Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 659560 (CVE-2018-7225, CVE-2018-7226)

Summary: <net-libs/libvncserver-0.9.12: multiple vulnerabilities
Product: Gentoo Security Reporter: D'juan McDonald (domhnall) <flopwiki>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: alexander, proxy-maint
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa+ cve]
Package list:
Runtime testing required: ---

Description D'juan McDonald (domhnall) 2018-06-29 04:04:22 UTC
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.


Gentoo Security Padawan
Comment 1 D'juan McDonald (domhnall) 2018-06-29 04:34:55 UTC
An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC packet.

Comment 2 Larry the Git Cow gentoo-dev 2019-01-17 21:21:46 UTC
The bug has been referenced in the following commit(s):

commit 4fbd9dd57d76b333b4c75791b1590f5ee09119f1
Author:     Sven Wegener <>
AuthorDate: 2019-01-15 21:40:20 +0000
Commit:     Sven Wegener <>
CommitDate: 2019-01-17 21:21:30 +0000

    net-libs/libvncserver: Version bump, security bug #659560 and #673508
    Signed-off-by: Sven Wegener <>
    Package-Manager: Portage-2.3.51, Repoman-2.3.11

 net-libs/libvncserver/Manifest                     |  1 +
 .../files/libvncserver-0.9.12-cmake-libdir.patch   | 22 +++++++
 net-libs/libvncserver/libvncserver-0.9.12.ebuild   | 72 ++++++++++++++++++++++
 3 files changed, 95 insertions(+)
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2019-04-27 19:09:03 UTC
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.
Comment 4 Alexander Tsoy 2019-07-28 22:02:05 UTC
Cleanup done in 61a66db5451e859c3cc01853ba5a5737c2157147
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2019-08-09 20:46:01 UTC
This issue was resolved and addressed in
 GLSA 201908-05 at
by GLSA coordinator Aaron Bauman (b-man).