Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 699036 (CVE-2019-15681)

Summary: <net-libs/libvncserver-0.9.12-r3: memory leak allows attacker to read stack memory (CVE-2019-15681)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: alexander, proxy-maint
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/13509
https://github.com/gentoo/gentoo/pull/14490
Whiteboard: B4 [noglsa cve]
Package list:
net-libs/libvncserver-0.9.12-r3
 Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2019-10-31 16:49:21 UTC 
CVE-2019-15681 (https://nvd.nist.gov/vuln/detail/CVE-2019-15681):
  LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a
  memory leak (CWE-655) in VNC server code, which allow an attacker to read
  stack memory and can be abused for information disclosure. Combined with
  another vulnerability, it can be used to leak stack memory and bypass ASLR.
  This attack appear to be exploitable via network connectivity. These
  vulnerabilities have been fixed in commit
  d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
Comment 1 Larry the Git Cow gentoo-dev 2019-11-01 14:11:28 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ae4ada68cdf7aa131d7a50c9305b55ba14fcd43

commit 5ae4ada68cdf7aa131d7a50c9305b55ba14fcd43
Author:     Alexander Tsoy <alexander@tsoy.me>
AuthorDate: 2019-10-31 18:41:58 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2019-11-01 14:10:59 +0000

    net-libs/libvncserver: Add a bunch of upstream fixes
    
    * fix CVE-2018-20750 (the fix for CVE-2018-15127 was incomplete)
    * fix CVE-2019-15681
    * fix libdir in pkgconfig files
    * fix regression in Tight/Raw decoding
    
    Bug: https://bugs.gentoo.org/699036
    Closes: https://bugs.gentoo.org/676942
    Closes: https://bugs.gentoo.org/691848
    Package-Manager: Portage-2.3.76, Repoman-2.3.16
    Signed-off-by: Alexander Tsoy <alexander@tsoy.me>
    Closes: https://github.com/gentoo/gentoo/pull/13509
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 .../files/libvncserver-0.9.12-CVE-2018-20750.patch | 47 ++++++++++++++
 .../files/libvncserver-0.9.12-CVE-2019-15681.patch | 26 ++++++++
 .../files/libvncserver-0.9.12-cmake-libdir.patch   | 32 ++++++++--
 ...ibvncserver-0.9.12-fix-tight-raw-decoding.patch | 40 ++++++++++++
 .../libvncserver-0.9.12-pkgconfig-libdir.patch     | 41 ++++++++++++
 .../libvncserver/libvncserver-0.9.12-r3.ebuild     | 73 ++++++++++++++++++++++
 6 files changed, 255 insertions(+), 4 deletions(-)
Comment 2 Alexander Tsoy 2019-11-11 00:51:29 UTC 
Lets stabilize =net-libs/libvncserver-0.9.12-r3
Can somebody help with modifying keywords and package list?
Comment 3 Rolf Eike Beer archtester 2019-11-19 19:59:20 UTC 
sparc stable
Comment 4 Agostino Sarubbo gentoo-dev 2019-11-20 11:16:50 UTC 
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2019-11-20 11:21:19 UTC 
ppc64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2019-11-20 11:30:02 UTC 
ppc stable
Comment 7 Agostino Sarubbo gentoo-dev 2019-11-20 11:36:32 UTC 
ia64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2019-11-20 13:23:57 UTC 
x86 stable
Comment 9 Aaron Bauman (RETIRED) gentoo-dev 2019-11-20 16:45:21 UTC 
arm64 stable
Comment 10 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-11-27 13:23:39 UTC 
arm stable
Comment 11 Sergei Trofimovich (RETIRED) gentoo-dev 2019-11-28 08:40:05 UTC 
commit 4eadcbe351d47b9e91bbcb525b0576f714ff360b
Author: Rolf Eike Beer <eike@sf-mail.de>
Date:   Thu Nov 21 17:20:53 2019 +0100

    net-libs/libvncserver: stable 0.9.12-r3 for hppa, bug #699036
Comment 12 Larry the Git Cow gentoo-dev 2020-01-28 20:55:37 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f025d1be661d04fc3c216735c5eea788abbe2c4e

commit f025d1be661d04fc3c216735c5eea788abbe2c4e
Author:     Alexander Tsoy <alexander@tsoy.me>
AuthorDate: 2020-01-28 19:36:47 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2020-01-28 20:55:14 +0000

    net-libs/libvncserver: Drop vulnerable version
    
    Bug: https://bugs.gentoo.org/699036
    Signed-off-by: Alexander Tsoy <alexander@tsoy.me>
    Closes: https://github.com/gentoo/gentoo/pull/14490
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 .../libvncserver/libvncserver-0.9.12-r2.ebuild     | 69 ----------------------
 1 file changed, 69 deletions(-)
Comment 13 Andreas Sturmlechner gentoo-dev 2020-01-28 20:57:57 UTC 
Cleanup done.
Comment 14 Yury German Gentoo Infrastructure gentoo-dev 2020-03-15 06:52:50 UTC 
Arches and Maintainer(s), Thank you for your work.