Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 728594 (CVE-2020-14396, CVE-2020-14397, CVE-2020-14398, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404, CVE-2020-14405) - <net-libs/libvncserver-0.9.13: Multiple vulnerabilities (CVE-2020-{14396,14397,14398,14399,14400,14401,14402,14403,14404,14405})
Summary: <net-libs/libvncserver-0.9.13: Multiple vulnerabilities (CVE-2020-{14396,1439...
Status: RESOLVED FIXED
Alias: CVE-2020-14396, CVE-2020-14397, CVE-2020-14398, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404, CVE-2020-14405
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/LibVNC/libvncserve...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-06-17 22:27 UTC by GLSAMaker/CVETool Bot
Modified: 2020-06-29 17:30 UTC (History)
3 users (show)

See Also:
Package list:
=net-libs/libvncserver-0.9.13
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-06-17 22:27:21 UTC
CVE-2020-14405 (https://nvd.nist.gov/vuln/detail/CVE-2020-14405):
  An issue was discovered in LibVNCServer before 0.9.13.
  libvncclient/rfbproto.c does not limit TextChat size.

CVE-2020-14404 (https://nvd.nist.gov/vuln/detail/CVE-2020-14404):
  An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c
  allows out-of-bounds access via encodings.

CVE-2020-14403 (https://nvd.nist.gov/vuln/detail/CVE-2020-14403):
  An issue was discovered in LibVNCServer before 0.9.13.
  libvncserver/hextile.c allows out-of-bounds access via encodings.

CVE-2020-14402 (https://nvd.nist.gov/vuln/detail/CVE-2020-14402):
  An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c
  allows out-of-bounds access via encodings.

CVE-2020-14401 (https://nvd.nist.gov/vuln/detail/CVE-2020-14401):
  An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c
  has a pixel_value integer overflow.

CVE-2020-14400 (https://nvd.nist.gov/vuln/detail/CVE-2020-14400):
  An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is
  accessed through uint16_t pointers in libvncserver/translate.c.

CVE-2020-14399 (https://nvd.nist.gov/vuln/detail/CVE-2020-14399):
  An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is
  accessed through uint32_t pointers in libvncclient/rfbproto.c.

CVE-2020-14398 (https://nvd.nist.gov/vuln/detail/CVE-2020-14398):
  An issue was discovered in LibVNCServer before 0.9.13. An improperly closed
  TCP connection causes an infinite loop in libvncclient/sockets.c.

CVE-2020-14397 (https://nvd.nist.gov/vuln/detail/CVE-2020-14397):
  An issue was discovered in LibVNCServer before 0.9.13.
  libvncserver/rfbregion.c has a NULL pointer dereference.

CVE-2020-14396 (https://nvd.nist.gov/vuln/detail/CVE-2020-14396):
  An issue was discovered in LibVNCServer before 0.9.13.
  libvncclient/tls_openssl.c has a NULL pointer dereference.


----
Thanks to ajak for his (considerable) work in researching these and collecting the research to report to MITRE for the CVEs.
Comment 1 Larry the Git Cow gentoo-dev 2020-06-20 20:31:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0220c0523306b9f439f4a2a2dd27d81b1a55ebcb

commit 0220c0523306b9f439f4a2a2dd27d81b1a55ebcb
Author:     Alexander Tsoy <alexander@tsoy.me>
AuthorDate: 2020-06-14 22:19:48 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-06-20 20:30:49 +0000

    net-libs/libvncserver: Version bump to 0.9.13
    
    Closes: https://bugs.gentoo.org/715964
    Closes: https://bugs.gentoo.org/715968
    Bug: https://bugs.gentoo.org/728594
    Signed-off-by: Alexander Tsoy <alexander@tsoy.me>
    Closes: https://github.com/gentoo/gentoo/pull/16245
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-libs/libvncserver/Manifest                   |  1 +
 net-libs/libvncserver/libvncserver-0.9.13.ebuild | 71 ++++++++++++++++++++++++
 net-libs/libvncserver/metadata.xml               |  3 +-
 3 files changed, 74 insertions(+), 1 deletion(-)
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-20 21:24:43 UTC
@maintainer, please let us know if there's a reason to not stable this, or we'll proceed
Comment 3 Alexander Tsoy 2020-06-21 17:04:35 UTC
Feel free to CC arches.
Comment 4 Rolf Eike Beer archtester 2020-06-22 18:35:50 UTC
hppa/sparc stable
Comment 5 ernsteiswuerfel archtester 2020-06-23 20:08:44 UTC
Looking good on ppc64.
 # cat libvncserver-728594.report 
USE tests started on Di 23. Jun 20:52:48 CEST 2020

FEATURES=' test' USE='' succeeded for =net-libs/libvncserver-0.9.13
USE='24bpp -filetransfer -gcrypt -gnutls ipv6 -jpeg -libressl lzo -png -sasl ssl -systemd threads -zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='-24bpp filetransfer gcrypt gnutls -ipv6 -jpeg -libressl lzo -png -sasl ssl systemd threads -zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='-24bpp -filetransfer gcrypt -gnutls -ipv6 -jpeg -libressl lzo png -sasl -ssl systemd -threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='24bpp -filetransfer -gcrypt gnutls -ipv6 jpeg -libressl lzo png sasl -ssl systemd -threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='24bpp -filetransfer -gcrypt gnutls -ipv6 -jpeg -libressl lzo png sasl -ssl systemd -threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='-24bpp -filetransfer gcrypt -gnutls ipv6 jpeg -libressl -lzo -png -sasl -ssl -systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='24bpp filetransfer -gcrypt gnutls -ipv6 jpeg -libressl -lzo -png -sasl ssl -systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='24bpp filetransfer gcrypt -gnutls ipv6 jpeg -libressl lzo -png sasl ssl -systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='-24bpp filetransfer gcrypt gnutls ipv6 jpeg -libressl lzo png -sasl -ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='-24bpp -filetransfer -gcrypt -gnutls ipv6 -jpeg -libressl -lzo png -sasl ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='24bpp -filetransfer gcrypt gnutls ipv6 jpeg -libressl -lzo png -sasl ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='-24bpp -filetransfer -gcrypt -gnutls -ipv6 jpeg -libressl lzo png sasl ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13

