CVE-2020-14405 (https://nvd.nist.gov/vuln/detail/CVE-2020-14405): An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. CVE-2020-14404 (https://nvd.nist.gov/vuln/detail/CVE-2020-14404): An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. CVE-2020-14403 (https://nvd.nist.gov/vuln/detail/CVE-2020-14403): An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. CVE-2020-14402 (https://nvd.nist.gov/vuln/detail/CVE-2020-14402): An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. CVE-2020-14401 (https://nvd.nist.gov/vuln/detail/CVE-2020-14401): An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. CVE-2020-14400 (https://nvd.nist.gov/vuln/detail/CVE-2020-14400): An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. CVE-2020-14399 (https://nvd.nist.gov/vuln/detail/CVE-2020-14399): An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. CVE-2020-14398 (https://nvd.nist.gov/vuln/detail/CVE-2020-14398): An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. CVE-2020-14397 (https://nvd.nist.gov/vuln/detail/CVE-2020-14397): An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. CVE-2020-14396 (https://nvd.nist.gov/vuln/detail/CVE-2020-14396): An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. ---- Thanks to ajak for his (considerable) work in researching these and collecting the research to report to MITRE for the CVEs.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0220c0523306b9f439f4a2a2dd27d81b1a55ebcb commit 0220c0523306b9f439f4a2a2dd27d81b1a55ebcb Author: Alexander Tsoy <alexander@tsoy.me> AuthorDate: 2020-06-14 22:19:48 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-06-20 20:30:49 +0000 net-libs/libvncserver: Version bump to 0.9.13 Closes: https://bugs.gentoo.org/715964 Closes: https://bugs.gentoo.org/715968 Bug: https://bugs.gentoo.org/728594 Signed-off-by: Alexander Tsoy <alexander@tsoy.me> Closes: https://github.com/gentoo/gentoo/pull/16245 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-libs/libvncserver/Manifest | 1 + net-libs/libvncserver/libvncserver-0.9.13.ebuild | 71 ++++++++++++++++++++++++ net-libs/libvncserver/metadata.xml | 3 +- 3 files changed, 74 insertions(+), 1 deletion(-)
@maintainer, please let us know if there's a reason to not stable this, or we'll proceed
Feel free to CC arches.
hppa/sparc stable
Looking good on ppc64. # cat libvncserver-728594.report USE tests started on Di 23. Jun 20:52:48 CEST 2020 FEATURES=' test' USE='' succeeded for =net-libs/libvncserver-0.9.13 USE='24bpp -filetransfer -gcrypt -gnutls ipv6 -jpeg -libressl lzo -png -sasl ssl -systemd threads -zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp filetransfer gcrypt gnutls -ipv6 -jpeg -libressl lzo -png -sasl ssl systemd threads -zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp -filetransfer gcrypt -gnutls -ipv6 -jpeg -libressl lzo png -sasl -ssl systemd -threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='24bpp -filetransfer -gcrypt gnutls -ipv6 jpeg -libressl lzo png sasl -ssl systemd -threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='24bpp -filetransfer -gcrypt gnutls -ipv6 -jpeg -libressl lzo png sasl -ssl systemd -threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp -filetransfer gcrypt -gnutls ipv6 jpeg -libressl -lzo -png -sasl -ssl -systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='24bpp filetransfer -gcrypt gnutls -ipv6 jpeg -libressl -lzo -png -sasl ssl -systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='24bpp filetransfer gcrypt -gnutls ipv6 jpeg -libressl lzo -png sasl ssl -systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp filetransfer gcrypt gnutls ipv6 jpeg -libressl lzo png -sasl -ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp -filetransfer -gcrypt -gnutls ipv6 -jpeg -libressl -lzo png -sasl ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='24bpp -filetransfer gcrypt gnutls ipv6 jpeg -libressl -lzo png -sasl ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp -filetransfer -gcrypt -gnutls -ipv6 jpeg -libressl lzo png sasl ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 revdep tests started on Di 23. Jun 21:03:38 CEST 2020 FEATURES=' test' USE='' succeeded for x11-misc/x11vnc FEATURES=' test' USE='vnc' succeeded for media-video/vlc FEATURES=' test' USE='vnc' succeeded for dev-games/openscenegraph
