Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 701836

Summary: <net-misc/vino-3.22.0-r2: multiple vulnerabilities (CVE-{2014-6053,2018-7225,2019-15681})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: gnome
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
net-misc/vino-3.22.0-r2
 Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2019-12-02 23:16:53 UTC 
CVE-2014-6053 (https://nvd.nist.gov/vuln/detail/CVE-2014-6053):
  The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in
  LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a
  large amount of ClientCutText data, which allows remote attackers to cause a
  denial of service (memory consumption or daemon crash) via a crafted message
  that is processed by using a single unchecked malloc.

CVE-2018-7225 (https://nvd.nist.gov/vuln/detail/CVE-2018-7225):
  An issue was discovered in LibVNCServer through 0.9.11.
  rfbProcessClientNormalMessage() in rfbserver.c does not sanitize
  msg.cct.length, leading to access to uninitialized and potentially sensitive
  data or possibly unspecified other impact (e.g., an integer overflow) via
  specially crafted VNC packets.

CVE-2019-15681 (https://nvd.nist.gov/vuln/detail/CVE-2019-15681):
  LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a
  memory leak (CWE-655) in VNC server code, which allow an attacker to read
  stack memory and can be abused for information disclosure. Combined with
  another vulnerability, it can be used to leak stack memory and bypass ASLR.
  This attack appear to be exploitable via network connectivity. These
  vulnerabilities have been fixed in commit
  d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
Comment 1 Larry the Git Cow gentoo-dev 2020-02-16 17:28:48 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56b1a55f56872459376e4f24cdf272477844123c

commit 56b1a55f56872459376e4f24cdf272477844123c
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2020-02-16 13:03:12 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2020-02-16 17:27:50 +0000

    net-misc/vino: apply 3 security fixes and misc upstream fixes
    
    Adds patchset for a plethora of translation updates and a couple
    bug fixes pending in master without any releases for years.
    The security fixes are not found in upstream and are ported
    separately from libvncserver commits.
    
    Bug: https://bugs.gentoo.org/701836
    Package-Manager: Portage-2.3.84, Repoman-2.3.20
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>

 net-misc/vino/Manifest                   |  1 +
 net-misc/vino/files/CVE-2014-6053.patch  | 31 +++++++++++++
 net-misc/vino/files/CVE-2018-7225.patch  | 64 +++++++++++++++++++++++++++
 net-misc/vino/files/CVE-2019-15681.patch | 26 +++++++++++
 net-misc/vino/vino-3.22.0-r2.ebuild      | 76 ++++++++++++++++++++++++++++++++
 5 files changed, 198 insertions(+)
Comment 2 Agostino Sarubbo gentoo-dev 2020-02-24 07:41:21 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-02-24 14:19:33 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 4 Larry the Git Cow gentoo-dev 2020-03-25 20:09:05 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64d67ef07641c70502381b802b0982f7acfd1abb

commit 64d67ef07641c70502381b802b0982f7acfd1abb
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-03-25 20:08:49 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-03-25 20:08:49 +0000

    net-misc/vino: security cleanup (bug #701836)
    
    Bug: https://bugs.gentoo.org/701836
    Package-Manager: Portage-2.3.94, Repoman-2.3.21
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 .../vino-return-error-if-X11-is-no-detected.patch  | 41 ------------
 .../vino/files/vino-segfaults-on-wayland.patch     | 30 ---------
 net-misc/vino/vino-3.22.0-r1.ebuild                | 72 ----------------------
 net-misc/vino/vino-3.22.0.ebuild                   | 66 --------------------
 4 files changed, 209 deletions(-)
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-25 20:09:38 UTC 
GLSA Vote: No

Repository is clean, all done!