revdep tests started on Di 23. Jun 21:03:38 CEST 2020

FEATURES=' test' USE='' succeeded for x11-misc/x11vnc
FEATURES=' test' USE='vnc' succeeded for media-video/vlc
FEATURES=' test' USE='vnc' succeeded for dev-games/openscenegraph
Comment 6 ernsteiswuerfel archtester 2020-06-23 22:20:25 UTC
Looking good on ppc.

 # cat libvncserver-728594.report 
USE tests started on Di 23. Jun 23:13:23 CEST 2020

FEATURES=' test' USE='' succeeded for =net-libs/libvncserver-0.9.13
USE='-24bpp -filetransfer -gcrypt -gnutls -ipv6 -jpeg -libressl -lzo -png sasl ssl systemd threads -zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='-24bpp -filetransfer -gcrypt gnutls ipv6 -jpeg -libressl -lzo -png -sasl -ssl -systemd -threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='24bpp -filetransfer gcrypt gnutls -ipv6 jpeg -libressl lzo png -sasl ssl -systemd -threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='-24bpp -filetransfer -gcrypt gnutls ipv6 jpeg -libressl -lzo -png -sasl ssl systemd -threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='-24bpp filetransfer gcrypt -gnutls -ipv6 jpeg -libressl lzo -png -sasl -ssl -systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='-24bpp filetransfer gcrypt -gnutls -ipv6 jpeg -libressl lzo -png -sasl ssl -systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='-24bpp filetransfer -gcrypt -gnutls ipv6 jpeg -libressl lzo -png -sasl ssl -systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='-24bpp -filetransfer -gcrypt -gnutls ipv6 jpeg -libressl -lzo -png -sasl -ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='-24bpp filetransfer gcrypt gnutls -ipv6 jpeg -libressl -lzo png -sasl -ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='-24bpp filetransfer -gcrypt -gnutls -ipv6 -jpeg -libressl -lzo -png sasl -ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='24bpp filetransfer gcrypt -gnutls -ipv6 -jpeg -libressl lzo -png sasl -ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13
USE='24bpp -filetransfer gcrypt gnutls -ipv6 -jpeg -libressl lzo png -sasl ssl systemd threads zlib' succeeded for =net-libs/libvncserver-0.9.13

revdep tests started on Di 23. Jun 23:30:17 CEST 2020

FEATURES=' test' USE='vnc' succeeded for dev-games/openscenegraph
FEATURES=' test' USE='' succeeded for x11-misc/x11vnc
FEATURES=' test' USE='vnc' succeeded for media-video/vlc
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-26 21:21:41 UTC
arm64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-06-28 20:38:51 UTC
ppc64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2020-06-28 20:48:24 UTC
ppc stable
Comment 10 Agostino Sarubbo gentoo-dev 2020-06-29 06:21:06 UTC
amd64 stable
Comment 11 Agostino Sarubbo gentoo-dev 2020-06-29 06:23:12 UTC
arm stable
Comment 12 Agostino Sarubbo gentoo-dev 2020-06-29 06:26:40 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 13 Larry the Git Cow gentoo-dev 2020-06-29 17:29:34 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3cc06e5fd4889a3fd2d77d6a411efe0f82f37777

commit 3cc06e5fd4889a3fd2d77d6a411efe0f82f37777
Author:     Alexander Tsoy <alexander@tsoy.me>
AuthorDate: 2020-06-29 07:52:36 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2020-06-29 17:29:20 +0000

    net-libs/libvncserver: Security cleanup
    
    Bug: https://bugs.gentoo.org/728594
    Signed-off-by: Alexander Tsoy <alexander@tsoy.me>
    Closes: https://github.com/gentoo/gentoo/pull/16483
    Signed-off-by: Aaron Bauman <bman@gentoo.org>

 net-libs/libvncserver/Manifest                     |  1 -
 .../files/libvncserver-0.9.12-CVE-2018-20750.patch | 47 --------------
 .../files/libvncserver-0.9.12-CVE-2019-15681.patch | 26 --------
 .../files/libvncserver-0.9.12-CVE-2019-15690.patch | 39 -----------
 .../files/libvncserver-0.9.12-cmake-libdir.patch   | 46 -------------
 .../libvncserver-0.9.12-fix-shutdown-crash.patch   | 63 ------------------
 ...ibvncserver-0.9.12-fix-tight-raw-decoding.patch | 40 ------------
 .../files/libvncserver-0.9.12-libgcrypt.patch      | 40 ------------
 .../libvncserver-0.9.12-pkgconfig-libdir.patch     | 41 ------------
 .../libvncserver-0.9.12-sparc-unaligned.patch      | 40 ------------
 .../libvncserver/libvncserver-0.9.12-r5.ebuild     | 75 ----------------------
 11 files changed, 458 deletions(-)