Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 714054 (CVE-2019-15690) - <net-libs/libvncserver-0.9.12-r5: heap buffer overflow in HandleCursorShape() (CVE-2019-15690)
Summary: <net-libs/libvncserver-0.9.12-r5: heap buffer overflow in HandleCursorShape()...
Status: RESOLVED FIXED
Alias: CVE-2019-15690
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://www.openwall.com/lists/oss-se...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-23 09:34 UTC by Alexander Tsoy
Modified: 2020-05-03 23:45 UTC (History)
2 users (show)

See Also:
Package list:
net-libs/libvncserver-0.9.12-r5
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-23 11:52:27 UTC 
Thanks for filing a security bug!

Please put them into the Security component when you report, so it's easier for us to put it through the process.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2020-03-23 15:08:37 UTC 
Note on Vulnerability:
Also, I accidently found another heap buffer overflow in LibVNC (CVE-2019-15690), when I was playing with CodeQL queries. It was missed during previous analysis by me. It later turned out that my fuzzer didn't find it either, because it required at least 256MB to be sent over the network to trigger it
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-23 15:57:31 UTC 
It may be worth chucking this in too:
https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec

Thanks for the quick PR, maintainer!
Comment 4 Alexander Tsoy 2020-03-23 16:07:59 UTC 
(In reply to sam_c (Security Padawan) from comment #3)
> It may be worth chucking this in too:
> https://github.com/LibVNC/libvncserver/commit/
> 09e8fc02f59f16e2583b34fe1a270c238bd9ffec
This was already fixed in 0.9.12-r4
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-23 16:11:21 UTC 
(In reply to Alexander Tsoy from comment #4)
> (In reply to sam_c (Security Padawan) from comment #3)
> > It may be worth chucking this in too:
> > https://github.com/LibVNC/libvncserver/commit/
> > 09e8fc02f59f16e2583b34fe1a270c238bd9ffec
> This was already fixed in 0.9.12-r4

Oh, I couldn't see the CVE in the list so I assumed. Apologies. Again, thanks for the quick response.
Comment 6 Larry the Git Cow gentoo-dev 2020-03-26 07:22:18 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=369a02be4da385aca62393c390229d3311e6bb78

commit 369a02be4da385aca62393c390229d3311e6bb78
Author:     Alexander Tsoy <alexander@tsoy.me>
AuthorDate: 2020-03-23 15:40:08 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2020-03-26 07:22:02 +0000

    net-libs/libvncserver: Fix CVE-2019-15690
    
    Bug: https://bugs.gentoo.org/714054
    Signed-off-by: Alexander Tsoy <alexander@tsoy.me>
    Closes: https://github.com/gentoo/gentoo/pull/15070
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 .../files/libvncserver-0.9.12-CVE-2019-15690.patch | 39 +++++++++++
 .../libvncserver/libvncserver-0.9.12-r5.ebuild     | 75 ++++++++++++++++++++++
 2 files changed, 114 insertions(+)
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-26 21:30:29 UTC 
@maintainer(s), please advise if ready for stabilisation or call yourself.
Comment 8 Mart Raudsepp gentoo-dev 2020-03-28 18:52:14 UTC 
Note that net-misc/vino and maybe gnome-remote-desktop may ship a copy of libvncserver
Comment 9 Mart Raudsepp gentoo-dev 2020-03-28 22:48:20 UTC 
arm64 stable
Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev 2020-03-29 09:46:27 UTC 
ppc/ppc64 stable
Comment 11 Sergei Trofimovich (RETIRED) gentoo-dev 2020-03-29 17:25:19 UTC 
ia64 stable
Comment 12 Agostino Sarubbo gentoo-dev 2020-03-30 13:15:02 UTC 
amd64 stable
Comment 13 Agostino Sarubbo gentoo-dev 2020-03-30 13:36:47 UTC 
arm stable
Comment 14 Agostino Sarubbo gentoo-dev 2020-03-30 13:42:21 UTC 
x86 stable
Comment 15 Rolf Eike Beer archtester 2020-04-01 17:10:17 UTC 
hppa stable
Comment 16 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-01 17:15:09 UTC 
@maintainer(s), please cleanup.
Comment 17 Alexander Tsoy 2020-04-01 17:33:25 UTC 
I'm sorry, I forgot SPARC.
Comment 18 Agostino Sarubbo gentoo-dev 2020-04-03 12:17:05 UTC 
sparc stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 19 Larry the Git Cow gentoo-dev 2020-04-03 16:55:44 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f77b04d989a9f245d6246087184b0a7e6f840fa

commit 5f77b04d989a9f245d6246087184b0a7e6f840fa
Author:     Alexander Tsoy <alexander@tsoy.me>
AuthorDate: 2020-04-03 16:28:18 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2020-04-03 16:34:43 +0000

    net-libs/libvncserver: Security cleanup
    
    Bug: https://bugs.gentoo.org/714054
    Signed-off-by: Alexander Tsoy <alexander@tsoy.me>
    Closes: https://github.com/gentoo/gentoo/pull/15216
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 .../libvncserver/libvncserver-0.9.12-r4.ebuild     | 74 ----------------------
 1 file changed, 74 deletions(-)
Comment 20 NATTkA bot gentoo-dev 2020-04-06 11:21:00 UTC 
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.