.patch | 26 +++++++++++ net-misc/vino/vino-3.22.0-r2.ebuild | 76 ++++++++++++++++++++++++++++++++ 5 files changed, 198 insertions(+)
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64d67ef07641c70502381b802b0982f7acfd1abb commit 64d67ef07641c70502381b802b0982f7acfd1abb Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-25 20:08:49 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-25 20:08:49 +0000 net-misc/vino: security cleanup (bug #701836) Bug: https://bugs.gentoo.org/701836 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> .../vino-return-error-if-X11-is-no-detected.patch | 41 ------------ .../vino/files/vino-segfaults-on-wayland.patch | 30 --------- net-misc/vino/vino-3.22.0-r1.ebuild | 72 ---------------------- net-misc/vino/vino-3.22.0.ebuild | 66 -------------------- 4 files changed, 209 deletions(-)
GLSA Vote: No Repository is clean, all done!