Summary: | <net-libs/libvncserver-0.9.12: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alexander, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/LibVNC/libvncserver/issues/218 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
D'juan McDonald (domhnall)
2018-06-29 04:04:22 UTC
An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC packet. Reference: https://github.com/LibVNC/vncterm/issues/6 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4fbd9dd57d76b333b4c75791b1590f5ee09119f1 commit 4fbd9dd57d76b333b4c75791b1590f5ee09119f1 Author: Sven Wegener <swegener@gentoo.org> AuthorDate: 2019-01-15 21:40:20 +0000 Commit: Sven Wegener <swegener@gentoo.org> CommitDate: 2019-01-17 21:21:30 +0000 net-libs/libvncserver: Version bump, security bug #659560 and #673508 Bug: https://bugs.gentoo.org/659560 Bug: https://bugs.gentoo.org/673508 Closes: https://bugs.gentoo.org/435326 Closes: https://bugs.gentoo.org/675046 Signed-off-by: Sven Wegener <swegener@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 net-libs/libvncserver/Manifest | 1 + .../files/libvncserver-0.9.12-cmake-libdir.patch | 22 +++++++ net-libs/libvncserver/libvncserver-0.9.12.ebuild | 72 ++++++++++++++++++++++ 3 files changed, 95 insertions(+) Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself. Cleanup done in 61a66db5451e859c3cc01853ba5a5737c2157147 This issue was resolved and addressed in GLSA 201908-05 at https://security.gentoo.org/glsa/201908-05 by GLSA coordinator Aaron Bauman (b-man). |