Fix: https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed
Thanks for filing a security bug! Please put them into the Security component when you report, so it's easier for us to put it through the process.
Note on Vulnerability: Also, I accidently found another heap buffer overflow in LibVNC (CVE-2019-15690), when I was playing with CodeQL queries. It was missed during previous analysis by me. It later turned out that my fuzzer didn't find it either, because it required at least 256MB to be sent over the network to trigger it
It may be worth chucking this in too: https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec Thanks for the quick PR, maintainer!
(In reply to sam_c (Security Padawan) from comment #3) > It may be worth chucking this in too: > https://github.com/LibVNC/libvncserver/commit/ > 09e8fc02f59f16e2583b34fe1a270c238bd9ffec This was already fixed in 0.9.12-r4
(In reply to Alexander Tsoy from comment #4) > (In reply to sam_c (Security Padawan) from comment #3) > > It may be worth chucking this in too: > > https://github.com/LibVNC/libvncserver/commit/ > > 09e8fc02f59f16e2583b34fe1a270c238bd9ffec > This was already fixed in 0.9.12-r4 Oh, I couldn't see the CVE in the list so I assumed. Apologies. Again, thanks for the quick response.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=369a02be4da385aca62393c390229d3311e6bb78 commit 369a02be4da385aca62393c390229d3311e6bb78 Author: Alexander Tsoy <alexander@tsoy.me> AuthorDate: 2020-03-23 15:40:08 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-03-26 07:22:02 +0000 net-libs/libvncserver: Fix CVE-2019-15690 Bug: https://bugs.gentoo.org/714054 Signed-off-by: Alexander Tsoy <alexander@tsoy.me> Closes: https://github.com/gentoo/gentoo/pull/15070 Signed-off-by: Joonas Niilola <juippis@gentoo.org> .../files/libvncserver-0.9.12-CVE-2019-15690.patch | 39 +++++++++++ .../libvncserver/libvncserver-0.9.12-r5.ebuild | 75 ++++++++++++++++++++++ 2 files changed, 114 insertions(+)
@maintainer(s), please advise if ready for stabilisation or call yourself.
Note that net-misc/vino and maybe gnome-remote-desktop may ship a copy of libvncserver
arm64 stable
ppc/ppc64 stable
ia64 stable
amd64 stable
arm stable
x86 stable
hppa stable
@maintainer(s), please cleanup.
I'm sorry, I forgot SPARC.
sparc stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f77b04d989a9f245d6246087184b0a7e6f840fa commit 5f77b04d989a9f245d6246087184b0a7e6f840fa Author: Alexander Tsoy <alexander@tsoy.me> AuthorDate: 2020-04-03 16:28:18 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-04-03 16:34:43 +0000 net-libs/libvncserver: Security cleanup Bug: https://bugs.gentoo.org/714054 Signed-off-by: Alexander Tsoy <alexander@tsoy.me> Closes: https://github.com/gentoo/gentoo/pull/15216 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> .../libvncserver/libvncserver-0.9.12-r4.ebuild | 74 ---------------------- 1 file changed, 74 deletions(-)
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.