Looking good on ppc. # cat libvncserver-728594.report USE tests started on Di 23. Jun 23:13:23 CEST 2020 FEATURES=' test' USE='' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp -filetransfer -gcrypt -gnutls -ipv6 -jpeg -libressl -lzo -png sasl ssl systemd threads -zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp -filetransfer -gcrypt gnutls ipv6 -jpeg -libressl -lzo -png -sasl -ssl -systemd -threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='24bpp -filetransfer gcrypt gnutls -ipv6 jpeg -libressl lzo png -sasl ssl -systemd -threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp -filetransfer -gcrypt gnutls ipv6 jpeg -libressl -lzo -png -sasl ssl systemd -threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp filetransfer gcrypt -gnutls -ipv6 jpeg -libressl lzo -png -sasl -ssl -systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp filetransfer gcrypt -gnutls -ipv6 jpeg -libressl lzo -png -sasl ssl -systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp filetransfer -gcrypt -gnutls ipv6 jpeg -libressl lzo -png -sasl ssl -systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp -filetransfer -gcrypt -gnutls ipv6 jpeg -libressl -lzo -png -sasl -ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp filetransfer gcrypt gnutls -ipv6 jpeg -libressl -lzo png -sasl -ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='-24bpp filetransfer -gcrypt -gnutls -ipv6 -jpeg -libressl -lzo -png sasl -ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='24bpp filetransfer gcrypt -gnutls -ipv6 -jpeg -libressl lzo -png sasl -ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 USE='24bpp -filetransfer gcrypt gnutls -ipv6 -jpeg -libressl lzo png -sasl ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13 revdep tests started on Di 23. Jun 23:30:17 CEST 2020 FEATURES=' test' USE='vnc' succeeded for dev-games/openscenegraph FEATURES=' test' USE='' succeeded for x11-misc/x11vnc FEATURES=' test' USE='vnc' succeeded for media-video/vlc
arm64 stable
ppc64 stable
ppc stable
amd64 stable
arm stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3cc06e5fd4889a3fd2d77d6a411efe0f82f37777 commit 3cc06e5fd4889a3fd2d77d6a411efe0f82f37777 Author: Alexander Tsoy <alexander@tsoy.me> AuthorDate: 2020-06-29 07:52:36 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-06-29 17:29:20 +0000 net-libs/libvncserver: Security cleanup Bug: https://bugs.gentoo.org/728594 Signed-off-by: Alexander Tsoy <alexander@tsoy.me> Closes: https://github.com/gentoo/gentoo/pull/16483 Signed-off-by: Aaron Bauman <bman@gentoo.org> net-libs/libvncserver/Manifest | 1 - .../files/libvncserver-0.9.12-CVE-2018-20750.patch | 47 -------------- .../files/libvncserver-0.9.12-CVE-2019-15681.patch | 26 -------- .../files/libvncserver-0.9.12-CVE-2019-15690.patch | 39 ----------- .../files/libvncserver-0.9.12-cmake-libdir.patch | 46 ------------- .../libvncserver-0.9.12-fix-shutdown-crash.patch | 63 ------------------ ...ibvncserver-0.9.12-fix-tight-raw-decoding.patch | 40 ------------ .../files/libvncserver-0.9.12-libgcrypt.patch | 40 ------------ .../libvncserver-0.9.12-pkgconfig-libdir.patch | 41 ------------ .../libvncserver-0.9.12-sparc-unaligned.patch | 40 ------------ .../libvncserver/libvncserver-0.9.12-r5.ebuild | 75 ---------------------- 11 files changed, 458 deletions(-)
